You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.

Simon Zerafa

@Edent

A tactic not too dissimilar to this caught me out. No financial loss though.

My only excuse was a super high temperature at the time and I was anticipating a call.

Right circumstances. That's all it takes 🫤‍️

Terence Eden

@simonzerafa
Yup. You have to be lucky every time; scammers only need to be lucky once.

Harro van der Klauw

@Edent yeah, I would never do that over the phone, I'll tell them I'll hop on my bike to the local bank first thing.

gadgetoid

@Edent I think I might have had pause for thought at “12 digits of your card number” but then I’ve watched/listening to a *lot* of scam baiting videos and adjacent podcasts. I simply do not answer phone calls.

I also don’t have any money to steal

Nulhomme

@Edent i would get scammed by that damn those scammer are getting elaborate

Terence Eden

@gadgetoid
Come on man! Get more money - those scammers have families to feed!

Dziadek

@Edent Rule two of answering the phone (or emails, texts). The person making the call has to identify themselves, not the recipient. Rule one is that all businesses calling, mailing or texting you are after your money in some way and are likely to con or defraud you.

When my bank has called me in the past and I insisted on checking. Their procedure was to alternate characters of my password with me. Otherwise I refuse to go on, which pisses off shedloads of telemarketers. But keeps me safe

Terence Eden

@DziadekMick
They did prove who they are. They sent a legitimate notification through the official app.
That's enough to catch most people.

chebra

@Edent The bank should display the phone number of the caller they are speaking with, asking the user specifically if this is their phone number.

Terence Eden

@chebra
Phone numbers can be easily spoofed.

Andrzej Stamburski

@Edent The phone is a very poor way for authentication. It's not an issue of wording or implementation. The mobile phone will always be very poor method of authentication, just because there will be always 1000 ways to fake things on it. The problem is, banks push mobile phone for authentication because it is cheap for them.

Terence Eden

@stamberry but this isn't a fake thing. It is a legitimate alert, from the authentic bank app.

benaki

@Edent They can also spoof the number on your card, as use it as 'proof' they are the bank.

SuperDicq

@[email protected] Another good reason to say no to proprietary banking apps. My bank account can only be accessed using a physical non-internet connected 2FA key device.

Terence Eden

@SuperDicq my banking app also supports a physical 2FA token. So what?

SuperDicq

@[email protected] You can't get fooled by notifications like this if you don't have a banking app.

Taya Nielsen

@Edent Yes. Because at present, my bank only contacts me by mail.

unlucio 🌍 :mastodon:

@Edent whenever you receive and
unsolicited call from whatever company simply hang up and call customer care:
if the problem is real the call center will take care of it, if it's just a scam you'll find out before they can scam you.

Mike Lechter

@Edent there’s no major company in the world with enough bored staff on hand to call YOU. That’s the giveaway. Show me a company with thousands of employees like Chase, and I’ll show you a 1-800 number and a phone tree you have to navigate through to speak to anyone. There are mom and pop shops and dental offices with 3 employees who still make calls to their clients and customers… but a Chase bank or Apple or Bank of America or your mortgage servicer or insurance company? Ain’t happening.

Terence Eden

@lechter it's a UK account.
I've certainly received calls about fraudulent transactions from my large UK bank - where they've explicitly told me to call back.

Not everywhere is America.