This is one that almost got me. I woke up to it after they put my finances in danger and I acted quickly enough that I wasn't harmed, but all the same... beware authentic-sounding phone calls.
How It Works
- Call pretending to be the client's bank, using data skimmed from the internet
- Claim there's anomalous happenings in the mark's account
- Use the extant information to get as much extra information as possible
- Profit
My Story
It was a busy day and I was trying to handle three things at once, not a single one of which is easy for me to recall in the here and now. So naturally the phone rings while I'm up to my elbows in other nonsense.
It's the bank calling about anomalous transactions on my card. Oh fuck. To add to his authenticity, he reads off the last four digits of my card and claims with authority that nobody could get those numerals.
Lies. Everybody can access the last four digits of your card.
So while we're talking, I get on the nearest computer and dial up all my accounts, all the time giving him my credit card number, expiry date, and the CRC code on the back. It's when he asks for my account details that things get fishy.
Me: Wait a second. You are NAB, you should have this information on file.
Them: Ma'am we are confirming your details for security purposes.
Me: Cool. I have my bank account up on my computer right now, tell me how much is in my primary account. Or any of them.
Click.
Me: Fuck. It was a phisherman.
What To Do
The police can't do diddly squat about this sort of bullshit unless you're a millionaire and they actually rip you off for nonsense. Even then, it's international, so they can't act very hard anyway [And the general opinion is that ASIO couldn't catch a cold in wet weather]. Therefore, the first thing you should do is immediately call your bank and let them know you've been phished.
Which is what I did. They cancelled my current card, mailed out a new one, and gave me a new account ID that would stop them using my account for their benefit.
How To Stop It
One: Your bank will never call you. Never. So if someone claiming to be your bank calls you, don't believe it for a second.
Two: Do not give them anything. Say "Okay" or "Yes" to the stuff that can be confirmed, but immediately act to access your information on a different device.
Three: Ask for details that can't be phished. Ask them for the first four numbers of your card, or what dates these allegedly suspicious activities occurred. The bank account number that is linked to said activity. Anything they should not be able to grab from a relatively casual internet search.
They will go away when challenged or, if they hem and haw, tell them that you're not falling for it and hang up.
A Postscript Anecdote
One of these people tried to phish my mother, whom I had informed about this nonsense on the same day. Irony for the win. The good news is that she didn't fall for it and called them out.
The bad news is that she tried to call them back. Using some elementary phone hacks, Mum returned a call to the last number to call her. Now. For some reason, that caller ID came up as the last number before them to call her. Which was me.
I was falling asleep and I got a call from a very angry octogenarian.
Mum: Your number is [MY MOBILE PHONE] and I am reporting you to the highest authorities. Hope you have a nice life in jail.
Me: (Half asleep) Wait what? Mum, what the--?
Click.
I immediately ring her back and demand to know what the hell I did to warrant the SWAT treatment. She legit thought I was a scammer for a handful of seconds and -thank the Deities- had not yet reported me as a firkin terrorist.
So yeah. These people can apparently scrub their calls from your phone records. Fun to know. Especially for me, who had anxiety-fueled jitters for four hours thereafter.
...wheeeee...
So add to that list of things to do is DO NOT TRY TO CALL THEM BACK. It can only cause woe.
[Image (c) Can Stock Photo / Gelpi]