Old-style scams increasingly used by fraudsters

By Marianne Curphey

When it comes to data theft, high profile breaches such as the one experienced by TalkTalk in late 2015 are the ones that hit the headlines. Yet security experts warn that simple scams are actually far more common and are a bigger risk to consumers than one-off cyber break-ins.

Thanks to chip and PIN technology, credit card fraud is falling as a proportion of card spending (although total card fraud is rising slightly), according to an October 2015 report from Financial Fraud Action (FFA) UK.

But now, thieves and fraudsters are turning to "old-style" scams to steal money and credit card details. Favourites include pickpocketing, phone and email scams, and breaking into online accounts by guessing common PINs and passwords. pick-pocket

ATM-related pickpocketing
"ID theft and theft at ATMs is now increasing," explains Martin Warwick, principal consultant at FICO, which provides fraud protection for the majority of large European banks.

Frustrated by the success of chip and PIN, fraudsters are returning to traditional methods such as following victims, watching them put a PIN into an ATM, and then pickpocketing them, he says.

Additionally, at the Information Security Media Group's October 2015 Fraud Summit in London, Lachlan Gunn, executive director of the European ATM Security Team, said "old-style", unsophisticated scams involving ATMs are ever prevalent. Such fraud includes card and cash trapping -- in which the cash machine appears to swallow the card or malfunction -- and robberies at cashpoints. Often, thieves will work in teams. One person will distract you while the other snatches your bag or card out of your hand.

Phone and phishing scams
Online and telephone criminals are a little more sophisticated than pickpockets -- think computer experts and cold callers whose polite manners belie their criminal intentions.

"You may receive a phone call, supposedly from your bank [but actually a scammer], attempting to dupe you into revealing your PIN. Or you may receive a ‘phishing' email, where the sender is trying to gain your personal information," says Warwick.

According to an August 2014 analysis from software security firm Kaspersky, the percentage of spam in email traffic in the second quarter of 2014 rose 2.2% from the preceding quarter, making the UK the No. 1 target for malicious mail.

"Fraudsters get better responses from phishing than banks do from their direct mail campaigns," Warwick says.

Guessing common passwords
Another tactic fraudsters use is simple guesswork. Even if a criminal doesn't see you enter your PIN, he may be able to guess it if your code is "easy to remember" -- read: easy to guess.

"We are still seeing so many people fall victim to ID fraud with easily cracked, numerical passwords, or basic things such as birthdays and mothers' maiden names," says Neil Munroe, external affairs director of Equifax.

Research by SplashData found many people are still using simple passwords, such as "123456". In 2014, that password kept its 2013 title as the most hacked password. Other popular choices included "password", "qwerty", "baseball", "dragon" and "football".

"It is vital that consumers stay alert to the risk and think about using secure passwords," Munroe says.

Preventive measures
If you suspect your identity or details have been comprised, one thing you can do is flag potential fraud on your own account by adding your name to the CIFAS Protective Registration Service, which aims to detect and prevent fraud. The service is made up of a closed group of organisations that share information about fraud cases.

Adding your account to the register "puts an extra level of security on the account and adds a warning to the database," says James Jones, head of consumer affairs at Experian. "All three credit reference agencies can load it onto their reports."

However, he recommends that people take "a risk based approach" as it is quite a big step to take. "It can be worthwhile, but it also throws a massive spanner in the works because it means that the lenders will carry out extra checks and an alert will flag up when you genuinely apply for credit," he says.

"If you believe you are in imminent danger of your identity being compromised then it may be worth the hassle that you will encounter in terms of any genuine application you make in the future," Jones says.

See related: Don't let identity fraudsters ruin your holiday, Stealing from children: Thieves prey on kids' identities

Updated: 16 November 2015