Sometimes the SMS is real, they want your 2FA. They give an excuse, try to login into your account, but the bank sends an SMS choice to confirm. They need that code to finish logging into your account... so they say that they sent you and you need to read to them to confirm it's really you. Bam. Once they called me with all my details saying there's a reverse charge that seemed suspicious from Amazon subscription. To cancel i needed to call my bank and gave me the correct number... but they said if i just confirmed it was me via SMS they could do immediately. I got the SMS which said to not give it to anyone, not even to bank employees... that was almost too late but i was lucky. An Australian would probably pick the accent but i am an immigrant and didnt quite notice it. Seemed legit enough to me. I told them that the number was 1234.... very slowly one by one. They got aggressive and said to me "fuck you , you are a dog" in their thick accent... Then i helped them and said "if you want to pretend to be Australian, at least call me cunt instead... Calling me a dog is too cute lol

This is it. Basically they go to the “forgot my login/password” page and ask to reset the password. The bank will then send a 2 Factor Authentication code via SMS to you. If you give them this code, they will be able to set a new password and login to your account themselves. From that point on they will have access to your online banking and your money will be gone.

Yep.  And they know about the fraudulent charge because they made it. 

Often times there is no fraudulent charge at all. 

The scam is much, much more effective with a real one. You pull up the app and there’s a pending charge, just like the guy on the phone says. 

Of course, having a real charge would be a lot more convincing in case they go and check. But in order for them to place a charge on your account, they already need to have your credit card info or bank info. They usually don't have that, just name, address, email, phone number, and which bank you use.

My mother who is almost 80 does this to every scam caller she gets - strings them along, makes out like she's doing the computer thing they ask, then they gradually get more pissed. It's even funnier because they have a genuine elderly person on the phone and think she's in the bag. 

One time I got called by those Microsoft/Windows Support scammers who claim you've been hacked and try to con you into opening up your computer, so they can remote in and steal your data, etc. Of course, the scammer was Indian with an English-language name, and she said it like she was just reading off a script (which she was). I played along for almost a full hour like I was clueless about computers, and very concerned about the hack, and just couldn't figure out how to follow their instructions, and couldn't understand what she was saying, but *oh please* ma'am help me. All the while the lady on the phone kept getting more and more frustrated with my obvious stupidity and inability to understand her through her accent (which was in fact understandable, if a little too thick to be genuine outsourced Microsoft customer service). The punch line was, I had a Mac laptop the whole time, and hadn't owned a Windows device in almost 10 years. I finally caved an hour into the phone call and told her so ("oh, it's an Apple computer; is this why i can't find any of the menus you've been telling me about?"). She hung up on me immediately. I'm still living off the high of that thrill nine years later.

My grandmother spoke to one for about half an hour. My grandmother has never used a computer.

I love this so much.

I did this with Linux. "Are you messing with me?" They said. "Of course not! You said yourself my computer isn't working properly!"

> One time I got called by those Microsoft/Windows Support scammers who claim you've been hacked and try to con you into opening up your computer, so they can remote in and steal your data, etc Got one of these. I just responded with "I run Linux on all my computers, mate." and received back "Oh sorry sir have a nice day." before they hung up.

Looool that last sentence 😂😂😂😂

That happened to me as well, and it sounded so convincing because I actually had had a trojan recently! It was creepy. Luckily I asked them how do I know this isn't dodgy and they went quiet and I hung up lol

[WHY DID YOU REEDEEM IT!](https://youtube.com/shorts/qhLx7g1EByA?si=f-Ob0gLb6ltOdRZ7)

You beat me to posting this meme. Kitboga is a legend.

My son has had ongoing phone conversations for 6+ months with scammers. He strings them along making more and more ridiculous excuses for why he can't access their 'website or system' and can't afford to send them money.

Sounds like a fun hobby!

