Author Topic: Preventing fraud when you're expecting a request for bank details  (Read 1171 times)

I'm probably being paranoid here but what steps would you take before giving your bank details out to a legitimate request that you've been expecting?

We have made an insurance claim which is fully backed up with evidence as requested.  I've received an email that looks like it's from the insurance company complete with the same worded header containing the claim reference. Everything looks legit but it's asking for full bank details. Account no, sort code,  name of bank,  account name / type, holder of account, etc. Very simple form really.

I was expecting the claim to be accepted and payment to be made. I know I'm being too cautious and paranoid but what is a wise check I could make? If I take sensible precautions would that help  if it did end up being a fraud?

T42

  • Tea tank
Re: Preventing fraud when you're expecting a request for bank details
« Reply #1 on: December 11, 2019, 08:47:01 am »
Hover your mouse pointer over the link without clicking it: the URL should appear and you can see if it's that of your bank or not. If it doesn't appear, see if you've got an option to view the source code of the message, then search for the link and check it. If your email client doesn't all you to view the source code, open the mailbox with a text editor and do it there.

NB I use Eudora as an email client. It's primitive, so it gives me a lot of possibilities for this kind of mucking about. If you're using something like Outlook or Thunderbox, or some denizen of the Apple world, you might not be able to do any of these.
I've dusted all those old bottles and set them up straight.

Re: Preventing fraud when you're expecting a request for bank details
« Reply #2 on: December 11, 2019, 09:10:11 am »
Phone to confirm before replying, or simply never by email.


Re: Preventing fraud when you're expecting a request for bank details
« Reply #3 on: December 11, 2019, 09:16:22 am »
Same domain in the email but can't see source code.

It's the insurance company so could call to check. They might take the details over the phone if I go through the claims line. Could be better option.

Re: Preventing fraud when you're expecting a request for bank details
« Reply #4 on: December 11, 2019, 09:17:53 am »
Did you not put most of that information on the claim form?

Personally I'd never send this information by email.  There has been a lot of interception fraud targeted specifically at the likes of solicitors and insurance companies simply because large sums of money are a stake.

Caution is not paranoia:  I am always cautious.

Re: Preventing fraud when you're expecting a request for bank details
« Reply #5 on: December 11, 2019, 10:16:35 am »
I'd go for the phone option if you can. Plenty of history of email details being stolen and sold to dubious people

quixoticgeek

  • Mostly Harmless
Re: Preventing fraud when you're expecting a request for bank details
« Reply #6 on: December 11, 2019, 11:04:23 am »

I have a spare bank account that typically has a balance of a few pennies. I can give out the info necessary for people to put money in, but given there is nothing in there to take out, it doesn't matter if the info leaks.

Reduces some of the worry.

J
--
Beer, bikes, and backpacking
http://b.42q.eu/

Re: Preventing fraud when you're expecting a request for bank details
« Reply #7 on: December 11, 2019, 11:37:24 am »
About the worst someone can do with your bank account number / sort code is set up a direct debit, which isn't a particularly useful type of fraud and you can easily cancel it. I wouldn't worry.

fuaran

  • rothair gasta
Re: Preventing fraud when you're expecting a request for bank details
« Reply #8 on: December 11, 2019, 11:38:38 am »
It is not much risk to your bank account. The main fraud risk is the money being sent to the wrong place. If someone has hacked your email, they could have already replied with different bank details. So the money goes to their account instead.
Could be worth emailing to reply, then phoning up to check they have received the correct bank details.

Re: Preventing fraud when you're expecting a request for bank details
« Reply #9 on: December 11, 2019, 11:52:30 am »
Thought about another account for payment and receipts then keep little in it. A transfer account only.

My partner used one for that but it became a pain since the internet fraud team there kept freezing her account even after a regular but varied payment to a pre- school. Became unusable because it took a visit to the nearest branch in a city we simply don't visit the centre of.

In had the idea of finding the claim line number I made the Irish claim call to. That came from the insurance documents. Told you I'm paranoid! I'm even unsure of numbers from the internet.  ;)

Kim

  • Timelord
Re: Preventing fraud when you're expecting a request for bank details
« Reply #10 on: December 11, 2019, 01:34:05 pm »
About the worst someone can do with your bank account number / sort code is set up a direct debit, which isn't a particularly useful type of fraud and you can easily cancel it. I wouldn't worry.

