I’m super angry about this, so be prepared for a bit of a rant. I’m posting this in the hope that it maybe found by others who maybe concerned about a recent call they received from the “Security Department of VISA and Mastercard” detailing fraud on their banking accounts.
My senior parents received a call from “Neil Spence” from the “Security Department of VISA and Mastercard” claiming there had been some potential fraudulent transactions from eBay and Amazon on an account. The total of these was around $400. He then asked whether they wanted them investigated and stopped. Of course they said “Yes please”. He then said he would transfer them to their bank to speak with someone to take action and block these transactions. During this process he provided a call back number 1800 829 403 (which turns out to be the number for the Australian Government Department of Aged Care Fraud hotline which is nothing to do with VISA. I also called and determined there is no “Neil Spence” their either) and a reference number SIP5010.
Now the ‘helpful’ person at ‘the bank’ they were transferred to, got them to provide all the account details (account number and balances) and made a great show of saying that this isn’t a scam because they were not being asked for the PIN to any accounts. The ‘bank’ said it would investigate.
A few days later the ‘bank’ called back and said they had identified that fraud had indeed taken place but by an employee of the ‘bank’ at the local branch they use. The ‘bank’ then said they wanted the help of my parents by catching the employee in act of conducting this fraud. To do this, my parents needed to go the bank immediately and make a cash withdrawal of just over $8,000 and then wait for more instructions. They were however told not to mention this at the bank branch otherwise it would tip off the investigation and allow the perpetrator to get away scott-free!
At this point it was determined that it was a scam but here’s where it gets interesting for me. Even though I was confident that no money was missing I thought it best to call the bank. That process took me down a rabbit hole of pushing numbers on a phone routing system, entering account details, trying to work out how to enter an alpha numeric password via tones, etc. My parents had no hope negotiating that.
When I did eventually get through, I was on hold for more than 20 minutes with no idea of how much longer I’d be, so I hung up and called the Police on a general number. That too went to hold and again I gave up after 20 or so minutes of no reply and no idea of wait numbers.
Here’s why the scammers win. They target people of an older generation who are less comfortable with the modern method of banking (Internet and phone). They also target them because they tend to not question authority. They then establish trust and get the target to ‘help’ them catch the bad actors, that makes the target feel guilty that they should help catch the alleged perpetrator. All this ends up doing is draining money from their accounts and sending it to the scammers all the while making people like my parents less trusting of their local branch staff, which is exactly the people they should be going to. There is no doubt, these scammers know their game.
At this stage it seems like the initial attempt at obtaining funds has been thwarted but given account details were shared unwittingly, we’ll need to be extra vigilant and potentially cancel all the credit cards which will be a very painful process. Very. So this issue is not over by any means and at the very least my parents will probably continue to receive more called from the ‘bank’ and I expected these to become more hostile when they don’t comply.
What has truly made me angry is just how hard it is for people of my parents generation to get help on these matters. Luckily, I was able to provide an external perspective as well as do some investigation of my own. What would of happened if I wasn’t available to assist? Most likely, the scammers would have continued to fleece my parents for large of money over a few weeks.
No wonder the bad guys (and gals) keep winning if the responses I got from the authorities trying to report this is anything to go by. Where is the protection for our societies most vulnerable? As I have said many, many times cybersecurity is largely an illusion, especially when enacted by big institutions. It seems like it is you against some very clever and motivated scammers and if you are the right target, then you really don’t stand much of a chance. From where I sit, there is lots of talk but the problem is not getting any better. Just look at the news and amounts people are scammed out of regularly. Why is there not better protection? People have a right to not have their hard earned money fleeced from them when they are with a large institution that makes all these noises about being cybersecurity-aware and investing billions in protecting customer. Unless you fit their customer profile seems like you are on your own to me!
A sad state of affairs were we are all reduced to looking after ourselves. But what about those who are unable to do this? Do we just let them get fleeced? As I said, I’m angry that it is victim who pays and hope this information is of value to someone else and prevents them from being fleeced or put through this drama.