Members of the public who have found themselves out-of-pocket or inconvenienced by the ongoing problems at Travelex after it suffered a ransomware attack on New Year’s Eve, are being warned to watch out for email and phone scammers taking advantage of the situation.
In advice posted on Travelex’s holding webpage (the full website remains offline as the foreign currency bureau struggles to safely restore its systems following the attack), customers are warned that the high profile hack might encourage opportunistic scammers to take advantage of the situation:
“Based on the public attention this incident has received, individuals may try to take advantage of it and attempt some common e-mail or telephone scams. Increased awareness and vigilance are key to detecting and preventing this type of activity. As a precaution, if you receive a call from someone purporting to be from Travelex that you are not expecting or you are unsure about the identity of a caller, you should end the call and call back on 0345 872 7627. If you have any questions or believe you have received a suspicious e-mail or telephone call, please do not hesitate to contact us. Please note that Travelex does not store credit card numbers on its system.”
It’s a sensible warning.
After other high profile attacks, such as the various breaches that have occurred at TalkTalk over the years, scammers have phoned up users – pretending to be calling from the hacked company.
Then, having fooled the recipient that it is a genuine call from the affected firm, the scammer uses social engineering tricks to get their intended victim to divulge sensitive information – such as, for instance, bank account details.
It’s easy to imagine how a scammer might reach out to disgruntled Travelex customers, purporting to be a company representative offering to organise a “we’re sorry” payment for the disrupted service, and trick the unwary into sharing their financial information.
By the way, sometimes hacked firms have used this as an excuse not to pay victims’ compensation, claiming that it was actually the customer’s fault for handing over information on the phone call.
Scams like these can, of course, also arrive via email – but in my experience people who can be skeptical about suspicious emails in their inbox can often be duped by a ‘friendly’ voice on the end of a telephone line.
Often the best advice is to respond to any suspicious email or phone call claiming to come from a company by visiting the company’s real website, and looking for a contact number there.
Stay safe folks.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.