In one of a series of startling cases, a Worksop-based haulage firm RDS Transport had £240,000 stolen and faced closure after NatWest's refusal to compensate it - risking the jobs of 100 staff. It was only saved after intervention by This is Money and the firm's local MP John Mann.
Victims like RDS Transport have approached This is Money after we reported last month on cases of 'malware' fraud affecting Bankline, NatWest's business banking service. On average, these firms have lost £80,000 from the attacks and in total we have seen more than £1million taken.
NatWest warning: It send out an e-mail to business customers last week with this warning
Sources believe there could be as many as 500 cases, although NatWest
would not confirm or deny whether this was the case.
NatWest's parent bank RBS is currently under fire after it was accused of causing healthy businesses to go bust. Boss Ross McEwan has denied this and launched an investigation.
The series of frauds brought to us, come after earlier this autumn we reported how similar thefts had happened costing three businesses a total of almost £150,000.
Last week, the bank e-mailed Bankline customers with a specific warning to be vigilant of malware attacks. Yet it is still not telling them exactly why they need to be wary.
Major attack: RDS Transport had a quarter of a million pounds taken from its online bank accounts
Typically, an email will arrive purporting to be from a trusted source - messages from HMRC have been used in more than one case.
By opening the email the victim unwittingly downloads malware to their computer.
The next time they try to log on to their NatWest account the malware directs them to a fake, but almost identical, version of the website
They are asked to enter log-in details as normal but the fake site refuses them entry and asks for details over and over until the fraudster has collected all he needs to access the genuine site and commit the fraud.
Crucially, the fake site asks for a 'challenge' key, a randomly generated number that is obtained by inserting the account card into a card reader.
Once the criminal has it, the customer is locked out of the account.
The challenge key is something NatWest only asks for when customers are making payments, and never at log-in, but the victims of the fraud said they thought the request was perfectly legitimate.
Suspicious payments adding up to £240k weren't stopped
The theft of £240,000 from the accounts of RDS Transport, based in Worksop, is the largest seen by This is Money.On Tuesday 19 November a member of RDS staff tried to log in to NatWest Bankline. She later said it seemed to be running slowly and that she was met with a message telling her she had been timed out and must enter her challenge key.
She entered it but was refused admission. She tried two more times but it failed each time.
She then logged out and decided to leave it until the next day, believing the website was experiencing difficulties.
He managed to log in on a different machine and immediately checked the account balance. He found five transactions had been made totalling £240,000. The payments had been referenced with the code 'UTF', which he has since been told is an 'urgent transfer'.
The payments were to three accounts abroad - in Germany, Hungary and Austria - and two accounts in the UK, based in London and York. Simon called the bank and was told the company would not be compensated because it had been reckless.
The business, which has banking with NatWest for more than two decades, employs 100 people who are expecting to be paid their last pay packet before Christmas next week. The only help NatWest offered was a short-term overdraft facility.
£1M STOLEN IN CASES SEEN BY THIS IS MONEY
This
is Money first reported on malware attacks on NatWest customer in
September with the story of bakery firm Truffles.
In October we followed this with details of two more cases, Birkenhead-based varnish producer AEV Ltd and Hereford-based GB Electrical and Building Services Ltd.
All three companies are still fighting NatWest to get their cash back.
Since these reports, This is Money has received the details of several more cases, with losses totalling almost £1million.
The latest is an engineering firm in Derbyshire that says it had £125,000 swiped.
If your business has fallen victim to fraud, contact: lee.boyce@thisismoney.co.uk
In October we followed this with details of two more cases, Birkenhead-based varnish producer AEV Ltd and Hereford-based GB Electrical and Building Services Ltd.
All three companies are still fighting NatWest to get their cash back.
Since these reports, This is Money has received the details of several more cases, with losses totalling almost £1million.
The latest is an engineering firm in Derbyshire that says it had £125,000 swiped.
If your business has fallen victim to fraud, contact: lee.boyce@thisismoney.co.uk
'Secondly that no one from the bank has been out to see us. It seems to be me having to call them.’
He added: ‘£240,000 is a massive amount of money and unless we get this money back 100 people will be out of work in Worksop in the next few weeks.’
Since the case came to light, NatWest managed to recover €50,000 from Germany – but the rest of the money is still missing.
However, after interventions by This is Money and help from John Mann, MP for Bassetlaw, NatWest has decided to refund the lost money.
It did not offer an explanation for the u-turn.
John Mann, who also sits on the influential Treasury Select Committee, said: 'This case demonstrates how much online fraud is growing and how sophisticated fraudsters have become. It’s a modern crime that needs highlighting.'
In most cases, NatWest has been refusing compensation on the grounds that victims have breached the security terms of Bankline. Central to this is where and when the 'challenge' key is imputed.
The genuine NatWest site asks for this to be done once customers have logged in, as a final security check before payments are processed.
In total, Bankline customers have six separate security details to remember and enter when prompted - a customer identification number, a user identification code, a log-in PIN, a log-in password, a smartcard PIN and a challenge key from the smartcard reader.
NatWest has told victims that, because they entered the challenge key before they log in, rather than after, they have been reckless and have breached the terms of Bankline.
It would be up to a judge to determine whether the terms of the Bankline contract are fair, and that would require a victim taking NatWest to court over the loss. However, while businesses have been left to shoulder the loss, there is reason to believe that individuals who fell victim of the fraud would be compensated.
NatWest fraud: Cyber criminals appear to be attacking business customers after users unwittingly download malware
Another case seen by This is Money was Cocoa Properties, which runs a portfolio of buy-to-let homes. It had £74,000 stolen in a malware attack and decided to contact the Ombudsman after reading our report that explained the service was open to small firms.
Shortly after that, NatWest decided to refund the money.
This is Money contacted NatWest on behalf of the businesses involved.
A spokesman said: A NatWest Spokesperson said: ‘We are grateful to This is Money for continuing to raise this important issue. We would like to take this opportunity to remind our customers about online fraud.
‘There is an extremely large number of online scams affecting banking customers across the sector. In a three month period over the summer, IT Security Professionals estimate there were approximately 18 million pieces of malware sent out in the UK. We wish to remind our customers of our safety rules to try and prevent cyber crime.’
‘When assessing fraud cases, the Bank will always review the facts in accordance with FCA guidelines, the Payment Services Regulations and the account terms and conditions’, it said.
'The most dangerous threat to enterprises'
NatWest said it recommends customers download security software called Trusteer Rapport and warned them to never divulge their full pin or password or other security information when they log-in.NatWest has told victims that their failure to install the software means they are in breach of the terms of Bankline.
Amit Klein, chief technology officer at Trusteer, told This is Money: ‘The common thread running through the malware trends we’ve seen in recent months is the evolution, maturing and diversification of the attacks and fraud schemes they facilitate.
'Malware is still the most dangerous threat to enterprises, end users and financial institutions.'
Many of the cases of fraud that This is Money has seen resulted in the cash ending up in Eastern European countries including Lithuania, Turkey and Hungary.
Mr Klein adds: ‘We are suspicious that much of the fraud is from ex-Eastern Bloc but it’s not exclusively from this region.’
He says that although large swathes of money seems to be ending up in Eastern Europe, the fraud is not necessarily originating from there.
No comments:
Post a Comment