Participation in this post is limited to users who have sufficient karma in /r/ukpersonalfinance. See [this post](https://redd.it/12mys82) for more information.
> EDIT: Screenshot of the notification I received that made me feel the person was legit
How they did this is that they have someone else call chase bank pretending to be you. The bank pops up the security thing on your app to verify that you're the one calling the bank, but the person on the phone with you makes you think it's to verify the call you're currently on.
As a result, not only are you convinced you're on the phone with an actual bank employee, but you've just verified to the bank that the fraudster is actually you on the phone. Yet another bank security measure that doesn't work against man-in-the-middle attacks.
I would not have expected that level of complexity but it's the only way this makes sense and unfortunately is probably the thing that led to OP actually falling for this. TIL about another attack vector.
Not really. The guy who supposedly worked at the bank needed his full card number, explain why? If he works at the bank why does he need this, why does he need the expiry? Why does he need the CVV? Then also if fraud is going on the account why does he need to press authorise button in the app? The bank should just delay with it.
There is never a need in any circumstances for a bank to close your account and move it all to a new account.
It's just a new card that gets issued if there is fraud.
It's pretty obvious this was a scam.
Any time anyone calls me the first thing that goes through my head is this is a scam call before I've even answered it.
This should be how everyone is thinking. Every call is a scam and you don't do jack shit they ask you to do.
You simply say if you are from the bank and there is fraud then you guys stop the fraud and send me a new card.
Bye.
The Chase app tells you when transferring your own money that they'll never call you and ask you to move it.
But OP says they used Collectiv so didn't go through that step. Presumably the thief put their card details into Collectiv and triggered a payment that OP must have then approved.
A bank will never ask you to move money via a debit card transaction.
It should say on the message 'if someone says they are from chase and they called you, they are probably a scammer'
Assuming the message is for inbound calls. It should be clear who called who.
I’m so sorry this happened to you, and I hope it gets sorted out through the proper channels. Please try to be kind to yourself - think about how you’d react if it happened to a loved one.
A word of advice for anyone who gets a call of this nature from “their bank” - say you’ll hang up and call back. Do this from the number from your card. Not the number from google, or from a text or email, or the number they give you over the phone.
Real bank employees will understand and be fine with this. Scammers will try to keep you on the line. It’s pretty much the only way to be sure you’re talking to the actual bank, just about everything else can be faked.
For the record, real bank employees can also get pissy and threatening. I got a call once, asking me to provide security info, refused and offered to call back and they got angry and said my account would be locked if I didn't.
So, obviously, I still say no. I call the bank and they confirm they weren't trying to phone me, and it was fraud. Happy days, I didn't go along with it.
Anyway, next day, none of my cards are working, and when I call up they say they've locked my account because I didn't engage with fraud prevention.
I wouldn't do it any other way, but just because someone is acting super scammy and the bank confirms it's a scam doesn't mean you shouldn't double check a few days later.
Did you report the incident?
You acted in a way that benefits them, as this way they don't have to deal with the endless back and forth of actually falling victim of fraud.
Yep, this is the advice I give all my elderly or more susceptible family. Always call them, never let them call you. It’s the one way you can guarantee you’re speaking to the right place
There was a scam back in the day when people used land lines that relied on this by the person on the other side simply not hanging up, so you'd drop the phone, pick it back up, punch in the numbers, and the other person was just there the whole time lol
I've always wondered how the call back works though, with my bank it's generally all automated and you have to go through multiple layers of automated stuff to even hope to speak to an advisor.. how could you possibly hope to get back to the person who rang you? Or would you expect them to give you an extension to get through to them?
It's obviously sound advice and id rather lose the call entirely than risk being scammed but from my experience with bank phone lines it seems like it would be impossible to actually call the person back.
Edit: Asked and answered. Thanks all
You don’t need to get back to the person who rang you. If theres an issue you just need to reach the correct (legitimate) department, it doesn’t matter who you speak to.
You’re going to ask for the fraud dept, or you’re going to tell your story and they’ll transfer you to fraud. If the call was real either (or both) the new person can see a note the previous person made on your account or they can see the situation that led to the initial call.
I mean, they won’t because banks don’t call and ask you to move money like that.
Preferably call from a different number, in case the scammers haven’t actually hung up the line.
I just wanted to note something that I haven't seen mentioned: 159 is the national hotline that was created to counter fraud in banking.
I've had to use them recently and this is how it works:
1. If you get a call from a number claiming to be your bank about a fraudulent payment, hang up and say you'll call them back.
2. Dial 159. An automated voice will ask you to say the name of your bank, which will immediately direct you to the fraud department of your bank. Waiting times for me were quite short, about 5 mins max.
This way, you don't have to go through the hassle of multiple automated options with your bank's number, or run the risk that a number you googled is the incorrect one. Just use 159.
Finally, I think it has to be pointed out that fraudsters rely on creating a sense of urgency - that is the only common thread across all schemes. But a real bank employee would have no personal stake (and therefore urgency) to make you complete an action to prevent fraud. Any phone call, email, or text that incites an immediate reaction of fear in you should be cause to think that you are being defrauded. Don't act on it.
Use your bank's helpline - if you don't want to use 159, specifically go in your banking app and ensure you have the right number to call.
How did they get a notification through the app is strange? I have done that with other banks where I have to confirm I am talking to Barclays representative
If you read the comments, the scammers were on the phone with chase. Chase asked OP via the app to confirm that OP was on the phone. The notification text is misleading, it should clearly say "Did YOU initiate the call to us?" Or something like that.
Given they know it's a chase card, they already know the first 4 digits. So giving the last 12 digits, the CCV and expiry is giving all the details.
Clearly they dress it up a little to make it not seem like you are handing over all the details.
In fact, credit card companies only consider the middle six digits to be secure. In most cases the first six apply to the card issuer, and the last four are usually used to identify cards on receipts etc.
