Active discussions

Help end medical misogyny. Sign our petition.

Help end medical misogyny.
Sign our petition.

Sign the petition

Please or to access all these features

Talk
Chat

Join the discussion and chat with other Mumsnetters about everyday life, relationships and parenting.

Original poster

Just got scammed out of almost 1k

543 replies

BonneMamanAbricot · 31/01/2026 23:41

Please be so careful of phone calls from your bank. Always call them back, as caller ID can be faked. My actual bank said they had never seen this scam. They duplicated everything, all the spiels, the robot connecting voice, the hold music.

Second month of being paid after 5 months of no income. Back to nothing again. FFS.

OP posts:
Aluna · 03/02/2026 12:19

BonneMamanAbricot · 03/02/2026 12:09

When they accessed my account using the information they already had plus what they asked me for, they registered their device onto my account. They then got the OTP and related security warnings sent to their device. I then got the verification call on my phone, telling me to key in the code.

Show quote history

The OTP you entered on their phone was them registering the device on your account according to posters here.

MagicalBagPuss · 03/02/2026 13:40

If you suspect anything at all say, as others have suggested, that you can talk right now. Don't ring any number they give you. Ring your actual bank or whoever it is that the scammer says they are ringing from.

LightYearsAgo · 03/02/2026 13:50

Aluna · 03/02/2026 12:19

The OTP you entered on their phone was them registering the device on your account according to posters here.

Show quote history

Not quite, it was to confirm the registration that they had requested

So, for example, they go onto online banking on an iPad, using the details the OP gave them they set up access then it says we are going to send an OTP so that you can confirm the request using the phone number attached to the account

At that point the scammer gives the OTP they received on their iPad to the OP who unknowingly confirms the change request

The bank that the OP won't name doesn't warn customers what they code is for so the scam has a high possibility of working

PPs have confirmed it wouldn't work with a Lloyds account as apparently they do warn you

Interested in this thread?

Then you might like threads about this subject:

General shopping
Sweetpeasaremadeforbees · 03/02/2026 14:08

When they accessed my account using the information they already had plus what they asked me for, they registered their device onto my account. They then got the OTP and related security warnings sent to their device. I then got the verification call on my phone, telling me to key in the code.

I think I'm the poster you referred to regarding the link. I don't do mobile banking because my phone is old and probably doesn't have up to date security so I only do online banking on my laptop so I asked my DH how it works. My hunch is that the scam goes like this;

You get a phone call claiming to be from your bank, asking you for your account number and sort code. The scammers may actually already have those details but by freely giving them you're marking yourself as someone gullible/vulnerable to fraud. Had you said 'fuck off you scammy knobhead' that would have been the end of it.

The scammers contact your bank with the account details (maybe over the phone, maybe you can do it online?) saying they can't remember the log in details. They can nominate any phone (maybe saying they've got a new phone number?) and get a OTP sent to it. But crucially the OTP must be put on the original phone registered to the account. Obviously, if this were genuine and not a scam you'd have both phones next to each other and it wouldn't be an issue.

But the scammer persuaded you to put the OTP into your phone which then allowed the scammer to access the account on the new phone, change settings, add new payees using the card readers etc.

I think the system is quite secure, but unfortunately because we don't know how all the systems work, we assume that if we can't see an obvious way for something to be a scam (eg the scammer giving YOU an OTP) we assume it isn't a scam. We need to stop being scared to just hang up at the slightest red flag.

Ginburee · 03/02/2026 15:39

My husband' 'bank' called him about a fraud incident. He hung up and called his bank from another phone and it was a scam- always call them back.

Keepoffmyartichokes · 03/02/2026 16:10

NorthSouthLondon · 03/02/2026 11:45

If the bank already refused to refund you, maybe you could try and complain through Resolver ? I used that website once and it worked, because it allows to escalate to the ombudsman if they keep refusing, and the whole process is free.

Edited

You don't need to use resolver, anyone can escalate a claim to the Ombudsman

SurvivalInstinctsOfABakedPotato · 04/02/2026 07:40

pinkstripeycat · 01/02/2026 00:15

This scam is shown all the time on BBC Scam Intercepters.

If your account has been compromised the bank would never call you. They’d fix it and refund as it would be their error.

My bank rang me when my card had been skimmed in London. I was at work at the time and they had managed to track down my work phone number through my payee details on my bank account. They needed to check the transactions hadn't been made by me as there were multiple payments for same thing and its something I never buy which was why it flagged up. So they do phone you

NorthSouthLondon · 04/02/2026 07:55

Keepoffmyartichokes · 03/02/2026 16:10

You don't need to use resolver, anyone can escalate a claim to the Ombudsman

Show quote history

Of course. But resolver makes it considerably easier and keeps all the messages in one place, so a rogue company is more likely to listen.

Keepoffmyartichokes · 04/02/2026 08:21

NorthSouthLondon · 04/02/2026 07:55

Of course. But resolver makes it considerably easier and keeps all the messages in one place, so a rogue company is more likely to listen.

