UK Metro Bank Hit By Messaging Scams

Metro Bank email scam

Technology speeds commerce and eases daily life, but also acts as a conduit to payments fraud.

To that end, Metro Bank said earlier this week that at least some of its customers had been victimized by fraud that focuses on text messages sent across telecom companies’ networks that Reuters reported are used to verify transactions.

Metro said that the attacks are leveled at a number of British banks, a roster that includes Metro.

“Of those customers impacted by this type of fraud, an extremely small number have been Metro Bank customers and none have been left out of pocket as a result,” a Metro spokeswoman told the newswire.

News of the attack comes via website Motherboard, which reported that the weaknesses in the messaging systems had been “known about for some years.”

The news comes as shares in the bank have been hit in the wake of an accounting error that in turn resulted in capital levels being reduced by $1.1 billion.

In other company-specific news, the Wirecard saga continues — with shares down double digits in intraday trading — as the payments firm, which is based in Germany, denied a Financial Times report that spotlighted what the financial publication said was “suspected book padding” tied to the company’s Asian businesses.

“Wirecard firmly rejects the media coverage of FT,” a spokeswoman said in a statement emailed to the media. “Nothing about the article published today is true.”

Earlier in the month the company said that an investigation by a law firm, Rajah & Tann, external to Wirecard, found no evidence of wrongdoing. The disclosures come as Wirecard has said that back in April of 2018, an employee of its Singapore operations had raised concerns about another member of the team. Wirecard said that an inquiry revealed nothing to substantiate those claims. The FT had reported that Edo Kurniawan, who heads accounting operations in the Asia Pacific, had been accused of forging and backdating contracts.

Separately, in an effort to stymie fraud, corporate expense management solution provider Coupa has updated its platform. New features on offer are targeting compliance and fraud prevention. The updates to its Coupa Business Spend Management Platform, including artificial intelligence (AI)-powered fraud prevention, global compliance controls and enhancements to supplier management and procure-to-pay functionality. As reported in this space during the week, the invoice payment enhancements are part of Coupa’s expansion into the B2B payments sphere via Coupa Pay, which debuted late last year.

Larger Trends Point to Email Scams

In looking at scams designed to steal money from unwitting victims, fraudsters have been taking advantage of the fact that Gmail (Google’s email offering) can ignore “extra” dots in an address.

The policy is known as “dots don’t matter” and research firm Agari has found that business email compromise fraud has been exploiting the effort. The scam comes as multiple variants of a legitimate email address can be used to trick users (including banks and other entities). 

The scammers have used the seeming loophole to open several fraudulent accounts. As recounted by Agari, a single fraudster used Gmail accounts to open up nearly two dozen credit applications that gave way to $65,000 in credit card fraud. In other examples of Gmail-related fraud, bad actors used them to file more than a dozen false tax returns and apply for unemployment benefits, in addition to other scams.

In other evidence detailing how popular email has become with scammers, the fourth quarter of 2018, according to ProofPoint, saw “continued high volumes” of fraud — as email fraud doubled quarter over quarter.