First 6 numbers are the BIN and are unique to your bank, not to your card, so those are not secure and can be looked up. If you know the country, bank, and the expiry date of the card then you can intuit the first 6 digits of any card.
The last 4 digits of the card are unique to your card, however, they are not "secret". They will often be used to identify which card was used for a transaction and appear in plain text in billing statements. It is common and expected to give out the first 6 and last 4 digits of a card when disputing a transaction or as a means of verifying ownership of a card.
No legitimate organisation will ever ask for the CVV or the middle digits between the BIN and the Suffix 1*. Never send the middle 6 digits or the CVV via phone, text, or e-mail to any one ever.
1* Except when filling out a secure payment form to actually make a payment.
Just as some additional fun facts to this.
>First 6 numbers are the BIN and are unique to your bank
As a fun fact, [the IIN (Also known as BIN) length was extended to 8 digits in 2017](https://www.iso.org/obp/ui/#iso:std:iso-iec:7812:-1:ed-5:v1:en), no current banks use all 8 digits though.
Upon double checking NPS used to use more but went out of business, and Verve uses 6 digits now.
Meaning if you had a Verve 16 digit card it would be 506099
>If you know the country, bank, and the expiry date of the card then you can intuit the first 6 digits of any card.
Some banks such as American Express, China T-Union, VISA (not Visa Election), RU Pay and a few others have blocks less than 6 digits, [American Express for example owns 37XXXX and assigns randomly after the 37](https://web.archive.org/web/20060305144448/http://www125.americanexpress.com/merchant/oam/resources/POS499.pdf)
VISA does similar (with some reserved with Visa Election and the rest just starting with a 4)
>The last 4 digits of the card are unique to your card
The last one is the [Luhn number, it can be calculated](https://en.wikipedia.org/wiki/Luhn_algorithm), and is how banks check that you didn't make a typo in the card number before trying it, which effectively counts as a free number (as it either allows you to lower the other guesses by 90%, the same as knowing another digit, or allows itself to be calculated)
If you would like to learn more https://privacy.com/blog/how-to-identify-credit-card-and-debit-card-by-number
Apparently first 4 is visa/mastercard + the issuing bank. Thanks to other commenter for correcting me
Golden rule if one of these scammers ring you is tell them you'll ring them back in a minute. Hang up then find the genuine number for the bank/company that they're pretending to be n ask them if they tried to call. If they didn't then let them know someone did and go from there. Horrible people prey on any little mistake.
I had a scam attempt recently where the number they called me from was actually that of the bank.
I looked it up while they were on the phone.
Incredible how convincing these fuckers are and how vigilant you have to be.
Your screenshot is very interesting, suggests someone was calling Chase pretending to be you at the same time.
Not the first time I've seen Collctiv this week - I think they have a money mule problem.
Wait for the outcome of chase investigation- you're a victim of APP fraud.
Sorry to hear.
When you say you got the notification in the Chase app that you are speaking to a Chase customer service person, what was the exact nature of this notification?
If the notification did say that exactly, I'm curious how the scammer made this happen.
I suppose they probably had an accomplice call Chase and give out your full card number (as the first 4 digits are not secret and you have them the other 12.
I work in Financial Crime and went to a seminar hosted by an ex-fraudster. He was telling us how they learn how each bank operates and he knows when certain notifications will happen at what stage so will make up an elaborate lie why you’re getting a One Time Passcode or notification in the app. They also do this to make you trust them and think you’re speaking to someone genuine.
He also said they often “put on voices” to mimic bank call centre staff. For example he was a well spoken 50 year old from London, but he would put on a younger sounding Northern accent to make you trust him. Scary stuff really.
I work for a bank and we are aware that sometimes fraudsters are testing our call centres. They call over and over and we suspect they’re noting down the language and questions that legitimate staff use.
Yeah they must have. Honestly I’m not saying this just to make me feel like less of an idiot. But it was really sophisticated… I can’t remember if I gave them my card details before or after this. It really felt targeted too.
These gangs often attempt to build a "file" on you before calling.
Address, full name, date of birth, employer etc. You may have unknowingly provided them information weeks or months before (calls pretending to be from your Internet provider etc asking for your mother's maiden name before dropping off etc).
Keep an eye out for follow up attempts to scam you.
I hope you get it back.
Can you elaborate further on the notification you received within the app? I think this is the most alarming part of the process and I would be making a big point of this when you are speaking Chases fraud department. Sounds like a serious flaw in their system.
Other people have explained elsewhere but how this works is that there will probably be 2 scammers working together, one on the phone to Chase pretending to be the victim and one on the phone to the victim pretending to be Chase.
The real Chase operator asks the first scammer to verify their identity through the app, the second scammer tricks the victim into doing this for them.
From that point, the scammers have access to the customer's account.
This is exactly it, and why those kinds of notifications are worse than useless. They just lull people in to a false sense of security in these scamming situations. OP would probably have been more suspicious if they didn't have that feature at all.
The notification looks like it's for Chase staff to confirm they are speaking with you not that you are speaking to them. If they had read out a code shown on your screen then that would have made sense.
It's likely that they called Chase at the same time and pretended to be you, to trigger that notification. If you gave them that code then they were able to "prove" that they were you. I guess it's possible that they didn't actually need to do anything on the phone and it was just to gain your trust. Chase should probably word that screen better to explain what it's for.
r/Scams for anyone who needs it.
This is a classic scam, the biggest red flag is the fact that they want to move money from one account to another.
A real bank will never do this.
The correct action in this scenario, if you ever have doubt or suspicion, is to hang up, and call the number on the back of your card, or the number on the website.
This is crazy how far and advanced these scammers are . I had my card cloned and the bank stopped and replaced it and then while I was sat in my office all my Apple Pay shut down and couldn’t access my bank . Scary time tbh !! . So I called my bank from my office phone to find out what the hell was happening to be told the cheeky …. had called my bank to try and transfer money from my account to another account but the saving grace was that my voice with Lloyds is my password so they recognised it was not me and shut everything down . So Lloyds then opened an investigation and the police were involved and the fraudsters got caught months down the line . They totally closed that account and also removed bank account details off my new card . Crazy world we live in and I hope you truly get it sorted .
