Remote Access Scams Open The Door To Thieves

More than £50m was lost last year to scams where victims are tricked into handing over control of their computer, or smartphone, to criminals. 

New data from Action Fraud reveals that 20,144 people fell victim to scams where they were persuaded to give criminals remote access to their device. 

Victims reported losing a total of £57.7 million, which is an average loss of £2,868 per victim.

Remote access tool scams will often begin with a browser pop-up saying that your computer is infected with a virus, or with a call from someone claiming to be from your bank saying that they need to connect to your computer in order to cancel a fraudulent transaction on your account.

Criminals will try to persuade the victim to download and connect via a remote access tool, which allows the criminal to gain access to the victims computer or mobile phone. If the victim allows the criminal connection via the tool, they are able to steal money and access the victims banking information.

Detective Chief Inspector Craig Mullish, from the City of London Police, commented. "While remote access tools are safe when used legitimately, we want the public to be aware that they can be misused by criminals to perpetrate fraud. We often see criminals posing as legitimate businesses in order to trick people into handing over control of their computer or smartphone...  You should only install software or grant remote access to your computer if you’re asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop-up or text message.”

In one case, a victim lost over £20,000 after they received a call from someone claiming to be from Sky stating that there was a problem with their Sky box.

The suspect persuaded the victim to download a remote access tool to their device which enabled the suspect to access the victim’s online banking and make a number of transfers to an account under the suspect’s control. Another victim lost over £1,000 after they received a call from someone claiming to be from Amazon stating that they were processing a payment for an Amazon Prime membership.

The victim told the suspect that they hadn’t subscribed to Amazon Prime but clicked on a link provided by the suspect to cancel the membership. The link downloaded a remote access tool to their device which enabled the suspect to access the victim’s online banking and empty their account.

The warning comes as Action Fraud launched a new national awareness campaign this week to increase awareness around the safe use of remote access tools and to remind the public to think twice before allowing somebody you don’t know access to your device.

How You Protect Yourself

  • Only install software or grant remote access to your computer if you’re asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop up, or text message.
  • Remember, a bank or service provider will never contact you out of the blue requesting remote access to your device.
  • If you believe your laptop, PC, tablet or phone has been infected with a virus or some other type of malware, follow the NCSC’s guidance about recovering an infected device.
  • Protect your money by contacting your bank immediately on a different device from the one the scammer contacted you on.
  • Report it to Action Fraud on 0300 123 2040 or via police.uk. If you are in Scotland, please report to Police Scotland directly by calling 101.

Action Fraud also advises that the public follow the advice of the Take Five to Stop Fraud campaign to keep themselves safe from fraud.

  • Stop:Taking a moment to stop and think before parting with your money or information could keep you safe.
  • Challenge: Could it be fake? It’s okay to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
  • Protect:If you think you’ve been a victim of fraud, contact your bank immediately and report it to Action Fraud online at police.uk or by calling 0300 123 2040.

Action Fraud:        NCSC

You Might Also Read: 

Online Fraud Is A British Security Nightmare:

 

« Algorithms, Lies & Social Media
EU Officials Targeted with Pegasus Spyware »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

AtkinsRéalis

AtkinsRéalis

AtkinsRealis is a market-leading design, engineering and project management consultancy operating in fields ranging from infrastructure, through energy and transport to cybersecurity.

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

Information Commissioner's Office (ICO) - UK

Information Commissioner's Office (ICO) - UK

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

Zeneth Technology Partners

Zeneth Technology Partners

Zeneth is a consulting firm providing information technology and cybersecurity services to federal and commercial clients.

Irdeto

Irdeto

Irdeto is the world leader in digital platform security, protecting platforms and applications for media & entertainment, gaming, connected transport and IoT connected industries.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

QuantumCTek

QuantumCTek

QuantumCTek is a Chinese pioneer and leader in commercialized quantum information technology (QIT).

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.