Just had an unusually complex phone phishing attempt on my personal bank account. It's really opened my eyes compared to the usual indian rubbish so thought I'd share.
Well spoken guy rings me from private number (bells ringing already). Perfect English with the tinest hint of indian/pakistani twang.
Tells me it's my bank and unusual activity on my card, did I make purchases as Ikea and Halfords to tune of 300 or so. Nope.
Started process to close account saying all the right stuff but technical issue stopped him as still some fraudulent activity coming through.
Said they will text me the transactions and I have to confirm.
Got first text from ROYBANKSCOT saying some disputed transactions to check and they'll come from <mobile number>
That name looked odd but sure enough another text came through with three transactions. I've had this before and it was exactly the same format, just the normal text number struck me as odd.
Text came through and on it was one for just under 2k I didn't recognise and two I had made to ta different company today.
Now that threw me. My hackles were up big time but these two genuine transactions surprised me.
He said say Y to is as you do recognise it as a transaction as we are talking about it now.
I asked him to prove he was RBS. He told me my details and also my previous two addresses. Still wasn't 100% convinced but put Y in to text.
He then said another has come through in the meantime. Text came through with original 2k one, new 2k one and one of the real ones.
At this point I was done. IT systems are smarter than that. So told him I was going to call the bank and do it that way. He said OK and we parted ways.
Upshot when I called the bank they wanted to speak to me about 2 transactions they just spotted which happened to be the two from the bloke on the phone so I had been phished.
Thing is.. what a bloody good job. The details they held (which granted are not impossible to get but the previous address was clever), well spoken bloke, text with the name of the bank telling me another text will come through which is exactly how it works normally, all the speil about closing the account was word for word. The speil the real lady from the bank gave me was exactly the same about card being cancelled, new card & pin but coming in different mails. The texts worded exactly the same and so on.
Nearly had me but the witheld number, name of the text and having to approve the same one twice got me thinking.
Question for the masses. How on earth would they have two genuine transactions on the approval list? If they had access to my account the could have been a lot smarter with their fraud surely. Could it be the other company has an issue and they've spotted me on there?
The woman on the fraud desk said yes the scammers have a lot of information but didn't say anything else when I pressed her about how could the see a genuine transaction.
Anyone got any ideas? Is it pretty easy to view a bank account with fraudulent details rather than properly sign in to an account. Open banking or something?
Well spoken guy rings me from private number (bells ringing already). Perfect English with the tinest hint of indian/pakistani twang.
Tells me it's my bank and unusual activity on my card, did I make purchases as Ikea and Halfords to tune of 300 or so. Nope.
Started process to close account saying all the right stuff but technical issue stopped him as still some fraudulent activity coming through.
Said they will text me the transactions and I have to confirm.
Got first text from ROYBANKSCOT saying some disputed transactions to check and they'll come from <mobile number>
That name looked odd but sure enough another text came through with three transactions. I've had this before and it was exactly the same format, just the normal text number struck me as odd.
Text came through and on it was one for just under 2k I didn't recognise and two I had made to ta different company today.
Now that threw me. My hackles were up big time but these two genuine transactions surprised me.
He said say Y to is as you do recognise it as a transaction as we are talking about it now.
I asked him to prove he was RBS. He told me my details and also my previous two addresses. Still wasn't 100% convinced but put Y in to text.
He then said another has come through in the meantime. Text came through with original 2k one, new 2k one and one of the real ones.
At this point I was done. IT systems are smarter than that. So told him I was going to call the bank and do it that way. He said OK and we parted ways.
Upshot when I called the bank they wanted to speak to me about 2 transactions they just spotted which happened to be the two from the bloke on the phone so I had been phished.
Thing is.. what a bloody good job. The details they held (which granted are not impossible to get but the previous address was clever), well spoken bloke, text with the name of the bank telling me another text will come through which is exactly how it works normally, all the speil about closing the account was word for word. The speil the real lady from the bank gave me was exactly the same about card being cancelled, new card & pin but coming in different mails. The texts worded exactly the same and so on.
Nearly had me but the witheld number, name of the text and having to approve the same one twice got me thinking.
Question for the masses. How on earth would they have two genuine transactions on the approval list? If they had access to my account the could have been a lot smarter with their fraud surely. Could it be the other company has an issue and they've spotted me on there?
The woman on the fraud desk said yes the scammers have a lot of information but didn't say anything else when I pressed her about how could the see a genuine transaction.
Anyone got any ideas? Is it pretty easy to view a bank account with fraudulent details rather than properly sign in to an account. Open banking or something?
Comment