Received Fraudster 'Phone Call, Should I be Worried?

scoot65

I received a call from someone stating they were from Nationwide and informing me that there had been suspicious activity on my card. They asked a few questions which I declined to answer (stating that would have the details on their screen). To confirm my identity they wanted the last 10 numbers of the card number. I declined and they immediately hung-up. 

What's worrying is that they knew my name, knew the card in question had been replaced a few months ago,  knew it was a Nationwide Gold CC card and obviously they knew my mobile tel number. I think I may have confirmed my name at some point.

I've contacted Nationwide who confirmed that there are no transactions on my card and they have cancelled the card and are issuing my a new card.    

The fact that they know my name, know at least one of my banks is Nationwide and particularly they know my mobile tel number concerns me. Can they do anything to get access to my various banking apps on my phone???

lr1277

I am not guaranteeing this answer but I don't think they can even attempt to access your phone unless they have your phone in their possession.

To let you know I have had 3 fraud calls since March this year. The first 2 were for my bank's credit card and wanted to tell me about suspicious transactions.

1st call, they knew my name and address but mispronounced my town's name which you wouldn't do if you lived in the UK. I think they also knew my email address which I have not given to my bank. After informing the bank, I got a replacement card.

Within 2 months of getting this new card I had another call. And they new my name, address and NEW card number.

I started a thread about this and some posters suggested Amazon may have been the weak point because they don't take down your card's CVC number when you register a card.

Btw: the 3rd fraud call was against my debit card which I was using whilst waiting for the replacement credit card. And that was about 2 months after the 2nd fraud call.

M25

The only thing you need to worry about is that they got through to you in the first place. As for them having some of your details there's plenty news about companies and organisations losing 10s of millions of customers' details.

Try blocking most numbers either on your landline or mobile. Obviously you can have a white list of people you want to get through.

If you happen to block an import caller then you'll soon know about it (police at the door/bank card not working/your Auntie Anne's neighbour telling you her house is on fire etc).

Always have a backup bank account.

Blocking is bliss.

born_again

scoot65 said:

I received a call from someone stating they were from Nationwide and informing me that there had been suspicious activity on my card. They asked a few questions which I declined to answer (stating that would have the details on their screen). To confirm my identity they wanted the last 10 numbers of the card number. I declined and they immediately hung-up. 

What's worrying is that they knew my name, knew the card in question had been replaced a few months ago,  knew it was a Nationwide Gold CC card and obviously they knew my mobile tel number. I think I may have confirmed my name at some point.

I've contacted Nationwide who confirmed that there are no transactions on my card and they have cancelled the card and are issuing my a new card.    

The fact that they know my name, know at least one of my banks is Nationwide and particularly they know my mobile tel number concerns me. Can they do anything to get access to my various banking apps on my phone???

So previous card stopped & replaced. Why, as may answer your question.

So at a guess. They had that card details & your name from that (could be a hack of a retailer) which could also give phone number.

From card number it is very easy to work out which bank issues them. As it is part of the card number.
Just google "how to find bank from card number"

Armorica

You can get most of this information from someone's waste/rubbish if you're throwing away statements, receipts, envelopes etc.

PRAISETHESUN

Most likely you've had some information leaked from a data breach. Scammers trawl through these breaches and then using the info, usually alongside info scrapped from social media, to try and convince you they are calling from your bank. You did the right thing by hanging up on them and not engaging further.

You told your bank and they've cancelled your card, and should also hopefully put a few more checks on your account for future contacts in case the scammers call them impersonating you. Moving forward you should probably check your credit files fairly regularly now, from all 3 CRAs (Experian, Equifax and TransUnion) to keep an eye out for new lines of credit taken out in your name. Other then that you'll probably get an uptick in spam calls and emails, which you should ignore as usual.

scoot65

Many thanks for the replies. All very useful. I'll certainly be keeping a close eye on my accounts in the coming weeks / months.

I have a feeling that this may have stemmed from an issue I had with Ebay a few months ago. I got logged out of my Ebay account and when I tried to log back in it didn't recognise my password and requested me change the password and I didn't recognise the email it wanted me to send the password notification to.

I contacted Ebay customer services who got me up and running and I informed Nationwide of the issue (linked bank account) who immediately cancelled the card and issued a replacement...........Maybe the scammers had my details since then.

Thanks again for all the useful replies!

sausage_time

Do you have 2FA (passkeys, authenticator app) set up on your eBay account?  (And every other account that supports this).

M25

Get better passwords.

I don't have a password under 20 letters/numbers and have no idea what any of them are. Either paste them into your browser or have some secure method for saving them.

If I don't know my passwords there's not much chance of someone guessing them.

PRAISETHESUN

sausage_time said:

Do you have 2FA (passkeys, authenticator app) set up on your eBay account?  (And every other account that supports this).

M25 said:

Get better passwords.

I don't have a password under 20 letters/numbers and have no idea what any of them are. Either paste them into your browser or have some secure method for saving them.

If I don't know my passwords there's not much chance of someone guessing them.

I'm having a similar debate with a few members of my family at the moment, and the point I keep making is that at the bare minimum you need to have is unique passwords for each account and set up 2FA for all sites that support it. Ideally strong passwords, but at least if they are all unique then a breach of one password doesn't mean that ALL your passwords get breached. For 2FA, ideally use an offline authenticator of some description, but SMS is better than nothing if there's no other option.

If you use a password manager, then there's no reason to not use the strongest password that is allowed by the site in question given it's just a simple copy/paste job to log in - most of mine are 99 character fully random alphanumeric and symbols. I get annoyed when websites artificially limit password length and/or complexity, but even then there's no reason not to use the maximum complexity allowed given it takes the same time to copy/paste 10 characters as it does for longer passwords. You just need to memorise a single strong master password, which is easy enough to do when there's nothing else to remember.

Nasqueron

PRAISETHESUN said:

sausage_time said:

Do you have 2FA (passkeys, authenticator app) set up on your eBay account?  (And every other account that supports this).

M25 said:

Get better passwords.

I don't have a password under 20 letters/numbers and have no idea what any of them are. Either paste them into your browser or have some secure method for saving them.

If I don't know my passwords there's not much chance of someone guessing them.

I'm having a similar debate with a few members of my family at the moment, and the point I keep making is that at the bare minimum you need to have is unique passwords for each account and set up 2FA for all sites that support it. Ideally strong passwords, but at least if they are all unique then a breach of one password doesn't mean that ALL your passwords get breached. For 2FA, ideally use an offline authenticator of some description, but SMS is better than nothing if there's no other option.

If you use a password manager, then there's no reason to not use the strongest password that is allowed by the site in question given it's just a simple copy/paste job to log in - most of mine are 99 character fully random alphanumeric and symbols. I get annoyed when websites artificially limit password length and/or complexity, but even then there's no reason not to use the maximum complexity allowed given it takes the same time to copy/paste 10 characters as it does for longer passwords. You just need to memorise a single strong master password, which is easy enough to do when there's nothing else to remember.

Which do you use? I'd prefer lower cost and ideally mobile access too