What is vishing and smishing?
Vishing is the fraudulent use of phone calls or voice messages to impersonate trusted organisations to obtain sensitive information1. Smishing is the fraudulent use of SMS text messages to get targets to click malicious links or hand over private information2. Bank Impersonation is a type of vishing and/or smishing, and both forms of fraud are growing threats in the UK3.
Bank impersonation fraud is where the fraudster contacts the victim pretending be from their bank. It often begins with a phone call or text message, where the fraudster might claim there has been fraud on the victim's account, an issue with a transaction or a need to upgrade to or download a new payment channel.
To assist with this, they may state that they need to take control of the computer, or transfer money to a 'safe' account to protect funds. You may be asked to download software or use a webchat and your screen may turn black. This enables the fraudster to initiate transactions without your knowledge and they will ask you to enter your PIN or use your biometric device to complete the process. In doing so, you are authorising the payments set up by the fraudster. This type of fraud is on the rise and can often lead to devastating losses.
Please remember that Barclays will never do any of the following:
Fraudsters will even set up fake Barclays sites which look similar to our genuine websites or include a Barclays logo, in order to convince you to download software which allows the fraudsters remote access to your computer. Be extremely vigilant regarding any requests to click on links, visit web addresses or download software to resolve an issue.
If you suspect fraud, or just feel unsure please hang up, disconnect from the internet, and contact our Barclays fraud team using a different phoneline. Do not call back on any numbers provided to you by the caller.
How to prevent vishing and smishing
What to do if you're a victim
Francis and Sam are calling customers to alert them to fraudulent account activity. But can you tell which call is genuine, and which is a vishing scammer? Watch the videos below to find out!
These calls are based on real conversations.
Hi I'm Francis, and I’m calling from the Barclays fraud team.
There have been three payments of £4,200 made from your business account this morning, and I’ll need you to confirm that you made these payments.
Before you do, I’ll need to take you through security.
Can I take your memorable word and passcode in full please?
End.
This is Sam from the Barclays fraud team.
We've noticed unusual activity on your business account and need to take immediate action.
I've already spoken with your Relationship Director David Warner and he's given me the go ahead to contact you.
Before we proceed, you’ll need to verify some account details in full...
End.
Both calls were from fraudsters.
Both fraudsters claimed to be from a bank and asked for personal or account information in full.
To report any fraudulent activity, or attempts, contact Barclays Corporate fraud on 0330 156 0155* or if calling from overseas dial +441606566208.
If you receive a suspicious email, send it as an attachment to internetsecurity@barclays.co.uk and delete the email immediately.
To keep yourself, and your organisation protected from criminals, ensure you keep up to date with our latest resources and advice.
Fraud and Scam Toolkit
1 https://www.pandasecurity.com/en/mediacenter/mobile-security/what-is-vishing/
2 https://us.norton.com/blog/emerging-threats/smishing
3 https://www.kroll.com/en/insights/publications/cyber/monitor/vishing-smishing-attacks
4 https://www.ukfinance.org.uk/policy-and-guidance/reports-and-publications/annual-fraud-report-2023
5 https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/phishingattackswhoismostatrisk/2022-09-26
