Police are warning people to be wary of granting remote access to their devices after victims of a fake investment scam were left on the hook for huge bank loans.
The victims – including one man who was taken for nearly £120,000 – were first lured-in by flashy adverts and pop-ups for an online investment scheme.
After initially seeing promising returns they were each persuaded to take out bank loans to fund additional investment.
It is at this point that the scammers struck – convincing the victims to grant remote access to their phones, computer and tablets to help guide them through the application process.
The victims’ details were then used to secure multiple loans, with the online scammers then transferring the funds into their own accounts and disappearing.
One Nottinghamshire victim, a man in his 20s, was left liable for six loans totalling £118,500 – money he will now have to pay back.
Another, a woman in her 60s, fell into £24,000 of debt in similar circumstances.
Kirsty Jackson, a cyber protect officer at Nottinghamshire Police, urged people to be vigilant.
“These online investment scammers pose as legitimate companies with hundreds of positive reviews, so it can be very easy to become a victim.
“It is therefore extremely important that people only grant remote access to their mobile phone, iPad, laptop or computer if they are asked by someone they know and trust, such as a friend or family member.
“You should never grant remote access to your device as a result of an unsolicited call, browser pop-up, or text message.
“The consequences of doing so can be devastating. These scams have had a profound impact on their victims as the banks have now insisted on the loans being paid back.
“We are helping them submit claims for the loans to be written off, but there are no guarantees and so the best way to protect yourself is to be vigilant of such scams.”
Other remote access scams start with a browser pop-up appearing on a would-be victim’s phone or computer warning them that their device has been infected with a virus.
Alternatively, it could be a phone call from an individual claiming to be from their bank insisting they urgently need access to their device to cancel a fraudulent transaction.
The victim is then persuaded to download and connect to a remote access tool that the imposter says is required for them to deal with the problem. But once the fraudster has gained access to the person’s mobile or computer, they can then access private banking details and steal money.
“While remote access tools are safe when used legitimately, we want the public to be aware that they can be misused by criminals to commit fraud.
“It’s important the public understand that legitimate organisations will never contact you out of the blue requesting remote access to your device.
“No matter what is said, remote access scams all have the same thing in common – the scammer will always ask you to type something into your browser or request you to download a remote access tool in order to grant them access to your device.
“Once they have access to your device, they can then access personal information which can be used to apply for loans or bank accounts and access your own bank accounts to steal more money from you.
“When the scammer has remote access to your device, the camera can be accessed to allow for Face ID verification to finalise fraudulent applications made.
“The scammers can close any fraud warning pop-ups generated by your bank or ask you for a code sent by the bank (from your Secure Key if you have one), otherwise if any codes are sent to your phone number or other verification options enabled, the scammer will likely have access to it since they have access to your device.
“That’s why it is important to never grant remote access to anyone who contacts you out of the blue.”
Here are a few tips from Action Fraud to help you mitigate the risk of falling victim to remote access scams.
You should only install software or grant remote access to your computer if you're asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop up, or text message.
The public are reminded that a bank or service provider will never contact you out of the blue requesting remote access to your device.
Anyone who thinks their laptop, PC, tablet or phone has been infected with a virus or some other type of malware, should follow the National Cyber Security Centre guidance on recovering an infected device.
To protect your money, you should contact your bank immediately on a different device from the one the scammer contacted you on.
Incidents should be reported to Action Fraud in the first instance by calling 0300 123 2040. You can then make a further report to Nottinghamshire Police by calling 101 and quoting the Action Fraud reference number.