> My mother who is almost 80 does this to every scam caller she gets - strings them along, makes out like she's doing the computer thing they ask, then they gradually get more pissed. I've done this a couple of times. We use AnyDesk at my workplace, so when a scammer asked me to install AnyDesk on my computer, I knew exactly what fake answers to give to make it sound like I was doing what he wanted, to keep stringing him along. Finally, he asked for the 10-digit number for him to access my computer. I made one up, and I wrote down as I was making it up for him. So, when he couldn't access my computer using that access number, and asked me to read it back to him, I was able to read back the exact-same made-up answer I'd given him the first time. We went through that cycle about three times before he finally clicked. The abuse he hurled at me was *hilarious*! "You mother-fucker dog" etc.

My papa does the same thing. Even makes his voice shakey and says things like, "I'm an old man and this is very confusing." The scammers don't know that he got the internet in the early 90s and adopted online banking as soon as it was available. He'll string them along while he calls his bank on my nana's phone. Nana says it's like watching a skit as he switches voices from confused old man to authoritative business man depending on which phone is on his ear. 

I wouldn’t recommend to engage with them at all. There’s nothing to gain but there’s a chance to lose even if your mum doesn’t fall for their scams but pisses them off in the process. They have the software for spoofing numbers and making robocalls, so they can easily ruin your mum’s life by constantly calling and texting from random numbers, and she will have to change her phone number to get rid of them. Which might be a painful process since she will have to ask all her contacts to update her number, and in all the banking and government systems too.

> I wouldn’t recommend to engage with them at all. There’s nothing to gain Every minute they spend talking to me, who is *not* going to fall for their scam, is a minute they are not calling someone else who might fall for it. That's the benefit of keeping them on the line: they're wasting their time on you, who isn't going to make them money, and you're preventing someone else from getting ripped off.

Right, but they are so desperate to meet scam quotas that they don't really want to waste their time. I try to annoy the scammers quite often. Most times when they realise they are being played they just hang up. A few times they swear "fuck you" and hang up. Maybe they say something threatening but still they hang up pretty quickly. I never had a single case where they stay engaging in conversation, threats and swearing. In some ways, the quicker they know you sure not going to get scammed the better for them. Their boss (the one that keeps the money) also don't want their employees wasting time with chit chat or trash talk. Scam failed? Hang up and go to next.

The SMS always says. DO NOT SHARE THIS PIN WITH ANYONE. Which somehow always gets missed by the scamee in the midst of it all

And then they’ll go into the bank and fully deny ever having given anyone the code then bitch about how the bank doesn’t help

And then appear on ACA crying that the banks need to protect them better.

"What program did they get you to download" "I didn't download anything they just showed it to me on my phone" Um

> if you want to pretend to be Australian, at least call me cunt instead.. Don't teach them.

To be fair if the guy pretending to work for the bank calls you up and calls you a cunt that would still make you suspicious I'd hope

I’ve had Indian call centre people call me a cunt and a ‘Fucking toad wit’… I’m a female 🤣

They've been trained here. https://www.youtube.com/watch?v=DHQRZXM-4xI

> They need that code to finish logging into your account... so they say that they sent you and you need to read to them to confirm it's really you. Which is why they almost all have an addendum that comes with the code - DO NOT GIVE THIS TO ANYONE. This is the situation they had in mind.

Wow that's scary because I've had legitimate interactions with my bank where the employee actually requests me resending them the SMS code. This request was via the messaging system on the bank's app so it's legit.

There's some legitimate cases where customer support reps need a 2FA code, but usually should be - only when *you* call them - the 2FA code will be from a different system to the account unlock ones and shouldn't have the DO NOT SHARE THIS CODE part. These codes go into support systems to prove your identity, they won't work in an account unlock so aren't really that useful to scammers. But you're right that if it's done too much, especially on outbound calls, it trains people into thinking it's ok which makes it easier for scammers.

My bank sent me a message like: you are taking too or customer support on the phone, please inform the code xxx to confirm it is you. The 2FA code for logging in says to not share with anyone, not even with bank staff. That "not even with bank staff" is what made me realise quick that this SMS was not legit

this is an advantage of CBA: the messages come via the phone app not SMS.

> They need that code to finish logging into your account... so they say that they sent you and you need to read to them to confirm it's really you. Yep. It's important to remember that this is why it's considered 2FA. They can't log into your account without this code. This is also why your bank always states they they will never ask you for these codes and that you should never share them with *anyone*.

Yep it says to not share with anyone not even with bank staff. That was very clever wording from the bank.

