Forum menu
I always consider myself to be pretty savvy when it comes to spotting scams.
Got a phone call last night claiming to be from my internet bank.
They knew my name, postcode and at least the last 4 digits of my bank card. They sounded very professional and articulate.
They asked me to check some payments made to Groupon from my account. I told them I hadn't made them and then they refunded them, then and there.
There was another payment, several thousand pounds, that I hadn't approved and had failed to go through.
They claimed it was a "scheduled" payment and I needed to approve it and then they would be able to refund it if I didn't, the payment would go through at 8pm.
I politely declined.
He kept me on the phone for nearly 30 minutes and I must admit I did think he could be from the bank. Luckily for me I dug my heels in.
Looking back with hindsight there were a few red flags and I should of realised it was a scam much sooner.
I feel like a bit of a mug this morning even though I didn't approve it, but did consider it for a moment.
No wonder a lot of people fall for these people!
I have now found the feature on the app that tells you if the person who is calling you is from the bank.
I think that any*incoming* call has to be treated with extreme caution.
If you aren't sure it's a scam, just say you wish to be careful and you'll call the bank back. Hang up, Google the number you need, then call them yourself.
They phoned my wife's mobile and asked for me.
She had recently signed to a new supplier's website but had used my card for payment but the account had her mobile phone registered. I suspect they had hacked the website.
They only mentioned the last 4 digits of the card number which is what is shown on a transaction. Although I don't know how they made the smaller payments?
Although he was convincing and patient. I think he had previous call centre experience.
I should of just asked him to tell me my account number and sort code and confirm some other transactions on my account.
So had they already made the Groupon payments from your account and refunded them to convince you? Blimey, that’s a clever/nasty trick.
That's what nearly got me.
When I challenged him, he explained that if he wasn't from the bank how could he of refunded those payments? I guess with Groupon, you can make a purchase and cancel shortly afterwards and you get a refund.
If in doubt, ask the person at the other end to confirm the amount and date of last two payments into your account and the two direct debit commitments.
If they don't have current access, they won't know all of it.
I assume you've now cancelled your cards?
If in doubt, ask the person at the other end to confirm the amount and date of last two payments into your account and the two direct debit commitments.
If they don’t have current access, they won’t know all of it.
Most banks will not ring you directly or email you, so that's an immediate red flag. They might text and ask you to get in touch with the fraud prevention team, but then you ring back the main customer service number.
So it's best to not engage with someone who rings you out of the blue claiming to be from your bank. Just tell them you'll ring the bank back. If they object to this, they are 100% a scammer.
Always, always hang up and call the bank (or whatever) back. And do it on a different phone, and don't use the number they have given you, or that shows up on your phone. Check it elsewhere first.
I go on the assumption that someone phoning me about money is most probably a scam.
Most banks will not ring you directly or email you, so that’s an immediate red flag.
Bloody Barclays Business do!
I repeatedly refused to talk to them. It turned out it was legit and I was about a dormant account that was £20 overdrawn and they closed it. It was a pain in the arse as I needed to some info from it for closing a company down.
They had wrote to me about it as well but as I signed up for paperless banking, just assumed anything from them was trying to sell me a credit card etc.
I also immediately block any spam numbers.
They can be quite sophisticated, I had my card skimmed in a petrol station. Fraudulent transactions picked up by my bank and all sorted but the real sneaky bit was the scammers rang me two weeks later pretending to be from my bank... of course they had details of the previous dodgy transactions and they obviously knew I had just received a new card etc. nearly fell for it
I did have a fun conversation with one building society call centre where they rang me up and then immediately tried to 'take me through some security questions'. The idea that they probably knew who I was, because they'd rung me, but I had no clue who they were, didn't seem to compute.
Looking at the groupon site, I guess they just set up a vendors account to control the transactions.
Bank of Scotland text you from a number saying they're going to send you a message. Last few came from a mobile number.
