I've just socially engineered my Bank!
#1
Scooby Regular
Thread Starter
iTrader: (1)
Join Date: Jul 2004
Location: There on the stair
Posts: 10,208
Likes: 0
Received 0 Likes
on
0 Posts
I've just socially engineered my Bank!
I've just had a phone call from the HSBC...
Conversation goes:
Bank: "Mr Burns, it's the <insert bank name> I'd like to have a chat, could you just confirm your date of birth"
Me: "No."
"Sorry?"
"I will not give confidential information out over the phone to a cold caller who could be anyone"
"Ah, right. that's perfectly understandable. If you'd like to take my number, you can call me back and we'll go from there"
"No."
"What?"
"That could be any number. I'll phone the main number and get put through to you"
The conversation then moved onto bank customer security in general. I related the story of a bank call centre employee who got REALLY shirty when I did the same thing to her. This was a lady from the local branch, we got talking about better ways to improve customer security - I talked about a variant of PKI (standard IT security process) that could be used.
anyway, we were getting on very well and I asked why she wanted to talk.
"Oh just a chat - annual account review"
Conversation moved onto where we could have the chat - I have a preference for a village branch, much friendlier there.
Anyway, she then mentioned some specific account details: personal loan, mortgage (i.e. who they were with) and what they could 'help'
Please note: at no point did I confirm who I was. I did not answer the security questions put to me.
After we finished the conversation I phoned her back and pointed out that she had not confirmed who I was and had specifically mentioned confidential bank details.
Whoops!!!!
Boy was she ever apologetic!
Conversation goes:
Bank: "Mr Burns, it's the <insert bank name> I'd like to have a chat, could you just confirm your date of birth"
Me: "No."
"Sorry?"
"I will not give confidential information out over the phone to a cold caller who could be anyone"
"Ah, right. that's perfectly understandable. If you'd like to take my number, you can call me back and we'll go from there"
"No."
"What?"
"That could be any number. I'll phone the main number and get put through to you"
The conversation then moved onto bank customer security in general. I related the story of a bank call centre employee who got REALLY shirty when I did the same thing to her. This was a lady from the local branch, we got talking about better ways to improve customer security - I talked about a variant of PKI (standard IT security process) that could be used.
anyway, we were getting on very well and I asked why she wanted to talk.
"Oh just a chat - annual account review"
Conversation moved onto where we could have the chat - I have a preference for a village branch, much friendlier there.
Anyway, she then mentioned some specific account details: personal loan, mortgage (i.e. who they were with) and what they could 'help'
Please note: at no point did I confirm who I was. I did not answer the security questions put to me.
After we finished the conversation I phoned her back and pointed out that she had not confirmed who I was and had specifically mentioned confidential bank details.
Whoops!!!!
Boy was she ever apologetic!
#2
Yes, I've done that. I had a call from my mobile provider (I think it was vodafone) and the conversation went rapidly downhill after I asked for proof who they were and the stupidity of cold calling and asking for ME to identify myself. It went up to Director level as I was annoyed and got a written apology and some toys.
Steve
Steve
#3
Had the same thing with HSBC too. They get offended when I didn't confirm my details and refused to give them any information. Not very good practice by the bank IMO.
the worst ones are those that call and MUMBLE something about O2 then wanting to talk about renewing my mobile contract. They try and make out they work for O2 but when pushed, admit they are a totally independant company just trying their luck.
the worst ones are those that call and MUMBLE something about O2 then wanting to talk about renewing my mobile contract. They try and make out they work for O2 but when pushed, admit they are a totally independant company just trying their luck.
Last edited by m1cks; 29 April 2008 at 05:53 PM.
#5
Scooby Regular
Join Date: Dec 2002
Location: Logged Out
Posts: 10,221
Likes: 0
Received 0 Likes
on
0 Posts
Kieran, you simply need to work harder and have the bank manager come to your home, not you go to them!!
That way when he/she gets their secretary to ring you her/his voice is recognisable so security is unnecessary.
Sorted.
That way when he/she gets their secretary to ring you her/his voice is recognisable so security is unnecessary.
