Fraudsters are already using the new APP fraud reimbursement system to trick consumers into handing over sensitive banking details, warns consumer group Which?.
editorial
This content was selected, created and edited by the Finextra editorial team based on its relevance and interest to our community.
From October 7, 2024, all businesses using Faster Payments will be required to refund victims of authorized push payments (APP fraud) amounts of up to £85,000, meaning customers will be defrauded by their banks and other payment companies Receive notifications through this system.
Consumer Campaign Group Which? has discovered a clever phishing email purporting to be from NatWest informing the intended recipient of “new UK consumer protection rules against fraud” and sent on the evening of Tuesday 10th September.
Customers are asked to “verify” their mobile phone numbers to ensure they are “immediately notified of any transactions made through your account” and can “report suspicious payment alerts.”
Anyone who clicked on the web link provided would have been redirected to a convincing NatWest copycat website.
This copycat website has the right branding and first asks for a customer number or card number, then a PIN and password, home address, mobile phone number and account details. This gives criminals everything they need to commit identity fraud and potentially hack into accounts.
Which? says it reported the fraudulent website to the domain registrar, NatWest press office and Google Safe Browsing as soon as it was discovered.
But it was still active and six days later, customers’ banking credentials and personal information could be stolen. Which? found.
Which? Calls for sectors such as the banking industry, social media companies and telecommunications providers to work better together to share fraud information.
“To close the gaps in protection, domain registrars also need to be strengthened,” explains Which?. “For example, we recently highlighted the extent of counterfeiting of bank websites in the UK, but the companies that sell these websites to fraudsters are often left out of the wider debate.”