Just got scammed out of almost 1k

[BonneMamanAbricot]

Please be so careful of phone calls from your bank. Always call them back, as caller ID can be faked. My actual bank said they had never seen this scam. They duplicated everything, all the spiels, the robot connecting voice, the hold music.

Second month of being paid after 5 months of no income. Back to nothing again. FFS.

Mine above has been HSBC and my MBNA card. MBNA say that it isn’t their system that puts the scammers have hacked it’s that your phone recognises the name eg MBNA and then puts it in that thread. Very sophisticated

This is the bit I'm struggling with.

It sounds like they already knew OPs name and phone number (?).
So they rang her and got her to tell them her acc no & sort code.
Then what? I'm guessing they tried to log into her account using her name plus accno & sort code; the online banking screen gave THEM an OTP (which they tell her is a "verification code" ) then rang OPs mobile and she gave the OTP to the automated call thus allowing the scammer into her online account????

That doesn't sound like a very good security from the bank, does it? Normally the two-factor authentication works the other way round - the OTP comes to your phone and you type it in. If it had happened that way round then OP would probably have been alerted that something was a bit off.

This is what I couldn’t get my head around and now I understand.
in the op’s original post it sounded like she’d just given them sort code and acc number and I couldn’t understand how they had transferred the money out of her account.

Now I realise the situation was:
The scammers had enough details to make an initial transfer transaction with the bank. All they needed was the verification code to be able authorise the transfer. That makes me feel less anxious because the initial post did not explain that very well.

Could you explain the call back situation? One poster has made it sound like if you call the bank’s official number, scammers can somehow redirect the call to them. They literally said you need to use another phone altogether to avoid this scam. This is either extremely alarming or an attempt by the poster to scaremonger/or make themselves appear less gullible in falling for the scam. What do you think?

Report Fraud is just that - a place to report. Ive never known the useless fuckers investigate anything.

You did all this while you were out, frazzled with the kids? I know it’s too late now but whenever anyone ‘business’ calls me when I’m out I just say I’m out can you call me back later. First thing I would have then done is go on my bank app and check my account.

A hard lesson but at least you’ll never fall for it again.

I don’t understand how they were able to scam you with only your account number and sort code? How does that work?

So that’s what I was thinking - they’d transferred all the money out with that OTP.

But OP then says:
Multiple payment notifications then came up and it was only later when I had time to think that I rang my actual bank

So multiple payments but only one OTP, I’m struggling to understand what exactly they have done and how and how it isn’t a failing of the banks system. Just comparing it to my bank and what I would have to do for this to happen and it doesn’t match up.
Would be good to know which bank it is…

Could you explain the call back situation? One poster has made it sound like if you call the bank’s official number, scammers can somehow redirect the call to them. They literally said you need to use another phone altogether to avoid this scam.

If they call on a landline then the call doesn't end when you put the phone down. So if they simply stay on the line then whatever you dial just goes back to them.
This doesn't apply to a mobile phone.

They can also make their incoming call to your mobile LOOK as if is from your bank.
But they can't interfere with an outgoing call from your mobile phone.

Hope that helps

Yes so how did they get op's pin etc?

Banks do still call you. My dp had a few calls that he ignored. Now his credit card is cancelled because it was his banks fraud team calling, due to scammers trying to access.
Thank goodness for these teams in banks.

So as PPs have said, you call from a different line or key in 159. I agree people should be vigilant, but to say banks will never call you is incorrect. In my case, I called back the next day after they called me as I wasn't home and my DH only just remembered to tell me. If there is suspected fraud, the bank will hold the transaction until they can verify it with the customer, so there's no need to feel unduly rushed.

If you're fortunate enough to still have a local branch to go into, then that's of course an option (although they'll likely direct you to use their phones, so you'll still end up talking to a call centre). I suspect we're not far off branches becoming completely obsolete, so it's better to educate yourself as to what information a bank will and won't ask you for, rather than scaring people unnecessarily. In this case, asking for the full account number and OTP code were the red flags, although I can completely see why the OP was fooled and think the PPs ridiculing her are being very harsh.

