SureCloud Managing Cybersecurity Consultant, Mark Wardlow, featured on BBC One’s Rip Off Britain on Monday 12th October, discussing the common threat of online banking fraud.
In the episode, the presenters Gloria Hunniford, Angela Ripon and Julia Somerville highlight a particular case in the North East of England, whereby a Barclays customer had thought she was on the phone with her bank but was in fact tricked into sharing her home address and personal details with a fraudster.
The scammer then sent a ‘new’ card reader to her home, hopeful that they could convince the victim to put her card and PIN into the device and reveal the resulting passcode from it. Luckily, the individual reported the incident to the authorities, but sadly this isn’t always the case.
Mark worked behind the scenes with the team from Rip Off Britain to analyse the card reader sent to the victim and offers advice on how consumers can protect themselves moving forward. He provides further advice here:
How secure are card reading devices?
The key issue with this type of scam is that if it isn’t your own that has been kept in a safe place, you can’t always be certain someone hasn’t tampered with the card reader. To help protect yourself, make sure you don’t use anyone else’s card reader. If you receive an unsolicited card reader or if you think it has been tampered with, contact your bank and destroy the card reader immediately.
How can you best protect against fraudulent scams and keep your online banking as safe and secure as possible?
- Ensure you take full advantage of security features on offer, such as two-factor authentication (2FA) – 2FA is an easy way to keep your personal information safe, by providing an extra layer of security. It crucially works across a multitude of device types including mobile, landline, laptops and iPads.
- Never disclose any personal details via phone, text, email or in a conversation. If you’re ever asked to share personal information over the phone, consider everything and tell the caller you’ll look into it and get back to them. That gives you time to investigate the validity of the call, and if it is suspicious, you can report it to the authorities.
- Use strong, unique passwords, making use of password managers where possible. Try to avoid using familiar names or numbers when creating passwords. Use upper and lower-case characters, include a mixture of numbers and where possible use symbols.
- Do not trust any sources claiming to be from your bank. If you have any concerns, contact them directly using either a mobile banking app, main telephone number or through a website.
- Update your software and cybersecurity processes on a regular basis. Older software is far more prone to vulnerabilities and can be easier for hackers to gain access to sensitive information.
Commenting on the issue of card reader scams, Mark Wardlow said: “In this case, the pure act of sending the card reader to the victim was to build trust and follow-up with a phone call. Once they have contacted the individual involved, the fraudsters sole intention is to gain information from the card reader to ultimately take money from the victim’s account.”
Watch the episode HERE.
Mark is a managing cybersecurity consultant specialising in infrastructure and manages one of the penetration testing teams within SureCloud. Mark’s responsibilities include team management, engagement scoping, client relationships, and consultancy delivery of complex projects. He has 16+ years of experience working within the IT industry, with particular experience in working with enterprise organisations and public bodies. Mark is a CHECK Team Leader, Crest Certified Infrastructure Tester and Microsoft Certified Professional.
SureCloud delivers its services through a cloud-based platform, offering a suite of pragmatic and integrated Cybersecurity, Risk, and Advisory services. SureCloud provides you with confidence and assurance that your cybersecurity and risk postures are defined and managed. Utilizing decades of combined experience, our team of accredited Consultants works alongside you to understand your business objectives, security, compliance and risk requirements, and how these can be affected by the evolving cyber threats of the modern world.