How to Protect Yourself from a Bank Transfer Scam?

What can cybercriminals do if they break into your email account? Quite a lot, actually. For one, they can blast a large number of users with tons of junk mail that contains anything from phishing to malware. The people in your contact list will be especially vulnerable because they'll think that the person on the other end of the line can be trusted.

So, friends, family, business partners, and people you don't know could be affected. Then again, the crooks might be interested in targeting only you. They have more than one way to do it.

If it's your primary email address we're talking about, in all likelihood, your most valuable accounts are connected to it. And this means that the hackers can roam around different websites, clicking the "Forgot Password" buttons, and the reset links will land in their hands. They can also delete the accounts without much trouble. Basically, they have numerous ways of ruining your day. Recently, they found another, particularly nasty one.

The bank transfer scam, also known as authorized push payment fraud, seems to have appeared in 2016, but it gained notoriety in 2017 when criminals used it to scam thousands of UK victims out of millions of Pounds. The push payment scam is especially nasty because the fraudsters use a few really quite clever social engineering techniques, and they also exploit the way the banking system works to make the scheme especially hard to fight against. Before we tell you how you can protect yourself, we'll explain how it works.

The mechanism

It all starts with breaking into your email account. The crooks do it day in, day out, and they have their usual techniques of stealing, brute-forcing or simply guessing the victims' passwords. When they do go in, however, they don't start changing passwords or deleting account like they normally would. Instead, they start reading your email correspondence.

It's a reconnaissance mission, so they're not sure what they'll find. Depending on the type of people you're communicating with, however, they'll pick one of a few scenarios. Today, we'll show you the worst-case one: you're in the process of buying a property, and you've been in touch with a solicitor.

Having access to your previous emails means that they can successfully impersonate the solicitor, and the details around the upcoming deal help them draw a successful strategy. They tell you that everything is going according to plan and that you'll soon be able to take possession of your dream home. Some of the funds need to be deposited at a particular bank account, however, the details of which are conveniently provided in the email. The bank account in question is, of course, controlled by the scammers, but you're too excited to even consider this as a possibility, so you just send the money.

In some extreme cases, the fraudsters go through multiple transactions before they withdraw the cash and run. We're talking tens (or even hundreds) of thousands of Pounds, though it must be said that most of the victims aren't in the middle of a real estate deal, and the sums are significantly smaller. Whatever the lost amount, if you get defrauded, there's not a whole lot you can do.

Crooks usually withdraw most of the cash before victims realize that something terrible has happened, which means that the transactions are not easily reversed. Furthermore, when you contact your bank and tell them that you were scammed, they shrug and say that there's little they can do because you authorized the transaction yourself. Because of public pressure, authorities in the UK have announced that they're committed to doing more to help victims of authorized push payment fraud, but quite a few people are pessimistic, and in any case, it's best not to fall for the scam in the first place.

What can you do about it?

You need to make sure that the crooks won't be able to break into your email account. We've already talked about what you can do to prevent this, and the security practices are pretty much standard. A strong, unique password will slow the hackers down quite a lot, and two-factor authentication will, in all likelihood, stop them in their tracks.

The thing is, we're talking about a sophisticated bunch of criminals. As we mentioned already, there are a few variations of the scam, and not all of them involve an email account, so the precautions shouldn't be limited to the way you protect yourself online. Keeping your wits about you, taking everything with a pinch of salt, and generally being cautious when your money is at stake is extremely important.