Sorted.
#6
Scooby Senior
Join Date: Mar 2003
Location: Next door to the WiFi connection
Posts: 16,293
Likes: 0
Received 0 Likes
on
0 Posts
Had exactly the same convo with Northern Rock a few years back, I said if its important send me a letter and I'll ring you, this is not the conduct of a respectful bank....
#7
Scooby Regular
Join Date: Sep 2006
Location: RIP Tam.
Posts: 5,108
Likes: 0
Received 0 Likes
on
0 Posts
had a similar thing myself ith nationwide they called, i refused to confirm any details, i caled them on the number on my card and answered all there questions
Maybe consumers should have a special word the bank has to confirm to the customer first so we know who they are lol.
Maybe consumers should have a special word the bank has to confirm to the customer first so we know who they are lol.
Trending Topics
#9
Scooby Senior
Join Date: Nov 2001
Location: West Yorks.
Posts: 4,130
Likes: 0
Received 0 Likes
on
0 Posts
I love the way that banks ring you up for a 'personal financial review'. Basically this means they dragging you down to the branch, wasting your time, to try and sell you every 'product' the bank has going, its pathetic. If I want something I'll enquire myself !!
#10
Moderator
iTrader: (2)
Phone call this evening
[International] Caller - "Hello, can I speak to James Holt please"
Me - "Why?"
Caller - "I'm calling from [credit card company] and would like to find out how he is getting on with the card"
Me - "I'm very happy thank you"
Caller - "Thank you for your time"
<Click>
Didn't even have to resort to abuse - he just knew he was onto a loser
[International] Caller - "Hello, can I speak to James Holt please"
Me - "Why?"
Caller - "I'm calling from [credit card company] and would like to find out how he is getting on with the card"
Me - "I'm very happy thank you"
Caller - "Thank you for your time"
<Click>
Didn't even have to resort to abuse - he just knew he was onto a loser
#11
Scooby Regular
In a stong Nigerian accent..................
"Gooooooood afternoon Madam (speaking to a male)
I'm calling from your bank to say that you have $1,000,000ugandan money waiting to be paid into your account. All I need know is you bank account number and sort code"
Caller "F*ck Off!"
Phonejacker - CLASSIC!!!!!
"Gooooooood afternoon Madam (speaking to a male)
I'm calling from your bank to say that you have $1,000,000ugandan money waiting to be paid into your account. All I need know is you bank account number and sort code"
Caller "F*ck Off!"
Phonejacker - CLASSIC!!!!!
#12
I get this data protection thing all the time. I send in mortgage application and Joe Bloggs calls me to confirm details. He can't discuss anything until he is sure it is me. I can't discuss anything until I am sure he has the authority to discuss it. Most lenders have a sensible approach, asking me to call my contact point and ask for <Joe Bloggs> on extension whatever. Barclays just can't sort it out. Conversation usually goes
<Strong Bangladeshi accent> Haiyoo, Can I speak to <name removed to protect the innocent> Fast Bloke
<Strong Belfast accent> (Thats me BTW) - Speaking
<Him> - Haiyoo Mr fast. I would like to confim details of your martgage application in the name of Mr Client. Can you confirm his sort code and the loan amount.
<Me> I can, but only if you can confirm Mr Clients mothers maiden name, the date of application and my FSA registration number. (This is all on the application)
(Pause while he puts this in babblefish and gets the English version with no Belfast accent)
<Him> I can confirm these details if you can confirm he employer address and the term of the mortgage
(At this point I am pi55ed off trying to work out what he is asking and why he doesn't believe it is me.... he phoned me on the same number he has been calling me for the past 6 years)
<Me> I can confirm these details if you can tell me what colour of tie I am wearing.
(extended pause)
<him> erm...........
(longer pause)
<him>erm...........................
