Lloyds Bank is warning customers to “never” share one-time passcodes, as criminals are using this as one of their latest scam tactics to access people’s money.
In a short video, the bank said: “Fraudsters are getting hold of personal and banking details and pretending to be us on the phone.
“They’re tricking customers into sharing their passcodes, passwords, and activation codes. Never share these with anyone, not even your bank.”
Passcodes, passwords, and activation codes are often used for various online actions, from logging into accounts to making online purchases with debit or credit cards.
The code is typically a unique set of numbers, similar to a PIN, and is usually sent to your phone or mobile banking app. It can also be sent through the post, primarily when registering for internet banking.
Fraudsters often use stolen personal details, such as your name and account information, to appear legitimate when contacting you.
They may claim they need the code or password to cancel a fraudulent payment or secure your account. However, customers are advised to remain cautious, as fraudsters may use other fabricated reasons.
Lloyds said: “If you share your code or password with a fraudster, they could use your account or card to steal your money.”
How to avoid this scam
Never share your passcodes, passwords, or activation codes with anyone, even if they claim to be from your bank.
Lloyds Bank emphasised that they will never call customers out of the blue to ask for such information. It added: “If you get a call like this, hang up. It’s a scam.”
Scam cases are rising year-on-year as fraudsters use more sophisticated tactics to blindside people.
According to the latest report by UK Finance, losses due to unauthorised transactions on cards, cheques and remote banking increased to £358million in the first half of 2024, up 5% on the previous year. Overall, the number of recorded cases of unauthorised fraud increased by 19% to just over 1.5 million.
Who could be behind these scams?
O2 conducted new research to uncover how fraudsters operate, using an innovative “AI Granny” designed to engage with scammers and waste their time to prevent them from targeting real victims.
The AI bot, “Daisy,” was created to interact with fraudsters, responding instantly to calls and keeping them occupied. Powered by various AI models, Daisy has proved so lifelike that it has successfully kept scammers on the line for up to 40 minutes at a time.
In total, Daisy engaged with more than 1,000 scammers. O2’s research found that most of these fraudsters work from call centres and rely on well-rehearsed scripts. Many scammers even recognised Daisy, indicating they shared knowledge about their tactics.
O2 said: “On multiple occasions, Daisy heard the same well-rehearsed lines from different scammers. Whilst scammers often thought they knew who they were speaking with, in cases where they didn’t, they were quick to change tactics to keep the call going, demonstrating the professional nature of their operation.”
Scammers frequently impersonate trusted organisations, including banks, Amazon, Microsoft, and Government agencies. Once they believe the victim trusts them, they use high-pressure tactics, such as threatening financial loss, claiming a hacker is on the victim’s computer, or even threatening legal action.
The research also revealed that, unlike real employees, scammers often become frustrated and angry when their tactics fail. O2 said Daisy frequently encountered rude or aggressive behaviour, particularly when she didn’t follow their instructions or when she diverted the conversation, such as talking about her cat.
O2 warned: “Calls out of the blue, threatening language or pressure tactics are all signs of a scam, and just because you hear them operate in a call centre doesn’t mean you can trust the person down the other line.”
It advised anyone who feels uncertain during such calls to hang up, call back using an official number, and report the incident to 7726.
