Just got scammed out of almost 1k

[BonneMamanAbricot]

Please be so careful of phone calls from your bank. Always call them back, as caller ID can be faked. My actual bank said they had never seen this scam. They duplicated everything, all the spiels, the robot connecting voice, the hold music.

Second month of being paid after 5 months of no income. Back to nothing again. FFS.

Thank goodness, I’m so pleased you got your money back!! X

Agree

The bank should have made clear what she was authorising. They are at fault IMO

Absolutely! I get given the full details of the payment being made and an ‘If this wasn’t you…’ message. If this bank doesn’t do that then they do not have robust enough systems in place to protect their customers - and I’d be moving my account to someone who does.

They couldn’t proceed without a verification code - OTP which when generated by the bank goes to the account holder’s mobile phone not theirs. They then need the account holder to give them that code to authorise the transaction

That isn’t what happened though. That’s the point.

The scammers already had the OTP - they gave it to the OP. The bank have to explain how/why scammers were able to generate an OTP.

Whatever the specifics of the case - this is just a standard scam that the basic principles will protect you from.

A bank will never ask you to verify your account number or sort code, they have that in front of them. The security questions are to verify that you are the account holder - that’s why they’re personal to you. Secondly, OTP texts literally tell you not to share them with anyone.

No they didn’t they would have to have her phone for that. They conned her into sharing her OTP via automated call asking me to key it in

Agree. Going back to all this human-less online banking and other things disadvantaging vulnerable people. It's so easy for scammers to exploit the massive failures due to it all being automated and computer based.

Once a criminal has a vulnerable persons information they almost have more right to that person's stuff than the vulnerable person, the way it's set up. There was something on you and yours about how a woman had to go to court over many months to prove that someone had stolen her driving license and she wasn't the one who had driven dangerously and shouldn't be suspended from driving. It's long winded and complicated and often not something a vulnerable person can hope to navigate to get their identity back let alone justice or criminal accountability.

No-one seems to care though. No meaningful attempts to stop it - the banks could be required to have a human face to face option for example in law- no attempts to keep bank branches open so that people who need face to face can still do it that way. I find it truly depressing and it doesn't say a lot of good things about our society.

There's a lot of talk of the equality act in other contexts but as far as I can see the most vulnerable are screwed over on a regular basis and there is not even the tiniest attempt to level the playing field.

No, I didn't get the OTP. They did on their device.

I don’t think so going by op’s posts

Not sure how they got it though

You said:

I don't know how they got the OTP and not me but I had no notification other than the automated call asking me to key it in

They did it via automated call which came from them.

The scammer gave me the code and told me to key it in when I got the call

You don’t key on OTPs on calls - the call gives you the OTP and you key it in to your device.

They intentionally confused you - the OTP went to your phone and then you received an automated call or text which you thought came from the bank but actually came from the scammer and you entered it unwittingly.

If this was a Lloyds or Halifax account the scammers have logged into OPs online banking. To set up the banking app on a new phone they would need ops personal details (name address and date of birth) and sort code and account number which they gained from the op on the phone. They would then be given a one time passcode through the app to verify through a phone call which the op answered and gave, the scammers have managed to change password and login details with this information that the OP gave in the phone call. The scammers have then logged into the online banking with the new password they have set up and made new payees and made transfers.

It sounds as though at the beginning of the call with the op they actually didn't have any of her banking details at all and just had name address and dob

Thank you this is a great explanation

I disagree that you shouldn't get your money back, banks should offer the same protection as credit cards.

Why should banks, ie we, the customers, be responsible for those who are scammed? It's been going on for many years and by now people should be more vigilant. By giving the money back the banks are supporting the scammers and are acting as insurers.

The scammer gave me a code during our phone call and told me I would then need to key that in on an automated call. The automated call came and I keyed it in. The scammer was sent the code, I was not.

The scammer was the one who gave me the code, after I provided my 'verification' details. I didn't receive any communication, message, or notification giving me the code. The scammer must have entered my info, received the code, and then just needed me to use my registered device to get around 2 factor ID.

@Alunathe op says they gave her the code over the phone

ALWAYS ALWAYS ALWAYS hang up and call your bank using the official telephone numbers to check. Classic scam stuff.

Yes (and remember about using a different phone or making sure the line is clear first)
And if it’s genuinely your bank, they will be pleased for you to do this. Any attempt to pressure you to stay on the original call should immediately raise a huge red flag.

Banks absolutely do call customers. Both my husband and I have been legitimately alerted to fraud by fraud teams over the phone.

Of course they do but when I got an alert from my bank's Fraud department I didn't use the number in the message to call them, I went on line and found an alternative number which I called. The alert was genuine but they understood why I'd not used the number in the message.

The security was that they ring your registered number (the one they know is you) and ask you to input a code that is displayed on the screen (a code you would only have if you're the person trying to do the changing or the logging in).

This is the code the scammers gave the OP, which the OP gave to the bank on the automated call - thereby making the bank think the OP, with her registered number, was the one trying to make the changes.

Name, address, dob and mobile number and who she banked with so the question is how did they gather all of those details.

Well the fact that the scam was successful proves that it's not secure.

I dont have an answer as to what else they could do but that doesn't seem very effective

Actually I do have a suggestion, the automated call should have a very clear message that you are being asked to change the registered device on your account and/or if you've been given the code by a third party ring the fraud department asap

The scammers steal your details from websites you may have bought something from that are less secure than others.

like Temu and Shitty Shein.