Remote Access Scams Open The Door To Thieves

More than £50m was lost last year to scams where victims are tricked into handing over control of their computer, or smartphone, to criminals. 

New data from Action Fraud reveals that 20,144 people fell victim to scams where they were persuaded to give criminals remote access to their device. 

Victims reported losing a total of £57.7 million, which is an average loss of £2,868 per victim.

Remote access tool scams will often begin with a browser pop-up saying that your computer is infected with a virus, or with a call from someone claiming to be from your bank saying that they need to connect to your computer in order to cancel a fraudulent transaction on your account.

Criminals will try to persuade the victim to download and connect via a remote access tool, which allows the criminal to gain access to the victims computer or mobile phone. If the victim allows the criminal connection via the tool, they are able to steal money and access the victims banking information.

Detective Chief Inspector Craig Mullish, from the City of London Police, commented. "While remote access tools are safe when used legitimately, we want the public to be aware that they can be misused by criminals to perpetrate fraud. We often see criminals posing as legitimate businesses in order to trick people into handing over control of their computer or smartphone...  You should only install software or grant remote access to your computer if you’re asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop-up or text message.”

In one case, a victim lost over £20,000 after they received a call from someone claiming to be from Sky stating that there was a problem with their Sky box.

The suspect persuaded the victim to download a remote access tool to their device which enabled the suspect to access the victim’s online banking and make a number of transfers to an account under the suspect’s control. Another victim lost over £1,000 after they received a call from someone claiming to be from Amazon stating that they were processing a payment for an Amazon Prime membership.

The victim told the suspect that they hadn’t subscribed to Amazon Prime but clicked on a link provided by the suspect to cancel the membership. The link downloaded a remote access tool to their device which enabled the suspect to access the victim’s online banking and empty their account.

The warning comes as Action Fraud launched a new national awareness campaign this week to increase awareness around the safe use of remote access tools and to remind the public to think twice before allowing somebody you don’t know access to your device.

How You Protect Yourself

  • Only install software or grant remote access to your computer if you’re asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop up, or text message.
  • Remember, a bank or service provider will never contact you out of the blue requesting remote access to your device.
  • If you believe your laptop, PC, tablet or phone has been infected with a virus or some other type of malware, follow the NCSC’s guidance about recovering an infected device.
  • Protect your money by contacting your bank immediately on a different device from the one the scammer contacted you on.
  • Report it to Action Fraud on 0300 123 2040 or via police.uk. If you are in Scotland, please report to Police Scotland directly by calling 101.

Action Fraud also advises that the public follow the advice of the Take Five to Stop Fraud campaign to keep themselves safe from fraud.

  • Stop:Taking a moment to stop and think before parting with your money or information could keep you safe.
  • Challenge: Could it be fake? It’s okay to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
  • Protect:If you think you’ve been a victim of fraud, contact your bank immediately and report it to Action Fraud online at police.uk or by calling 0300 123 2040.

Action Fraud:        NCSC

You Might Also Read: 

Online Fraud Is A British Security Nightmare:

 

« Algorithms, Lies & Social Media
EU Officials Targeted with Pegasus Spyware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

CSIRT-NQN

CSIRT-NQN

CSIRT-NQN is the Computer Incident Response Team for the Argentine province of Neuquen.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

Combined Selection Group (CSG)

Combined Selection Group (CSG)

CSG are Global Talent Experts, we operate across 7 specialist sectors, including Information Technology and Cybersecurity, and take a pro-active approach to executive search and headhunting.

SensorHound

SensorHound

SensorHound’s mission is to improve the security and reliability of the Internet of Things (IoT).

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

Valimail

Valimail

Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance.

Mitigo Group

Mitigo Group

Mitigo offers a well considered and effective approach to keeping businesses completely secure from any digital attacks.

Defence Innovation Accelerator for the North Atlantic (DIANA)

Defence Innovation Accelerator for the North Atlantic (DIANA)

The NATO DIANA accelerator programme is designed to equip businesses with the skills and knowledge to navigate the world of deep tech, dual-use innovation.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

Windstream

Windstream

Windstream is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the US.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.

Silicon Valley Cybersecurity Institute (SVCSI)

Silicon Valley Cybersecurity Institute (SVCSI)

SVCSI aims to investigate, develop, and promote technical excellence and the best security practices for dependable and secure systems and applications.