OP, I would pursue this with the bank by going through their complaints process. They do like to try to shut people down at the first hurdle, but it seems like in this scenario, they should be returning the money to you.

Op said she didn't transfer her money to another account.

Are you sure you have actually reported this to your bank and not the scammers?

it is a really common fraud that a real bank will know all about.

there are processes for you to get the money compensated back to you

Are you sure you were talking to your bank and not more scammers? Such an odd thing for the bank to say. Did you call their fraud department?

Suggest try your bank again to see if you’re protected. Thought it’s the No.1 rule to never give out info over the phone.

This is horrendous! So tricky of them. Who is going to spot that.

@LittleDaisyDot
You’re a man aren’t you. Possibly American ( we tend not to use citizen in that context).
I take your point. However the security rules change as we get more codes more hoops and know less about what information others have on us.
At one point we were all told don’t write any passwords down. Now it’s probably safer than storing them with a company online as we do. A burglar isn’t going to be able to work out your laptop password and have the time steal all your codes written in your diary.

The scammers are either trying to make a payment from the OP's account or log into her account. After going through their spiel about securing the account and suspicious transaction, they say they are sending her a "reset code" but it's actually a one time passcode to authorise the payment. OP gave them the number, payment goes through.

I do have sympathy for people who lose money but also don't think that banks should always be refunding no questions asked. One time passcodes always have a clear warning that they are never to be shared. When I make any payment from my account I have to read a page saying that I know the person or are buying goods or services. Personal responsibility has to factor in too.

So, my bank did actually call me about a suspicious transaction on my account.
They asked me for personal information to identify myself. I laughed, 'So you are ringing me up and want me to prove who I am? Don't be ridiculous!'

The official letter arrived 2 days later from my bank, detailing the problem. So if anyone calls you for anything, just ignore, they'll get in touch another way if it's genuine.

So sorry you've experienced this, OP. Please don't beat yourself up about being a mug - there's a series of Radio 4 programmes discussing exactly this sort of scam, and interviewing people who have fallen victim to it. None of them are daft, many of them would naturally be wary but were distracted by other things at the time of the call. The criminals are increasingly sophisticated and precisely mirror bank processes, such as the familiar script.

https://www.bbc.co.uk/sounds/brand/m002h2gt

That’s not correct either.

I absolutely have been called by First Direct to ask if some suspicious transactions were indeed done by me. They weren’t. Their system recognised it as an unusual pattern of spending on my account and so they blocked them all (and the ac) and called to ask if I recognised them. Crucially though, they didn’t ask me to do anything (once I’d gone through the usual security detail to confirm it was me, none of which includes anything to do with your account - and now they use voice recognition). They simply dealt with it once they knew I hadn’t attempted to make those payments.

Speaking as an out and proud pearl clutcher, we tend to be very cautious people (hence the clutching of pearls). We are probably the least likey to answer unknown phone calls or be easy prey to scammers. 🙃

@BonneMamanAbricot - have you rang your bank for them to investigate?

No scammer has communicated with me either but it's not because I don't answer the phone, it's simply because they haven't rung me.

Your fiendishly clever phone refusing isn't necessarily the reason 😀

I just block the lot of unknown callers on my iPhone, they can text or leave a voicemail which gets printed out.

That’s exactly what I’m thinking.
Which is why it would be good to know which bank.

• Contact Your Bank: Tell them immediately if you have paid money or shared details. Use the official number on the back of your card or 159.
• Stop All Contact: If you are in direct contact with scammers, cease all communication instantly.
• Secure Accounts: Change passwords for online banking and, if necessary, your email.
• Report the Fraud: Report the incident to Action Fraud (online or 0300 123 2040) or Police Scotland on 101.