How often do you share your card details without even thinking about it? This is what gave conman James** the opening he needed to exploit people’s trust and steal their cash
“Getting people to hand over their money on the phone was pretty easy. I’d had a year in a call centre a while back and it’s pretty much the same. I did it from my kitchen. The living room sounds too soft over the phone. The other kid I did this with used office sound effects in the background but I didn’t bother. I don’t think people notice.
There are hackers who can access systems for restaurant booking sites. You’d be surprised how often that happens. They’d tell me when someone cancelled a booking – and that would be my opening. The good thing about booking sites is that people don’t usually remember the details – some sites ask for a deposit, some don’t, sometimes people book directly with a restaurant site, sometimes through a third party – the whole thing is so vague.
When a booking cancellation comes through to me, I need the person’s phone number. I’ll have that either from the website or I can get it from an online database. That’s a gold mine – you can get postcodes, area info, friends’ names.
So, I’d ring the person who cancelled and say I’m from the restaurant booking site and it’s about the cancellation. Accents are good – Scottish and Irish are best, they sound friendly. I used to live in Lothian, so I can do a nice soft Scottish accent.
I’d start off at the top not talking about money. I’d always say, we took a deposit from your card, we can offer you a voucher for your next booking or we could give you a refund. Nobody wanted the voucher, but it was a great trick: people trusted me a little because they felt they had a choice.
Then I’d ask which card they’d used for the booking. If I asked for the card numbers right away, people got nervous quicker. When I asked which card, I’d often ask whether it was credit or debit, so they’d have to think. I wanted to push the idea that forgetfulness and confusion are natural. We’re all so forgetful! I’d say: “Ah, I’m like that, I can never remember.” Seemed like I was giving something of myself.
What I wanted initially was to make people feel fuzzy and trusting, to make them volunteer the info I needed. I’d reassure them by saying things like: “We can probably find this out from somewhere else”, but it’s human nature that people are really keen to help. Basically, I wouldn’t give them time to think about what it was I was asking for. I’d always add rubbish to the conversation: “Ah, it’s the weekend, shame you had to cancel”, that kind of thing. I always made it sound like I wasn’t reading a script.
Not many people are going to give you everything, but I could get enough to do a “card not present” transaction. This usually meant the bank or card company would ask for additional verification, so once I’d got what I needed I actually had to get the person a little suspicious. This was for the next part of the scam – the follow-up call. I’d go on to ask where the card was registered, that kind of thing. People don’t like to give out their home address and they’re not used to that kind of question. So they’d often end the call and worry. Or if they didn’t seem worried, I’d say someone from your card company will call to confirm the transaction. I just needed to set up the next call.
So then my mate called them – quickly, so they didn’t really have time to contact anyone themselves. For the group I worked with, this second call was from a woman, an older, mumsy woman. As with the Scottish accent, people trust middle-aged women. She’d give a nice trustworthy name like Sheila.
Meanwhile, I’d buy stuff fast online using the card details. Usually small, high-end stuff that would sell fast on auction sites – smartphones, laptops, designer trainers or handbags. Once the payment had been made, I’d cash out quickly either by sending someone in to a shop with a pickup code or organising delivery to a parcel house – people who agree to take parcels and act dumb for a cut. I’d clear anything between a few hundred to a thousand odd from a call. It added up fast. It was a lot of money for not a lot of work.
Sheila would say she was from the fraud department of the credit card company and that it had noticed suspicious activity. The person is already nervous that they’re being scammed so they feel relieved. Sheila is being sympathetic, saying it’s a new scam, asking what I said, saying not to be embarrassed, just making them feel OK. It’s all about getting their trust.
Then she’d say: “Don’t worry, you’re in safe hands now, but you’ll probably get a number of texts.” The texts would be pinging during the call and the person would be checking their phone and talking to Sheila who would do the fraud department chat. A text would say something like, “There’s a transaction from Argos in Manchester, is that you?”, Sheila would tell them to reply Y to the texts. If they worried about that – because of course they were confirming the transaction and allowing it to go through – she’d say: “We’ll deal with it at our side, we’ll take care of it.”
She needed to keep them on the phone for a bit to stop them calling their credit card company. If she did a good job, the victim thought the problem was sorted by the end of the call. Sometimes, though, they freaked out and hung up. When they did twig, they’d call their card company, but by then we were done. It’s best around Christmas because people lose track of what they’ve been doing online. If you look at data breaches, you’ll see a lot in September, too, after people have been out a lot in the summer.
What’s weird is, my nan actually got a call from a scammer like me, and she fell for it. I felt bad then. I mean, I’d felt bad before as well, sometimes. But seeing my nan upset, that was when I knew I had to quit.”
*Source: UK Finance Annual Fraud Report. **Name has been changed
Find out how to protect yourself from scams calls and keep your credit and debit cards safe with Lloyds Bank’s Fraud Hub