27 November 2018
- Nearly a third of Brits risk giving scammers access to their finances, research shows
- Those living in Wales most willing to put themselves at risk of remote access fraud
- One in eight would give full login details to someone impersonating their bank or building society
- Those aged 25 to 34 most at risk of leaking passcode details
A third of Brits have knowingly given remote computer access to someone without performing basic checks to ensure they aren’t being scammed, research from Nationwide Building Society shows.
The poll of more than 2,000 people also highlights that while fraud prevention education is working, one in eight (13%) would give full login details to someone impersonating their bank or building society, if asked to via a phone call, email or text.
Remote access scams are hinged on convincing the victim that they have a computer or internet issue, with scammers claiming to be calling on behalf of well-known companies, including broadband providers and financial services providers. The caller will request remote access to ‘resolve the problem’ and then either download malware that will allow them to monitor use of the computer in the future, or instruct the victim to log on to their internet bank in order to help process a refund1, therefore potentially giving them access to the victims’ online banking.
Nationwide commissioned the research to highlight the ways fraudsters are targeting people. The poll reveals that some 32 per cent of people have allowed remote users access to their computer to help with an IT or broadband issue without challenging who they were. However, 18 per cent have ended such calls and checked independently who the caller was before going ahead with the caller’s request.
The poll found that men are potentially more willing to put themselves at risk, with more men reporting they had gone straight ahead with this type of call (35%), compared with women (29%).
Those aged 25 to 34 had the largest percentage of people (35%) who had gone straight ahead with such a call, compared with 16-24-years-olds who were the least likely age group to do this (27%).
Those living in Wales are the most likely to risk falling for this scam, with four in ten (41%) stating they had gone straight ahead with the call (see table 1 in notes to editors for regional findings).
The research also covered password scams. Even though no financial services provider would ever ask a customer to tell them their full password, card reader passcode or text authorisation code2, fraudsters do manage to convince people that that they should provide this information in full. Nationwide’s research showed that while one in eight (13%) would hand over this vital information if requested, the message about passcode security is getting through to people, as more than eight in ten (83%) stated they would not provide these security details in full. The research also found that there are significant differences across the UK.
Those living in London stand out, with a fifth (20%) admitting they would provide these details (password, card reader code or text authorisation code) in full if asked to via a phone call, text or email - this is double the percentage of some other regions, with Scots the least likely to make it easy for fraudsters to access their accounts, with just nine per cent saying they’d provide these details in full.
Older generations are much more likely to heed advice, with 96 per cent of those aged 55 and above saying they would refuse to hand over their security details in full. This compares with 68 per cent of 25-34-year-olds stating the same (in fact, this is the age group most likely to hand their details over, with 25 per cent admitting they would).
Stuart Skinner, Nationwide’s Director of Fraud, said: “Giving anyone remote access to your computer is risky without making checks first and even if you are convinced about who you are speaking to, there’s no reason to log onto your internet bank account to process a promised refund.
“We’d like to remind people that no financial services provider would ever call, email or text to ask for your full login or other password or security code details. It’s vitally important people are sure of who they are dealing with and that they are legitimate.”
- Don’t allow yourself to be rushed into allowing remote access – be sure who you are dealing with and never log onto your internet bank account whilst giving remote access.
- No genuine financial services provider would ever call, text or email to ask you to provide your full password/passcode details or to move money to a ‘safe’ account.
- Nationwide offers fraud awareness events in branches across the country – visit your local branch to find out more.
Research by Censuswide: total sample size was 2,025 UK adults. The survey ran from the 20 to 22 June 2018.
1Fraudsters will telephone their victims posing as their internet provider. Remote access is granted to fix problems with their accounts/router and compensation is offered for any inconvenience. The fraudster will then instruct the victim to log onto their online bank account and then either transfer money from another savings account held by the victim, or overlay a fake screen, and ask them to transfer the overpayment back to them, however, this is the victim’s own money.
2Card reader passcodes and text authorisation codes are used by some providers, but not all, to authorise a payment, essentially acting as a second stage of authorisation (Nationwide uses card-readers that provide the customer with a unique code when they are making a payment to a new payee).
Table 1 - Have you ever received a call asking you to give remote access to your PC so that your internet provider or a repair company can fix an IT / broadband issue and gone straight ahead with the callers’ request to use that service to resolve your issue?
|Regions in order of risk and willingness to go straight ahead with the call:
|Yorkshire & Humberside
|London, East Midlands and South West
|East of England and North East
|Northern Ireland and South East
2 - If asked, by an email, text or phone call from your financial services provider, to provide your full password, card reader passcode or text authorisation code, would you?
|Regions in order of risk and willingness to give over full security details if requested by phone, email or text:
|Wales, North West and Northern Ireland
|East of England
|East Midlands, North East, South East and Yorkshire & Humberside