A warning has been issued over a new scam where fraudsters have managed to take control of people's mobile phones remotely. New data from Action Fraud, the national reporting centre for fraud and cybercrime, reveals that 20,144 people have been tricked this way.
The cyber crooks have been fooling their victims into unwittingly granting them remote access to their smart phone devices. Action Fraud believes that more than £50 million was stolen last year - using both phones and computers.
The reports of so-called remote access tool scams involve a total of £57,790,384. That equates to an average loss of £2,868 per victim from this scam.
READ MORE: Cyber crime: Top 10 tips to keep yourself and your finances safe online
It is a worrying trend, according to Action Fraud, which is urging people to be more aware of this type of cyber fraud. To this end, new advice is being issued to raise awareness and to help people to protect themselves and their hard-earned money.
The fraud will often start with a browser pop-up appearing on a would-be victim's phone or computer warning them that their device has been infected with a virus. Alternatively, it could be a phone call from an individual claiming to be from your bank insisting they urgently need access to your device to cancel a fraudulent transaction.
You are then persuaded to download and connect to a remote access tool that the imposter says is required for them to deal with the problem. But once the fraudster has gained access to the person's mobile or computer, the can then access private banking details - and steal your money.
The confidence trick relies on the public becoming increasingly familiar with banks and other organisations using legitimate remote access tools to help their customers. That's why people can be fooled so easily - and at the click of a link or button, the criminals are 'in'.
Detective Chief Inspector Craig Mullish, from the City of London Police, said it is important that the public realises what the fraudsters are up to, and how easy it is to become a target - and victim.
"While remote access tools are safe when used legitimately, we want the public to be aware that they can be misused by criminals to perpetrate fraud," he said. "We often see criminals posing as legitimate businesses in order to trick people into handing over control of their computer or smartphone."
"You should only install software or grant remote access to your computer if you’re asked by someone you know and trust, such as a friend or family member," he added. His advice is to never hand over control to a stranger, or as a result of an unsolicited call, browser pop-up message or text.
Action Fraud said that one recent case it dealt with involved a victim losing more than £20,000 after they received a call from someone claiming to be from Sky. The cyber crook claimed there was a problem with the customer's Sky box.
The suspect then persuaded the victim to download a remote access tool to their device, which allowed them to access their online banking details. A number of hefty financial transfers were then made from the account once the victim had handed over control.
In another recent case, a fraud victim lost over £1,000 after they received a call from someone claiming to be from Amazon. They were told that a payment was being processed for an Amazon Prime membership.
The victim, despite arguing that they hadn't subscribed to Amazon Prime, was fooled into clicking a fake link nonetheless after the fraudster said this was the way to cancel their unwanted membership. This meant the remote access tool was enabled and the victim's bank account emptied.
The national awareness campaign launched by Action Fraud this week is reminding people to think twice before allowing someone they don't know to access their phones or computers. There are several ways for the public to protect themselves from remote access tool fraud.
Here are a few tips from Action Fraud:
- You should only install software or grant remote access to your computer if you're asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop up, or text message.
- The public are reminded that a bank or service provider will never contact you out of the blue requesting remote access to your device.
- Anyone who thinks their laptop, PC, tablet or phone has been infected with a virus or some other type of malware, should follow the National Cyber Security Centre (NCSC) guidance on recovering an infected device.
- To protect your money, you should contact your bank immediately on a different device from the one the scammer contacted you on.
- Report it to Action Fraud on 0300 123 2040 or via police.uk.
The Take Five to Stop Fraud campaign also has some important tips to avoid becoming a victim of remote access tool fraud and other cyber crimes. 'Stop' is the first step - to think before sharing information with someone you don't know. Then comes 'Challenge' - ask yourself 'could this be fake?'.
Only criminals will try to pressure and rush you into making an immediate decision. Action Fraud reminds us that it is okay to reject, refuse or ignore requests. If in doubt contact the bank or financial organisation involved separately.
'Protect' is the final message. It means that if you suspect that you have been a victim of fraud you should contact your bank or building society immediately to tell them. You should also report the incident immediately to Action Fraud online at police.uk or by calling 0300 123 2040.