You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.
-
@SuperDicq my banking app also supports a physical 2FA token. So what?
-
@[email protected] You can't get fooled by notifications like this if you don't have a banking app.
-
@Edent Yes. Because at present, my bank only contacts me by mail.
-
unlucio 🌍 :mastodon:replied to Terence Eden on last edited by
@Edent whenever you receive and
unsolicited call from whatever company simply hang up and call customer care:
if the problem is real the call center will take care of it, if it's just a scam you'll find out before they can scam you. -
@Edent there’s no major company in the world with enough bored staff on hand to call YOU. That’s the giveaway. Show me a company with thousands of employees like Chase, and I’ll show you a 1-800 number and a phone tree you have to navigate through to speak to anyone. There are mom and pop shops and dental offices with 3 employees who still make calls to their clients and customers… but a Chase bank or Apple or Bank of America or your mortgage servicer or insurance company? Ain’t happening.
-
@lechter it's a UK account.
I've certainly received calls about fraudulent transactions from my large UK bank - where they've explicitly told me to call back.Not everywhere is America.
-
@Edent that is an insecure “service” that’s going to get their customers into scam trouble. Like a rep asking for your current password. Spidey sense should tingle. No large company should ever call their customers for fraud. The best way to verify legitimacy is US calling their 1-800 number listed on the back of OUR card and navigating their phone tree. You can also go online to your account portal. If something is amiss you’ll either not be able to login or the whole thing will be lit up in
-
@lechter how should a bank contact you to alert you of suspected fraud?
-
@Edent an automated text or phone call telling the customer to call the bank solely using the phone number listed on the back of their debit card. Alternatively a push notification from their mobile banking app if they’ve got that on their phone. The message should specify that replies to the message are unmonitored and it is for informative purposes only.
-
@CaptainJanegay @iokiwi @glitzersachen @Extelec @Edent definitely not obvious. We have had to setup (and strengthen) procedures for scammers posing as me, asking parents for money. AI will make this worse, hence needing multiple checks now.
Luckily our checks have worked so far. -
@Edent tell them you entered your password but don't, if they know you didn't then they at least have access to Chase's system. Do it twice just to fuck with them.
-
wendinoakland has moved…replied to Terence Eden on last edited by
@Edent I’ve received texts from my bank about specific transactions, where the exact amount and the vendor in question are included. Without those details, I wouldn’t trust any random call, ever.
-
@Edent have been thinking about this for a bit, 2specially as I got a call a week ago saying it was from my bank and if 750 from an insurance provider was expected. I was ready to tell them if calm them back, but said I don't use "direct line", and they abruptly hung up.
I'd like to think that any call I didn't initiate I'd treat the same, but I do qi der if they'd opened with something like this if it would have caught me out
-
@Edent
I find it very disheartening that major banks actively promote risky behavior by:
- including links in emails
- initiating fraud alert calls and texts and leaving numbers to call back
No. I'm not talking about phishing. I'm talking about actual emails and calls and texts from the bank.(And don't get me started on CS agents that have told me that my password shouldn't be more than 8 characters because "it can cause problems".)
-
@Edent I would tap “end the call” and see if they hung up
-
Korrespondent zur Seereplied to Terence Eden on last edited by
@Edent 100% Scam
-
I've written up the above scam in more detail.
Remember, no matter how clever and security-conscious you think you are, these criminals are highly sophisticated.
You have to be lucky every single time. They only have to be lucky once.
-
@Edent thank you for writing this up, I’ve sent it to my mum
-
@Edent most banks are absolutely terrible at wording their SMS confirmation messages.
I've had genuine incoming "give us your details first to pass security" calls recently and it's frustrating. They follow it up with a generic code via SMS, which is the same one they use if you call them so the whole process is totally vulnerable to a MITM attack.
If I didn't have a need to make timely progress with something I'd start taking their "NEVER SHARE YOUR VERIFICATION CODE" message literally.
-
Daniel Appelquistreplied to Terence Eden on last edited by [email protected]
@Edent my rule is never to give any information to someone who calls me - ever. I don't answer calls from numbers I don't recognise, which I think also deters this kind of scam. If I get a notification, receive a letter in the post (has happened), or get a call about fraud, I call the bank on the number on my card or on their web site.