Over 1,000 in Malta have lost €20 million in SMS, email phishing scams and crypto frauds
Data provided by the police to Arbiter for Financial Services finds over 1,000 individuals in Malta have fallen victim to phone-banking scams, a loss of €20.8 million over 2022 and 2023
Malta’s financial services arbiter has said Malta is seeing a growing trend of bank account hacking by third parties, reflecting a problem that has become increasingly prevalent worldwide.
Scammers are employing sophisticated tactics, the Arbiter for Financial Services Alfred Mifsud – a former Central Bank deputy governor – said, such as using the bank’s identity, including its standard customer care mobile number or website, to deceive account holders and elicit vital data that enables them to access the account and withdraw funds, sometimes repeatedly.
According to data provided by the police to the OAFS, over 1,000 individuals in Malta have fallen victim to such scams, resulting in a loss of €20.8 million over 2022 and 2023.
“These scams were diverse, ranging from emails claiming to be from the victim’s clients to online purchases gone wrong and even emotional manipulation that left victims financially and psychologically distressed,” the OAFS said in its annual report, adding that the financial losses are often significant, ranging from a few hundred euros to several thousand.
“Unfortunately, the banks’ efforts to retrieve the fraudulently withdrawn money rarely succeed, leaving victims in a difficult position.
“This situation often prompts account holders to turn against their banks, arguing that they should have a ‘structure’ in place to alert customers about the dangers of engaging with hackers,” the OAFS said.
Faced with many such cases, the Arbiter devised a model to apportion liability for the financial loss sustained between the bank and the account holder.
“As scams continue to evolve and become more sophisticated, it is crucial for consumers to remain vigilant and for banks to implement robust security measures to protect their customers,” the Arbiter writes in his annual report.
“Investment fraud, particularly those involving crypto-assets, has significantly risen in recent years, with scammers exploiting the hype surrounding these technologies to deceive investors.”
According to the OAFS, scammers are also increasingly targeting younger demographics, with social media platforms serving as a breeding ground for various types of fraud.
In one case, a victim received an SMS message, proceeded to click on a link in the message, and provided login credentials on a website mirroring a bank’s online domain. Two payments were made, defrauding the person of €19,150.
But the recovery of funds lost to scams remains a daunting task for victims, with the irreversible nature of certain transactions, such as crypto-assets, making it particularly difficult to retrieve stolen money.
The responsibility allocation model developed by the Arbiter has been well-received and adopted by Malta’s largest banks, the OAFS said. In the case of the fraudulent text messages, the bank argued that the complainant acted with gross negligence by giving away credentials.
The Arbiter attributed an initial 90% responsibility to the bank, because the fraudster had used the same SMS channel normally used by the service provider, making the fraudulent message appear genuine. Additionally, the victim was in regular contact with the bank regarding a home loan, which made the fraudulent SMS less suspicious. These special circumstances shifted responsibility to the bank, and given that the victim had not made similar genuine payments in the previous 12 months, indicated that the bank’s monitoring systems should have flagged the transactions as suspicious.
While this decision has been appealed by the bank, the OAFS insisted that the model’s effectiveness is evident because most new cases are being resolved without formal adjudication, either at the pre-mediation or mediation stages, and that banks proactively apply the model’s principles.
The model has also attracted interest from financial ADR forums across Europe and internationally.
Warnings from the Arbiter…
“Consumers need to exercise caution when engaging in online transactions, be wary of unsolicited offers or requests for personal information and immediately report any suspicious activity to the appropriate authorities.
“Scammers constantly evolve tactics, staying one step ahead of the industry and its regulators.
“Another area of concern is where losses are suffered by retail investors who are duped by fraudsters to participate in get-rich-quick schemes that involve the purchase and transfer of crypto assets via a Virtual Financial Asset (VFA) exchange.
“Complainants try to recover their losses by blaming VFAs for not protecting them from their follies. Current legislation does not provide similar protection in the crypto payments area as that applicable for payments under normal currency payments through licensed banks and financial intermediaries. The Arbiter has recommended that VFAs, at the onboarding stage, make more rigorous KYC procedures, especially where unsophisticated investors are involved, and even bring to their attention the high risks of fraud schemes via crypto payments by referring them to cases decided by the Arbiter.”