The person in the fraud team seemed surprised that given their anti fraud / fraud awareness messages I wouldn't trust an unsolicited text from a random number.
I had a very similar call a couple of months back from someone claiming to be from my bank with the same detilas of mine. Sounds like yours was a bit better ran than mine.
As with yours I was kept on the phone for about 20-30 minutes until I started to think that something wasn't right. I can't remember what it was but there was somehting he kept saying which I found odd but not enough to hang up. In the end my suspicions were up and he started askign about balances on accounts etc and when I aksed him if he could tell me what they were I relaised there was something massively wrong so hung up. He then actually called me back and I told him to **** off.
When I called the bank they were very helpful and said it's a common scma now, the caller spins you the story then eventually tells you that you'll receive a message from them and they need the code. The code in question is the OTP code they give you for purchases.
I can easily see how people can fall for this, especially the older and less tech-savvy.
I did have a fun conversation with one building society call centre where they rang me up and then immediately tried to ‘take me through some security questions’. The idea that they probably knew who I was, because they’d rung me, but I had no clue who they were, didn’t seem to compute.
😁
I had a very similar call with Santander a few years ago and reached the same impasse. The lady was insistent that she was from the bank and I must answer the security questions, even after I'd pointed out that we receive regular emails and letters asking us not to give out security details to cold callers. I rang them back, she was from the bank.
The fact they did what they could to keep you on the line is a sure sign of a scammer. Any company, if you said to them you were unsure of who it was you were talking to would immediately ask you to call the company directly.
Anyone calling you is effectively just an operator, has no power and just conveying a message, so by trying to keep you there they are trying to force you to do something there and then.
There is a sense of immediacy in preventing scams/or illegal transactions on your account, but not to the point that it needs done in minutes and not at night beyond normal working hours as problems in reality would take days to sort out.
not at night beyond normal working hours
Another red flag that just never occurred to me!
Most banks will not ring you directly or email you, so that’s an immediate red flag.
That's not true. I've had calls directly from my bank's fraud department.
I did have a fun conversation with one building society call centre where they rang me up and then immediately tried to ‘take me through some security questions’.
Of course, if it's a scam, they now have the answers to your security questions.
I always end the call and ring the bank back when I get a call claiming to be them.
On this, be aware: if it's a landline call, the originating end has to terminate the call. So if you hang up and pick the phone up again, they're still there.
9 months or so ago I did fall for a scam, but then through dumb luck escaped it before there was any harm done.
I was doing the school run and a guy in a van in a bit of a rush tried to nip into a gap that wasn't quite there and the metal cage bit ofnhis van gauged a fair chunk out of the side of my beautiful car. I got out, took pictures, exchanged details, dropped my daughter at school drove home then quickly tried to call my insurance Co to get the ball rolling on that before starting work.
My insurance Co took details, passed me to their claims handling firm, had me send in further details, pictures, statements, and set up a 'password' that only they would know so I wouldn't talk to anyone who didn't know the password as they could be scammers.
They offered me a hire car to use while my car was being repaired, and went out to the other driver to ask him to agree he was at fault as he had done at the scene. He had a change of heart in the hour or 2 after hitting me and was now saying it was my fault, this then meant the claim handling people passed me to a different team. This was the first thing that felt odd.
I also didn't like the term 'hire car' when I was sure it was usually a courtesy car, so I asked about how this was paid and the person on the phone answered but was obviously sort of nervous in answering, enough that it made me worry. Luckily we have 2 cars in the family and could manage with 1 if needed so I told the claims mgmt Co that I didn't want a hire car, please just fix my car. They called me back later to push the hire car again and I again refused, at which point they told me they couldn't help me and I would have to go back to my insurer.
