Over the last week, there has been an increase in the number of Schools and Colleges reporting vishing fraud attacks to Lloyds Bank.
Vishing frauds are telephone scams, usually to obtain online banking passwords, confidential details or to persuade a client to transfer money out of their account.
The information below has been provided by Lloyds Bank, however the fraudsters may also be targeting other financial institution's in a similar way.
What Happens:
- In the cases so far, the fraudster is described as having a Scottish accent pertaining to be from the Lloyds Bank Fraud Team or Lloyds Bank Security department.
- On the call fraudsters claim that a member of bank staff is being investigated over fraudulent activity and the school’s help is needed to catch them, or another approach is for the fraudster to tell the school there are outward payments flagged as suspicious, which need to be verified and stopped if fraudulent.
- Fraudsters have used “spoofing” technology to make a recognised bank telephone number appear on the school’s incoming caller display, making the caller appear genuine. Lloyds Bank’s 0345 300 0000 has been used for this a number of times, however clearly they could easily switch to displaying different genuine numbers.
- On one occasion a client was asked to create a payment with a reference ‘Stop Payment’ in an attempt by fraudsters to dupe the school into thinking they were stopping a fraudulent payment from leaving their account.
Action Required:
- Do not assume that a caller is from the bank, even if the number they “appear” to be calling from looks genuine, or if the caller seems to know information about the school or their finances.
- Do call your bank on a known correct number, to verify that any callers are genuine.
- Never provide online banking passwords or card and reader generated codes to ANYONE on the phone, and never in response to an email or text. A genuine bank colleague will never ask for them.
- Your bank should never ask you to transfer money to a safe account or ask you to enter any information into the online banking service to “stop a fraudulent” payment.
- Making all school admin aware of the above guidance is strongly recommended and any fraud attempts should be reported to your bank immediately.