A new telephone scam has been targeting upscale restaurants in London, with “convincing” scammers calling restaurant staff and tricking them into believing there's a problem with their payment system - according to a report issued by Financial Fraud Action. The scammers have targeted restaurants in affluent areas such as the West End and Twickenham.
The fraudsters give staff a phone line to call for customers to make payments, the Telegraph reports. Transactions are then funneled through the fraudulent phone line – restaurant owners have been warned to phone banks on a number known to be legitimate to check before changing payment methods. Katy Worobec, Director of Financial Fraud Action UK, said "It's important that restaurant owners are alert. Fraudsters can sound very professional - don't be fooled."
Phone scam: 'Classic social engineering'
To customers, Financial Fraud Action said, "If you receive any calls from your bank claiming there's a problem with payments, make sure you phone them on an established number to confirm the request is genuine. In addition, always wait five minutes to ensure the line is clear, as fraudsters will sometimes try to stay on the phone line and pretend to be your bank." The tactics used are variations of those in many current phone scams. In the common 'courier scam' used to obtain cards and PINs, the caller waits on the phone and pretends to be a new connection after the caller dials.
Phone scams: Old tricks
ESET senior researcher David Harley says, "The 'staying on the phone line' gambit is worth mentioning: it's certainly been used a lot in the context of other scams.” The tactic works simply because few users take measures to ensure the caller is not waiting - and when they dial, they are still connected. All that happens is the fraudster hears a series of beeps. Harley suggests 'interrupting' the call by hanging up and dialing another number - or calling on a different phone.
Action Fraud said,”When the restaurant calls the phone number, the fraudster asks to speak with the paying customer and then goes through their security questions. Once sufficient security details have been obtained from the customer, the fraudster will instruct the restaurant to put the transaction through.” The fraudster then subsequently calls the customer’s bank - usually within five minutes - and attempts to transfer funds, the Daily Mail said.
The scam is not new - and several elements are “classic social engineering” says ESET Senior Research Fellow David Harley - but it has spiked in the past six weeks, “Certainly there's a problem with the concept of answering security questions over the phone unless the bank or other caller has already authenticated themselves to you,” Harley says.
Harley says the key to avoiding such scams is not to place trust in unknown callers. If unsure, hang up, and call back on a known number. “In this case, a restaurant that falls for this has clearly failed to verify the credentials of the 'bank' and a customer who goes along with it has put too much trust in the restaurant. The 'security questions' must persuade the customer to give quite a lot of information away if they have any hope of persuading the bank to make the fraudulent transaction over the phone. One would hope…”