Bank scam, test payment

The following is an example from the National Fraud Intelligence Bureau (NFIB) on one of the type of banking scams that it has encountered.  

Organised crime gangs are targeting professional businesses that deal with large sums of cash. The social engineering element of the scam is so effective that it is the representative of the business who actually makes the transactions to the suspect's account(s). As the transactions have been authorised, the banks are less likely to refund the money.

The suspect contacts the victim via telephone stating that they are from the victim's bank and that there is an issue regarding a virus and/or fraudulent transactions on their account and asks security questions. In order to convince the victim of their legitimacy, the suspect spoofs the genuine telephone number for the relevant bank and is also able to refer to genuine transactions made in respect of the victim business account, as well as name staff members who deal with payments.

The suspect then states that an authorised person within the company needs to log into the in-branch payment system to allow virus cleaning and a test of the payment system to be undertaken.

In some cases the suspect may instruct for software to be installed on the computer which would allow remote access to the computer in the future.

Test payments are then raised and made by the representative of the business who believes they are for no value, but are instead for large sums and are paid into various accounts.

Once trust has been gained the suspect may repeatedly call over a period of days, possibly quoting a pin number to ensure he is trusted, and request further 'zero' test payments to be made.