You receive a call on your phone. The caller says they're from your bank and they're calling about a suspected fraudulent payment. "Oh yeah," you think. Obvious scam, right? The caller says "I'll send you an in-app notification to prove I'm calling from your bank." 🧵 1/4 - ThreadSky

edent.tel • 1 day ago

You receive a call on your phone.

The caller says they're from your bank and they're calling about a suspected fraudulent payment.

"Oh yeah," you think. Obvious scam, right?

The caller says "I'll send you an in-app notification to prove I'm calling from your bank."

🧵 1/4

Comments

sckrys1801.bsky.social•20 hours ago

I used to work for Wells Fargo. Yes it sucked. But one take away I tell everyone is to thank the caller, hang up, and immediately call your bank. If anyone calls from a bank do this. It is the only way to be sure. And don't call the number that called you. Call your official bank customer service.

novamunkie.bsky.social•20 hours ago

You answer your phone? Lol

edent.tel•20 hours ago

Yes. I have a social life. Don't you?

flatirons.bsky.social•20 hours ago

Your social life includes answering bank calls? I only answer if I know the caller. Otherwise, they can leave a voice mail.

edent.tel•20 hours ago

My friends sometimes change numbers. Gig venues often phone. People who want to employ me phone.

It isn't practical to say "never answer your phone".

headdoc35.bsky.social•20 hours ago

Simple solution to be safe from bank fraud: don’t open or answer texts/calls.
Call your bank immediately.

pinkberryga.bsky.social•23 hours ago

😳 it's probably a good thing I don't have money in the bank, after all. 😳

Who knew being dirt poor would have this level of advantage? 😳

readyuser.one•22 hours ago

Yeah good luck with my €13, scumbags.

carolinacalling.bsky.social•20 hours ago

Thanks for this.

rosiebrady.bsky.social•20 hours ago

Who answers their phone if it’s not in your contact list

blue6uru.bsky.social•20 hours ago

Good advice. I suppose my reaction would be to treat it like a suspicious email and call the bank directly with their number posted on their website.

“Thank you, this sounds important.” (a little validation from my call-center days 😉) “I’m going to call you back on a trusted line. Goodbye.”

ksschari.bsky.social•1 day ago

I worked in banking fraud for over 10 years. If you ever receive a call from your bank, they will never ask you to give or enter your password. Hang up, call the fraud hotline on your statement or the back of your check card. Then you know you are speaking with them. Skip the AP and call to verify.

ukcougar.bsky.social•23 hours ago

One thing to watch for here. If the call is on a landline, the call is only terminated when the *caller* hangs up. So you could hang up, pick back up and dial your bank, all the while still connected to the scammer. (Faking a dial tone is hardly challenging.)

ukcougar.bsky.social•23 hours ago

... that is, in the UK. My knowledge of overseas phone systems is limited.

sumarumi.bsky.social•21 hours ago

If you’re on a landline, shouldn’t you make another call first, to a known number, to check they haven’t kept the line open? Or is that no longer the case?

edent.tel•1 day ago

They didn't ask for a password though.

ksschari.bsky.social•1 day ago

They did once they got him to go in the AP, read what's on the screen grab.

edent.tel•23 hours ago

Not quite. The victim doesn't give the scammer a password.
The victim types in their passcode to the bank's official app.
That's a subtle but important difference.

ksschari.bsky.social•23 hours ago

Either way, your bank won't call you and ask you to do that. That will not be an outbound call, they will text you or msg you somehow, to contact them regarding a sketchy charge. That number should match what's on your statement. Either way, you need to contact your bank immediately.

edent.tel•23 hours ago

But that's not true.