IIRC Jeremy Clarkson helpfully demonstrated this, by publishing his account number and sort code in some newspaper or other.  Predictably, a several of Driect Debits were set up to suitably non-Clarksonian charities.

Not being an egg-faced celebrity, I'd be more wary of cockup than fraud.
Careful, Kim. Your sarcasm's showing...

Re: Preventing fraud when you're expecting a request for bank details
« Reply #11 on: December 11, 2019, 01:45:42 pm »
About the worst someone can do with your bank account number / sort code is set up a direct debit, which isn't a particularly useful type of fraud and you can easily cancel it. I wouldn't worry.

It's also useful info for further social engineering and phishing.

Someone could ring up and use that info to convince you (well, maybe not you but someome) to confirm something else, i.e. your postcode.

Then, a while later, someone rings up giving some more info you've previously given them, and gets your house name/number. Can I just confirm your mobile number. What network is that on?

And so it goes on. They might try pretending to be someone completely different to get some obviously useful information (card number, etc) as it's always worth a shot as plenty of people do fall for these things.

Whilst the individual requests may seem innocuous they can eventually add up to be useful information for scammers.

Bank details and mobile numbers are very useful for scammers that rely on unauthouised SIM Swaps. They can use the information they know about you to socially engineer the call centre people into performing a SIM Swap when they shouldn't, and then two factor auth tokens (such as account recovery codes for email addresses) can then be intercepted.
"Yes please" said Squirrel "biscuits are our favourite things."

Re: Preventing fraud when you're expecting a request for bank details
« Reply #12 on: December 11, 2019, 01:50:22 pm »

I have a spare bank account that typically has a balance of a few pennies. I can give out the info necessary for people to put money in, but given there is nothing in there to take out, it doesn't matter if the info leaks.

Reduces some of the worry.

J
I have used my revolut card account in the same way.

fuaran

  • rothair gasta
Re: Preventing fraud when you're expecting a request for bank details
« Reply #13 on: December 11, 2019, 02:18:33 pm »
Not being an egg-faced celebrity, I'd be more wary of cockup than fraud.
If giving the bank details over the phone, more risk of them mishearing or mistyping a number. At least with email can copy and paste, and double check it is correct.

fboab

  • It's a fecking serious business, riding a bike
Re: Preventing fraud when you're expecting a request for bank details
« Reply #14 on: December 11, 2019, 02:44:39 pm »
Not being an egg-faced celebrity, I'd be more wary of cockup than fraud.
If giving the bank details over the phone, more risk of them mishearing or mistyping a number. At least with email can copy and paste, and double check it is correct.
Agreed.
As does this chap, I reckon

https://www.cambridge-news.co.uk/news/cambridge-news/cambridge-man-gets-sort-code-17382929?utm_source

TSS is not Total Sex Score, Chris!

hellymedic

  • Just do it!
Re: Preventing fraud when you're expecting a request for bank details
« Reply #15 on: December 11, 2019, 03:07:52 pm »
My cheap and dirty technique is to split my bank details into two separate routes so I'll send the account number by email and the sort code by text or something.

Kim

  • Timelord
Re: Preventing fraud when you're expecting a request for bank details
« Reply #16 on: December 11, 2019, 03:46:20 pm »
Not being an egg-faced celebrity, I'd be more wary of cockup than fraud.
If giving the bank details over the phone, more risk of them mishearing or mistyping a number. At least with email can copy and paste, and double check it is correct.

I don't hear well enough on phones to willingly use them for something important like that, even before you consider the security implications.
Careful, Kim. Your sarcasm's showing...

Re: Preventing fraud when you're expecting a request for bank details
« Reply #17 on: December 11, 2019, 05:13:53 pm »
The digits zero through nine each has a distinct sound whereas letters often do not i.e. bee, pee, cee, gee, vee, dee or bravo, papa, charlie, golf, victor, delta.

That is the point of the phonetic alphabet.

It is always possible to read back and read back numbers and letters until you are blue in the face but once a button is pressed on an email it can be impossible to stop.