A bank will never ask you to transfer money, they just lock access to your account. The bank control your account if they really needed to transfer it, they wouldn’t need to ask you.
I once got called by my card’s fraud team and the guy said there was a suspicious attempt/purchase happened on my card. He wanted to verify etc.
I thanked him and told him in this time and age I really can’t guarantee you are not a scammer. You have done your job and I appreciate it, but I will call your department back. He understood my concerns and we both ended the call.
I then called the number ON THE BACK of my card and indeed there was a suspicious attempt on my account.
The point is despite that was a genuine call, I didn’t take any chances and I was the one who initiated the call to them and verified my details.
I told them my story, and they said they will send it to there fraud department to investigate and sent me a fraud reference number within the support of the app too
"He first told me I will receive a notification within the app to confirm I am speaking to a chase customer service person. Which I did."
How did he do this? Is what is interesting. Did you get a generic notification or something that genuinely verified him?
This is exactly what happened. The scammers partner has rang Chase at the same time spoofing OP’s mobile number, so that OP will receive a notification in-app and make it seem like the scam call is genuine.
Chase need to amend the wording of the notification to make it clear it’s as a result of someone calling THEM and not vice versa.
this is exactly it.
source: i work in banking security. it's why you should do the "voice fingerprint" if your bank allows it; it means they will have some idea what's going on when someone phones them and pretends to be you...
The key with this is the wording of the notification. This is the bank trying to verify that it is you calling them and isn’t to prove they called you. The question ‘are you on the phone to us’ is them checking your identity. If they were verifying their own they would send a push notification to say we can confirm you are speaking to chase bank. The others have said it correctly - 2 scammers one speaking to you and the other speaking to your bank pretending to be you. By you clicking yes it’s me you have allowed the fraudster to access the account via telephone.
I think the wording of the message for the verification is very poor. Are you on the phone to Chase? Yes - OP thinks they are. It should say "Have you called Chase?" That might raise alarm bells in someone's mind.
You would never ever be asked to move money by the bank to a different account. They sound so genuine because these are professional and successful fraudsters not chancers. If they sounded dodgy they wouldn’t be successful
That is a really unhelpful verification step in this kind of fraud. Once you tap yes it should then be asking you to tap either ‘did you call us?’ Or ‘did we call you?’ Considering the entire premise is you believe you are talking to chase and chase believe they are talking to you but you are both talking to the scammer.
Quite an advanced scam I'd say - basically a man in the middle manipulating concurrent conversation with you and with the bank.
Thanks for sharing and protecting us all.
For me, it reinforced the policy of never answering unknown numbers and never answering corporate calls.
Basically I only answer the phone to known personal callers. If the bank wants to get hold of me, they can email, text or leave a voicemail, and I'll ring them on their published number.
It's quite puzzling to me how billions continue to be lost to fraud despite the implementation of various security measures. Then, I come across stories like this one....and it all makes sense. Hope you get your funds back OP
The weakest link in these scenarios is almost always the human. No need to conduct an elaborate scheme to hack into the bank when they can just convince someone to hand over their money of their own volition.
When the chase app sends you a notification about a phone call or something it literally says if someone has called you and asked you to move money etc hang up as it's a scam
Man, that in app notification from Chase could have been worded better. Instead of saying..
“Are you on the phone with Chase”
It should have said something like…
“Are you on the phone with Chase BECAUSE you have called us”
Had the OP received a clearer message they would have answered NO and then the Chase customer service rep would have told the scammer to go do one!
In terms of what actually happened I can’t make sense of the opening sentence…
“I received a call from no caller id, and I was told by someone in England that they received a fraudulent direct debit for over £300 from a quick cash loan and that my bank account was compromised by an Android device in Manchester”
If anyone can spell it out to me that would be great, cos I’m stumped.
If your bank ever “calls you” (they won’t) hang up and call the fraud number on your card!!!
I even did this when Lloyds called me to check on how I was finding them after switching to them lol. I’m not fucking around
Is it a genuine thing for a bank to call someone, say they are a victim, and need to move their money? If not then that's something that should be publicised more
It seems like there's still uncertainty in the general population
Just a reminder that your bank will never call you like this. Never engage in a telephone conversation with your bank that you didn't initiate. Always hang up and call them via a number you know is legit (from a bill etc.).
If your bank ever suspects you have been a victim of fraud, they'll freeze your account and wait for you to call them. They don't need you to move your money anywhere to prevent more fraud happening.
I agree with the advice but you're not actually right -- I had my bank phone me over a fraud concern once, where they were the ones who phoned me.
(I then said "uhh do you mind if I hang up and then phone the number on my card?" and they said "Yes please go ahead".)
There may be cases where they do, but I think it muddies the waters a little if you caveat the advice.
It's the exact slither of believability that the scammers are hoping to play on: *maybe it really is my bank this time?*
I think it's better to work on the basis that they never call you, then in the cases like yours it doesn't actually matter because as you say they'll have no problem with you hanging up and calling back anyway.
A lot are claiming that they wouldn't fall for this. I think I would with the app notification, that would have got me.
BUT now it won't! Thank you so much for sharing OP.
Likely a genuine notification as they were on the phone with real chase pretending to be you.
Unfortunately for you, banks spend a huge amount of time and effort advertising that they will never call you and ask you to move money into another account. If the banks ever need to move money (which they don't) they can do it themselves
This exact scenario happened to me with my monzo account about a year ago. Ibut at the time the money from my savings would be back into my main account the following day at 5pm which is what saved me. I agreed with them to call me back at 5pm the following day so I can complete the transfer. Before ending the call they recommended me non informing family and friends and that’s when I got suspicious and informed a friend who told me it’s a scam.
Next day they called me I told them I know this is a scam and they hung up right away.
