Scam call - they knew all about me

TVR450

Hi all.  I just had a scam call 'from' Santander Bank.  They knew my name, address, address and my debit card number.  They said there were fraudulent transactions on my card from Ikea in the town I grew up in.  Even though they seemed genuine, I had my guard up.  They then said they would send me a new debit card out and asked me to tell them the code on an SMS they would send.  This was a red alert to me and sure enough the OTP was to pay for an item for around £1500.  

I hung up and called my bank who confirmed it was a scam call.  But how did they know so much about me?

wmb194

TVR450 said:

Hi all.  I just had a scam call 'from' Santander Bank.  They knew my name, address, address and my debit card number.  They said there were fraudulent transactions on my card from Ikea in the town I grew up in.  Even though they seemed genuine, I had my guard up.  They then said they would send me a new debit card out and asked me to tell them the code on an SMS they would send.  This was a red alert to me and sure enough the OTP was to pay for an item for around £1500.  

I hung up and called my bank who confirmed it was a scam call.  But how did they know so much about me?

They didn’t really know that much, probably from a retailer data breach.

Is the real Santander edit:issuing a new card?

TVR450

Yes, the real Santander has cancelled my card and is sending out a new one.

Jellynailer

TVR 450 -

I dont have a smart phone mainly because of concern about the security of my financial details but also because I have sight problems and hand eczma (so I wear gloves = touch screen doesn't work).  

My scammers texted me (my bank does not do this).  I checked my account via my pc which has a secure link for my bank = 13 transactions pending.  I had to get a new card = major inconvenience but the bank could not say how the scam attempt had happened. 

wmb194 - A retailer date breach is the most likely.  I will now check my bank account to see recent card payments prior to the attempted scan.

All a) My bank uses back up security with a small electronic card which provides a unique code for each transaction.  b) Plans announced today are to give banks a further 3 days to check if a transaction is a scam.

friolento

There are many possible explanations for why they knew so much about you. Retailer leak, Restaurant leak, someone who is/lives close to you etc etc

Ergates

Jellynailer said:

TVR 450 -

I dont have a smart phone mainly because of concern about the security of my financial details

Smart phones are very secure - significantly more so than the average PC/Laptop.  Obviously that doesn't help with your other issues with them.

tacpot12

The reason they knew so much about you is because they are professional data harvesters. The don't just collect data from one source. They collect it from as many sources as they can find and use software to link the information together. They might not use the data for a long time, but data storage is cheap so they can wait until they gather enough to make a scam call to you seem plausible. 

TVR450

Yes, ok, the only part they did not manage was to convince my phone provider to send them a new SIM, then they could have received the OTP themselves.  I guess they did not manage to work out who my phone provider was or my security is good enough on my phone account.

400ixl

Ergates said:

Jellynailer said:

TVR 450 -

I dont have a smart phone mainly because of concern about the security of my financial details

Smart phones are very secure - significantly more so than the average PC/Laptop.  Obviously that doesn't help with your other issues with them.

Touch screens also work with gloves (Latex / non latex ones rather than woollen of course). Fingerprint reader authentication obviously won't either but pin or face bionics will.

SMS is also the weakest form of 2FA and really needs killing off.

AmityNeon

TVR450 said:

Yes, ok, the only part they did not manage was to convince my phone provider to send them a new SIM, then they could have received the OTP themselves.  I guess they did not manage to work out who my phone provider was or my security is good enough on my phone account.

How do you know they attempted to take over your mobile number?

DullGreyGuy

TVR450 said:

Hi all.  I just had a scam call 'from' Santander Bank.  They knew my name, address, address and my debit card number.  They said there were fraudulent transactions on my card from Ikea in the town I grew up in.  Even though they seemed genuine, I had my guard up.  They then said they would send me a new debit card out and asked me to tell them the code on an SMS they would send.  This was a red alert to me and sure enough the OTP was to pay for an item for around £1500.  

I hung up and called my bank who confirmed it was a scam call.  But how did they know so much about me?

How do you know they had your full card number? 

Certain data breaches could have given them it but generally companies dont keep/store full card numbers. The first 4-6 numbers are known to everyone as they identify the card issuer and type of card, the last 4 numbers are printed on all card receipts etc. That leaves only 6 numbers and given the last number is a checksum there are only certain possible valid combinations of numbers they can be. 

Anyone who's good at these scams, or is a clairvoyant or hypnotist etc, can actually hold very little data about you but can convince you that they know much more than they do. 

400ixl said:

Ergates said:

Jellynailer said:

TVR 450 -

I dont have a smart phone mainly because of concern about the security of my financial details

Smart phones are very secure - significantly more so than the average PC/Laptop.  Obviously that doesn't help with your other issues with them.

Touch screens also work with gloves (Latex / non latex ones rather than woollen of course). 

you can also get special treatment to woollen, cotton, leather etc gloves so they do operate touch screens eg https://www.dentsgloves.com/products/womens-touchscreen-knitted-gloves