Scams - real life examples
It’s sad, but people do fall for scams. To help your business stay safe from fraud we’ve put some examples of real scams below. These show you how scams work and can help you to avoid them.
Please note - we've changed people's names and other details to protect their identity.
-
The target
Katia has her own florists.
The set-up
She got a call that claimed to be from her internet provider. They said there was a problem with her broadband, but they could fix it over the line. All she had to do was download something to her device. Katia agreed and clicked on a download link that was sent to her.
The scam
The caller said they’d fixed the problem and would give Katia a refund for the hassle. All she had to do was login to her Business Internet Banking. She did this but didn’t know they’d taken control of her computer. Katia saw fake screens which looked like she was getting a refund.
The caller then asked Katia for her card reader code to ‘approve’ the refund. She gave them the code and they said a refund had been made then ended the call.
Later, Katia logged in again to check if an invoice had been paid. She noticed that multiple payments had been made to an unknown account. It then became clear that the call earlier had been a scam. The money had gone to a fraudster.
How to stay safe from scam calls
Scam calls can happen at any time. But you can stay safe if you follow these simple tips:
- Call back - When you’re not sure who’s on the phone, hang up. You can call back but use a number you trust, not one a caller may give you.
- Don’t rush - Fraudsters want you to act quickly. Always take your time to think and to do checks.
- Download with care - Unless you called for help, never download anything to your device for a phone call.
- Keep codes private - Never give your card reader codes to a caller, no matter what they tell you.
- Login safely - Unless you called for help, don’t log in to your computer or Business Internet Banking for a caller.
Remember, we’ll never call to tell you to move money to another account.
-
The target
John’s business was looking to buy a shipping container. He found a company selling them on social media, so sent a message.
The set-up
The company phoned John to offer a good deal. They sent photos of the container by social media, with a great price. This convinced John to buy.
The scam
John tried to pay with Business Internet Banking. But the payment details didn’t match when checked by the bank.
To double-check, John looked into the company, using Companies House and social media. They’d been around a while and there were no bad reviews. John also searched online but didn’t find any reports of fraud. He was happy they were genuine, so paid the details that didn’t match by bank transfer.
The company gave a delivery date but the container never arrived. When John phoned to ask why, there was no answer and their social media page had gone.
John spent more time to check online and found that others had been scammed by the same company. There was no container for sale and John lost his money.
How to stay safe when you buy online
Fraudsters pretend to be genuine sellers using online marketplaces and social media to trade. They can even get in touch with your business to offer great deals. Here are a few tips to help you stay safe:
- Check before you buy - Look at reviews, company history and ask lots of questions. Take time to find out as much as you can.
- Beware of bargains - If a seller’s prices are lower than others, it could be a scam.
- Choose a safe way to pay - Use your business debit or credit card. This will protect the money should anything go wrong.
- Pay after delivery - Only agree to pay for large or expensive items after a seller hands it over.
- Check a site is real - Make sure a website address is genuine. If site pages look odd, it may be a fake site.
Please note: Never enter your bank PIN or password on a site or in an email.
-
The target
Mo works for a big electrical retailer and buys from a number of suppliers.
The set-up
One day he got an email from a supplier with an invoice that gave a new sort code and account number. Without checking, Mo sent it to the finance department.
In finance, Gail checked that the new account details matched what was on the new invoice. She thought Mo had double-checked these with the supplier, so made the change for future payments.
The scam
At month end, all the supplier's invoices were paid. But days later they got in touch with Mo about an outstanding payment. Gail had made the payment to the new account details. But the email was a scam and the money had been paid to a fraudster.
How you can stay safe with suppliers
If you deal with suppliers, take care with their account details and invoices. To stay safe, always:
- Confirm payment details - If a supplier changes their details, call them back to confirm. Use a number you trust, not one from an email or invoice.
- Use dual approval - Have two different people approve payments. That way it’s easier to spot any problems before you pay.
-
The target
Jo works in accounts for a manufacturing company.
The set-up
She got an email that looked like it was from Bank of Scotland. It told her that our Business Internet Banking service had been improved.
The email asked her to click on a link to login so she could check her security details and choose new security questions.
The scam
Jo had been sent a scam email. All she had to do was double-check the sender’s address to notice that the first ‘o’ in of Scotland was actually a zero.
The link took Jo to a scam site with a fake Bank of Scotland homepage where she entered all her security details.
This gave the fraudster everything they needed to login to the company’s online banking and create a payment.
Later that day, Jo approved a batch of 10 payments. But only nine were real. One payment for £130,000 had been created by the fraudster and went to their account.
How to spot a fake Bank of Scotland email
If you get an email from us, there are many ways to tell if it's real or not.
We’ll always:
- Greet you by title and surname - As in Dear Mrs Smith.
- Include part of your main account number - Or part of your postcode if you don't have an account number yet.
- Write to you in a reasonable and calm way - To try and trick you, scam messages may use warnings, threats of fraud or problems with your business account.
We’ll never send a message that:
- Asks for your banking or personal details.
- Asks you to move money to another account or to make a test payment online.
- Asks you to give your card reader codes.
- Links directly to our Business Internet Banking login page.
- Links to a page that asks for your security or personal details.
You can also check our email address to spot a scam. It should end with bankofscotland.co.uk and never have another word in between bankofscotland and .co.uk.
-
The target
Sam works for a large building firm. She logged in to Business Internet Banking and entered her user name and password.
The set-up
When she was about to enter her identification code, a pop-up screen appeared. It asked her to enter a RESPOND code.
It seemed odd, but she was new at the firm, so thought it must be safe.
The scam
When she entered the code, a screen appeared with a timer and loading symbol. After a bit, her normal home page appeared.
There was nobody in the office to ask for help, so Sam called the Helpdesk. They told her to log off right away then checked the account. Two payments totalling £34,000 had been created and approved while Sam waited for the home page. These payments had gone to a fraudster’s account.
How to stay safe when you login
A virus can change the way your screen looks to try and scam you. If something doesn’t look right on your device, it probably isn’t. Here are a few tips to help you stay safe:
- Log out - If the page looks odd while you’re logging in, stop and log out right away. Contact us
about the problem and we can check your account. - Check your device - Ask your IT department or a trusted IT professional to check your device for viruses.
- Use an anti-virus - Install one on your computer and other devices at work and at home. It’s best to keep it up-to-date and to scan for viruses at least once a week.
- Log out - If the page looks odd while you’re logging in, stop and log out right away. Contact us