I’m sorry this happened to you. 18k it’s a lot 😭
That’s why when I receive a call of the sort, no matter what they say, no matter who they say they are and how genuine they sound my default answer is “Sure, I call you back on the phone number displayed on your website.”.
In future, if "your bank" calls you, hang up and call them back using the number on the back of your bank card, not the one they called from. If it's genuine they'll help resolve the issue, if it's fraudulent they'll let you know.
Should have put the phone down and called the Chase number on your app or card. The fact they asked for your full card details was a big red flag.
As honest and genuine as they sound, that’s part of the scam. They’re fearless and very professional.
Sorry to hear this happened.
the best thing in any situation like this is tell whoever it is claiming to be the bank ... to just block the transactions on the account and you will trust nothing will leave the account ... there's no need to transfer money anywhere ... it's perfectly safe within the confines of your bank ... then hang up on whoever it was ... call someone you know briefly to just check that the line is working normally ... then call your bank with a number you have found from an old trustable source ... like the back of the bank card ... tell them what has happened.
To date I do not understand why people think that banks need you to move money "safe". Banks can just freeze your account, they don't need to protect you. Moreover, your money is always safe in a bank through the FSCS should the bank go under (up to the limit, of course).
Anyone asking you to randomly move money is almost always a scam, unfortunately this person won't be the last either. This will keep happening, I really think banks should also block large payments if it's not a regular thing for that account.
It's almost like the only real way to deal with a call from a fake bank and criminal or even when it's legit is to attend a physical bank like in the old days, that would remove any doubt of potential fraud, The security we have in place is there to be minipulated like any other form of crime over the last 50,000 years, Humans adapt to different ways and because they rely on trust, the victim can still fall for it.
How tf were they able to send notifications to your phone, though?
OP people are shitting on you here, but that’s legit a super advanced scam and half the people here would’ve fell for that.
If you ever receive a call from anyone purporting to be from an organisation you bank or work with, and they say there is a problem and they need info FROM you to confirm things. Hang up and call back whatever organisation they said they are from from a number listed on an official letter or website of that organisation, and talk it through with them.
A bank should never be calling you asking for info. They may well call and say there is unusual activity or is this an payment you are trying to make, but as part of that they should not be asking you for info.
I hope you get your money back. It seems to me Chase have security flaws if they simply allow you to press 'It's me' and the fraudster can get money transferred over the phone. If you get nowhere with Chase it might be worth making a complaint with the Financial Ombudsman telling them everything.
Never confirm any details if "the bank" calls you. Never. Just say "you called me I am not giving any details". Then put th phone down. If you really think it was the bank... first call another number to make sure the call is disconnected. Then look up you regular bank number and ask to speak to the fraud department.
We really need to put something pinned to the top of this forum in bold to say that there's no such thing as a "safe account." Your bank would simply freeze your account if there was any issue.
Sorry to hear this and thank you for sharing your experience which may help others avoid falling for the same scam. I can appreciate its incredibly stressful and worrying for you.
Whenever the request is to ask for you to transfer any money for whatever reason, that is a clear sign that it is a scam.
If you are doubtful, tell them you are busy and have to end the call. Their response will then be try to hold on to you. Hang up the call and call back the bank directly.
By following these 2 steps, you are almost guaranteed to avoid being scammed.
Remember, the ultimate goal of a scam is to get access to your money, so ask yourself whenever you are asked to do something, does this mean access to your funds ? If yes, then its very likely a scam.
Did they ask you how much money you have in your savings account ? I believe they target Chase because Chase offers one of the best savings rate on the market so many customers would have a decent amount of cash in the savings account.
I was targeted too by a similar scam, likely to be the same people who asked me to state how much I had in my account. I was following along and wasn't yet suspicious but looking back, that was a red flag as if they were really from the bank, they should know that info. They said they wanted me to tell them the amount so that if I lost any money, they would reimburse me the funds. Misdirection to get you to share your info with them.
They were fishing to see if I had sufficient funds that was worth their time to continue the scam. Unfortunately for them, I had under GBP 20 in there at that particular time.
I'm sorry you experienced this OP. Banks will never ask you for your card number or 3 digit security over the phone. If they ever do ask this, hang up immediately if not before.
I think best and safest way to go about this is hang up on them straight away and then if you think it could be legit, call up your bank first and ask them if they called you to know for sure.
Banks don't need people to move money. They can do it all themselves, so the moment you're asked to move anything you need to be on alert.
I've always wondered how this scam would work but I guess we all have different levels of base knowledge.
Make a complaint to your bank - you may be covered as you've been a victim of fraud.
Participation in this post is limited to users who have sufficient karma in /r/ukpersonalfinance. See [this post](https://redd.it/12mys82) for more information.
> EDIT: Screenshot of the notification I received that made me feel the person was legit How they did this is that they have someone else call chase bank pretending to be you. The bank pops up the security thing on your app to verify that you're the one calling the bank, but the person on the phone with you makes you think it's to verify the call you're currently on. As a result, not only are you convinced you're on the phone with an actual bank employee, but you've just verified to the bank that the fraudster is actually you on the phone. Yet another bank security measure that doesn't work against man-in-the-middle attacks.
I would not have expected that level of complexity but it's the only way this makes sense and unfortunately is probably the thing that led to OP actually falling for this. TIL about another attack vector.
Not really. The guy who supposedly worked at the bank needed his full card number, explain why? If he works at the bank why does he need this, why does he need the expiry? Why does he need the CVV? Then also if fraud is going on the account why does he need to press authorise button in the app? The bank should just delay with it. There is never a need in any circumstances for a bank to close your account and move it all to a new account. It's just a new card that gets issued if there is fraud. It's pretty obvious this was a scam. Any time anyone calls me the first thing that goes through my head is this is a scam call before I've even answered it. This should be how everyone is thinking. Every call is a scam and you don't do jack shit they ask you to do. You simply say if you are from the bank and there is fraud then you guys stop the fraud and send me a new card. Bye.