<me> CHECKMATE. I always win this game. (Hang up and call one of the nice girls in Glasgow who can speak English (up to a point) and have too much to do to play Data Protection Act Chess
<Strong Bangladeshi accent> Haiyoo, Can I speak to <name removed to protect the innocent> Fast Bloke
<Strong Belfast accent> (Thats me BTW) - Speaking
<Him> - Haiyoo Mr fast. I would like to confim details of your martgage application in the name of Mr Client. Can you confirm his sort code and the loan amount.
<Me> I can, but only if you can confirm Mr Clients mothers maiden name, the date of application and my FSA registration number. (This is all on the application)
(Pause while he puts this in babblefish and gets the English version with no Belfast accent)
<Him> I can confirm these details if you can confirm he employer address and the term of the mortgage
(At this point I am pi55ed off trying to work out what he is asking and why he doesn't believe it is me.... he phoned me on the same number he has been calling me for the past 6 years)
<Me> I can confirm these details if you can tell me what colour of tie I am wearing.
(extended pause)
<him> erm...........
(longer pause)
<him>erm...........................
<me> CHECKMATE. I always win this game. (Hang up and call one of the nice girls in Glasgow who can speak English (up to a point) and have too much to do to play Data Protection Act Chess
#13
And that is one reason I'm no longer a HSBC customer. That and when I rang them, I could't speak to anyone in my branch.
#14
Scooby Regular
I just put the phone down on them, no sorry, no abuse. just cut off.
I hate cold calling on my home phone, I always tick the box on forms for no calls/marketing b0ll0cks but this still doesnt stop them calling occasionally.
I hate cold calling on my home phone, I always tick the box on forms for no calls/marketing b0ll0cks but this still doesnt stop them calling occasionally.
#15
Scooby Regular
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes
on
0 Posts
Im on TPS so I dont get those kind of calls
Oh and if I do I tell them that I am on TPS and that the person who dialled my number is personally accountable and will be fined
Oh and if I do I tell them that I am on TPS and that the person who dialled my number is personally accountable and will be fined
#16
Scooby Senior
Join Date: Mar 2003
Location: Next door to the WiFi connection
Posts: 16,293
Likes: 0
Received 0 Likes
on
0 Posts
Actually had a similar experience yesterday, I rang cahoot, I took a loan out a number of years ago and just let it tick over, now Ive been paying this for ages and I couldnt find any paperwork for it to tell me when I took it out, I cant even remember the exact amount I took.
Me> Hi I need to find out how much left i have to pay on my loan and for how long
Them> OK, usual details asked like name and address DOB etc... Then, whats the password.
Me> Erm, not entirely sure what I would have given you 5 years ago but I'll guess it as *******
Them> Whats your mothers maiden name
Me> Erm, the same as the password I just gave you? lol
Them> How much was the loan for?
Me> Not sure but know how much I pay every month if that helps
Them> Sorry sir, I cant help you cause your details dont match
Me> OK great, so where do we go from here
Them> We'll send out the loan details in the post.
Me> WTF, thats all I wanted anyway
Not entirely the same but it did make me smile at why Id answered all these questions for no reason
Me> Hi I need to find out how much left i have to pay on my loan and for how long
Them> OK, usual details asked like name and address DOB etc... Then, whats the password.
Me> Erm, not entirely sure what I would have given you 5 years ago but I'll guess it as *******
Them> Whats your mothers maiden name
Me> Erm, the same as the password I just gave you? lol
Them> How much was the loan for?
Me> Not sure but know how much I pay every month if that helps
Them> Sorry sir, I cant help you cause your details dont match
Me> OK great, so where do we go from here
Them> We'll send out the loan details in the post.
Me> WTF, thats all I wanted anyway
Not entirely the same but it did make me smile at why Id answered all these questions for no reason
#17
Scooby Regular
iTrader: (1)
Join Date: May 2001
Location: Berk (s)
Posts: 2,491
Likes: 0
Received 0 Likes
on
0 Posts
My fave is call centres when they put you on hold, I wander upstairs and fire up the net and have a surf. When they come back to you I ask them if they could hold for a minute or two as "I'm on the other line" and leave them waiting for me for 5 mins. Childish I know, but it's great to turn the tables
D
D
#20
Scooby Regular
Im on TPS so I dont get those kind of calls
Oh and if I do I tell them that I am on TPS and that the person who dialled my number is personally accountable and will be fined
Oh and if I do I tell them that I am on TPS and that the person who dialled my number is personally accountable and will be fined
#21
Scooby Regular
had a corker today as it happens! a guy rings up hello is Mr Ruddy there??