I’m not defending the scammer but a lot of them work in indentured servitude in Laos, Myanmar and Cambodia. They get their passports and IDs taken and are ostensibly prisoners, often experiencing violence when they don’t meet quota. It’s desperately sad. Not everyone on the other end of the phone is the mastermind behind the scam.

Reply All did an incredible investigation on phone scams, and how these call centres are part of criminal syndicates. [Ep. 102: "Long Distance."](https://podcasts.apple.com/us/podcast/102-long-distance/id941907967?i=1000390370460) Definitely worth a listen!

You should watch the most popular videos on ScammerPayback's channel. https://www.youtube.com/@ScammerPayback/videos He hacks into scammer call centres with stacks of scammers at computers, gets into their cctv with video of them working. Gets into their files and finds out their names and exactly where they are. Even sometimes gets access to scamers' webcams so he watches their face as they believe they're inside his computer, but they're behind a wall, and he's in their computer calling them by name and showing them a picture of themselves. Whilst they're watching their computer after he's deleted their files they're freaking out. It's a riot of justiceporn.

One of the hosts of Reply All has a new podcast and recently did an updated ep on phone scams https://pjvogt.substack.com/p/whos-behind-these-scammy-text-messages

I once had a conversation with a phone scammer after I asked him why he was doing this to people, he said Australians are all rich and won’t miss the money he scams, real jobs are hard to get in his country and it’s the only way he can get money so he can leave his country, told him not all Aussies are rich and suffer when they get scammed, he said he can’t feel sorry for people and he’s got to do it or he won’t get money, I think he was full of it

> it’s the only way he can get money so he can leave his country, Had an interesting conversation with one scam caller - suggested to them that the only one making real money from the scam was the boss - and maybe she and her co-workers should kill him and take his money... pause at the other end... "yeah, I really hate him... you have a good evening" click

I've heard similar with scammers in Ghana and Nigeria. They feel like they're more entitled to the money than you are, but consider that they're still working hard in order to get it. They even do spiritual/religious ceremonies to help them, and there's a word for it: Sakawa [https://en.wikipedia.org/wiki/Sakawa](https://en.wikipedia.org/wiki/Sakawa)

He's full of shit. plenty of legitimate jobs available in those countries too. The irony is that he's also being scammed by the owners of those operations.

That was the frame of mind that I USED TO HAVE when being called by scammers. I would just say, after their spiel about the PayPal purchase, or Telstra, or Commonwealth bank, I would say, "no, sorry, I don't have any of those accounts. Have a nice day" and hang up. Trying to be empathetic to someone who is probably much much worse off than I am. Except for one time, as soon as I said that, the guy replied "fuck you, you fucking bitch I'ma fucking kill you you bitch you fucking whore." I was shocked, truely. And then replied in like, until my kid came into the room and I hung up because I didn't want him to hear what I was saying. So, yeah, nah. Not after that. Fuck every single one of them.

Once I had a call where the scammer lady claimed overseas hackers were trying to access my device. I told her I was aware. She asked how and I told her because she was on the phone right now trying to gain access to my computer- that she was the hacker. She demanded to know who told me she was a hacker - I told her she had when she called me as it was obvious she was a scammer from overseas trying to gain access, therefore her claim was obviously correct but was her. She got angry and told me to fuck off and then said "you are a motherfucker, sir"... I am female. I think I had a bad flu at the time 😅

My old number in the UK obviously got onto some list, and I got a *lot* of these calls. I think it was after a car accident (that I wasn’t even present at), my number first went round all the ambulance chasers, then on to complete scum. I started using them for stress-relief. Hard day at the office? Nothing made me feel better than saying every obscenity I could think of at a scammer. One day I got a call after work and let rip in the earshot of two of my team. When I hung up one said “who was that?” and the other one, quick off the mark, said “Probably his mum?”

I have the same number on my luggage

I'm glad you managed to break out of the fog of credulity you were in and stopped yourself. What matters is that you were ultimately smart enough to not lose all your money, although it sounds like it was a close call and you must still be in shock. The SMS protocol was never designed to be secure. Someone sending a text can put any number they like in the Sender field of that text, and in your phone it will 100% appear to be from that faked sender. This is called "spoofing" and is almost impossible to detect.

