Staying ahead of the fraudsters

Working from home quite a bit of the time, I have come to realise just how many nuisance phone calls I get and how easy it must be for vulnerable people to fall into the hands of a fraudster’s phishing expedition. These calls are illegal; both my landline and mobile are listed with the TPS, while the GDPR (you must know what that is!) went live on 25 May 2018 to give the ICO stronger data protection powers.

You’ve been ill on holiday, your oven needs cleaning and you need a green deal

Yet, probably twice a week, I am rung up by a person asking me for details of the car crash I didn’t know I had been involved in or I get an automated message about a government window scrappage scheme or some other great ‘green deal’ (not).

I’ve even had unwanted and illegal marketing to get my oven cleaned and to claim for being ill on a holiday I didn’t take. Another regular caller claims to be from BT to tell me my internet connection has been compromised….even though I am not a BT customer.

Nationwide phishing?

What to do about these illegal calls I’ll come to in a moment. But, what would you do if you get an automated call from someone purporting to be your bank – in my case, the Nationwide - to check if your credit card has been used for an ‘unauthorised transaction’?

My initial reaction was that it was yet another illegal call, another so-called ‘phishing expedition’, and I should hang up, take note of the number and report it if I could be bothered to TPS and ICO.

But, this time, I listened and it prompted me to think 50-50 it was genuine. A few transactions were given and some sounded odd so I chose the option to speak to someone, slightly worried that I was falling into a trap.

Before I got through to a real person, the automated voice told me that to reassure me it was a genuine call I had to correctly choose my birth year from three options. My reaction was that this was not enough to reassure me. Either a fraudster could be using this to fool me into a fall sense of security or they were taking a 1 in 3 risk. Not very bad odds from their point of view.

Nevertheless, I persevered and eventually I spoke to someone who confirmed that they suspected my credit card had been cloned. But at this point, the person said he would have to take me through security to which I immediately said I still didn’t know if he was genuinely from my bank. To his credit, he said if I wasn’t sure I should ring back on the phone number given on my credit card. But, thinking it through, I finally decided it must be my bank as going through security requires some letters from my random password that surely only the Nationwide would know.

Good thing I persevered because it did turn out I had apparently being buying things in Bloomingdales in New York City to the value of a few hundred dollars and even had spent a miserly $7 in McDonalds! I was quickly reassured that the stolen money would be refunded and a new credit card was on its way.

So hats off to Nationwide for spotting the suspicious transactions so quickly – within one day – but my advice to any bank would be to contact their customer by whatever means they have given permission for and then always ask them to ring back using the number on the back of the bank card. There’s no point telling them what this number is because, if it was a scam, this would be a fake number sending you straight into the arms of the fraudsters.

It's also important that if you do call your bank back, you hang up and wait a few minutes. Ideally, use a different line altogether - ie pick up your mobile if you were called on your landline. That's because fraudsters can keep your line open - so that you think you're calling a new number, but are in fact still on the previous call to the fraudster.

Acronym city: TPO, ICO, 7726, GDPR

Returning to what you can do about illegal callers – whether it is just unwanted marketing or something more serious - the short answer is ‘nothing’ if your phone number is not registered with TPS and ‘not much’ even if it is. So my first bit of advice is to register all your phone numbers with TPS here, including your mobile. As mobile calls get cheaper, it’s likely more and more illegal calls will be made to mobiles.

But it’s also the case that you can be certain TPS and ICO can do nothing about illegal calls unless you report them as breaches of legislation such as GDPR. So I think it is always worth doing so as it’s hard to know if the evidence supplied could be used by them to take action.

Though it feels like a black hole, it takes just a couple of minutes to do this. Which is why most times I get an illegal call, I immediately file a report with TPS here and/or ICO here. I also always block the numbers of any illegal caller who ring my mobile as it is very easy to do that.

My landline – currently provided by Virgin Media - does not offer that facility for free. As regards spam text messages – a problem that used to be huge – it’s as easy as forwarding the message to 7726 which spells out SPAM on a telephone key pad.

So my lesson learned is that when your bank comes calling unexpectedly don’t always assume it is a fraudster looking to trick you out of your money.