Consumer watchdog Which? is warning of the dangers of fraudsters using computer takeover scams to steal money and personal details from unsuspecting victims, as data shows reported losses reached more than £16 million in the last year.
The consumer organisation has heard from people who have lost thousands of pounds to this convincing scam where the perpetrators phone up pretending to be tech support from a reputable firm such as Microsoft or BT.
The fraudsters then attempt to persuade victims to install remote access software (which is also used by many legitimate IT workers) that allows them to steal money and personal details.
Scammers may pretend to carry out tests and charge a fee for imaginary or unnecessary services. In other cases, they may put up a fake screen and work in the background to download other software or steal passwords and other personal data.
Which? is calling for banks to refund more customers who fall victim to this sophisticated scam, having heard of a number of cases where people have been denied reimbursement due to banks claiming that they either authorised the payments or had been grossly negligent.
Certainly current awareness of this tech scam among consumers appears to be low. A Which? survey of the general public in September 2020 found that, despite some banks displaying warnings, four in 10 people have never heard of remote access software.
Based on reports to Which?, TeamViewer is the brand of remote access software reported as being misused by scammers most often, although others include AnyDesk, GoToAssist and LogMeIn.
According to UK Finance, impersonation fraud shot up by 84 per cent in the first half of 2020, with almost 15,000 reports and £58 million lost. Criminals are thought to be targeting the growing numbers of people working remotely due to the coronavirus pandemic by posing as IT departments or software providers.
Although banks must refund unauthorised transactions, Which? claims in many cases banks have claimed that allowing remote access to your computer or smartphone amounts to gross negligence and refused to reimburse the victim.
Says Jenny Ross, Which? Money Editor:
“Millions of pounds are lost to computer takeover scams every year, with potentially devastating consequences for victims who lose life-changing sums of money to these callous fraudsters.
“Which? is calling on banks to reimburse all blameless customers who fall victim to these scams and for the government to introduce legislation to ensure a new statutory code of practice can be created, which would include clear standards and protections for victims.
“Anyone who receives unsolicited calls claiming to be from tech support or broadband engineers and asking for personal details or to install computer software should hang up and phone their provider back using the legitimate phone number.”
If you think you’ve been a victim of fraud, report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040.
What to do if you think you’ve given remote access to a scammer:
Switch off both the device and your wi-fi connectivity.
Speak to your banks as a matter of urgency.
Remove the relevant app from your list of recent downloads or installed programs, check for other programs that may have been installed remotely.
Change your email and online banking passwords and, where possible, enable two-factor authentication.
If you have security software, ensure it has all new and recent updates – then run a full security scan.
Rights of reply
TeamViewer: “Stopping fraudulent activity remains a high priority for TeamViewer, and we strongly condemn any criminal activity perpetrated by bad actors on the platform. Privacy and security are central to our business, and we look into every single case that is reported, updating countermeasures accordingly and working diligently to keep our users and customers safe.”
LogMeIn (which is also the brand behind GoToAssist): “We take scammers very seriously. Use of any of our products for nefarious or illegal purposes violates our terms and is immediate grounds for account termination. To protect consumers, we conduct both proactive and reactive approaches – including monitoring accounts for unlawful use, canceling accounts that partake in these activities, employing session limitations on trial accounts, and adding friction to our registration page to reduce re-trialing once banned. We also work with proper authorities to report the abuse.”
AnyDesk: “We have established concrete steps to protect our users from scams, e.g. we’ve installed a scam warning into the app, telling users to be cautious with whom they share their AnyDesk logins and we are constantly reminding our users not to share their AnyDesk logins with unknown people. Nevertheless, users have to be wary and increasingly vigilant about the data they’re sharing with unknown individuals.”