Banks *do* make outbound calls for fraud issues.

readyuser.one•22 hours ago

Mmmmmm alright as a thought experiment I want to pitch at someone with experience, how about amending the messaging and options:

How abouuuuut amending it to

"This is CHASE, did you call us just now"

1) No, I did not
2) Yes, I rang 555-CHASE"
3) No, someone claiming to be from CHASE called me

nuvismom.bsky.social•20 hours ago

I never respond to texts or emails. I always look up the number in my contacts. I’m sure at some point they’ll figure that out too, but not giving out my password to anyone. EVER. Mainly because I don’t know it my computer does and needs my fingerprint.

locusinpes.bsky.social•22 hours ago

But every time they WILL ask you to confirm personal information like full name, full address, DOB, even account numbers.
The best advice is if someone calls and claims to be from you bank is to hang up and don’t say anything. Call on a published number if you want to see what they wanted.

comicallycanadian.bsky.social•21 hours ago

stopping fraud isn't about not doing something, it's about you being the original point of contact. if a bank calls you, that's them being OGPoC. hanging up puts you back in control of that situation. no bank is ever going to be mad you double checked.

locusinpes.bsky.social•20 hours ago

But it is about not giving info to a caller that asks, no matter how authentic they seem. Hanging up does ensure that.
It’s frustrating banks call & ask for personal info which many will give without hesitation. It also conditions us to think “call asking for personal info” is reasonable. It isn’t

edent.tel•1 day ago

Your phone buzzes.

You tap the notification from your banking app. You unlock it with your thumbprint.

This is what you see.

A genuine notification from your official banking app. There's no way to fake that. This must be a genuine call. Right?

🧵 2/4

instantiator.bsky.social•23 hours ago

Putting a notification on a phone you’ve no contact with is tantamount to magic.
https://instantiator.dev/post/sophishticated-scam/

edent.tel•1 day ago

You tap the big obvious button. Why wouldn't you?
This is a legitimate notification, there's no need to be sceptical of it.

But look at it closely. What does the wording *actually* say?

🧵 3/4

smylers.bsky.social•21 hours ago

Wow, that's awful. And especially since it would be so easy for the bank to rephrase their alert as you suggest.

edent.tel•1 day ago

The scammer is on the phone to you.
Their accomplice is on the phone to your bank, pretending to be you.
Your bank sends you the notification.
You accept, and scammers proceed to drain your account.

Full write up: https://shkspr.mobi/blog/2024/05/bank-scammers-using-genuine-push-notifications-to-trick-their-victims/

🧵🔚

sophiacollins.bsky.social•1 day ago

Wow. That is pretty clever.

edent.tel•12 hours ago

For the Americans latching on to this thread - please note that it relates to Chase *UK*.
I don't know if your banks or apps work the same way.
This scam was doing the rounds last year, but similar threats exist today.

Stay safe out there.

(Replies disabled because some people are utter spanners.)

maryhilt.bsky.social•22 hours ago

First rule of thumb when dealing with anyone claiming to be from the bank, government, etc:

YOU have to make the call to THEM first.
Banks will NOT call you first!
The government will NOT call you first. YOU have to call them, it's standard & anyone who falls for this is asking to be taken.

felixdossantos.bsky.social•21 hours ago

I wasn't asking to be taken, but their timing was flukely perfect. I had a time sensitive work issue, a version of this happened. Luckily realised straight afterwards & accessed my online account whilst they were on the phone to the bank. Account immediately frozen. Had to go in face to face to sort

aegg527.bsky.social•21 hours ago

I tell my kids and elderly in-laws ALL THE TIME!
Also, use your own telephone numbers (on ur statement or back of cards) DON'T use the contact number you see on ur phone or a number they provide!!

katebevan.com•1 day ago

Ugh. Great write-up!

nikkijayne.bsky.social•22 hours ago

I thought that app copy was too good to come from a scammer so makes sense it is their genuine push notification. I shall continue to just never answer my phone!

fmacskasy.bsky.social•22 hours ago

Gotta hand it to the buggers, they're clever.

They should work in politics. Or Wall Street.

anniecrab.bsky.social•18 hours ago

This is a well-intentioned idea that needed way more stress testing - and, as you say, much better content design.

katebaucherel.bsky.social•1 day ago

Good lord that’s sneaky!

analogfusion.bsky.social•22 hours ago

It doesn't stop every potential scam, but I refuse to use banking apps at all (plus, it's likely they wouldn't run under GrapheneOS). It's another small way to minimize one's attack surface.

