Yes; even I got scammed. It worked but in reverse: it worked because I assumed this guy is a crook like much of the chinese business community, so I went along with what looked like standard chinese tax evasion 
domestic affairs in the UK and the US are reported outside those countries in a way that doesn’t really occur for any others.
A funny but so true observation 
I think that particular example is less a banking scam and more the common or garden rip-off that is an inherent risk of doing international business.
What I mean by ‘dumb’ is when folks fall for cold calls purporting to be from their bank, telling them that their funds are at risk and they have to move them immediately to this random account. You only need a very basic understanding of banking to know that such a call can never be genuine.
Peter wrote:
ex the US, the UK is by far the richest English speaking country, and with English being by far the most widely understood language in the countries with the most scammers (China/Russia for the remote stuff, Albania/Romania/Bulgaria/Serbia for the personal-contact stuff) the UK will get far more attacks than say Croatia, Greece, France, etc, whose language practically nobody in these countries speaks
This sounds pretty reasonable but still doesn’t explain everything. Here are some data from 2019 from this source for card fraud across Europe showing level by countries.
That most CC fraud is cross-border makes sense, since the attacker needs to run off with the money
The table does not list the attacker’s country, which is probably mostly china/russia. That means if you do a fraud list for Europe, most fraud will be cross-border.
I think that particular example is less a banking scam and more the common or garden rip-off that is an inherent risk of doing international business.
I think a classic old-style ripoff would be sending out a photoshopped letter of credit (I am talking 3rd World now), relying on the recipient to not ask his bank to confirm it (a reasonable human factor because an LC has an expiry and most customers set this date really tight because they are bastards, resulting in most LCs expiring and then you are relying on the customer’s honesty to pay up) and you send out the goods and then discover…
The one I got also relied on a human factor: the widespread knowledge in the western business community that china is full of criminals, so a chinese company with a bank in the US is perfectly reasonable – absurd as it would be with someone honest
A friend of mine was subjected to an extremely targeted fraud that drained his bank account. He has a very common name, and so the fraudsters didn’t really have too much difficulty finding someone dishonest with the same name and date of birth, so their real ID would match the targets, this person was the money mule. It also relied on an extremely well targeted social engineering attack on the bank and on my friend to find out a couple of details. At that point the money mule physically started withdrawing money. The bank was very rapidly alerted to the fraud (the social engineering attempt on my friend tipped him off) but the money mule kept getting the account unblocked by going into a physical branch, and claiming to be the real owner of the account – and having the same DOB, same full name, and a passport to show it, and knowing the “usual security details” (e.g. mother’s maiden name) kept getting the account unblocked and draining more money, despite the money mule being hundreds of miles from where my friend actually lives. The second difficulty was my friend genuinely getting his account re-opened to pay the bills! The bank did repay the defrauded money in full.
We have also recently been defrauded, my wife received a payment authorization unexpectedly on her banking app so refused it. When looking at the account, her card had been physically used dozens of times in a betting shop as in-person transactions (no doubt on low stakes bets – betting with other people’s money and using the gambling to “launder” the money) and even on a bus (unfortunately the transaction didn’t say where, other than somewhere that Arriva operates). These were chip and pin and contactless transactions, so evidently the chip isn’t as secure as the banks lead us to believe as the real card was safely in her wallet. Again, the bank repaid in full.
We also had a fraudulent online transaction attempt on our account used purely for paying bills (we’ve never made any online transactions with this account’s card) which we rejected because it showed up through app authorization, so somehow that card number and CVV has been leaked somewhere. We’ve blocked the debit cards on that account.
These last two have happened while our bank was switching from Visa debit to MC debit, so we suspect there’s been some funny business going on during the switch which fraudsters have taken full advantage of.
That’s clever…
Agents also took an ID of a child (found on a gravestone) who would not have had a passport issued, which makes a fake passport much safer.
alioth wrote:
These were chip and pin and contactless transactions, so evidently the chip isn’t as secure as the banks lead us to believe as the real card was safely in her wallet.
The chip is as secure as it can be but the underlying mechanism of executing transaction has some flaws. If fallback mechanism to mag stripe is allowed then the transaction will be executed in case of chip “failure”.
Graham wrote:
What I mean by ‘dumb’ is when folks fall for cold calls purporting to be from their bank, telling them that their funds are at risk and they have to move them immediately to this random account. You only need a very basic understanding of banking to know that such a call can never be genuine.
I think you greatly underestimate the innate trust that most people have, and their extremely low level of skepticism. The scamming industry is enormous, extremely underreported, very professional, and growing.
Indeed.
The 80 year old case I mentioned involved an awesome level of preparation. They explained to her how to use her phone to navigate to each bank branch, explaining to her (having asked her phone model) how to use the satnav (google maps presumably; she never used it) to navigate. They kept her going for 3 (three) days, allowing her off the phone only to sleep.
She took a huge mental hit and is now reportedly going slightly mad.
Fortunately, her “idiocy” is matched by the idiocy of the various Lloyds Bank staff (who had to pass through a mind-numbing vetting process to ensure their colour, circumference, biological and self-adopted gender properly represented the BBC producer UK population, not to mention a 2 year course on GDPR) who didn’t query it at any stage – probably about 5 different branches. Lloyds wanted to keep this out of the Daily Dirt Digger so they are refunding it.
On the credit card stuff, there are clearly some weird back doors in the system which nobody will talk about but the banks refund the loss very fast. My guess would be that some key has leaked out. I was told by someone in the business many years ago that the PIN number is stored on the card, encrypted with DES. This was to enable drawing cash from a cash machine whose connection to the bank has failed. DES is still very hard to break today for practical scenarios especially where the plaintext is binary data but I am sure this has been changed. That key would have been stored in every cash machine in a tamper-proof module (which AFAIK is still there). Then there was the exploit where two people, joint account, drawing different amounts concurrently, got billed the lower of the two, only, if they did it in the right order So nothing surprises me…
eurogaguest1980 wrote:
I think you greatly underestimate the innate trust that most people have, and their extremely low level of skepticism.
Agreed. It doesn’t happen so much in these days of in-app confirmation, etc, but whenever my bank / credit card companies would call me, and I insisted on getting a contact and calling them back, they seemed surprised. They were perfectly happy for me to do that, I just got the impression it didn’t happen very often…