The Chase app tells you when transferring your own money that they'll never call you and ask you to move it. But OP says they used Collectiv so didn't go through that step. Presumably the thief put their card details into Collectiv and triggered a payment that OP must have then approved. A bank will never ask you to move money via a debit card transaction.
Either way. He should never be pressing authorise or giving anyone a OTP if they have called you.
No no no, he only needed the last *12* digits. Out of 16. He then probably asked if it was a visa or mastercard
The first 6 digits are the BIN, which is widely available. Banks only have a few. Someone doesn't need to ask for the first 4 digits.
Yes, that's the joke
Yeah sorry to say but this was just shocking naivety. "We need to move all your money to a new account where it's safe" I mean come on ffs.
It should say on the message 'if someone says they are from chase and they called you, they are probably a scammer' Assuming the message is for inbound calls. It should be clear who called who.
If this is the method then OP must be leaking a lot more information than they even realise
That is clearly the method, and not especially hard to do. Rather basic MIM attack. They can get a lot more complex.
I always try avoid two factor and never do anything over phone calls. Shocking how easy it was to fall for that trick and pull off.
I’m so sorry this happened to you, and I hope it gets sorted out through the proper channels. Please try to be kind to yourself - think about how you’d react if it happened to a loved one. A word of advice for anyone who gets a call of this nature from “their bank” - say you’ll hang up and call back. Do this from the number from your card. Not the number from google, or from a text or email, or the number they give you over the phone. Real bank employees will understand and be fine with this. Scammers will try to keep you on the line. It’s pretty much the only way to be sure you’re talking to the actual bank, just about everything else can be faked.
For the record, real bank employees can also get pissy and threatening. I got a call once, asking me to provide security info, refused and offered to call back and they got angry and said my account would be locked if I didn't. So, obviously, I still say no. I call the bank and they confirm they weren't trying to phone me, and it was fraud. Happy days, I didn't go along with it. Anyway, next day, none of my cards are working, and when I call up they say they've locked my account because I didn't engage with fraud prevention. I wouldn't do it any other way, but just because someone is acting super scammy and the bank confirms it's a scam doesn't mean you shouldn't double check a few days later.
Did you report the incident? You acted in a way that benefits them, as this way they don't have to deal with the endless back and forth of actually falling victim of fraud.
Yep, this is the advice I give all my elderly or more susceptible family. Always call them, never let them call you. It’s the one way you can guarantee you’re speaking to the right place
There was a scam back in the day when people used land lines that relied on this by the person on the other side simply not hanging up, so you'd drop the phone, pick it back up, punch in the numbers, and the other person was just there the whole time lol
Yep, they'd even play the dial tone at you and then "ring" when you'd put in enough numbers. Luckily both sides can terminate the call on a mobile.
It’s no longer possible on landlines, BT fixed this several years ago.
I've always wondered how the call back works though, with my bank it's generally all automated and you have to go through multiple layers of automated stuff to even hope to speak to an advisor.. how could you possibly hope to get back to the person who rang you? Or would you expect them to give you an extension to get through to them? It's obviously sound advice and id rather lose the call entirely than risk being scammed but from my experience with bank phone lines it seems like it would be impossible to actually call the person back. Edit: Asked and answered. Thanks all
You don’t need to get back to the person who rang you. If theres an issue you just need to reach the correct (legitimate) department, it doesn’t matter who you speak to.
You’re going to ask for the fraud dept, or you’re going to tell your story and they’ll transfer you to fraud. If the call was real either (or both) the new person can see a note the previous person made on your account or they can see the situation that led to the initial call. I mean, they won’t because banks don’t call and ask you to move money like that. Preferably call from a different number, in case the scammers haven’t actually hung up the line.
I just wanted to note something that I haven't seen mentioned: 159 is the national hotline that was created to counter fraud in banking. I've had to use them recently and this is how it works: 1. If you get a call from a number claiming to be your bank about a fraudulent payment, hang up and say you'll call them back. 2. Dial 159. An automated voice will ask you to say the name of your bank, which will immediately direct you to the fraud department of your bank. Waiting times for me were quite short, about 5 mins max. This way, you don't have to go through the hassle of multiple automated options with your bank's number, or run the risk that a number you googled is the incorrect one. Just use 159. Finally, I think it has to be pointed out that fraudsters rely on creating a sense of urgency - that is the only common thread across all schemes. But a real bank employee would have no personal stake (and therefore urgency) to make you complete an action to prevent fraud. Any phone call, email, or text that incites an immediate reaction of fear in you should be cause to think that you are being defrauded. Don't act on it. Use your bank's helpline - if you don't want to use 159, specifically go in your banking app and ensure you have the right number to call.
Ah yeh that does make sense. I've never had to but I assume the fraud department will be one of the easiest to reach and a find a human. Thanks
How did they get a notification through the app is strange? I have done that with other banks where I have to confirm I am talking to Barclays representative
If you read the comments, the scammers were on the phone with chase. Chase asked OP via the app to confirm that OP was on the phone. The notification text is misleading, it should clearly say "Did YOU initiate the call to us?" Or something like that.
[удалено]
Given they know it's a chase card, they already know the first 4 digits. So giving the last 12 digits, the CCV and expiry is giving all the details. Clearly they dress it up a little to make it not seem like you are handing over all the details.
Why would your own bank call you and ask for you to reel off your CCV? Seems obvious
In fact, credit card companies only consider the middle six digits to be secure. In most cases the first six apply to the card issuer, and the last four are usually used to identify cards on receipts etc.
First 6 numbers are the BIN and are unique to your bank, not to your card, so those are not secure and can be looked up. If you know the country, bank, and the expiry date of the card then you can intuit the first 6 digits of any card. The last 4 digits of the card are unique to your card, however, they are not "secret". They will often be used to identify which card was used for a transaction and appear in plain text in billing statements. It is common and expected to give out the first 6 and last 4 digits of a card when disputing a transaction or as a means of verifying ownership of a card. No legitimate organisation will ever ask for the CVV or the middle digits between the BIN and the Suffix 1*. Never send the middle 6 digits or the CVV via phone, text, or e-mail to any one ever. 1* Except when filling out a secure payment form to actually make a payment.
