[avianlyric]

> I would expect the same social-engineering to be able to convince the user to not raise the alarm during the 2 week cooldown period.

It would be interesting to test this. Having read through a number of APP fraud cases, including victim statements. One persistent theme is that the pressure cooker environment that scammers create to get victims to send money is very effective as getting them to ignore warning signs. But after they've sent the money, and the immediate pressure is off, they quickly realise they've been scammed.

I strongly suspect that introducing even short delays of a few hours would be very effective. Especially if the victim is immediately made aware that a delay has been introduced. This give the victim a little time to cool-off and realise that they've been scammed, and then hopefully alert the bank.

[mvc]

Haha I wonder if you've read my case. I was scammed out of 100k this year.

The scammer had control of my solicitor's email and timed the attack perfectly so I was absolutely convinced I was sending money to the right place.

Didn't realize until a few days later when the solicitor called me wondering where the money was. The two week thing might have helped us but the scammer would probably just time their attack differently. Although it would increase the time they have to keep the fish on a hook.

[avianlyric]

Not sure if you managed to get your money back. But if you didn't, go research the contingent reimbursement model (CRM). Pretty much every major bank has signed up to it, and the CRM requires banks to reimburse victims, if the scam is sophisticated and the victim took reasonable steps to avoid the scam.

A basic house deposit payment redirection scam should be covered, assuming you have evidence that the emails were sent from your solicitors email address.

[mvc]

Yep I did. Thanks.