Fraudsters are already latching on to the new APP fraud reimbursement scheme as a means to dupe consumers into handing over sensitive banking information warns consumer group Which?.
From 7 October 2024, all firms using Faster Paymentswill be liable to refund victims of authorised push payments (APP fraud) for sums of up to £85,000, meaning customers will be receiving genuine messages about this scheme from their banks and other payment firms.
Consumer campaigning group Which? has spotted a clever phishing email that claimed to be from NatWest, telling the intended recipient about 'new UK Consumer Protection rules against fraud' and sent in the evening of Tuesday 10 September.
It invites customers to 'verify' their mobile numbers, ensuring they would 'get notified of any transactions carried out via your account right away' and enabling them to 'report any suspicious payment alerts.'
Anyone who clicked on the web link provided would have been taken to a convincing copycat NatWest website.
This copycat website has all the correct branding and asks first for a customer number or card number, then the Pin and password, home address, mobile number and account details, giving the criminals everything they need to commit identity fraud and potentially hack into accounts.
Which? says it reported the scam website to the domain registrar, the NatWest press office and Google Safe Browsing as soon as it was spotted.
But, it was still live and potentially stealing bank login details and personal data from customers six days later, Which? found.
Which? is calling for sectors such as the banking industry, social media companies and telecoms providers to work better together to share fraud intelligence.
"Plugging the gaps in protection means domain registrars need to step up, too," states Which?. "We’ve recently highlighted the extent of copycat bank websites in the UK, for example, yet the companies selling these websites to fraudsters are often left out of the wider debate."