me, whos calling?
him, its personel buisness.
me: it can stay that way then (hangs up)
he didnt even think to ask if i was mr Ruddy!
what a tit!
me, whos calling?
him, its personel buisness.
me: it can stay that way then (hangs up)
he didnt even think to ask if i was mr Ruddy!
what a tit!
#22
Scooby Regular
Join Date: Sep 2007
Location: England
Posts: 2,785
Likes: 0
Received 0 Likes
on
0 Posts
thing is though, say you loose your mobile and the bank phones it, some chav has found it and when they phone it the chav asks to transfer all of your money into their account or a random account. you would then be pissed off they diddnt ask security details
#23
Scooby Regular
iTrader: (6)
Join Date: Nov 2004
Location: Deepest Darkest Kernow
Posts: 4,404
Likes: 0
Received 1 Like
on
1 Post
I had a bit of a tiff with Talk Talk of The Carphone Warehouse fame.
I've just moved house and wanted to keep the existing telephone number of the house as it was easier and quicker than sorting out a new one. The guy I bought the house from sorted it out - to a point.
Anyway..............
Me "I'd like to discuss this account number XXXXXXXX"
TT "Please can you confirm your bank account details for security"
Me "No, as I'm in the process of taking over the account from the previous occupier"
TT "Well then I can't help you unless you can tell me his bank account number"
Me "WTF I'm suposed to know and divulge someone elses details?"
TT "Yes, sir, if you want to continue"
So I hung up and tried again with a little more success.
ding ding: Round 2
Me "I'd like to discuss this account number XXXXXXXX"
TT "Please can you confirm your bank account details for security"
Me "No, as I'm in the process of taking over the account from the previous occupier"
TT "Okay, Mr X has cancelled the account"
Me "But he's reinstated it so as I can take it over"
TT "Ahhh"
Me "All I want to know is how much I'll be paying and what I get for my money"
TT "I'm sorry sir I can't tell you that unless you're the account holder"
Me "But I will be once I sort this out"
TT "Can you not refer to Mr X?"
Me "no, he's on holiday and not contactable"
TT "Ahhh, I've just noticed that the account is closed"
Me "But the lines still working"
TT "You'll have to take out a new account"
Me "Can I speak to a manager to clear this up"
2 minute pause whilst she talks to her manager
TT "She says that you'll have to pay £70 to end the contract early and then start a new account"
Me "Go &*&%*(&(^ youself then!"
TT "bbbbbbbbbeeeeeeeeeepppppppppp"
I don't believe it!!!!
I've just moved house and wanted to keep the existing telephone number of the house as it was easier and quicker than sorting out a new one. The guy I bought the house from sorted it out - to a point.
Anyway..............
Me "I'd like to discuss this account number XXXXXXXX"
TT "Please can you confirm your bank account details for security"
Me "No, as I'm in the process of taking over the account from the previous occupier"
TT "Well then I can't help you unless you can tell me his bank account number"
Me "WTF I'm suposed to know and divulge someone elses details?"
TT "Yes, sir, if you want to continue"
So I hung up and tried again with a little more success.
ding ding: Round 2
Me "I'd like to discuss this account number XXXXXXXX"
TT "Please can you confirm your bank account details for security"
Me "No, as I'm in the process of taking over the account from the previous occupier"
TT "Okay, Mr X has cancelled the account"
Me "But he's reinstated it so as I can take it over"
TT "Ahhh"
Me "All I want to know is how much I'll be paying and what I get for my money"
TT "I'm sorry sir I can't tell you that unless you're the account holder"
Me "But I will be once I sort this out"
TT "Can you not refer to Mr X?"
