Fraudsters swipe another £710,000 in online scam, bringing total to £1.7m and counting

Fraudsters have swindled around £710,000 from nine local companies in a telephone scam, the Royal Gibraltar Police confirmed on Wednesday, bringing the total reported lost in recent days to £1.7m and counting.

Businesses across Gibraltar have been targeted by a telephone scam where the fraudsters pretend to be bank employees and dupe their victims into allowing remote access to their computers.

According to the RGP, reported losses are in the region of £1.7m with the spate of attacks continuing for days.

An RGP spokesman confirmed there were seven more reports on Wednesday and the Chronicle understands there have been further losses.

The scam begins with the cybercriminal calling, impersonating a local bank’s fraud team and advising there have been suspicious transactions.

The victim is told they need to download ‘anydesk.com’, an app used for screen mirroring, in order to allow the caller to view the transactions in question.

This is where the fraudster takes control and begins to withdraw funds.

On Tuesday, nine businesses lost funds in sums of £470,000, £45,000, £105,000, £29,000, £24,000, £7,500, and around £30,000 from a personal and business account.

Just a day earlier the fraudsters had scammed a local business out of £1m, according to the RGP.

For small businesses, a loss of thousands could be devastating.

One small business owner, Sophie Clifton-Tucker, co-founder of the Little English language school, was targeted by the cybercriminals.

She did not lose any funds, but the near-miss with a fraudster was concerning for her.

“We are a small family run language school that nearly lost everything that we spent eight and a half years working so honestly for,” Ms Cilfton-Tucker told the Chronicle.

“I’d like to think we are pretty careful, tech-savvy people but a genuine-sounding person with the right facts and figures catching you off guard at the wrong time can make you overlook the flags that are, in hindsight, painfully red.”

“The fraudster didn’t ask for any information that was so obviously sensitive that it would raise suspicion.”

“Instead he spent a bit of time building rapport and trust before asking us to visit a NatWest support website which was of course fake, despite emulating the official one.”

“One click later and remote access software was downloaded to our device. If we had given them the code, it would’ve all been over for us.”

Cybersecurity expert Peter Bassill called the spate the biggest scam to hit Gibraltar in his 30-year career, adding he suspects the total figure of funds lost could be as high as £3m.

Mr Bassill sits on the Council of Europe and is co-chair for cyber security across Europe. He also sits on the council for incident response across Europe.

He warned the public should always have a “small amount of cynicism” when dealing with supposed banks over the phone.

Mr Bassill said the fraudsters had done a “stunning” job when cloning the NatWest International website, adding he has been working across Gibraltar to support victims.

The common response to scams of this nature is initially to try and disrupt the fraudsters, potentially even "reversing connections" and turning the tables on the scammers.

But it is complicated work and even as cyber security experts scrambled to respond to the attacks in Gibraltar, new reports were being made to the RGP.

During some of these efforts, the fraudsters called the Chronicle in an unsuccessful attempt to scam funds.

Many of those affected have been customers of NatWest.

The Royal Bank of Scotland International has warned customers of fraudsters impersonating the bank, asking the public not to provide any details.

“We are aware of fraudsters calling customers impersonating the bank and we are working quickly to prevent fraud and protect customer funds,” a spokesperson from RBSI said.

“We urge all customers to call us if they receive a call they are unsure about and to never transfer funds or provide account details at the request of an unexpected caller.”

“If accounts are supported by a Relationship Manager, they can be contacted directly.” 

The bank issued guidance that customers should never give anyone remote access to their computer and or download software on the instruction of others.

The bank warned that anyone pressured to act should hang up and contact the bank using a published or known number.

Trusted Novus Bank has also posted a warning on their website in response to the telephone scam.

The bank posted that “scammers are becoming increasingly sophisticated, using various methods to trick unsuspecting individuals” and advised their customers to visit the RGP website for more information. 

The Gibraltar Bankers Association (GBA) said it is aware of “a new wave of fraud attempts on local banks”.

“This involves downloading of malicious software which thereafter compromises the clients account, including sensitive data and account functionality,” the GBA said.

“The GBA would like to remind the general public to be extra vigilant with regards to their banking affairs, especially with regards to any online or remote facility, including telephone calls.”

“If the account holder suspects or has any doubts as regards the authenticity of any interaction, please desist from providing any information, downloading any software or taking any actions as these could severely compromise your account.”

“We would strongly urge you to contact the Bank on a trusted number or other established medium of communication.”