A supposedly seasoned journalist working for the Financial Times shouldn’t fall victim to a common banking scam. So it’s with a sense of shame that I admit I was duped. With the press of a button I threw away £4,300. I’m writing this because I don’t want it to happen to you — and the banks need to stop shirking their responsibilities.
It goes like this. We are renovating our house in south London. My builder-cum-decorator sends me an email, a genuine message from his genuine email account. He’s politely addressing my concerns over mounting additional costs for the work being carried out. At the end of the email there’s a sort code and account number. And attached there’s an interim invoice, with details of the work already done. I make the payment.
I didn’t know then, but I know now, that authorised push payment (APP) fraud — where victims send their money directly into a criminal-controlled account — is one of the fastest-growing types of fraud. A new voluntary code to protect people against APP scams has come into effect this week, which aims to make it easier for victims to be reimbursed. But it is no quick fix, of which more later.
In 2018, there were 84,624 cases with £354m lost, mostly from personal rather than business accounts, according to UK Finance, a trade association for the banking and financial services sector. There are various ways you could be conned — including paying for goods you never receive, giving money to an online love who doesn’t actually exist, or by being sucked in by somebody pretending to be from your bank, or the police.
In my case it was less elaborate but just as effective. Somewhere along the line the email was intercepted and altered. I didn’t know then, but I know now, that I should have transferred a small amount first to see if it went through, or just phoned the builder to check his details. In the daily life-struggle with work, a full of beans two-year-old and moving house, it’s not something that had crossed my mind.
So these scams happen a lot. And the banks know they happen a lot. But until the builder told me the next day that he hadn’t received the money, and yes, it was his email, but no, it wasn’t his account number — until that point, I had no idea something might be up.
I reported it to my bank, Barclays. They said they would attempt to recall the money and I would have to sit tight and wait, possibly up to three weeks. I then reported it to the online cyber crime portal Action Fraud. And finally, I reported it to my wife.
I didn’t have to wait three weeks for the bad news. After a worried weekend, my fears were fulfilled — the criminals had drained their account. The woman from Barclays handling my case told me not to blame myself. “Nine out of 10 people would have done the same as you,” she said, sympathetically.
But if I wasn’t to blame, who was? And if so many people are falling for these scams, why aren’t the banks and regulators doing more to stamp it out?
Perhaps I could blame the builder, whose email account had likely been hacked. I phoned Citizen’s Advice to try to find out. After 45 minutes in a queue I got through to a woman who seemed quite aggravated when I refused to give her my name, address and phone number.
I wasn’t in the mood to give out my personal details, I said. I just want to ask a simple question. But without your details I won’t be able to refer you on, she replied. I don’t want to be referred on, I said. Half a dozen other agencies also couldn’t help. At one point I was offered counselling, so I phoned the helpline — but they couldn’t answer my question either.
After going around in a circle, a different branch of Citizen’s Advice broke the bad news. I was liable for the money.
For weeks I was dragged down by a sense of unease. I was suspicious of the builder who was still renovating our house. Could he have been involved? I was suspicious of the bathroom salesman who claimed he forgot to include taps with our order. I was brought up in a household where tea bags were reused, usually twice. The scrimping and saving, the money hard-earned, the discounts hard-negotiated, all wiped out in one go. And I had let down my wife and child.
Less than two weeks later I had a letter from Barclays confirming that I wouldn’t be seeing my money again. The criminals had been hours ahead of me. After I paid the money at 22:57 on a Thursday night, they had moved it out at 09:47 the next morning. We do our best to warn of the dangers of scams, the letter said. But that didn’t ring true.
When I paid the builder — again — this time from my account with Santander, I was confronted with drop-down boxes, questions and warnings designed to make me stop in my tracks. “Could this be a scam?”; “Please double-check the bank details personally with your payee”; “If someone is pressuring you, please stop now.” As I said earlier, all the banks know these scams happen, so why aren’t all the banks, Barclays included, making sure customers think twice at the point of transaction?
The voluntary code to protect against APP is a sign of progress, and the big high street banks including Barclays have signed up. But why is it voluntary? And why has the confirmation of payee system been delayed until March next year? Right now the account number you’re paying into isn’t even checked against the name you give as the payee. Fixing that security gap would wipe out £145m worth of fraud in the first year, according to the Payment Systems Regulator. And it would have saved my money too.
The banks should also do more to stop fraudsters opening and using their accounts. Isn’t Barclays ashamed that my money was paid into another Barclays account, and yet it still couldn’t do anything to stop the fraud?
Barclays said in a statement: “As soon as Mr Sinclair raised his concerns with us, we acted quickly to track the money transferred and recover the funds — however, the accounts had already been emptied. No bank does more than Barclays to protect our customers and their funds, and we hope that the police urgently investigate this matter and bring the criminal to justice.”
When I was younger, I was duped by a man in Tunisia. He approached me on the street, asked if I remembered him from the hotel, and if I’d like to go for a drink. It was only afterwards, paying the bar bill, that I realised he’d just been trying his luck for a free beer, a con so common it was even in the guidebooks. That’s one beer, 15 years ago, and it still hurts.
So this will stay with me for years to come. For now, I’ve lodged a complaint with the Financial Ombudsman. If I accept my share of the responsibility and my share of the shame, the banks should too. It’s their duty to protect our money. By the way, I’m very happy with the renovations. So I’d recommend my builder. But I wouldn’t recommend my bank.
Joe Sinclair is FT’s deputy head of video; Instagram @JoeSinFT; Twitter @JoeSinFT
Get alerts on Personal Finance Advice & Comment when a new story is published