Show quote history

Absolutely they are a good service but I just wanted to make the point they are not needed. Some people might be wary as they do keep your data and while they don't sell it they do use it for marketing and analysis. I know some are wary of this.

madaboutpurple · 04/02/2026 12:20

Have you let the Guardian newspaper Consumer editor know as banks often back down as thye don't like the bad publicity. You might well find your bank changes their attitude and you could be refunded.

Keepoffmyartichokes · 04/02/2026 12:24

madaboutpurple · 04/02/2026 12:20

Have you let the Guardian newspaper Consumer editor know as banks often back down as thye don't like the bad publicity. You might well find your bank changes their attitude and you could be refunded.

The OP has been refunded

Aluna · 06/02/2026 10:10

LightYearsAgo · 03/02/2026 13:50

Not quite, it was to confirm the registration that they had requested

So, for example, they go onto online banking on an iPad, using the details the OP gave them they set up access then it says we are going to send an OTP so that you can confirm the request using the phone number attached to the account

At that point the scammer gives the OTP they received on their iPad to the OP who unknowingly confirms the change request

The bank that the OP won't name doesn't warn customers what they code is for so the scam has a high possibility of working

PPs have confirmed it wouldn't work with a Lloyds account as apparently they do warn you

Show quote history

Exactly they were registering their device on her account so they could they could get into it.

Aluna · 06/02/2026 10:19

Sweetpeasaremadeforbees · 03/02/2026 14:08

When they accessed my account using the information they already had plus what they asked me for, they registered their device onto my account. They then got the OTP and related security warnings sent to their device. I then got the verification call on my phone, telling me to key in the code.

I think I'm the poster you referred to regarding the link. I don't do mobile banking because my phone is old and probably doesn't have up to date security so I only do online banking on my laptop so I asked my DH how it works. My hunch is that the scam goes like this;

You get a phone call claiming to be from your bank, asking you for your account number and sort code. The scammers may actually already have those details but by freely giving them you're marking yourself as someone gullible/vulnerable to fraud. Had you said 'fuck off you scammy knobhead' that would have been the end of it.

The scammers contact your bank with the account details (maybe over the phone, maybe you can do it online?) saying they can't remember the log in details. They can nominate any phone (maybe saying they've got a new phone number?) and get a OTP sent to it. But crucially the OTP must be put on the original phone registered to the account. Obviously, if this were genuine and not a scam you'd have both phones next to each other and it wouldn't be an issue.

But the scammer persuaded you to put the OTP into your phone which then allowed the scammer to access the account on the new phone, change settings, add new payees using the card readers etc.

I think the system is quite secure, but unfortunately because we don't know how all the systems work, we assume that if we can't see an obvious way for something to be a scam (eg the scammer giving YOU an OTP) we assume it isn't a scam. We need to stop being scared to just hang up at the slightest red flag.

Generally to add a new verified phone number to an account that can only be done from inside the account. So you write the phone number manually into your account, click verify and that sends a text to the phone number itself which you confirm.

If you’ve forgotten your login or you’re a scammer you can’t randomly nominate phone numbers that aren’t already verified on the account as this would be a clear security risk.

The basis of 2-step verification is security.

Sweetpeasaremadeforbees · 06/02/2026 16:06

If you’ve forgotten your login or you’re a scammer you can’t randomly nominate phone numbers that aren’t already verified on the account as this would be a clear security risk.

I don't know whether or not you can just nominate another phone and I don't do mobile banking so can't check it. But why would it be a security risk if the OTP was sent to the 'new' phone? Nothing can actually happen unless that OTP is put into the already registered phone.

I can see that the mechanism is actually quite useful if you wish to change the phone number that you do mobile banking on. And that OTP is useless to scammers unless they have access to the already registered phone (or can persuade the owner of it to enter the code as appears to have happened to the OP).

I think the bank may have been telling the truth when they said they hadn't heard of this scam before, I've never heard of it for sure but as always, had the OP stuck to the 'do not give out any information to anyone claiming to be your bank' she wouldn't have been scammed. So thank you OP for drawing attention to it.

Aluna · 06/02/2026 18:57

But why would it be a security risk if the OTP was sent to the 'new' phone?

Because of the ease of interception. You don’t want people being able to add external phone numbers to existing accounts without the ability to log in to the account.

Aluna · 06/02/2026 18:57

But why would it be a security risk if the OTP was sent to the 'new' phone?

Because of the ease of interception. You don’t want people being able to add external phone numbers to existing accounts without the ability to log in to the account.

Sweetpeasaremadeforbees · 06/02/2026 23:07

But it isn't added to the existing account until the official registered phone sends the OTP!

Aluna · 08/02/2026 19:02

Sweetpeasaremadeforbees · 06/02/2026 23:07

But it isn't added to the existing account until the official registered phone sends the OTP!

The code to register a new device goes to that device not the existing registered phone. The pass code is generated from the account as you register the new device.

New posts on this thread. Refresh page