← Back to context

Comment by seanhunter

7 hours ago

Yeah as sibling points out, lots of orgs have scammy official security calls. This leads to a dance I have been through quite often.

   <phone rings, I pick up> Hello
   Them: Am I speaking to Sean Hunter
   Me: Yes
   Them: This is <rubbish bank who should know better>. Can you confirm your <date of birth/full address with postcode>
   Me: Yes
   Them: Err, … sorry I didn’t quite catch that.
   Me: Yes.
   Them: <thoroughly confused>I asked whether you can confirm your <date of birth/full address with postcode>
   Me: Yes.  I can.
   Them: err… I can’t talk to you without you passing security.
   Me: You called me.
   Them:  I’m sorry…?
   Me: You called me.  You wanting to talk to me about something is your problem.
   Them: I need you to pass security before I can talk to you.
   Me: OK, well.  Have a nice day.  <hang up>

Almost this exact thing has happened multiple times with one of my bank accounts which I can’t completely shut because of boring reasons but I have basically deprecated because they do this sort of nonsense. My main bank now is much better.

4 comments

seanhunter

Reply
Scoundreller  5 hours ago

One of my banks refused to talk to me over the phone and informed me to go to a branch with 2 pieces of ID. Fair, it was a credit card opened online.

Only to find the 2 pieces of ID were just for them to talk to me and ask for more documents. Rubbish like employment letters (uhhhh, how about YOU call my employer instead of me printing out the “letter” they’ll email me?) or tax return stuff mid-year.

I cut up the credit card and mailed the pieces to their legal department. Someone called me pretty quick and without any authentication hassles.

DamonHD  2 hours ago

This is very much my experience.

I generally say at some point before terminating the call "you should not train your customers to give out account access credentials to strangers" and the caller usually has no clue what I mean. Does no one in the security teams have theory of mind?

This will be the way I bring up the issue with the regulator if I do. I can think of many ways round this issue that would be much safer and not especially arduous.

somewhatgoated  1 hour ago

That’s wild. If my bank needs something from me they send an email saying that a message is available in the online portal - or in some cases they send me a physical letter. Anything else would be highly suspicious

monkpit  3 hours ago

Just don’t answer the phone. If it’s something important they know how to reach you, or they can leave a voicemail.