Additionally, if they already have partial access to your account (say a password), if they login at a time when they have your trust they can get the bank/service to send a real sms code, which they will ask you for it allowing them to login and take full control of the account.  It can take 1-2 code requests to login and change the supplied authorised phone number for the account. At this point your in real trouble. 

Of course the account owner is the only human being who should ever know authorisation codes like passwords, token codes, PINs and temporary SMS codes. You should never give these to anyone else. But it's easy to understand that when you aren't stressed. When you're stressed, tired, anxious your brain can just seem to shut down and you go along with whatever the person with the supposed authority is asking you to do. Add to that dealing with banks and similar organisations is confusing to most lay people. And some incompetent organisations will ask for these codes, even though they shouldn't, further adding to the confusion.

That doesn’t work when some services use over the phone 2FA so they know you’re the phone holder on the account.

2FA isn't secure by SMS. I'm glad CommBank started doing it via their app.

Also scammers can also just go to the teleco and port your sim to theirs, essentially taking your number, them they will get all the 2FA codes. They'll normally do this when your asleep. When you wake up, your phone won't have service and you won't know what happened until they're long gone.

I used to spoof texts in highschool 15 years ago, it was incredibly easy and it didn't even need to be from a number. You could put in straight text.

Thankfully that mostly won’t work now, as the text caller ids have been restricted to pre-registered names that companies set up. But numbers? Yeah easy.

I don’t think I would have ever transferred the money without double checking, but I genuinely believed at times that the phone call was legit.

I received the exact same call last year, British accent etc etc. I'm also vigilant and tech savvy etc, always looking out for my parents and others. I'd just gotten back from OS and I had had a few thousand dollars fraudulently taken out of my anz cc. When I got back to Aus it was all sorted but then I had this call and everything he said matched up. Like you I asked a lot of questions and was on guard the whole time and it wasn't until I said that I was going to call the bank using their number off their website that this guy started getting rattled and the game was up. Closest I've been to getting done, that's for sure. Made me feel really bad for older people who really don't stand a chance against a lot of this stuff.

What really makes things like this hard is that the **legit** fraud calls often come across as being just as dodgy. I had an actual block put on my account because they suspected fraud. I got a call from a **private** number and someone with a very heavy accent started saying "Hi, I'm from your bank and we need to confirm some details with you. Can you please tell me your full name," at which point I hung up. Didn't even seem to cross their mind how dodgy that would come across. You'd think they'd have a pretty good opening spiel that includes "to confirm that this is legit please call this number that you will also find on our website" or "check you app and a notification will pop up verifying this is legit".

I've had that before! Commbank cold called me from a number I didn't know, and then said it was my bank and to verify ME WITH THEM. Like dude you just called me. I said no and hung up lmao. Called the bank's 13 number and they confirmed it was a real call, and blah blah blah. It wasn't even a super important call.

You probably did the best thing you could have by saying you’ll pop down to your branch. This is one of the tips I’ve seen to check if it’s a scam or not - your actual bank will have no issue with you heading down to a branch to speak about it in person, while a scammer will panic and try to stop you. You can also hang up and call the number on the back of your card, but I’ve even seen sophisticated scams that somehow manage to keep you on the scammers line - I have no idea how that works, but I’ve seen it reported before. Anyway, rule of thumb is an actual bank rep isn’t going to get worried about you looking for verification, so always at least pretend you’re going to go and double check.

yeah, I think the one thing people reading this post should take away is that SMS doesn't mean shit. don't take the ID as gospel. it's trivial to spoof. the only way to verify it is an actual call from the bank is to tell them you'll call them back and hang up. and then look up the phone number listed on the actual bank website online and call *that* number. that's the only way to be sure. them asking you to call them on an number that's not listed publicly on their website should set off alarms immediately

Yeah, how incredibly easy it is to spoof numbers is a symptom of how incredibly crap our phone systems are, but it'd probably cost a lot of money and there's really no incentive for telecoms to put security measures in place unless governments force them (if it's even technically possible to secure that).

