Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - UK
The Guardian - UK
Business
Zoe Wood and Shane Hickey

‘My father was devastated’: family battles to recover thousands stolen in email scam

Illustration of a computer with an envelope on the screen containing a hooded figure
Internet fraud is becoming ever more complex, aided by the growth of AI. Composite: Observer Design

Criminals who targeted Françoise Schorosch’s father knew how to lull the elderly man into a false sense of security. “The sender of the email was someone impersonating me and asking for money,” she says.

By mimicking how his daughter opens and signs off emails in German, but otherwise writes mostly in English, the fraudsters led him to think he was helping her with money to buy her first property. He is one of many thousands of people who, each year, are tricked into sending money to bank accounts operated by criminals.

These frauds are known as authorised push payment (APP) scams, and the ballooning scale of the problem has prompted changes to the rules which take effect today. The mandatory fraud reimbursement scheme being brought in by the Payment Systems Regulator (PSR) includes these changes:

  • Affected individuals can expect to be reimbursed within five business days of making their claim.

  • There will be a maximum compensation of £85,000. This has been reduced from £415,000 after lobbying from the payments industry.

  • There is an optional £100 excess that firms can apply to a claim – though some banks, such as TSB, have already pledged to waive it. And the PSR says this excess cannot be applied to “vulnerable” consumers.

  • There will be a time limit of 13 months on claims.

  • Once a bank or payment company has given the customer a refund, the financial institution can then claim half of the money back from the bank used by the criminal to receive it.

The type of scam used to target the Schorosch family has been dubbed the “Hi dad” or “Hi mum” fraud.

Schorosch is battling to get almost £6,000 returned to her father after he was duped into sending cash to a bogus Nationwide account.

“I was sharing discussions about working with solicitors, surveyors and estate agents,” she says. “I had been keeping him abreast of all of the financials, and getting his advice because this was my first purchase. I suspect that someone managed to access our email exchange and then reach out to him directly.”

The fraudster – who subtly altered Françoise’s email address from gmail.com to email.com – asked her father to send €7,000 to a Nationwide account. It wasn’t until he called her nearly a week later, wondering why she had not thanked him for the money, that they realised something was amiss.

The family has filed police reports in both countries and appealed to both Nationwide and Deutsche Bank, where he sent the money from, for help getting his money back.

Nationwide says it sympathises with the family. “We are unable to share any details about our customer’s account due to our confidentiality obligations, but can confirm that appropriate steps were taken to investigate and act upon the matters raised with us. “As the payment was sent from an account with Deutsche Bank, they need to contact them to help recover the funds. To date, we have had no contact from Deutsche Bank in relation to this payment.”

The case is complicated by the fact that the contingent reimbursement model (CRM), a voluntary arrangement by some banks to refund victims, only applied to domestic payments, and not to transactions made using Swift, the money transfer system, used by her father. The new rules supersede the CRM and apply to all payment service providers – but do not cover Swift.

Nationwide adds: “If we receive notification of a scam relating to a payment from overseas, we would still look to apply industry best practice to investigate and repatriate any funds that may remain.”

The Observer asked Deutsche Bank – which says it could not share information due to German banking secrecy laws – to do this.

Schorosch says her father was “devastated” by the incident. “He truly believed his daughter was reaching out to him for financial support and wanted to be of help. “He is now retired and living off a pension … I know he has spent several sleepless nights over this.”

The latest figures from UK Finance, the umbrella body for the banking industry, shows that almost £460m was lost to APP fraud last year. While the PSR says the new rules will see “the vast majority” of money lost to these frauds reimbursed to victims, there are cases where the customer will not be refunded. This would be if they were complicit in the fraud, or “grossly negligent”.

The PSR says: “Gross negligence is a high bar, and this exception does not apply to vulnerable consumers.”

Law firm Farrer & Co says a customer would have to show “a very significant degree of carelessness” in order to be deemed grossly negligent.

However, the new rules have been criticised by some for not going far enough. Consumer group Which? says the lower £85,000 threshold could result in banks being more reticent about investing in ways to protect consumers. “Victims will still be able to take their case to the Financial Ombudsman Service, where the maximum reimbursement amount is £430,000,” it adds.

“For victims of high-value fraud, such as investment scams and house conveyancing fraud, consumers could face a lengthy battle to secure justice.

“This is despite the sophistication of scams only increasing – a phenomenon that is likely to increase further due to the rise of fraudsters making use of artificial intelligence, adding to the stress and emotional harm experienced by many.”

Fraud prevention service Cifas welcomes the new rules, but says there needs to be more collaboration between the PSR, law enforcement, government and other bodies dealing with the issue.

In a related development which, in theory, will help protect people from APP fraud, bank payments will be able to be delayed by an extra three days if lenders suspect consumers are being scammed.

Under the new powers being given to high street banks by the Treasury, payments suspected of being fraudulent may be delayed and investigated.

The Treasury indicated the new rules were likely to take effect from the end of this month, though banks will need to update their terms and conditions, which could affect the implementation.

The government hopes this will be another way to help tackle the spiralling level of fraud, which is now the most prevalent crime in England and Wales.

Last week Meta, the owner of Facebook, Instagram and WhatsApp, said it would expand a scheme to share information with banks to help guard against fraud.

Its “fraud intelligence reciprocal exchange” programme, to “stop scammers and protect users”, has been working with NatWest and Metro Bank, but is now expected to bring more banks on board.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.