Scam call - they knew all about me

Hi all.  I just had a scam call 'from' Santander Bank.  They knew my name, address, address and my debit card number.  They said there were fraudulent transactions on my card from Ikea in the town I grew up in.  Even though they seemed genuine, I had my guard up.  They then said they would send me a new debit card out and asked me to tell them the code on an SMS they would send.  This was a red alert to me and sure enough the OTP was to pay for an item for around £1500.  

I hung up and called my bank who confirmed it was a scam call.  But how did they know so much about me?
«13

Comments

  • wmb194
    wmb194 Posts: 4,729 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    edited 3 October 2024 at 10:34AM
    TVR450 said:
    Hi all.  I just had a scam call 'from' Santander Bank.  They knew my name, address, address and my debit card number.  They said there were fraudulent transactions on my card from Ikea in the town I grew up in.  Even though they seemed genuine, I had my guard up.  They then said they would send me a new debit card out and asked me to tell them the code on an SMS they would send.  This was a red alert to me and sure enough the OTP was to pay for an item for around £1500.  

    I hung up and called my bank who confirmed it was a scam call.  But how did they know so much about me?
    They didn’t really know that much, probably from a retailer data breach.

    Is the real Santander edit:issuing a new card?
  • TVR450
    TVR450 Posts: 7 Forumite
    Fourth Anniversary Combo Breaker First Post
    Yes, the real Santander has cancelled my card and is sending out a new one.
  • TVR 450 -
    I dont have a smart phone mainly because of concern about the security of my financial details but also because I have sight problems and hand eczma (so I wear gloves = touch screen doesn't work).  

    My scammers texted me (my bank does not do this).  I checked my account via my pc which has a secure link for my bank = 13 transactions pending.  I had to get a new card = major inconvenience but the bank could not say how the scam attempt had happened. 

    wmb194 - A retailer date breach is the most likely.  I will now check my bank account to see recent card payments prior to the attempted scan.

    All a) My bank uses back up security with a small electronic card which provides a unique code for each transaction.  b) Plans announced today are to give banks a further 3 days to check if a transaction is a scam.
  • friolento
    friolento Posts: 2,253 Forumite
    1,000 Posts First Anniversary Name Dropper Photogenic
    There are many possible explanations for why they knew so much about you. Retailer leak, Restaurant leak, someone who is/lives close to you etc etc
  • Ergates
    Ergates Posts: 2,977 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    TVR 450 -
    I dont have a smart phone mainly because of concern about the security of my financial details
    Smart phones are very secure - significantly more so than the average PC/Laptop.  Obviously that doesn't help with your other issues with them.
  • tacpot12
    tacpot12 Posts: 9,190 Forumite
    Ninth Anniversary 1,000 Posts Name Dropper
    The reason they knew so much about you is because they are professional data harvesters. The don't just collect data from one source. They collect it from as many sources as they can find and use software to link the information together. They might not use the data for a long time, but data storage is cheap so they can wait until they gather enough to make a scam call to you seem plausible. 
    The comments I post are my personal opinion. While I try to check everything is correct before posting, I can and do make mistakes, so always try to check official information sources before relying on my posts.
  • TVR450
    TVR450 Posts: 7 Forumite
    Fourth Anniversary Combo Breaker First Post
    Yes, ok, the only part they did not manage was to convince my phone provider to send them a new SIM, then they could have received the OTP themselves.  I guess they did not manage to work out who my phone provider was or my security is good enough on my phone account.
  • 400ixl
    400ixl Posts: 4,482 Forumite
    1,000 Posts Third Anniversary Name Dropper
    Ergates said:
    TVR 450 -
    I dont have a smart phone mainly because of concern about the security of my financial details
    Smart phones are very secure - significantly more so than the average PC/Laptop.  Obviously that doesn't help with your other issues with them.
    Touch screens also work with gloves (Latex / non latex ones rather than woollen of course). Fingerprint reader authentication obviously won't either but pin or face bionics will.

    SMS is also the weakest form of 2FA and really needs killing off.
  • AmityNeon
    AmityNeon Posts: 1,085 Forumite
    1,000 Posts Second Anniversary Photogenic Name Dropper
    TVR450 said:
    Yes, ok, the only part they did not manage was to convince my phone provider to send them a new SIM, then they could have received the OTP themselves.  I guess they did not manage to work out who my phone provider was or my security is good enough on my phone account.
    How do you know they attempted to take over your mobile number?
  • DullGreyGuy
    DullGreyGuy Posts: 17,752 Forumite
    10,000 Posts Second Anniversary Name Dropper
    TVR450 said:
    Hi all.  I just had a scam call 'from' Santander Bank.  They knew my name, address, address and my debit card number.  They said there were fraudulent transactions on my card from Ikea in the town I grew up in.  Even though they seemed genuine, I had my guard up.  They then said they would send me a new debit card out and asked me to tell them the code on an SMS they would send.  This was a red alert to me and sure enough the OTP was to pay for an item for around £1500.  

    I hung up and called my bank who confirmed it was a scam call.  But how did they know so much about me?
    How do you know they had your full card number? 

    Certain data breaches could have given them it but generally companies dont keep/store full card numbers. The first 4-6 numbers are known to everyone as they identify the card issuer and type of card, the last 4 numbers are printed on all card receipts etc. That leaves only 6 numbers and given the last number is a checksum there are only certain possible valid combinations of numbers they can be. 

    Anyone who's good at these scams, or is a clairvoyant or hypnotist etc, can actually hold very little data about you but can convince you that they know much more than they do. 

    400ixl said:
    Ergates said:
    TVR 450 -
    I dont have a smart phone mainly because of concern about the security of my financial details
    Smart phones are very secure - significantly more so than the average PC/Laptop.  Obviously that doesn't help with your other issues with them.
    Touch screens also work with gloves (Latex / non latex ones rather than woollen of course). 
    you can also get special treatment to woollen, cotton, leather etc gloves so they do operate touch screens eg https://www.dentsgloves.com/products/womens-touchscreen-knitted-gloves 
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.3K Banking & Borrowing
  • 252.8K Reduce Debt & Boost Income
  • 453.2K Spending & Discounts
  • 243.2K Work, Benefits & Business
  • 597.7K Mortgages, Homes & Bills
  • 176.6K Life & Family
  • 256.3K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.