What makes someone want to try and scam another person? What happens in a person’s life that leads them to believe the way to make money is to phone someone up and tell them a cock-and-bull story to convince them to hand over a load of cash? Does that person care or even think at all about the impact their actions have on their victim?
These are questions I have asked myself since someone tried to scam me a couple of weeks ago. And to be honest, I have not come up with any answers. The person who phoned me up pretending to be from my card company’s fraud department spent 40 minutes trying to persuade me that if I would only just give him the two-factor authentication code that had come through via text message, he could make sure my card was no longer compromised.
Of course it was nonsense, and luckily I saw through it in time. But it was a sophisticated attempt to defraud me. Because just before the phone rang, I had received a notification through my card app, asking me to authorise a transaction that I had not myself placed. So I knew there had been an attempt to use my card, because I could see it with my own eyes. What an efficient fraud department they were, noticing this attempt immediately and calling me to rectify it!
It was undoubtedly the fraudster himself, having requested that transaction to convince me of his fraud department line. But this was just the set up to what he was actually trying to achieve, and his attempt to get the two-factor code out of me. He claimed that someone was trying to link my card to Apple Pay, and that if I gave him the code from the text message I received, he could unlink it. How audacious is this – if I had given him that code, it would have allowed him to create that connection to Apple Pay and spend as much as he liked on my card without me needing to approve anything. To reveal your ploy in the guise of pretending to protect me from it requires some level of front, and quite possibly heartlessness.
Fortunately the text message that came from the card company included the line: “our employees will never ask for this code”. So even though the fraudster had given me a spiel about how it was in fact fine to give this code to someone from the fraud department, it reminded me to question what I was being told. So I said I would hang up and call the customer services team to check. But he had an answer to this already. Ah, he said, it’s Saturday evening and the customer service line is closed until Monday morning. If you wait until then I can’t promise that your account is not compromised and you may not get back any money you lose in the meantime. Providing me with the code is the only way to fix it now. You can speak to my supervisor if you are unsure.
He even gave me a reference number and what was clearly a fake name, “Anthony Jones”, and claimed that he needed to make me understand on the “recorded call” that I had accepted the risk of what I was doing and I had not “followed instructions”. This was of course nothing but manipulative behaviour to try and frighten me into doing what he wanted. His mistake at this point though was to put me on hold while he tried to issue the text message with the authentication code to me again. Because this allowed me to look up the policy in my card company’s app, where they said they would never call out of the blue in this way. So I called him back from the hold and said I had to go, and hung up despite him continuing to protest. Luckily, I had escaped. But not, it must be said, without feeling a bit duped given that this was quite a close shave.
I have since had confirmation from my card provider that this is a scam that they are aware of, and some of their customers have been targeted. The fraudster clearly had enough of my details to be able to attempt to link my card to Apple Pay, which in itself begs the question of how he managed to get hold of these. This remains unanswered as the card company do not seem to know. They say this remains under investigation but they do not believe the data breach was at their end.
If you take anything away from this story that nearly made me look very stupid, it should be that you should NEVER give out two factor authentication codes to anyone, even if they are calling from your bank or card provider, even if they claim to be from the fraud department and you have had an attempted fraudulent transaction, and even if they appear to have your details. Always be sceptical and do not believe anything you are told in these situations! Hang up and call the customer service number on your card or on the legitimate website of your provider.
This type of scam is known as Authorised Push Payment (APP), where the victim is essentially permitting the payments to be made to the person defrauding them. In the first half of 2023, losses in the UK because of APP scams were £239.3 million, according to figures published by UK Finance. The National Crime Agency say that fraud is the most commonly experienced crime in the country, and that it accounts for 40% of all crime in England and Wales.
I have reported this to Action Fraud, the fraud reporting service run by City of London Police who are the lead police force responsible for combatting economic crime in the UK. But with no phone number, a fake name and no other identifying details, there is clearly no way of catching the guy who phoned me up on my experience alone. I can only hope that by reporting what happened to me, it can form part of a bigger picture that will allow police to shut down those responsible. If you have been scammed in this or any other way, you can report it to Action Fraud here: https://www.actionfraud.police.uk/.
As for “Anthony Jones”, whilst I hope he is caught and faces the consequences of his actions, I also hope he comes to his senses and changes his ways. Whatever his circumstances, does he really want to be the kind of person who cons money out of others?
Yet Another Rainy Day 
Leave a comment