Fraudsters steal millions from businesses using remote access bank scam

Businesses, charities and other high-value bank account holders are being targeted by fraudsters using software to steal tens of thousands of pounds with the amount stolen from some individual accounts exceeding £1 million, according to new research from the Cyber Defence Alliance (CDA) and Cifas.

The scam begins with a phone call and ends with criminals taking full control of a victim’s computer and online banking. Targeted by fraudsters mimicking legitimate bank fraud teams, victims unwittingly grant access to their bank account and funds are swiftly drained – often before they realise they have lost control of their accounts.

Victims are first contacted by phone – sometimes after receiving a text – by someone pretending to be from their bank. The caller claims there has been fraud on their account and they must act urgently, directing them to a website that looks like their bank’s, but is actually fake. Once on the site, the victim is asked to click a ‘chat’ button. This secretly installs software that gives the fraudster remote access to the victim’s device – including their online banking.

If the bank sends a security code (such as a one-time password – OTP – or similar) to the victim’s phone, the fraudster tricks them into sharing it. This allows the criminal to move money or set up new payees. In some cases, victims are even persuaded to set up call forwarding, which blocks genuine calls from their bank.

Garry Lilburn, Operations Director at CDA, said “These sophisticated scams rely on psychological manipulation to bypass bank fraud controls. If you receive a message or call that feels unusual, take a moment to consider whether it matches how your bank normally communicates. If anything seems off, end the call and report it using your bank’s official contact methods.”

Mike Haley, CEO of Cifas, said “Fraudsters are creating a false sense of urgency to exploit people’s trust and steal large sums of money. Banks will never ask you to download software or transfer funds to protect your account. If you receive an unexpected request, take a step back and question it before responding.”

Dianne Doodnath, Principal of Remote Banking Channels at UK Finance, said “Impersonation scams often begin with a message or call claiming to be from a trusted organisation. Criminals may try to rush you by saying your money is at risk. To protect yourself, follow the Take Five to Stop Fraud advice: pause, check the source, and only respond using verified contact details.”