Scammers who tricked victims into handing them control of their PCs managed to steal nearly £58m last year, according to official UK police figures.
Some 20,144 individuals fell victim to such “remote access tool” (RAT) scams in 2021, according to Action Fraud, the country’s national reporting centre for fraud and cybercrime.
Losing on average around £2800 per incident on average, the total losses amounted to £57.8m last year.
These attacks often start with victims being bombarded with pop-ups on their screens, claiming that there’s a problem with the computer. That might, in turn, request users call a ‘hotline’ number that’s actually run by fraudsters, who will persuade the victim to download a remote access tool.
This is akin to a classic “tech support” scam. However, other variations may include scammers cold-calling victims pretending to work for their bank and claiming they need to access the computer to cancel a fraudulent transaction.
In either scenario, access to the victim’s PC or mobile device may enable the scammers to access banking details or download information-stealing malware with the same end goal.
One victim lost over £20,000 after a scammer posing as a Sky employee persuaded them to download a RAT to fix a non-existent problem with their TV. This enabled them to access their bank account.
Another lost £1000 after a fraudster pretending to work for Amazon tricked them into downloading a RAT to help them process a payment for an Amazon Prime membership.
“While remote access tools are safe when used legitimately, we want the public to be aware that they can be misused by criminals to perpetrate fraud. We often see criminals posing as legitimate businesses in order to trick people into handing over control of their computer or smartphone,” warned detective chief inspector Craig Mullish from the City of London Police.
“You should only install software or grant remote access to your computer if you’re asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop-up or text message.”