Me "no, he's on holiday and not contactable"
TT "Ahhh, I've just noticed that the account is closed"
Me "But the lines still working"
TT "You'll have to take out a new account"
Me "Can I speak to a manager to clear this up"
2 minute pause whilst she talks to her manager
TT "She says that you'll have to pay £70 to end the contract early and then start a new account"
Me "Go &*&%*(&(^ youself then!"
TT "bbbbbbbbbeeeeeeeeeepppppppppp"
I don't believe it!!!!
#24
I've just had a phone call from the HSBC...
Conversation goes:
Bank: "Mr Burns, it's the <insert bank name> I'd like to have a chat, could you just confirm your date of birth"
Me: "No."
"Sorry?"
"I will not give confidential information out over the phone to a cold caller who could be anyone"
"Ah, right. that's perfectly understandable. If you'd like to take my number, you can call me back and we'll go from there"
"No."
"What?"
"That could be any number. I'll phone the main number and get put through to you"
The conversation then moved onto bank customer security in general. I related the story of a bank call centre employee who got REALLY shirty when I did the same thing to her. This was a lady from the local branch, we got talking about better ways to improve customer security - I talked about a variant of PKI (standard IT security process) that could be used.
anyway, we were getting on very well and I asked why she wanted to talk.
"Oh just a chat - annual account review"
Conversation moved onto where we could have the chat - I have a preference for a village branch, much friendlier there.
Anyway, she then mentioned some specific account details: personal loan, mortgage (i.e. who they were with) and what they could 'help'
Please note: at no point did I confirm who I was. I did not answer the security questions put to me.
After we finished the conversation I phoned her back and pointed out that she had not confirmed who I was and had specifically mentioned confidential bank details.
Whoops!!!!
Boy was she ever apologetic!
Conversation goes:
Bank: "Mr Burns, it's the <insert bank name> I'd like to have a chat, could you just confirm your date of birth"
Me: "No."
"Sorry?"
"I will not give confidential information out over the phone to a cold caller who could be anyone"
"Ah, right. that's perfectly understandable. If you'd like to take my number, you can call me back and we'll go from there"
"No."
"What?"
"That could be any number. I'll phone the main number and get put through to you"
The conversation then moved onto bank customer security in general. I related the story of a bank call centre employee who got REALLY shirty when I did the same thing to her. This was a lady from the local branch, we got talking about better ways to improve customer security - I talked about a variant of PKI (standard IT security process) that could be used.
anyway, we were getting on very well and I asked why she wanted to talk.
"Oh just a chat - annual account review"
Conversation moved onto where we could have the chat - I have a preference for a village branch, much friendlier there.
Anyway, she then mentioned some specific account details: personal loan, mortgage (i.e. who they were with) and what they could 'help'
Please note: at no point did I confirm who I was. I did not answer the security questions put to me.
After we finished the conversation I phoned her back and pointed out that she had not confirmed who I was and had specifically mentioned confidential bank details.
Whoops!!!!
Boy was she ever apologetic!
i bet you felt great making her feel stupid...well done.
#25
Scooby Regular
Join Date: Apr 2003
Location: Between the Fens and the Wolds.
Posts: 3,027
Likes: 0
Received 0 Likes
on
0 Posts
That last one on talk Talk doesn't suprise me one bit.
We've just had one holy row with them which took place over many weeks and months.
The craziest part of it was , that we closed our account with them, they then tried to charge this £70 early closure fee, and threatened us that if we didn't cough up, they would " Cut us off" . Laugh? there were tears running down our legs !
Yve
We've just had one holy row with them which took place over many weeks and months.
The craziest part of it was , that we closed our account with them, they then tried to charge this £70 early closure fee, and threatened us that if we didn't cough up, they would " Cut us off" . Laugh? there were tears running down our legs !
Yve
#26
Scooby Regular
iTrader: (1)
Join Date: Nov 2006
Location: Yorkshire
Posts: 2,966
Likes: 0
Received 0 Likes
on
0 Posts
I had a similar experience a few years back where quick thinking potentially saved a lot of money.