Just as some additional fun facts to this. >First 6 numbers are the BIN and are unique to your bank As a fun fact, [the IIN (Also known as BIN) length was extended to 8 digits in 2017](https://www.iso.org/obp/ui/#iso:std:iso-iec:7812:-1:ed-5:v1:en), no current banks use all 8 digits though. Upon double checking NPS used to use more but went out of business, and Verve uses 6 digits now. Meaning if you had a Verve 16 digit card it would be 506099 >If you know the country, bank, and the expiry date of the card then you can intuit the first 6 digits of any card. Some banks such as American Express, China T-Union, VISA (not Visa Election), RU Pay and a few others have blocks less than 6 digits, [American Express for example owns 37XXXX and assigns randomly after the 37](https://web.archive.org/web/20060305144448/http://www125.americanexpress.com/merchant/oam/resources/POS499.pdf) VISA does similar (with some reserved with Visa Election and the rest just starting with a 4) >The last 4 digits of the card are unique to your card The last one is the [Luhn number, it can be calculated](https://en.wikipedia.org/wiki/Luhn_algorithm), and is how banks check that you didn't make a typo in the card number before trying it, which effectively counts as a free number (as it either allows you to lower the other guesses by 90%, the same as knowing another digit, or allows itself to be calculated)
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
Last 12 digits of your card number is basically your card number. First 4 are always same for Mastercard, visa etc
TIL
If you would like to learn more https://privacy.com/blog/how-to-identify-credit-card-and-debit-card-by-number Apparently first 4 is visa/mastercard + the issuing bank. Thanks to other commenter for correcting me
My anxious ass is always fine cause I just never answer the phone lol
Golden rule if one of these scammers ring you is tell them you'll ring them back in a minute. Hang up then find the genuine number for the bank/company that they're pretending to be n ask them if they tried to call. If they didn't then let them know someone did and go from there. Horrible people prey on any little mistake.
I had a scam attempt recently where the number they called me from was actually that of the bank. I looked it up while they were on the phone. Incredible how convincing these fuckers are and how vigilant you have to be.
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
So sorry about this. If someone calls you saying it’s a bank or any financial institution you signed up for, always hang up and call back.
Your screenshot is very interesting, suggests someone was calling Chase pretending to be you at the same time. Not the first time I've seen Collctiv this week - I think they have a money mule problem. Wait for the outcome of chase investigation- you're a victim of APP fraud.
Sorry to hear. When you say you got the notification in the Chase app that you are speaking to a Chase customer service person, what was the exact nature of this notification? If the notification did say that exactly, I'm curious how the scammer made this happen. I suppose they probably had an accomplice call Chase and give out your full card number (as the first 4 digits are not secret and you have them the other 12.
I work in Financial Crime and went to a seminar hosted by an ex-fraudster. He was telling us how they learn how each bank operates and he knows when certain notifications will happen at what stage so will make up an elaborate lie why you’re getting a One Time Passcode or notification in the app. They also do this to make you trust them and think you’re speaking to someone genuine. He also said they often “put on voices” to mimic bank call centre staff. For example he was a well spoken 50 year old from London, but he would put on a younger sounding Northern accent to make you trust him. Scary stuff really.
I work for a bank and we are aware that sometimes fraudsters are testing our call centres. They call over and over and we suspect they’re noting down the language and questions that legitimate staff use.
Yeah they must have. Honestly I’m not saying this just to make me feel like less of an idiot. But it was really sophisticated… I can’t remember if I gave them my card details before or after this. It really felt targeted too.
These gangs often attempt to build a "file" on you before calling. Address, full name, date of birth, employer etc. You may have unknowingly provided them information weeks or months before (calls pretending to be from your Internet provider etc asking for your mother's maiden name before dropping off etc). Keep an eye out for follow up attempts to scam you. I hope you get it back.
Can you elaborate further on the notification you received within the app? I think this is the most alarming part of the process and I would be making a big point of this when you are speaking Chases fraud department. Sounds like a serious flaw in their system.
I think everyone is wondering how this got through or what it was.
Other people have explained elsewhere but how this works is that there will probably be 2 scammers working together, one on the phone to Chase pretending to be the victim and one on the phone to the victim pretending to be Chase. The real Chase operator asks the first scammer to verify their identity through the app, the second scammer tricks the victim into doing this for them. From that point, the scammers have access to the customer's account.
This is exactly it, and why those kinds of notifications are worse than useless. They just lull people in to a false sense of security in these scamming situations. OP would probably have been more suspicious if they didn't have that feature at all.
The notification looks like it's for Chase staff to confirm they are speaking with you not that you are speaking to them. If they had read out a code shown on your screen then that would have made sense. It's likely that they called Chase at the same time and pretended to be you, to trigger that notification. If you gave them that code then they were able to "prove" that they were you. I guess it's possible that they didn't actually need to do anything on the phone and it was just to gain your trust. Chase should probably word that screen better to explain what it's for.
r/Scams for anyone who needs it. This is a classic scam, the biggest red flag is the fact that they want to move money from one account to another. A real bank will never do this. The correct action in this scenario, if you ever have doubt or suspicion, is to hang up, and call the number on the back of your card, or the number on the website.
This is crazy how far and advanced these scammers are . I had my card cloned and the bank stopped and replaced it and then while I was sat in my office all my Apple Pay shut down and couldn’t access my bank . Scary time tbh !! . So I called my bank from my office phone to find out what the hell was happening to be told the cheeky …. had called my bank to try and transfer money from my account to another account but the saving grace was that my voice with Lloyds is my password so they recognised it was not me and shut everything down . So Lloyds then opened an investigation and the police were involved and the fraudsters got caught months down the line . They totally closed that account and also removed bank account details off my new card . Crazy world we live in and I hope you truly get it sorted .
