We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Bank calls you and asks for security
Comments
-
Whilst I agree with some of the sentiments about checking out numbers and calling back! I would expect the bank if it was something serious to try and express this in the call, I would also a bit more than peeved if they suspected fraud and hadnt suspended my account first!
However, I'd they are just calling me in my free time so they can earn a bonus selling me their wares I have every right to firmly tell them to go away. Cold calling customers is rude and aggressive selling in my eyes, that preys upon people being polite, not complying with the callers demands is neither rude or aggressive.
The reason they ring you is to check that it is fraud.
I doubt it would be very convenient if you went on holiday and your card got blocked and they didn't contact you.
When I had it on my account they rang to ask where I was as my card had been used in 2 places within an hour (of half the globe!). Then when I said it wasn't me, they then placed the block on my card and said I couldn't use my card from then on.0 -
Tigsteroonie wrote: »No, actually they asked me for the entire security password. I was unwilling to give this, hence why I offered a compromise of a swap of certain characters. Had they asked at the start for only one or two random characters to verify against what they had on record, I would have been more accommodating. Not stupid, just security-conscious.
Who was this?StumpyPumpy wrote: »Actually this is one of the ways a social engineering attack can work. "3 characters of my password" is generally not what they are interested in. A social engineering attack works by gaining the trust of the other person. For most people, once they have given their password (or part thereof) and heard acknowledgement from the other end, they believe they are talking to their bank/whatever.
At this point it is easy to get other information or, for instance get the target to log onto a rogue website. Or get you to acknowledge you were in a certain place at a certain date (A Private Investigator favourite) There are lots of other things they might want to do too, but I'm not about to go into details.
Don't get me wrong - I'm not saying the above scenario is common, most of the time they will be who they say they are, but it is not entirely harmless. And I never give my details out to a random caller even if it is only a couple of letters from a password.
SP
But that is a completely different scenario. If they rung me about fraud, asked for 3 digits but then decided to ask me my password then fine, but that's not what we are talking about. We are talking about a bank phoning, asking for a few digits of your password, then confirming whether transactions X Y and Z were authorised and if not, put a block on the card. The OP is complaining that they are phoning up and won't answer back questions that the OP has.
Your scenario could be placed anywhere, not just banks. I could have someone ask to come into my house to check meter readings, I let him in, then he robs me, exactly the same as your scenario.0 -
If you don't want your bank to call you with marketing calls, ask them to remove you from their telephone marketing list.
They will then stop ringing you.
It ain't difficult to achieve.0 -
Be aware that callerID is possible to fake. Personally the callerID is probably enough for me but the phone they called on that day doesn't display the number.
All they need is a password for them to give you first in addition to the stuff you give them. This is what i'm encouraging.
I'm also commenting on the silliness of it :rotfl:
I conduct myself in a nice manner. I know the guy on the end of the phone is working hard in a call centre and we both want to get things done. No need to be emotional. Business is business.Order of events: Banks lose our money -> get bailed out -> were inflating GBP to cover it -> now taxing us -> next will grab your funds direct -> things get really desperate to balance the books. What should have happened?: banks go bust and we lost our money much quicker0 -
I agree about the 2nd password challenge, it's a good idea that banks should perhaps adopt. That way when they call you both can be certain you're talking to the bank and the account holder.
It's just another layer of security for taking inbound calls from the bank0 -
No it isn't. If you let the meter reader into your house without checking his ID then you have an inherent trust of people that would be exploitable anywhere. The ID could be fake and you may not check up on it, but that is another different scenario.Who was this?
Your scenario could be placed anywhere, not just banks. I could have someone ask to come into my house to check meter readings, I let him in, then he robs me, exactly the same as your scenario.
The whole point of the sort of SE attack I described is to gain the trust of your initially skeptical target without providing credentials although seeming to. For instance, having you confirm part of your password, the attacker knows that you are willing to enter a dialog with him and starts to impose a level of notional authority over you. (Authority because banks have power to freeze your account cancel cards etc., something that many people fear)
From the targets' standpoint they often believe the SE has proved who they are when they haven't (A similar technique is also used by stage psychics, but I won't go into that here) It then becomes easy to start asking you things like your address or some leading questions (eg this is your only cc card, correct? or "Your date of birth is showing as 9/9/99, that's not right is it?")
You might think you are immune to the Social Engineers' charms, but many people have been caught out in this and similar ways, I have first hand experience, so know this as a fact (on the good side, I should add).
I still want to emphasize that it is highly unlikely that the people doing this are not legitimate (as is the case for most meter readers) but to dismiss out of hand the possibility that they could be malicious is not helpful.
SPCome on people, it's not difficult: lose means to be unable to find, loose means not being fixed in place. So if you have a hole in your pocket you might lose your loose change.0 -
Blimey it's not rocket science ! Just ask for their number and call them back !
If you're not happy to do that then your card will just stay blocked until you do. It's your choice.
You can also opt out of marketing calls, just ask your bank to mark your account.0 -
StumpyPumpy wrote: »No it isn't. If you let the meter reader into your house without checking his ID then you have an inherent trust of people that would be exploitable anywhere. The ID could be fake and you may not check up on it, but that is another different scenario.
No it's not a different scenario, it's the same one. But instead of being with a bank over the phone, it's a person from utilities company.
Instead of a fake bank, it's a fake utilities company. (both impersonating something they're not)
Instead of asking for a password, they are asking to read your meter. (both valid reasons)
They both gain trust.
They can both rob you.0 -
The fact Tigs thought "omg they could be a conman from asking me for 3 characters of my password" is stupid! They're asking for some digits, not the whole word
I don't think it's stupid and I also refuse to give any info when I receive a call - I always explain why politely. It could be someone who has managed to get some of your details and is now trying to fill in missing bits (and the info they're after may actually not be those 3 characters from your password;) )Now free from the incompetence of vodafail0 -
Name dob and address. Basic information just to ID. I dont thinks its enough to panic about. Regards banking - send me a letter ain't a bad reply. use online banking or branches and never talk on the phone unless you ring in first if your uber cautious. But if your this cautious, online banking. Hacking. Dum dum dum.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards