top of page

THREAT ALERT: Police Alert from Action Fraud

If your business employs remote workers then please read on to find out about a current crime trend affecting businesses across the UK.

laptop with red warning sign

Since June 2023 Action Fraud have received over 30 reports of fraud that have targeted businesses through their remote workers.

Victims have reported losses totalling over £3.8M.

Action Fraud have detailed the attacks as generally occurring as follows -

  1. Contact the victim claiming to be a representative from their bank or from a financial services vendor used by the victim’s business.

  2. Convince the victim to install a piece of software that enables remote access to their computer, claiming that it’s required to install an important software update.

  3. At some point during the call, the victim is instructed to login to their online banking account. Once the victim has done this, the remote access software is used to blur the victim’s screen whilst the scammer makes fraudulent transactions from the victim’s account without their knowledge.

  4. The victim is also asked to read out a series of numbers the scammer claims they have sent to the victim’s mobile. In reality, the numbers are a one-time verification code from the victim’s bank which, if shared with the scammer, will allow them to transfer money out of the victim’s bank account.

Action Fraud have put together this handy guide on how to protect your business from remote access scams

  1. Your bank will never ask you to grant them remote access to your computer or smartphone. Never install any remote access software on your device as a result of an unsolicited call, browser pop up, or text message.

  2. The one-time verification codes sent to you by your bank to authorise transactions on your account should never be shared with anyone, not even bank employees.

  3. If you believe your laptop, PC, tablet or phone has been infected with a virus or some other type of malware, follow the National Cyber Security Centre’s guidance on recovering an infected device.

  4. If you believe that you’ve received a suspicious call from someone claiming to be from your bank? Hang up, wait a few minutes, then call your bank using the contact number on the back of your debit card, or use the contact information on their official website or app.

  5. If your business has fallen victim to fraud or cybercrime, report it to Action Fraud at www.actionfraud.police.uk, or by calling 0300 123 2040. If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call 0300 123 2040 immediately.

Finally, we would urge all businesses in the East of England to immediately join the Eastern Cyber Resilience Centre as a free core member.


As a police-led, Home Office funded organisation, we can quickly lead you through the steps that you need to take now to improve your business cyber resilience. We provide free services and guidance as well as signposting you to valuable guidance that is published and updated regularly by other organisations such as the Police and the National Cyber Security Centre.


So join us now, and learn how to protect your data, your money and your reputation.

Comments


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page