If I must access my account away from a computer, I'll use the browser app on my phone to log in.

edent.tel•21 hours ago

I run GrapheneOS - all my banking apps work fine.

You can say "don't use these apps" - but they're incredibly convenient. People need to check their balance before making a purchase. They want spending alerts. They like being able to repay friends instantly.

analogfusion.bsky.social•20 hours ago

Some banking apps won't run on a non-stock OS. https://discuss.grapheneos.org/d/8330-app-compatibility-with-grapheneos

If I must check my balance, the browser works. I don't want spending alerts or need instant payments. Nothing is that urgent.

Of course, everyone has to make their own choices regarding risks and benefits.

rojsmith.com•21 hours ago

I have to use an app to verify debit card purchases, don't you have to do that?

analogfusion.bsky.social•21 hours ago

No, I've never run into that. What do they do if you didn't have a smartphone? I get codes over SMS or via email from my bank to log in.

For work, we use the Microsoft Authenticator app to log in — although that's on my company iPhone. I don't use that phone for anything besides work.

rojsmith.com•21 hours ago

I don't know what they do if you don't have a phone. I know SMS codes are something they're probably trying to move away from.

analogfusion.bsky.social•20 hours ago

That might eventually happen here, although I've not heard of needing MFA for debit cards. In general, I've come to see a mobile phone as more of an irritant than a benefit, and I resent the expectation of having one. I still toy with the notion of getting a feature phone.

rojsmith.com•20 hours ago

It's not on every transaction, just ones that they flag as high risk in some way; then you have to confirm it with biometrics.

techsticles.bsky.social•21 hours ago

This is why you dont answer the phone

edent.tel•21 hours ago

OK. But what if I'm waiting on a call from the hospital? Or if I've applied for a job recently? Or I run a business?

Telling people not to answer the phone to avoid scamming is like saying "avoid STDs by never having sex."

We know abstinence isn't the answer.

techsticles.bsky.social•21 hours ago

I use this new in the last 20 years feature called visual voicemail to determine why someone called me and then if I need to call them back I call them back on their actual published number.

techsticles.bsky.social•21 hours ago

Okay

nuvismom.bsky.social•20 hours ago

Works for me in all directions. Advantage of not caring about either.

freetahfox.bsky.social•21 hours ago

I just go the bank branch to sort anything out.

edent.tel•21 hours ago

So you plan is to hope that any fraud only takes place during business hours?

freetahfox.bsky.social•21 hours ago

My plan is to ignore it until business hours. Of call the credit card number myself. That’s usually where the problems coming from.

welshracer.bsky.social•1 day ago

There is a 159 service: How to call your bank with just three digits – as 'anti-scam' phone number called over a million times: https://www.moneysavingexpert.com/news/2025/04/call-bank-number-martin-lewis/#:~:text=All%20you%20have%20to%20do,having%20to%20look%20it%20up.

joanofbarks.bsky.social•22 hours ago

I just went through this. I was half asleep during the call and either gave them my address? Other id ? I worried that I had been scammed but so sign so maybe it was a legit call? Idk. Only have a small amount in this account at any time so it wouldn't have been catastrophic if it was a scam. 1/2

maryhilt.bsky.social•22 hours ago

But the danger is that you answered your phone, they know there was a live one on the line, and that you have a bank account that they can raid again with your help.

Scammers do repeat scams on customers. It's their specialty.

joanofbarks.bsky.social•22 hours ago

2/2. DON'T ANSWER calls until you are awake. Actually you can answer the call but insist you have to call back. Make it a general rule not to give personal info out over the phone!

pelsner.bsky.social•22 hours ago

This is solid advice.

unjadedone.bsky.social•20 hours ago

Scammers are on the rise and getting more creative each time. Typically when any banks call me I hang up and call the bank directly to confirm its them contacting me.

Comments

Posting Rules

Reply