• Tim Jones

The SEO (search engine optimisation) / fake bank scam !

Most people these days either know somebody or have experienced a variation of this scam themselves. The video below shows how scammers set up a fake websites that are almost identical to legitimate banking sites.


This scam relies on the target having a particular method of logging into their online banking which could be avoided by creating personal browser bookmarks/shortcuts to [known authentic] banking websites instead of doing a search for the bank, picking one of the results and then logging in.


The problem lies in the fact that the scammer can create a website that is (almost) a carbon copy of the legitimate site and then pay one or more search engines to display their (fake) website at the top of a search results when somebody searches. Basically, the fake website will have more eyes on it and have a much greater chance of somebody believing it is their real banking website and they will attempt to log in as if it were.


When the target attempts to log in they will receive an error message (because it is a fake website) and are prompted to call the support number provided (this is obviously also fake). They then get through to a scammer who will request 'remote access' to their machine. 'Remote access' means they will have control over the computer from another location... i.e. anywhere in the world.


Once they have remote control of the target's computer, they ask them to log into the bank account (while overseeing everything) to assess how much money they have.




At this point they use a feature of remote access software that allows them to blacken the screen of the target's computer (but not on theirs) while they transfer money to an associate's account - in the video the scammer asks the target to write down a long reference number so as to further distract him while this is taking place.


It is important to point out that at one point in the video the scammer has a look at the target's password list that is stored in google Chrome's settings. Most browsers these days have this password management facility and here he can view a list of websites and associated passwords which is something to avoid at all costs, and the best way is to never allow remote access to your machine by somebody you don't know in person (unless there is a very specific use case).




Protecting Yourself from scams


You could just do all your banking in person and not do online banking! If online banking isn't a significant convenience then I you could avoid it !


A common theme with many scams is that there is a time constraint on the situation. The scammer will want you to stay on the line and not go away & carefully think the situation over or ask somebody else about it. With this in mind, a good default strategy with any unknown situation would be to say that you can't deal with the matter at the moment and see if the caller attempts to pressure you to take action, consider it a red-flag if the caller gets pushy.


If (as is the case in the video) you happen across a number that you believe is a support line for your bank - double check that against a known legitimate support number to see if it is correct. You could even pop into your local branch & ask a member of staff & pick up an information leaflet that will have a list of numbers on it and/or check the telephone directory. I would check it with google searches and also by typing the web address of the bank into the address bar; for example 'www.natwest.com' - most scammer websites have a small difference in the website address, maybe just one character that is different, so it is important to look carefully at websites & their addresses.



After you have established the legitimate important websites that you use, bookmark them in your browser so that each time you visit you aren't being duped by a fake search result (shown below, using the chrome browser I drag and drop the little padlock to the left of the web address onto the bookmark bar).



Never grant remote access to somebody you don't know, unless they have proven trustworthy.



Sign up to the Which scam alert service. Just fill out your email, name & postcode to receive regular information about scams.


https://campaigns.which.co.uk/scam-alert-service/


It seems to me that there exists an information gap where older people who are usually the potential targets of scammers are less familiar with how scams operate and/or how the new scams work. There is some, but not much information in mainstream media, but it generally has to have been quite a large-scale scam for it to hit the headlines and by then a lot of damage has been done.


Youtube is a good place to find out about scammers. There are channels dedicated to uncovering scam operations. A good place to start is Jim Browning's channel; https://www.youtube.com/c/JimBrowning - there are plenty of channels that expose scammers and it's good to know what is going in this regard.



Some of the tell-tale signs it might be a scam


There are a number of red flags that appear as this scam is taking place.

  • the person has a very thick foreign accent but is using stereotypical western names that do not fit that specific accent

  • fairly quickly the target is directed to install remote desktop software & let the unknown person connect

  • asked to log into a bank/savings account while they oversee (this should never happen)

  • pressured by time/urgency

  • quite forceful and rude when you don't fully comply


17 views0 comments