I called my insurer to complain about how their claims firm / dept had wasted my time for a week etc, and they had no record of ever having spoken to me about the incident. The scam is the claims mgmt firm have google return their phone number when you search for 'direct line claims' or similar, then as you call them in a semi panic under the guise of verifying who you are they collect all your info, then they get a recording of you agreeing to use the claim mgmt firm which you are being told is a good idea by who you think are direct line. The password they set up means if your real insurance Co phone you you'll think they are the scammers as they don't know it. Then the money grab is the expensive hire car they have you agree to which if you lose your insurance claim you are then personally liable for.
In the end ingot a courtesy car, my car fixed, and the other driver found at fault eventually after they ignored all correspondence for 6 months so it worked out in the end, but I was hook line and sinker for a week or so
They knew my name, postcode and at least the last 4 digits of my bank card.
Do you have a shredder? They could have got all that from going through bins, even easier these days now that paper recycling is a commonly a separate thing. Receipts routinely show your card details as "* * **** 1234" which is useless in itself but handy for 'proof' of legitimacy. The discarded receipt from a pint of Large at the Flying Swan and a copy of your missus' phone bill and they're away.
I just refuse to do online banking beyond paypal. If there is one thing in the equation that is needed for any of these scams to work, it is that you need to be connected directly to your bank over the internet.
Its not that its far easier in a world with less high street branches, its that i dont trust banks to pay you back should someone scam you. They may do it currently, but if they were to refuse, it would be excused along the lines of it was your fault for not taking enough precautions, or you dont have up to date security software or such Banks are greedy feeckers, and cannot be trusted.
Do you have a shredder? They could have got all that from going through bins, even easier these days now that paper recycling is a commonly a separate thing. Receipts routinely show your card details as “* * **** 1234” which is useless in itself but handy for ‘proof’ of legitimacy. The discarded receipt from a pint of Large at the Flying Swan and a copy of your missus’ phone bill and they’re away.
Definitely from a suppliers website.
There are too many coincidences.
It happened just after she registered with them.
She used my business card and name to pay but put her phone number on the account. She also used our business email address which isn't actually registered on the bank account. My personal one is.
They called on her number but asked for me.
They also sent an email to the business email with fake bank log in link.
We will speak to them on Monday, just to warn them. They have been hacked or have a rogue member of staff.
I just refuse to do online banking beyond paypal.
We couldn't survive without internet banking. Paying suppliers etc.
They may do it currently, but if they were to refuse,
I have had a card hacked twice.
Both times the unrecognised payments were refunded immediately.
No wonder a lot of people fall for these people!
Yeah. Once of a time I would have argued "how could you fall for this, you're an idiot." But we have to understand, these people are criminal gangs. They are organised, they do it for a living, they are good at it.
The crap attempts, the ones that start "dear costumer" or what have you, I'm reasonably confident are intentionally crap because if you're dim enough to fall for a blatantly obvious hook then you're less likely to get cold feet further down the line and waste their time.
Report the company which leaked details to the Information Commissioner and Action Fraud while you’re at it. If they’re not actually complicit in the scam they’re at least negligent. You might save others from getting scammed.
We will speak to them on Monday, just to warn them. They have been hacked or have a rogue member of staff.
There is regulatory compliance here, called PCI-DSS. It is a mandatory requirement for anyone taking card payments.
If it is an inside job or they otherwise have been negligent in handling your data then there are big fines to had. They could also lose their right to act as a merchant. You'll have a fine old time actually proving anything I expect, but the suggestion that they might be about to get investigated by ICO and potentially spanked hard might motivate them to take your complaint seriously.
I assume any number not in my phone is a scam and let it ring out. I then Google the number, it usually comes up as a business I'm not interested in or dodgy and I block it. The complete unknowns that might not be a scam I ignore calls but leave the number unblocked so they can send an SMS. If they do send and SMS it's usually accompanied by a "possibly spam " alert from my telecom provider.
Revolut have a handy facility where you can generate a one time use card for online payments.
No wonder a lot of people fall for these people!