Edd

Re: Preventing fraud when you're expecting a request for bank details
« Reply #18 on: December 11, 2019, 05:50:04 pm »
Not being an egg-faced celebrity, I'd be more wary of cockup than fraud.
If giving the bank details over the phone, more risk of them mishearing or mistyping a number. At least with email can copy and paste, and double check it is correct.
Agreed.
As does this chap, I reckon

https://www.cambridge-news.co.uk/news/cambridge-news/cambridge-man-gets-sort-code-17382929?utm_source

I thought the banks have decided (forced) to take action against this type of error/scam. They have to check if the name matches the recipient account now or something.

Kim

  • Timelord
Re: Preventing fraud when you're expecting a request for bank details
« Reply #19 on: December 11, 2019, 05:50:53 pm »
The digits zero through nine each has a distinct sound

Apart from "five", which sounds like "nine".  Hence "niner" and occasionally "fife".


Quote
It is always possible to read back and read back numbers and letters until you are blue in the face but once a button is pressed on an email it can be impossible to stop.

Just like once a button pressed in a callcentre, except that over the phone you're perhaps more likely to retain plausible deniability when it comes to allocating blame (ie. charges) for the mistake.


Ideally, these things would have checksums, like credit and debit card numbers do, so that simple human errors can instantly be detected.
Careful, Kim. Your sarcasm's showing...

Re: Preventing fraud when you're expecting a request for bank details
« Reply #20 on: December 11, 2019, 08:30:08 pm »
Not being an egg-faced celebrity, I'd be more wary of cockup than fraud.
If giving the bank details over the phone, more risk of them mishearing or mistyping a number. At least with email can copy and paste, and double check it is correct.
Agreed.
As does this chap, I reckon

https://www.cambridge-news.co.uk/news/cambridge-news/cambridge-man-gets-sort-code-17382929?utm_source

I thought the banks have decided (forced) to take action against this type of error/scam. They have to check if the name matches the recipient account now or something.

It doesn't appear to mention it in the above linked article but the same story on the BBC news carries this footnote.

https://www.bbc.co.uk/news/uk-50702234

Quote
Under plans from the UK's payments operator, from next spring the sender will be alerted if the name does not match the account. The change was originally set to begin in summer 2019, but was delayed.

CrazyEnglishTriathlete

  • Miles eaten don't satisfy hunger
  • Chartered accountant in 5 different decades
    • CET Ride Reports and Blogs
Re: Preventing fraud when you're expecting a request for bank details
« Reply #21 on: December 12, 2019, 06:34:21 pm »
I've been dealing with my parent's estates recently, and its a little scary seeing how far you get on automated systems with just a full name, date of birth, and first line of the address plus postcode. 

Eddington Numbers 125 (imperial), 170 (metric) 520 (furlongs)  112 (nautical miles)

Re: Preventing fraud when you're expecting a request for bank details
« Reply #22 on: December 26, 2019, 10:27:05 pm »
It is a fraud risk to give bank details via email. However the risk lies with the party making, not receiving, the payment
The insurance company may have assessed the risk and decided they were happy to accept it.

Re: Preventing fraud when you're expecting a request for bank details
« Reply #23 on: December 31, 2019, 10:20:13 pm »
To the OP: maybe ask if the organisation you are dealing with has a secure portal?

My accountant uses a secure portal system to transfer documents (and sensitive info e.g. company authentication code) rather than email because email is NOT secure. A reputable outfit doing financial stuff which requires transfer of sensitive info really should have some such facility........

GC

Adam

  • It'll soon be summer
    • Charity ride Durness to Dover 18-25th June 2011
Re: Preventing fraud when you're expecting a request for bank details
« Reply #24 on: January 01, 2020, 07:25:11 am »
Although I always do a wry smile whenever firms insist that email isn't secure and force you to use some convoluted system.  The worst require a portal which needs a code sent to your mobile.  Which of course assumes a) everyone has a mobile and b) they have got signal.

Yes, in theory, email data can be hacked, but the reality is that it's far more secure than the post, where (especially at this time of year), umpteen humans within Royal Mail can at any point nick a letter passing through their hands.
“Life is like riding a bicycle. To keep your balance you must keep moving.” -Albert Einstein