Zyra's front page //// Banks //// Phones //// Credit Card Companies //// Site Index

Phone Call from the Bank. But is it really from the Bank?!

The phone rings and you answer, and someone on the other end of the line says they are phoning on behalf of your bank or on behalf of your credit card company, for security purposes, and will you please confirm some details?

Now think about this: If you phoned the bank and said "Hello I'm me. How much money have I got in my account?", you'd be shocked if the bank told you without asking you to prove you are who you say. The same thing applies the other way. Just because someone phones and says they are the bank doesn't mean they are. (They might be criminals impersonating the bank!)

To check if the call is genuine, you need to ask some questions, but without giving away any information yourself. Bear in mind, though, that some information which should be private often isn't, and criminals can usually find out your name and phone number, and your address, and even your mother's maiden name. However, only the bank will know details from your bank statements (provided you've been sensible and followed the advice about ID Theft, and so you've not put any bank statements in the dustbin, etc). Also, if the caller claims to be your VISA/Mastercard company, you can ask what your card number is. If they don't know it, or they won't tell you, then they are NOT what they claim to be.

Banks will phone you, but only very rarely. So, be on your guard! I while ago I got a call from someone who said "I'm phoning on behalf of Barclays. Can you please confirm a transaction which you made for a large amount recently?". As it happened, I had actually made a large transaction in the previous week, but I wasn't going to tell anyone just because they claimed to be the bank! I asked "What was the amount?", and the caller reeled off the exact amount, and then I asked the caller to tell me a few other transactions made around that time. The names and amounts were right, and only the bank could have known. I was then THANKED by the bank representative for asking such security questions! Apparently, not everyone does.

What if someone phones you and says they are from the bank and they want to check your security because there has been suspected fraud on your account? Now, that's the time to beware especially, because it is very unlikely to be a genuine call. What you should do is to ask their name and which office they are phoning from, and then you phone them back using a phone number you have got in your own records not one that the caller has given you! A genuine caller from a genuine bank will be happy to do this. However if a bank hoax criminal tries this, you'll end up phoning the real bank and they'll have no knowledge of the call, thus leaving the criminal with nothing, except that now the bank has been told that someone is trying to hack the account.

There is a subtle point to consider about the idea of the bank phoning you. If they are phoning you to ask you things, they are already sure you are genuine, otherwise it would be a gross breach of security by the bank themselves. So, you don't need to prove anything. You certainly don't need to give them your password, and you don't need to give away any private information until they have proved they really are the bank or card company they claim they are. (Any potential stand-off situations where neither side will give away anything are avoided by giving away "bits" of information which are no use in isolation, for example the third set of four digits of your card number).

If in doubt, hang up and phone the bank on the number you already have for them.

There's an interesting e-mail that's been going around for several years now. I'll include this below, but I must tell you in advance that it is not as genuine as it seems, and you should not forward it! Plus, it's certainly not new.

Here it is...

----- Original Message -----
From: Someone you know
Subject: Fw: Fw: etc Fw: Fw: A Serious Credit Card Scam to look out for (fwd)

<various "forward this" comments by various people have have passed it around etc>

Subject: FW: Fw: A Serious Credit Card Scam to look out for (fwd)

Subject: A Credit Card Scam to look out for

This one is pretty slick since they provide I O U with all the information, except the one piece they want.

Note, the callers do not ask for your card number; they already have it.

This information is worth reading. By understanding how the VISA & MasterCard Telephone Credit Card Scam works, you'll be better prepared to protect yourself.

One of our employees was called on Wednesday from "VISA", and I was called on Thursday from "MasterCard".

The scam works like this: Person calling says, "This is (name), and I'm calling from the Security and Fraud Department at VISA. My badge number is 12460. Yo ur card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank) did you purchase an Anti-Telemarketing Device for £497.99 from a Marketing company based in London?" When you say "No", the caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from £297 to £497, just under the £500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?"

You say "yes". The caller continues - "I will be starting a fraud investigation. If you have any questions, you should call the 0800 number listed on the back of you r card (0800-VISA) and ask for Security. You will need to refer to this Control Number. The caller then gives you a 6 digit number. "Do you need me to read it again?"

Here's the IMPORTANT part on how the scam works the caller then says, "I need to verify you are in possession of your card." He'll ask you to "turn your card over and look for some numbers." There are 7 numbers; the first 4 are part of your card number, the next 3 are the security numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him.

After you tell the caller the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?" After you say, "No," the caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up.

You actually say very little, and they never ask for or tell you the Card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of £497.99 was charged to our card.

Long story - short - we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or MasterCard directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost too late and/or more difficult to actually file a fraud report

What makes this more remarkable is that on Thursday, I got a call from a "Jason Richardson of MasterCard" with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up! We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening .

Firstly, the police are NOT saying they are taking several of these reports daily. Also, VISA and Mastercard are NOT saying this is going on. So, it is in fact a chain letter, and it gets forwarded because people believe it. In fact, according to Hoax Slayer at www.hoax-slayer.com/card-security-code-scam.html , no actual occurrences of this type have been reported.

There is a crucial flaw in the scam, which is the idea that the scammers already know your card number. If that was true then your card security would already have been compromised and you should phone the bank, the card company, and the police right away!

There's also a minor flaw in the idea that the caller claims to be from the card company and yet doesn't tell you what the card number is. You should ask!

The amounts vary, but if you do a search for "Badge Number 12460" it comes up with three thousand results, showing that this message forwarding is very common, despite the actual alleged hoax being reported as "no actual occurrences".

Nevertheless, even though the message is dubious to say the least, and it's a chain letter, which is bad, there is still a valid point in it. You should not give away security information just because someone phones and asks for it!

Although phone calls "from banks" are rare, hoax emails from banks are very common, so watch out for them. One of the reasons the criminals choose to perform their scams via e-mail rather than on the phone is because on the phone you can have caller display, (equivalents to the BT system exist in many countries around the world), and so you can tell where the caller is calling from. As the genuine (local) bank would be in the same country as you are, it would be hard for the crooks to fake it up. Criminals prefer to commit crime in a country other than the one they are in, so they are more difficult to chase. Nigeria Scam crooks' best efforts to pretend to be in the UK for example, involve +44 7 numbers, which are a dead giveaway they are not where they pretend to be! Plus, if the number is withheld, then it's deeply suspicious right from the start, and it's almost certainly not genuine.

Nomatter what happens, YOU have to make sure about each thing going on and make sure you are in charge of things. Double-checking things by different routes is like these bleaches that kill off 99.9% of problems.

Also see: phone help, nuisance calls, bank hoax emails, and The Rogues Gallery of Suspicious Emails and phishing (which is attempting to get personal information out of you).