Press reports about a club having a significant sum, reportedly £300k, taken fraudulently from the club’s bank accounts have been circulating recently and it is understood that at least one other club has suffered the same fate. The nature of the fraud was similar in both cases and involved the fraudster ringing the club purporting to be from the bank. In both cases, the fraudster appeared to be in possession of sufficient detailed information about the banking facilities to convince the members of staff involved that the calls were genuine.
All Clubs should be very wary of any incoming calls concerning their banking arrangements. It is, therefore, worth taking the time to consider security protocols and the following measures should be reviewed.
Limit the information, about the club and yourself, you make public on social networking sites. Identity thieves gather small pieces of information published online to build a profile of their victim. More information regarding safety on social networking can be found at www.gov.uk/guidance.
Use strong passwords longer than 7 characters, with a mix of numbers, letters, special characters and spaces, as these are the toughest to crack. A different password for every website is also recommended, despite the difficulties. You should avoid using your name, username, personal details or something too obvious as a password.
In the same way you should protect bankcard PINs, keep online passwords safe. Never let passwords be known to anyone and don’t write them down. If you believe they may have been compromised, change them as soon as you can. Further guidance on creating and administering passwords is available in this gov.uk document.
Be aware of email scams. Be on guard if you receive phishing emails asking for personal information or banking log-on details, especially if they threaten to suspend or limit access to an account. Banks, and other financial institutions, will never send emails asking you to provide personal information or to confirm online security details. Delete any email request for a password or username update without opening. Don’t click on any links provided in unsolicited emails. Don`t fill out online forms or login forms embedded in emails. Don`t provide Internet Banking passwords and usernames to anyone by email or phone.
Don`t access Internet Banking via any links provided in an email. Always access Internet banking through the bank’s website. Type the URL in the address bar and ensure the login page starts with the text ‘https://’ and not ‘http://’, to avoid pharming scams. Do not share information like, User ID, Account No., passwords, One Time Passwords (OTPs), etc. with anyone, even with a bank employee. If the bank does need to verify security information they will only ask for certain digits of a password or memorable word. Keep anti-virus software, browsers and firewalls up to date. This will make life much a lot harder for criminals trying to steal your data. Don`t use public computers such as internet cafes or libraries to log into a bank.
Be aware of suspicious calls. One of the most popular ways used by fraudsters to access your information is simply by asking you. This can be done in many forms such as phishing emails, cold callers or door salesmen. Never give bank details out if you are unsure of the person. Banks will never ask you to transfer any of your money from one account to another account that you don’t recognise. If you’re asked to do so, hang up immediately and wait 5 minutes for the line to clear, or use a different phone, before calling your bank to report it. If your phone has stopped working for no reason, check your bank account immediately. Check your bank statements regularly and if you are unsure of a transaction investigate it thoroughly using your bank to help if required.
Find out more here about Phishing and Pharming Scams.
If any club has suffered a similar scam please contact the GCMA, as it may be possible to link the crimes and help the national police body, Action Fraud. Any information that the GCMA do receive will, of course, be kept fully confidential.