'Fraudsters exploited my angry tweet'

  • Published
Mike TinmouthImage source, Mike Tinmouth
Image caption,

Mike Tinmouth says the fraudsters were convincing

A bank customer was tricked into transferring money by fraudsters who pretended to be responding to his angry Twitter post about poor service.

Writer Mike Tinmouth was furious with the process and time taken to open a business account with Barclays.

He expressed his frustration in a public tweet - which was seized on by fraudsters who posed as the bank in an attempt to trick him out of £8,000.

Fraud experts say con-artists are becoming skilled at impersonation.

'Lulled into paying'

Mr Tinmouth wanted to open a business account to deal with the income and expenditure of some properties that he was letting to tenants.

He applied to Barclays, but the process dragged on and eventually he made a complaint on Twitter.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Mike Tinmouth

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Mike Tinmouth

He even posted an email that he received from the bank which he felt was unprofessional and had to confirm was genuine. The bank urged him to delete this public post.

All this information, together with some personal details that were already available about him online, was enough for fraudsters to mimic the bank and appear to know details of the case.

"They targeted me because they are monitoring the big banks' customer support Twitter channels where they can get enough information on name, location, and photo to then be able to track down further information," he said.

Soon after the Twitter exchange, he received another email apologising for the poor service and offering to deal with his case. This time the message was from a fraudster posing as his bank.

After various exchanges, he was provided with details of his "new" account, and he started to transfer money from his personal current account with a different bank.

The transfer was blocked, saving Mr Tinmouth from losing the £8,000 he intended to move between the two accounts.

Barclays said that customers should always be careful about posting details in public, and that it had a system of ensuring customers dealt with the bank's social media teams on private channels. No-one should transfer money to a new account without having all the relevant paperwork and full control of the account, a spokesman added.

"In this case, we advised Mr Tinmouth on the process he should follow to speak to us about his query. However while we were in contact, he engaged with an unverified email address and provided personal information to scammers, which led to him being targeted," a spokesman said.

Katy Worobec, managing director of economic crime at UK Finance, which represents the major banks, said that criminals would try to impersonate legitimate organisations, such as banks, police, utility companies or retailers. They would contact potential victims through social media applications in an attempt to trick them into giving away their details.

"Always question any phone calls, texts, tweets or emails out of the blue asking for your personal information in case it is a scam, and never automatically click on any links," she said.

"Instead contact the company directly on a known phone number or email, such as the one on their official website. If you think your personal or financial information may have been stolen, contact your bank straight away and also report it to Action Fraud."

Names matter

The attempt to trick Mr Tinmouth happened in the same week that plans were confirmed for a new system aimed at reducing fraud.

The Payment Systems Regulator has now opened consultation into the proposal to ensure than a recipient's name is checked, along with their account number and sort code when transferring money.

How Confirmation of Payee will work

When setting up a new payment, or amending an existing one, banks will be able to check the name on the account of the person or organisation you are paying.

  • If you use the correct account name, you will receive confirmation that the details match, and can proceed with the payment

  • If you use a similar name to the account holder, you will be provided with the actual name of the account holder to check. You can update the details and try again, or contact the intended recipient to check the details

  • If you enter the wrong name for the account holder you will be told the details do not match and advised to contact the person or organisation you are trying to pay

This process would have stopped Mr Tinmouth earlier in the process, as he would have realised that the destination account was not his own, but in the name of somebody else entirely.

Other victims of fraud may also have been stopped from transferring money had they realised the account holder they were paying was wrong.

Gareth Shaw, from consumer group Which?, said the change - which would take effect "early" in 2019 - was long overdue.

"Customers will question why it's taken their bank so long to implement a system that could have prevented devastating financial losses years ago," he said.

"To halt the alarming rise in bank transfer scams we must now see swift implementation of this much-needed measure across the board."