You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.

jazaval@mastodon.social

@Edent I would tap “end the call” and see if they hung up

hinnerk@mastodon.social

@Edent 100% Scam

edent@mastodon.social

I've written up the above scam in more detail.

Bank scammers using genuine push notifications to trick their victims

Terence Eden’s Blog (shkspr.mobi)

Remember, no matter how clever and security-conscious you think you are, these criminals are highly sophisticated.

You have to be lucky every single time. They only have to be lucky once.

pretendcato@mastodon.social

@Edent thank you for writing this up, I’ve sent it to my mum

omnomis@mastodon.social

@Edent most banks are absolutely terrible at wording their SMS confirmation messages.

I've had genuine incoming "give us your details first to pass security" calls recently and it's frustrating. They follow it up with a generic code via SMS, which is the same one they use if you call them so the whole process is totally vulnerable to a MITM attack.

If I didn't have a need to make timely progress with something I'd start taking their "NEVER SHARE YOUR VERIFICATION CODE" message literally.

torgo@mastodon.social

@Edent my rule is never to give any information to someone who calls me - ever. I don't answer calls from numbers I don't recognise, which I think also deters this kind of scam. If I get a notification, receive a letter in the post (has happened), or get a call about fraud, I call the bank on the number on my card or on their web site.

desroin@geekdom.social

@Edent well my bank never calls me. Either I'm calling them or they'll send me a letter either physically or in my online banking inbox

edent@mastodon.social

@DesRoin
The key here is to use your imagination.

desroin@geekdom.social

@Edent No what I mean is this is general policy. If someone calls me claiming to be from my bank I know by default it's a scam at the very least if it relates to information about my bank account.

edent@mastodon.social

@DesRoin
And you'll 100% remember that when you're hungover, I'll, or distracted - right?

The key here isn't to say "well *I* would never fall for this because…" - instead, try working out what sort of things a scanner could do which would make you lower your defences.

In the above, you believe it to be a scam. You're about to hang up, when you receive a genuine in-app notification. Even a sceptic like yourself is going to be taken aback by that.