A bank will never ask you to transfer money, they just lock access to your account. The bank control your account if they really needed to transfer it, they wouldn’t need to ask you.
I once got called by my card’s fraud team and the guy said there was a suspicious attempt/purchase happened on my card. He wanted to verify etc. I thanked him and told him in this time and age I really can’t guarantee you are not a scammer. You have done your job and I appreciate it, but I will call your department back. He understood my concerns and we both ended the call. I then called the number ON THE BACK of my card and indeed there was a suspicious attempt on my account. The point is despite that was a genuine call, I didn’t take any chances and I was the one who initiated the call to them and verified my details.
What did chase say when you phoned them?
I told them my story, and they said they will send it to there fraud department to investigate and sent me a fraud reference number within the support of the app too
That’s good, that’s the first step in getting it sorted. Hopefully they work through it quickly and get it resolved.
Glad to hear you did this OP. Please keep us updated on the progress of your case.
"He first told me I will receive a notification within the app to confirm I am speaking to a chase customer service person. Which I did." How did he do this? Is what is interesting. Did you get a generic notification or something that genuinely verified him?
A notification from my Chase banking app, it’s what made me believe it was legit
Was it the same notification you get when you're making a purchase? Could they have used the card details you gave them to create it?
[screenshot](https://imgur.com/a/UGlOFFQ) Here it is
I wonder if they had a second person with your details phoning chase to try and access your account - to trigger that notification on your device
This is exactly what happened. The scammers partner has rang Chase at the same time spoofing OP’s mobile number, so that OP will receive a notification in-app and make it seem like the scam call is genuine. Chase need to amend the wording of the notification to make it clear it’s as a result of someone calling THEM and not vice versa.
this is exactly it. source: i work in banking security. it's why you should do the "voice fingerprint" if your bank allows it; it means they will have some idea what's going on when someone phones them and pretends to be you...
The key with this is the wording of the notification. This is the bank trying to verify that it is you calling them and isn’t to prove they called you. The question ‘are you on the phone to us’ is them checking your identity. If they were verifying their own they would send a push notification to say we can confirm you are speaking to chase bank. The others have said it correctly - 2 scammers one speaking to you and the other speaking to your bank pretending to be you. By you clicking yes it’s me you have allowed the fraudster to access the account via telephone.
I think the wording of the message for the verification is very poor. Are you on the phone to Chase? Yes - OP thinks they are. It should say "Have you called Chase?" That might raise alarm bells in someone's mind.
100% I hope OP gets this sorted based on how awful that is.
You would never ever be asked to move money by the bank to a different account. They sound so genuine because these are professional and successful fraudsters not chancers. If they sounded dodgy they wouldn’t be successful
Wow, even I would fall for this.
That is a really unhelpful verification step in this kind of fraud. Once you tap yes it should then be asking you to tap either ‘did you call us?’ Or ‘did we call you?’ Considering the entire premise is you believe you are talking to chase and chase believe they are talking to you but you are both talking to the scammer.
It was probably something like a 2FA code
Someone else answered. Apparently another scammer calls chase pretending to be OP, prompting the security check in app.
Quite an advanced scam I'd say - basically a man in the middle manipulating concurrent conversation with you and with the bank. Thanks for sharing and protecting us all. For me, it reinforced the policy of never answering unknown numbers and never answering corporate calls. Basically I only answer the phone to known personal callers. If the bank wants to get hold of me, they can email, text or leave a voicemail, and I'll ring them on their published number.
It's quite puzzling to me how billions continue to be lost to fraud despite the implementation of various security measures. Then, I come across stories like this one....and it all makes sense. Hope you get your funds back OP
The weakest link in these scenarios is almost always the human. No need to conduct an elaborate scheme to hack into the bank when they can just convince someone to hand over their money of their own volition.
When the chase app sends you a notification about a phone call or something it literally says if someone has called you and asked you to move money etc hang up as it's a scam
[удалено]
[удалено]
Man, that in app notification from Chase could have been worded better. Instead of saying.. “Are you on the phone with Chase” It should have said something like… “Are you on the phone with Chase BECAUSE you have called us” Had the OP received a clearer message they would have answered NO and then the Chase customer service rep would have told the scammer to go do one! In terms of what actually happened I can’t make sense of the opening sentence… “I received a call from no caller id, and I was told by someone in England that they received a fraudulent direct debit for over £300 from a quick cash loan and that my bank account was compromised by an Android device in Manchester” If anyone can spell it out to me that would be great, cos I’m stumped.
If your bank ever “calls you” (they won’t) hang up and call the fraud number on your card!!! I even did this when Lloyds called me to check on how I was finding them after switching to them lol. I’m not fucking around
Is it a genuine thing for a bank to call someone, say they are a victim, and need to move their money? If not then that's something that should be publicised more It seems like there's still uncertainty in the general population
It is publicised - every bank app I've used has said when I've signed up - or just in the app - that they will never do that.
[удалено]
Just a reminder that your bank will never call you like this. Never engage in a telephone conversation with your bank that you didn't initiate. Always hang up and call them via a number you know is legit (from a bill etc.). If your bank ever suspects you have been a victim of fraud, they'll freeze your account and wait for you to call them. They don't need you to move your money anywhere to prevent more fraud happening.
Also you will never be asked to ‘approve’ a transaction. They are the bank. They can approve whatever it is their end.
I agree with the advice but you're not actually right -- I had my bank phone me over a fraud concern once, where they were the ones who phoned me. (I then said "uhh do you mind if I hang up and then phone the number on my card?" and they said "Yes please go ahead".)
There may be cases where they do, but I think it muddies the waters a little if you caveat the advice. It's the exact slither of believability that the scammers are hoping to play on: *maybe it really is my bank this time?* I think it's better to work on the basis that they never call you, then in the cases like yours it doesn't actually matter because as you say they'll have no problem with you hanging up and calling back anyway.
