Online scam ruins Christmas in Marrakesh

A local lawyer was swindled out of £6,000 after his payment for a Christmas villa in Marrakesh ended up in a fraudster’s bank account.

The lawyer discovered that a UK branch of Barclays Bank had processed the transaction despite a mismatch between the payment instructions and the fraudster’s account, which were in different names.

Having lost out on the money, he was further outraged when the bank offered to refund £2.26 left in the account – but only if he promised to keep quiet about the scam.

Solicitor Ray Pilley was paying for a holiday villa in Marrakesh that he rents every year at Christmas from a woman who was well known to him.

But the villa owner’s email had been hacked by a fraudster who, posing as the woman, told the lawyer she had switched accounts to a branch of Barclays Bank in Leicester. Mr Pilley took the email at face value.

Unaware he was being conned, he made the payment from his Natwest account in Gibraltar and this was processed in Leicester by Barclays, even though the names at either end of the transaction did not match.

“There was no account at Barclays with that name but they nevertheless credited the account, which was cleared within hours by the fraudster who had hacked into the lady's computer,” Mr Pilley told the Chronicle. “Not only that, the fraudster stopped my e-mails from reaching her computer.”

This is the latest in a string of online scams targeting people in Gibraltar and highlights the need for heightened security awareness when using the internet.

But for Mr Pilley, the fallout from the fraud was not yet over.

After he raised the alarm, Barclays wrote back to him and said there was nothing it could do as the transaction had been properly handled.

It said that at the time the payment was made, it had no knowledge or suspicion that the account in the Leicester branch was anything other than legitimate.

The bank said the fraudster had left £2.26 in the account. In a letter seen by the Chronicle, it offered to refund that amount but only if Mr Pilley accepted it as a final settlement of any claims against Barclays and, additionally, agreed to keep the matter confidential.

“I felt both outraged and insulted,” Mr Pilley told the Chronicle.

“The letter is plainly a template which suggests this is the way they treat people generally.”

“The £6,000 from Natwest Gibraltar to a named account which doesn’t match up ought to have put anyone on notice there may be an issue or a scam.”

Mr Pilley said he had put that scenario to other major banks where he holds accounts.

“They were incredulous that Barclays should credit an account where the name of the beneficiary, which was included with the transfer, should be credited to an account in a completely different name.”

“They said the money would have been sent back immediately.”

Barclays insisted this week that it had followed proper procedure in handling the transaction, given that there was no indication of fraud until after the money had been withdrawn.

“I can confirm that in accordance with our statutory obligations and accepted industry standards, Barclays processed the payment by reference to the sort code and account number - the ‘unique identifier’ - stated in the payment instruction received,” a spokesman for Barclays in the UK told the Chronicle.

“The processing of electronic payments is not made by reference to the payee name…” he added, citing the UK payment service regulations.

“When this matter was brought to our attention, we acted swiftly in order to recover the funds that remained in the account.”

“Regrettably by the time we were made aware of the fraud, only £2.26 remained in the account.  The account has since been closed.”

Barclays said that it investigates any suspicious activity as soon as it is detected and acts swiftly to close such accounts.

It said any customers who transferred money into a fraudster’s account after a fraud is detected would receive a refund.

The spokesman also stressed that email communication was not a secure method of transferring bank details and that additional steps should be taken to avoid online scams such as this.

He added that while the bank was obliged to return the £2.26 left in the account to Mr Pilley, the inclusion of a standard confidentiality clause in the letter was “not appropriate” in this case.

“I can understand his sense of anger and I do apologise for that,” he said.