> At some point in the call they will ask me "I just need to verify your identity with some security questions." and ask me for something like my date of birth or my home address.
> The only correct answer to this is "I can't give you that information. You called me. I have no idea who you are."
This ties in with a scam in the UK that exploits a feature / bug of the POTS.
The scammer calls, and claims to be from your bank, and that you've been the victim of crime, and that they need to sort it out.
Some people express doubt about the validity of the caller.
The scammer says something like "Have a look on the Internet at your bank's phone number, and give them a call, and ask for Mr Jones in the Fraud Response Unit on extension 537. I'll hang up while you look. But it's really important that you do this quickly, to prevent more of your money being stolen".
The person being called hangs up the phone, but the scammer does not. Since the scammer initiated the phone call they're keeping that line open.
When the victim picks up their phone to make a call the scammer plays a fake dial tone while the victim "dials a number". An assistant of the scammer then pretends to be a bank phone answerer and connects the victim back to the scammer.
This little bit of social engineering appears to be very strong. There are stories of people who were initially suspicious, but who then lost all suspicion because of this trick, and who lost tens of thousands of pounds.
And since the victim handed out the money the banks tend to refuse to give the money back. The victims really lose real money.
It's very sad.
>The person being called hangs up the phone, but the scammer does not. Since the scammer initiated the phone call they're keeping that line open.
Is that a some UK specific thing? Because in Moscow hanging up the phone breaks connection at any side. Pretty sure that it was this way since soviet times.
Of course scammers can easily physically connect to your wire so analogue connections are totally insecure for communicating with bank anyway.
I've had this happen in the US, but only if the phone is picked up again within 1-2 seconds. Presumably there's a timeout somewhere (whether deliberately implemented or as a side effect of reactance on the network) that can be different in different systems.
As an old person my memory is that this phenomenon used to be relatively commonplace in the US as well, and I remember people abusing it to make prank calls and the like. Not sure if I've thought about it since the 80's.
You use a mobile phone, another line, or walk to the bank. Other than that one must ask himself, what type of crime? Why does my bank's website show none of it? Is it related to any of my cards missing? Why is the bank contacting me and not the card issuer (VISA, etc)?
I must guess this kind of primitive social engineering can work around 1 out of 100 cases and still be practical. As far as I've seen though the real treat is phishing. Really easy to set up and for most people it works.
Just the other day I was playing around an unprotected server of a phisher that had just sent me an email and there was plenty of people that had fallen for their trick. It could be seen on a text file were they were lousily saving all these details. Scary stuff.
Two factor authentication and even one-time cards (some banks issue this) can protect from this; but as always people that worry about security are already secure. It's the unaware that will fall for the trick.
One way, if you're suspicious, is to dial some # you know is NOT the bank, and see if they answer as the bank.
But in the heat of the moment we often forget these sorts of things; I got a scam voice mail allegedly from the US Internal Revenue Service (IRS) saying I owed money and was about to get sued.
I KNEW it wasn't legit; I KNEW it was a scam, but I still had that adrenaline surge and a desire to clear it the hell up, right now, using the method they wanted me to use. Which of course would have cost me a lot of money. My cooler head prevailed thankfully, but the fact my emotions rose so high, so quickly, scared me. Still does.
well if something similar happened, you could just call a different number from your bank and see if you still get connected. that would be a bad sign ;)
> The only correct answer to this is "I can't give you that information. You called me. I have no idea who you are."
This ties in with a scam in the UK that exploits a feature / bug of the POTS.
The scammer calls, and claims to be from your bank, and that you've been the victim of crime, and that they need to sort it out.
Some people express doubt about the validity of the caller.
The scammer says something like "Have a look on the Internet at your bank's phone number, and give them a call, and ask for Mr Jones in the Fraud Response Unit on extension 537. I'll hang up while you look. But it's really important that you do this quickly, to prevent more of your money being stolen".
The person being called hangs up the phone, but the scammer does not. Since the scammer initiated the phone call they're keeping that line open.
When the victim picks up their phone to make a call the scammer plays a fake dial tone while the victim "dials a number". An assistant of the scammer then pretends to be a bank phone answerer and connects the victim back to the scammer.
This little bit of social engineering appears to be very strong. There are stories of people who were initially suspicious, but who then lost all suspicion because of this trick, and who lost tens of thousands of pounds.
And since the victim handed out the money the banks tend to refuse to give the money back. The victims really lose real money. It's very sad.