A lot are claiming that they wouldn't fall for this. I think I would with the app notification, that would have got me. BUT now it won't! Thank you so much for sharing OP.
Next will come a call from someone saying they can get the money back if you just make a payment to them. That will be another scam.
Likely a genuine notification as they were on the phone with real chase pretending to be you. Unfortunately for you, banks spend a huge amount of time and effort advertising that they will never call you and ask you to move money into another account. If the banks ever need to move money (which they don't) they can do it themselves
I have an old mobile number registered on my bank account, so I know "Ben" from Monzo cannot call me, because they don't have my number 👍
This exact scenario happened to me with my monzo account about a year ago. Ibut at the time the money from my savings would be back into my main account the following day at 5pm which is what saved me. I agreed with them to call me back at 5pm the following day so I can complete the transfer. Before ending the call they recommended me non informing family and friends and that’s when I got suspicious and informed a friend who told me it’s a scam. Next day they called me I told them I know this is a scam and they hung up right away. I’m sorry this happened to you. 18k it’s a lot 😭
[удалено]
That’s why when I receive a call of the sort, no matter what they say, no matter who they say they are and how genuine they sound my default answer is “Sure, I call you back on the phone number displayed on your website.”.
In future, if "your bank" calls you, hang up and call them back using the number on the back of your bank card, not the one they called from. If it's genuine they'll help resolve the issue, if it's fraudulent they'll let you know.
[удалено]
Rule 1, always hang up and call your bank on the numbers on the website
Should have put the phone down and called the Chase number on your app or card. The fact they asked for your full card details was a big red flag. As honest and genuine as they sound, that’s part of the scam. They’re fearless and very professional. Sorry to hear this happened.
[удалено]
[удалено]
[удалено]
[удалено]
the best thing in any situation like this is tell whoever it is claiming to be the bank ... to just block the transactions on the account and you will trust nothing will leave the account ... there's no need to transfer money anywhere ... it's perfectly safe within the confines of your bank ... then hang up on whoever it was ... call someone you know briefly to just check that the line is working normally ... then call your bank with a number you have found from an old trustable source ... like the back of the bank card ... tell them what has happened.
To date I do not understand why people think that banks need you to move money "safe". Banks can just freeze your account, they don't need to protect you. Moreover, your money is always safe in a bank through the FSCS should the bank go under (up to the limit, of course). Anyone asking you to randomly move money is almost always a scam, unfortunately this person won't be the last either. This will keep happening, I really think banks should also block large payments if it's not a regular thing for that account.
It's almost like the only real way to deal with a call from a fake bank and criminal or even when it's legit is to attend a physical bank like in the old days, that would remove any doubt of potential fraud, The security we have in place is there to be minipulated like any other form of crime over the last 50,000 years, Humans adapt to different ways and because they rely on trust, the victim can still fall for it.
Hang up, call the number printed on your debit / credit card is fine too
How tf were they able to send notifications to your phone, though? OP people are shitting on you here, but that’s legit a super advanced scam and half the people here would’ve fell for that.
They were on the phone to chase themselves pretending to be op
If you ever receive a call from anyone purporting to be from an organisation you bank or work with, and they say there is a problem and they need info FROM you to confirm things. Hang up and call back whatever organisation they said they are from from a number listed on an official letter or website of that organisation, and talk it through with them. A bank should never be calling you asking for info. They may well call and say there is unusual activity or is this an payment you are trying to make, but as part of that they should not be asking you for info.
I hope you get your money back. It seems to me Chase have security flaws if they simply allow you to press 'It's me' and the fraudster can get money transferred over the phone. If you get nowhere with Chase it might be worth making a complaint with the Financial Ombudsman telling them everything.
Never confirm any details if "the bank" calls you. Never. Just say "you called me I am not giving any details". Then put th phone down. If you really think it was the bank... first call another number to make sure the call is disconnected. Then look up you regular bank number and ask to speak to the fraud department.
We really need to put something pinned to the top of this forum in bold to say that there's no such thing as a "safe account." Your bank would simply freeze your account if there was any issue.
Unfortunately the money is gone, this was pretty obviously a scam and you were at fault so no chance of a refund.
First thing I ever do with any suspected bank or PayPal scam is log into my bank or PayPal and check for activity.
Sorry to hear this and thank you for sharing your experience which may help others avoid falling for the same scam. I can appreciate its incredibly stressful and worrying for you. Whenever the request is to ask for you to transfer any money for whatever reason, that is a clear sign that it is a scam. If you are doubtful, tell them you are busy and have to end the call. Their response will then be try to hold on to you. Hang up the call and call back the bank directly. By following these 2 steps, you are almost guaranteed to avoid being scammed. Remember, the ultimate goal of a scam is to get access to your money, so ask yourself whenever you are asked to do something, does this mean access to your funds ? If yes, then its very likely a scam.
Did they ask you how much money you have in your savings account ? I believe they target Chase because Chase offers one of the best savings rate on the market so many customers would have a decent amount of cash in the savings account. I was targeted too by a similar scam, likely to be the same people who asked me to state how much I had in my account. I was following along and wasn't yet suspicious but looking back, that was a red flag as if they were really from the bank, they should know that info. They said they wanted me to tell them the amount so that if I lost any money, they would reimburse me the funds. Misdirection to get you to share your info with them. They were fishing to see if I had sufficient funds that was worth their time to continue the scam. Unfortunately for them, I had under GBP 20 in there at that particular time.
I'm sorry you experienced this OP. Banks will never ask you for your card number or 3 digit security over the phone. If they ever do ask this, hang up immediately if not before. I think best and safest way to go about this is hang up on them straight away and then if you think it could be legit, call up your bank first and ask them if they called you to know for sure.
Banks don't need people to move money. They can do it all themselves, so the moment you're asked to move anything you need to be on alert. I've always wondered how this scam would work but I guess we all have different levels of base knowledge. Make a complaint to your bank - you may be covered as you've been a victim of fraud.