Last week my wife told me she’d received this message from our bank:
Mrs H then replied with ‘N’, following the instructions.
A few minutes’ later her phone rang, and we put it on loudspeaker on my desk.
The man from Barclays asked us to confirm the incoming phone number was the same as the number on the back of her debit card. We checked, and it was the same. He said that to prevent any fraud we should not give him any personal details.
Barclays asked if we had made the transaction and we said no.
He also asked whether were currently logged into our Barclays mobile banking app on a Samsung S3 in Manchester.
“No, we are in London.”
He said that Barclays would investigate the John Lewis and mobile banking transaction further. In the meantime, because we had another security incident last year, he would set up a new bank account.
This was all straightforward, and he kept putting us on hold to speak to the security team and other specialists.
We had now been on the phone to Barclays for around 45 minutes.
He then said that he would send a text message of the new account details, but he had already moved the old direct debits to the new account.
Barclays then sent Mrs H a text message to say a new, temporary account had been created.
Barclays confirmed we’d received that message before he would close the previous account. We said we’d received it. A new text message arrived.
This was the first point that I became suspicious, because I logged into the same account using my own details and everything looked normal.
Earlier in the call my wife asked for his name, which he gave us together with his staff ID. My wife said that he paused before his surname, which I didn’t notice.
Then the sting… he asked us to transfer our funds from the old bank account to the new details. I asked him why he couldn’t do it and he started going into details.
I immediately hung up without any pleasantries.
Unravelling the truth
We then dialled Barclays Bank using the phone number on the back of the card and spoke to the call centre. After a few security checks we explained the situation. He then went through further questions to be sure we hadn’t divulged any personal details at all, which we hadn’t.
Barclays said that they would always ask personal details to be sure they were speaking to the correct person whereas the previous caller had said “Please don’t share any information with me.”
Throughout the first phone call, the caller had appeared authentic and we had no reason to suspect anything until he asked us to transfer money.
Please beware of devious criminals. Never trust the phone number that you see on your phone – it’s easy for criminals to spoof (change) it to anything.
If you receive an incoming call from a bank or any type of company, you can always hang up and dial them directly to be sure you are speaking to the real organisation.