The latest cyber scam revealed

As part of our commitment to your security, we want to keep you informed about the latest cyber threats. In particular, we would like to highlight a recent attempt to defraud one of our own clients.

A scammer phoned a provider and pretended to be our client, they even managed to pass security as they had hacked his emails and obtained a copy of his P45. The scammer successfully changed the client’s contact details. Our client manager grew suspicious when he was notified by the provider that a request had been made to change both the client’s email address and phone number at the same time as usually we would do this for them 🚩.

The client manager followed our process and contacted the client to verify this change of record, and the client confirmed this request had not come from them.

A week later we received a phone call from the same scammer impersonating our client. The scammer asked to speak to the client’s personal client manager about his pension drawdown account (which did not exist – another🚩).

Due to the recent fraudulent activity, the client manager was already wary before he even took this call. As soon as he spoke with the fraudster, he knew straight away he was not speaking to his client as the scammer spoke with a southern accent when his client is from the North of England 🚩. The scammer said it was imperative that he received funds from his account the same day 🚩.

Of course, this request was not actioned, all funds remained in the client’s pension account and the incident was reported to Action Fraud to help them build a clear picture of where and how the fraud was committed.

Rest assured, we will never change your details without checking with you first. If you receive any out-of-the-blue calls about changes to any account you hold with us, please hang up and call us back on 0161 486 2250.

What additional steps are we taking to protect you?

Many of you will have been asked to set up a security question and answer with us that we can use to identify you when you call, even if we speak to you regularly.  From now on your Client Manager will be asking you to confirm the answer to your security question when you telephone.  We know this can be frustrating, especially when you are long-standing clients.  However, we are doing this to protect you.

With developments in Artificial Intelligence and voice recognition software it won’t be long before the southern accent of our scammer in this example is replaced with a very credible and accurate accent. The one thing that the AI wouldn’t be able to do is replicate is your security answer!

What can Action Fraud do?

Action Fraud is the UK’s national reporting centre for fraud and cybercrime and takes crime and information reports on behalf of the police. These reports are sent to the National Fraud Intelligence Bureau for assessment. Experienced reviewers will then assess the data to determine whether there is enough information to send to a police force, who will decide on their course of action.

How can I protect myself better?

1. Turn on two-step verification on your accounts – multi-factor authentication blocks a whopping 99.9% of modern automated cyberattacks (Source: Zippia Research). Start with the accounts you care most about such as your email and social media. Find out more here.
2. Use a strong and different password for all your accounts – A great way to create a password that is easy to remember but hard to crack is by combining 3 random words that each mean something to you. You can also use a password manager such as Dashlane to generate strong passwords and store them securely.
3. Use our client portal – this is the only way to guarantee your messages to us are secure and cannot be intercepted. Please contact your client manager and they can arrange this for you.
4. Ensure you have set up added security with your client manager – We will only ever process a change of details or fund withdrawal after speaking with you first. With the introduction of voice cloning, we recommend setting a security question and answer that only you would know. If you don’t have one set up already, the next time you speak to your CM, they will do this for you as it’s important that everyone has this added layer of security enabled on their account.
5. Look out for the (sometimes subtle) red flags – be wary of any unexpected calls seemingly from your bank or service providers, especially ones which create a sense of urgency, require a password reset or ask for personal information. Genuine companies will never contact you in this way. Hang up and call the number you have for the company to check if the call was legitimate.

Useful content:

Top tips to keep the cyber criminals out | Action Fraud

Individuals & families – NCSC.GOV.UK

Protect yourself from fraud – Stop! Think Fraud (stopthinkfraud.campaign.gov.uk)