My wife's handbag had been stolen, along with her purse and a surprising amount of crap that she had hoarded in it, some of this crap was quite confidential including her wage slip and the TV license renewal (I'm always on at her to empty her bloody bag but she just won't listen!). Anyway, about a week after the theft we received a call from the TV licence company saying the current rate is about to rise and I need to renew within the next 48 hours to guarantee the price I paid last year. The guy was very friendly, helpful and sounded genuine, then he started asking if I wanted to pay over the phone now. Having been teaching the Data Protection Act a few weeks prior I did the same as the original poster, I decided that I didn't want to supply my bank details to just anyone over the phone without being certain of who I was talking to. I advised that if he gives me his number I will call back once i've checked a few things. The number he gave was one character too short so it didn't connect. I then phoned the TV licence company directly who told me that they don't do outbound calls of this type and they definitely do not call from the given area code! The scamming ****! Since then I never give out or confirm any confidential information over the phone and would advise you lot to do the same!
My wife's handbag had been stolen, along with her purse and a surprising amount of crap that she had hoarded in it, some of this crap was quite confidential including her wage slip and the TV license renewal (I'm always on at her to empty her bloody bag but she just won't listen!). Anyway, about a week after the theft we received a call from the TV licence company saying the current rate is about to rise and I need to renew within the next 48 hours to guarantee the price I paid last year. The guy was very friendly, helpful and sounded genuine, then he started asking if I wanted to pay over the phone now. Having been teaching the Data Protection Act a few weeks prior I did the same as the original poster, I decided that I didn't want to supply my bank details to just anyone over the phone without being certain of who I was talking to. I advised that if he gives me his number I will call back once i've checked a few things. The number he gave was one character too short so it didn't connect. I then phoned the TV licence company directly who told me that they don't do outbound calls of this type and they definitely do not call from the given area code! The scamming ****! Since then I never give out or confirm any confidential information over the phone and would advise you lot to do the same!
#27
Scooby Regular
Thread Starter
iTrader: (1)
Join Date: Jul 2004
Location: There on the stair
Posts: 10,208
Likes: 0
Received 0 Likes
on
0 Posts
To be honest - I didn't.
I was glad I stuck to my guns about security (it is my job - IT Security) and I'm glad i took the time to explain to her that she had made a mistake.
I guess if I was to kick up a stink about it, I could get her in trouble. I'm not sure that would achieve any more than the near miss she just caused. She was genuinely shocked when I pointed out her mistake and I can't help but think she will be more careful in future.
As an aside, it seems that this was a good post to make as it appears to have helped some people with dealing with these kind of calls when they get them.
The bottom line is: social engineering happens all the time and is NOT a modern invention. If you think about people turning up on your doorstep saying they are from the Gas / Electric / Whatever what would you do?
I've made people wait on the doorstep while I've phoned to see whether they should be in the area. On one occaision I phoned to find out that no workers WERE in the area and when I went to check the guy had gone! A quick phone call to the police was next - neighbour came round 10 mins later to say thanks as he was due a break (he was a copper )
I was glad I stuck to my guns about security (it is my job - IT Security) and I'm glad i took the time to explain to her that she had made a mistake.
I guess if I was to kick up a stink about it, I could get her in trouble. I'm not sure that would achieve any more than the near miss she just caused. She was genuinely shocked when I pointed out her mistake and I can't help but think she will be more careful in future.
As an aside, it seems that this was a good post to make as it appears to have helped some people with dealing with these kind of calls when they get them.
The bottom line is: social engineering happens all the time and is NOT a modern invention. If you think about people turning up on your doorstep saying they are from the Gas / Electric / Whatever what would you do?
I've made people wait on the doorstep while I've phoned to see whether they should be in the area. On one occaision I phoned to find out that no workers WERE in the area and when I went to check the guy had gone! A quick phone call to the police was next - neighbour came round 10 mins later to say thanks as he was due a break (he was a copper )
Thread
Thread Starter
Forum
Replies
Last Post
Sam Witwicky
Engine Management and ECU Remapping
17
13 November 2015 10:49 AM
Brzoza
Engine Management and ECU Remapping
1
02 October 2015 05:26 PM