My Mum phoned the other day saying she'd had some calls on WhatsApp along these lines, she'd thankfully hung up on them and blocked the numbers. So I once again had a chat with her about fraud, never give out details, neither me or my sister will ever message going "Hi Mum, it's me, this is my new number...." and so on and she was really quite dismissive.
Yes yes I know all this, I won't fall for any scams. 🤔
And that's how they get you, because you think you're too smart to fall for any scams.
I very nearly got done on an old laptop - Facebook said my account had been hacked and I needed to verify some account info and then it got to the point where it asked me for card details. I was actually half way through inputting the card number when I realised that FB will never ask for payment so I shut everything down and gave it to the IT Manager at work who cleared it of the (really quite nasty) virus it had. Turned out the bloody virus had come from a memory stick belonging to...that's right, my Mum. She had a habit of saving loads of pics onto a flash drive and taking it to friends; that drive must have been in and out of a dozen computers so of course it was spreading virus like a wildfire.
I once again had a chat with her about fraud, never give out details, neither me or my sister will ever message going “Hi Mum, it’s me, this is my new number….” and so on and she was really quite dismissive.
If you think this is a likely occurrence - and it shouldn't be, no-one needs a "new number" unless they're avoiding a stalker - then agree a password that all your family know. "Hi mum, this is my new number" - "OK love, what's the third and fifth letters in our password?"
Most banks will not ring you directly or email you, so that’s an immediate red flag
As Cougar said, some bank fraud departments will call you. I had that for a payment to Wise that I was using for a foreign money transfer as that is often a way scammers route money to stop it being reversed (as I understand).
My incident was a dropped card. Someone used it a few minutes before I made a phone payment miles away.
HSBC card generates an online number which is not your card number. It seems to work that I put in card number and ghost number appears on the transaction.
I still feel pretty shit about this.
Dreamt about it last night!
Still can't believe how close I came to pressing the button. Absolute mug!
Look at it this way.
You didn't. And as I wrote above, these sorts of scams are getting increasingly sophisticated. As it turned out, you had a learning experience and you got to relay a warning to others who might otherwise have fallen for it.
I'm with HSBC and they have phoned me about fraudulent payments before but they never asked for any passwords or to approve anything. I think they just went through a few recent transactions to see if they were genuine.
Revolut have a handy facility where you can generate a one time use card for online payments.
AFAIK all Applepay payments use a one time code.
I know but it's still bugging me.
God knows how I would be feeling if I had lost a few thousand! PTSD I reckon!
“I always end the call and ring the bank back when I get a call claiming to be them.”
On this, be aware: if it’s a landline call, the originating end has to terminate the call. So if you hang up and pick the phone up again, they’re still there.
This! My sister (who is a bright lady, medical consultant etc) got done a few years ago. Got call on landline saying problem with her card being cloned. Straight away they said put phone down and call bank on their official number. She did, dialling tone when she picked up phone, it rang, the bank answered it and that was that. Hook, line and sinker. Not only did she give them her pin, an ‘official courier’ came round to her house and took possession of her card to securely destroy it! And promptly took it to the nearest cash point! Her biggest worry was that she’d told ‘the bank’ that she was off abroad on holiday and that they now knew her house would be empty. I told her that these types of scammers don’t tend to go in for breaking and entering, which indeed proved to be the case.
Suspect that the decrease in landline use makes this less likely.
I had an incident in London where a cashpoint ate my card. I was trying to cancel the transaction when this guy rocked up, well dressed and polite, asked what the problem was, said he’d seen this before and what I needed to do was hold down three buttons with my left hand whilst inputting my pin with my right. I realised this meant that either he, or the camera in the fake cashpoint that they’d put over the top of the real one, would know my pin. I left it, cancelled card immediately and that was that. But I nearly did what he said, which would have given them direct access to my account.
I have however been done by guys flogging high quality speakers that were accidentally loaded onto their van - though in fairness they were really good speakers - and similar with guys selling leather jackets (that turned out to be fake). I was a lot younger though!