The following communication was received from Lloyds Bank, on 2nd October 2015. Although the guidance is aimed primarily at organisations, in some cases it could also be followed by staff to protect their personal bank accounts.
“We are aware that a small number of Universities have received calls from fraudsters claiming to be calling from the Bank Fraud department. Clients are being told that suspicious payments have been set up on their business account and are being asked to provide Online Banking Log-In details and Challenge & Response/Card & Reader codes in order to cancel the payments.
It’s possible that in some cases the fraudster had been able to access the intended victim’s financial information via a malware infected computer used by the client. The fraudster used this information during the call to describe recent genuine financial details including recent payments instigated to add a level of apparent legitimacy to the call.
We are also aware of the use of spoofing technology by fraudsters to make a genuine bank telephone number appear on the client’s phone.
A common tactic used by fraudsters in these calls where clients have expressed their suspicions to the caller, is to ask them to contact the bank immediately using published numbers to confirm that the call is genuine. The fraudster holds the line open so that the phone call to the bank is intercepted. The client thinks that they are speaking to the bank when they are actually speaking to the fraudster.
If you receive a suspicious call of this nature, we recommend you use a different phone line or mobile to contact your Relationship Manager on a number you know to be genuine.
Please remember, the only time we require you to use your Challenge & Response or Card & Reader codes is to authorise payments you wish to make – any other request to disclose your Challenge & Response/Card and Reader codes should be regarded as fraudulent. The Bank will never ask you to disclose these codes over the phone.
For further help and guidance on how to avoid falling victim of fraud visit our Security website where you will be able to download our Commercial Banking Fraud Guidance or go to Action Fraud (Police) – http://www.actionfraud.police.uk/.”