Reply to: Very complex phone phishing on personal account

Use that a fair bit too, and it's all we ever use on holiday abroad.

I use cash or, occasionally, barter.
much simpler IMO.

Pretty much the same here, except I don't have any cards, or bank accounts, linked to PayPal. I periodically do a bank transfer from a savings account to PayPal. If PayPal ever gets hacked, the most I can lose is the hundred quid or so I keep there.

I stopped using Amazon a few years ago, for various reasons, but partly because they don't accept PayPal and I don't want my credit card stored there. I pretty much use eBay/PayPal for most things these days.

Like you, the only places I have my credit card stored are Sainsburys and one other site I use regularly. In both cases, larger transactions require text pass code authorisation.

And, like you, I hardly ever use my debit card for anything, and never online.

I very rarely use my debit card, business or professional. I don't know if every bank does this, but in my card setup in online banking / app I have options to restrict its use to certain things or to freeze it.

So for instance Contactless, Online & Telephone, Gambling, International , Chip and pin can all be individually enabled or disabled. Freezing it disables all use. That's how mine sits 99% of the time.

Next, I use a normal credit card for purchases from big companies I trust, Sainsbury , Waitrose, Amazon etc.

Finally I have a Revolut account, this is very powerful in the level of control it gives you. The best thing is being able to create single use card numbers. As the name implies the number is destroyed after a single transaction, so you never have the problem of them losing your details or being hacked, or automatically renewing something in a years time to "help you". I always use this for RAC for instance.

Next it allows you to create virtual cards which can be tied to specific reasons (if you wish). So for example I have a virtual card that only PayPal has that number. I can then freeze that or set a spending limit per month. Or you can destroy a card at the click of a button. So if it was ever in the news that PayPal was hacked for example, I can destroy that card and create a new one in seconds. As this is a debit card you do lose the protection a credit card gives you, so there is a downside.

I do know the payment providors like Stripe, Cashflows and others don't care about the name. Someone used my details but their card on a site once so I tried it and put any old name in and it went through. Problem is they are an absolute pain in the bum to get hold of when there is a problem. Their pages are all set up for their paying subscribers to contact them but nothing for the general public. Did surprise me when I found out. I'm also surprised if this is true for Amazon but I am guessing they will be just using a similar payment provider so same rules. Interesting one that.

As I've mentioned elsewhere, I had a 13 fraudulent transactions between 21st and 22nd July. For some reason (probably CrowdStrike) I wasn't notified of the transaction until well into Monday morning. (I get notified by SMS of all transactions over a certain limit). How do they use my card? For the reason you outline. Surprised at Amazon though.

I hardly ever use my bank card, and never online. Mostly use PayPal or credit card. Not saying it is any safer but just feels that way.

Yes, if you're still using a landline

Ideally not from the phone I've called you from so that you know that you have actually disconnected from.

The best thing to do with any unsolicited financial call or text from a number that isn't verifiably the company it claims to be is to not take the call and then call the actual company directly. I see you eventually got there, but it's best to do this immediately, every time. These scams only work if they gain a degree of your confidence upfront.

Does seem to be a sudden uptick. I bank with one of the well known new banks in UK. Active card check yesterday out of the blue from Shopify. Quick google online and lots of people have this in last 3 days. If don’t cancel card, then transactions start to appear. Lot of theories around the crowdstrike outage exposing some merchant data and now lots of scams playing off it.

Sorry they didn't. They said cancel the card and they'll send me a new one out.

That's what I thought. They got the info from source and not from my account. I'll give the company a ring just to check but I doubt they'll have a clue what's going on either. The legitimate company uses an online payment gateway similar to worldpay.

Can't comment on your phish, but I had a fraudulent transaction (Amazon) on a credit card a few years ago that was only used by me for an internal money transfer, so never used to buy anything, never taken out of the house etc. I asked the bank how this could possibly have happened, answer came there none, but I got the impression they may know something I didn't.

The only clue I found was that some merchants/payment processors require much less info than others to do a transaction e.g. not requiring the usual combination of name, card number, CVV, postcode, which reduces the info needed to transact...but I would have thought (perhaps naively) Amazon would not be so blasé. Plus, it still doesn't explain how they managed to pull it off. All I could come up with was an insider at either the bank or Royal Mail somehow intercepting the card, as I'd assume blasting Amazon with random numbers and hoping one sticks would trigger blocks on the user.

I'm a bit confused about the bank and the criminal saying that they wanted to close your account. That seems like an extreme reaction, rather than just cancelling the card.

I suspect that they got your details from the other company (where you made legitimate purchases). Does that company have your phone number? It might mean that company has been hacked, or it could be an inside job. Also, did that company handle the payment themselves or did they redirect you to somewhere like WorldPay?

It isn’t -it requires authorisation by the user…