I was quite astounded recently when I watched a YouTube video that explained how scammers have a method of bypassing the two-step verification that Banks use.
As it was a US situation, based on my previous banking experience, I thought it was less likely to happen in Australia. However because Australian banks have made changes to automate the re-esablisment of forgotten login details, instead of using a call center to do it, that has opened a bigger opportunity for scammers.
I have contacted my bank, Westpac, who have confirmed that this scam could and does take place.
Your get a phone call from your Bank. The banks number or name shows on your phone. A person, who address you by your name, says that ther security system has identified suspicious transactions on your account. They may even say have you been in such and such a place recently. Which you have not. They could say ther are transactions on your account from that place. They may then ask you for some identifying information, such as your date of birth ,to be sure they are talking to the account holder.
They will then say they will send a code to your phone to further identify you, which is part of the two-step verification. When you receive the code they ask you to tell them what it is.
Having previously delt with my bank, I would do so, as I have done so in the past, I asked my wife and she said she would as well. When I asked my bank, Westpac if they do ring customers about suspicious transactions, and send them a code, they told me they do. So it would seem reasonable to give them the code.
If you do give the person the code you received you may have been scammed, because they may now have access to you bank account.
If you have a debit or credit card it has the bank name, card number and your name on it. If you use those cards, even with tap transactions it is possible for those details to be captured on a camera. Not necessarily a store camera. A person close to you could have a hidden video camera.
They have your bank name, card number and your name, no were you were at the time, so could find your phone number via a white pages internet search or by other means.
Via VOIP technology when they call you they can make it appear that they are calling from the banks number. That is called Phone spoofing.
Just before they call you, they will go to your banks internet banking login and select the option for forgot customer ID or password, or perhaps other options, They will enter your card number and name and if they have gotten it from all the times your friends have wished you happy birthday on social media, your date birth. But they won't go to the next step, until they tell you, they are going to send you a code.
If they did not get your date of birth, as I said before, they will ask you for it, and most likely you will give it to them, as you think you are speaking to your bank, and that is typically what banks ask for for identification purposes.
The scammer now goes to the next step on the forgot customer ID or password, which will cause it to sent the code to your phone.
You give the code to scammer who enters it into the screen on ther computer, that is asking for it.
They now have your customer id, or the ability to change your password or the ability to increase the transaction limit or the ability to authorize the transfer to a new person, depending on the option they chose.
In a very banking type person voice, they may say thank you for that and tell you they will ring you back after they have communicated to some other bank department, that you have confirmed it was not your transaction.
But they may say that you have not given them the correct, even if you have, code, and tell you they will send a new code. This could be how they move from customer code, to password, to authorization of a new payer.
Or they could use a number of other teaniques.
They may, correctly, say that to protect you that your account has been blocked. If they have changed your password, they have block you account because you can no longer login. This gives them more validation and more time before you realize that you have been scammed.
Hopefully this information will pre warn you so that you don't get scammed. But If you do get or suspect you have been scammed, contact your bank immediately. My understanding is you should not lose any money, as you have not done anything to contravene the banks terms and conditions.
The video where I found out about this possible scam suggests that you make some excuse and then ring your bank to confirm that they are the ones that have been talking to you.
However it's possible that at that time telephone banking is not available. Scammers always tend to ring when that is the case. Credit cards usually have a 24-hour phone number to report stolen or misplaced cards. I'm not sure if that number can be used to verify you are speaking to the bank.
An easier way would be for you to use your internet banking and check the transactions yourself to see if any of them are suspect. My understanding is that all transactions appear on your internet banking and our initially flagged as pending. I assume that also applies to suspect transactions.
The problem exists because banks have to provide a way for people who forget their customer number and password, to be able to retrieve them.
With modern phones with fingerprint authorization you don't have to remember a username and password. You just touch your phone. You cant forget your finger. Neither can scammers get you to read your finger over a phone call.
As banking can already be done with an app that verifies that it is your finger this should be extended to be used to verify yourself when you're speaking to your bank rather than this existing system of sending codes. Again a scammer cannot send your finger.
Whilst investigating this topic I discovered ther are situations where people that have lost their money have been offered a service to help recover it. However often those services are just additional scams. The victims just end up losing more money.
The utopian situation would be were there is no scamming. However as long as thers inequality and envy, scamming will always exist. Inequality and envy could be eliminated if there was a non-economic, non-market, non-barta society. But that's a whole other topic.