Online fraud gangs are exploiting the new General Data Protection Regulations to swindle victims.
They are taking advantage of millions of legal emails asking people to opt in to marketing material under rules which came into force on Friday.
But their dodgy versions urge you to visit bogus websites to “verify” or “update” bank account details.
In one case, crooks sent fake NatWest emails claiming accounts would be terminated if customers didn’t update records on a swindle site.
In another scam, customers were tricked by bogus bank staff into believing their accounts had been attacked and money needed to be transferred to a new account – set up by the crooks – to protect it.
Once the “authorised push payment” bank transfer takes place a loophole means victims have no legal right to get their money back.
Only a quarter of £236million swindled using transfers last year was refunded.
Nathan Strefford, 39, of Worcester, lost £12,500 when crooks intercepted invoices from building contractors and changed payment transfer details.
He says he was “disgusted” the banks where his money ended up refused to refund him or identify the crooks.
Banking trade body UK Finance said banks could not do so “for data protection reasons”.
It warned that GDPR should make everyone “vigilant of criminals”.
Gareth Shaw of Which? said a reimbursement scheme for bank transfer victims “cannot come soon enough”.
A UK Finance spokesman added: “Banks will keep customers informed wherever possible, but for security and data protection reasons they can’t typically provide the details of the recipient account or the specific techniques used to conduct the fraud.
“Intelligence is regularly shared across the industry and with law enforcement agencies to help prevent fraud and protect customers.”
Source: Read Full Article