Terence EdenMay 2, 2024

You receive a call on your phone.
The caller says they're from your bank and they're calling about a suspected fraud.

"Oh yeah," you think. Obvious scam, right?

The caller says "I'll send you an in-app notification to prove I'm calling from your bank."

Your phone buzzes. You tap the notification This is what you see.

Still think it is a scam?
1/3

Show threadTerence EdenMay 2, 2024

The scammer is on the phone to you.
Their accomplice is on the phone to your bank, pretending to be you.
Your bank send you the notification.
You accept, and scammers proceed to drain your account.

Someone has just lost £18,000 because of this.
https://www.reddit.com/r/UKPersonalFinance/comments/1cih3kd/been_scammed_over_18000_through_my_chase_account/

2/3

Show threadTerence EdenMay 2, 2024

It *is* a genuine notification. But it isn't confirming the bank is calling you.

Should the bank word that differently?

In a rush, would you read it thoroughly?

Most likely, in a panic about the fraud, you'd confirm it was a genuine notification (it is!) and accept it.

3/3

Show threadSimon WoodMay 2, 2024
@Edent I think I’d be taken in by that. My thought was: why do they need to check they’re on the phone to me if *they* called *me*? But on balance I’d decided it was just poor wording or an ill thought through system (both of which I still think, in fact!) so I wouldn’t have challenged it.
Show threadflabberghasterMay 2, 2024
@simonwood @Edent one might assume even if they believed the bank was calling them, that they still need to confirm they got you and not someone else.
Show threadSimon WoodMay 2, 2024
@flabberghaster @Edent I have had my actual bank call me, and then ask me (via security questions) to verify that I am actually me. I feel that was *training* customers to divulge information insecurely, as I had no way of knowing that they were who they were, and they wouldn’t have provided it if I’d gone along with their request.
Show threadflabberghaster
@simonwood @Edent yeah, same. I had told my bank I intended to travel internationally and then when I got there my card stopped working and they called me saying there was suspected fraud on my card. I knew it was legit because I called back on the number on my card, but I think it's bad practice to initiate calls.
May 2, 2024 at 4:46pmWeb
Show threadGunChleocMay 2, 2024
@flabberghaster @simonwood @Edent Yes, always call back on a phone number that you know to be legit when your "bank" calls.
Show threadPaul McO'Smith IIIMay 5, 2024

@gunchleoc @flabberghaster @simonwood @Edent been there; done that. "no. you rang me out of the blue. i have no idea who you are, so before i provide any of my information to you, why don't you provide me some information about me? "we can't do that sir."

fine. bloop. just hang up immediately. they never ring back.

Show threadĽuboš Moščovič  May 2, 2024

@flabberghaster @simonwood @Edent

Indeed. They should, probably, do it like the good banks send mails: plaintext notification, no link at all, just an info - there is an important message in your Internet banking inbox, go there and fetch it.

So even the call may be initiated in a way - hello, this is your bank, we need to talk to you immediately because of "reason without details" (e.g. there was a suspicious transaction we want to xcheck with you), please contact our telebanking number to proceed.