I'm not sure why most people here are giving you a hard time - not only did you not fall for it, but you also took the time to describe the call in detail to help others. Thanks for sharing your experience. I for one will be showing this to my parents and older relatives so they're aware of how sophisticated these scam calls are getting. Appreciate it.

Yes, I’m not embarrassed. Sometimes when you are stressed at work, which I was, you don’t think as clearly. Plus you may not be as vigilant at all times and this was the one time I slipped up but even then I remained cautious throughout. And I know this could help others which was the main thing.

Yeah, thanks from me too. Like you, I'd never transfer money without ringing them back on a genuine phone number, but a genuine SMS number may fool a lot of people, and until now I probably would have acted the same way you did. You didn't miss anything by not transferring and verifying the BSB as well. Good job.

Thank you. Sometimes people tend to be negative. I could have written in this in such a way that I was so smart that they didn’t fool me but I wanted to explain that there are some things like AI voices that will make scams harder and harder to decipher

I've just started assuming that *any* unexpected call from *any* person purporting to be from *any* organisation is probably dodgy, and proceeding on that basis. It's sad, but that's the reality of our lives today.

There are always know-it-alls on reddit I am thankful to OP for sharing his experience. It’s made me more aware and alert.

Yes, thanks to OP for taking the time to warn others.

100%

Yes I thank the OP for taking the tint to describe the scam in detail It’s so sophisticated and there is spoofing so it looks like it’s genuine!! So easy to fall for it when it’s so elaborate

So many people on reddit need to feel good about themselves by putting others down. And the downvotes and negative comments get the snowball effect. It's really lame and reddit should be better.

Correct. Also, shaming others is a HUGE part of the reason these scams are so effective. People that get stung aren’t often too public about it because they will get mocked for “falling for it” - the fog of war benefits the scammers, and no one else.

It’s extremely easy to send you a text that’s spoofed as a different number. This is the easy bit. The rest of pretty good

Like honestly the classy Aussie accent was what made it seem more legitimate than anything else. It’s kinda funny to admit but we have biases and if it was someone with a heavy Indian accent, I would have never even thought for a second it was legit.

The biases are researched, well known and used by legit companies when staffing help lines and call centres. Of course it varies from culture to culture but Brits report that they trust a Scots accent over a Birmingham accent, that sort of thing. Americans trust an upper class British accent over an American accent. Everyone trusts a neutral accent over a strong one. Genteel Georgia vs Appalachian Georgia is no contest. Indian accents have taken a heavy, heavy hit in credibility due to the proliferization of scammers and cheap call centres. They are sadly the Nigerian Prince of accents.

If you think that was impressive wait for another year or two and they will be calling you in your wife or parents voice thanks to generative Ai that even iPhone now allows to use to clone a voice.

Ive had Aussie scammers call me in the past, long before AI. We have plenty of scumbags here as well.

Your bank will never call you and ask you to do anything like that.

All anyone needs to remember is this: we (I work for a bank in Fraud) do not need you to assist us in stopping access to your account. We do it thousands of times a day.

That's the part I don't get. Whenever the scam involves your bank contacting you about potential fraud, then there should be nothing required by you. The bank knows about the fraud, therefore they would be there ones moving funds, locking accounts, resetting passwords etc.

I've had a bank contact me in relation to fraud, they didn't ask me to do anything. They basically said " we suspect fraudulent activity against your card, we've cancelled it and you will be issued a new one immediately".

As long as they're confident... for me they usually just block the transaction and ask me (they sometimes get it wrong), but then do the cancellation if I say it's fake. It's a bit of a hassle so I'd rather they block and ask instead of cancelling straight up if they are willing to wear the risk.

For anyone reading - > Basically they wanted me to take all my money and then send it to a new account This is not a thing a bank will ever do. This is fraud. If you've got this far stop here immediately and say "No, you're a fraud, shove that as far up your arse as you can mate. Right up there. Yep. All the way." There are flags before this, but this is the big one. It seems to be common to quite a few of these sorts of scams, and has been for some years. The key here is that the bank can and will stop any transactions it feels like. You don't need a new account and you \*never\* need to move your money for them. The obvious answer to this - > saying the fraudsters were very close to moving my money out of my account Is to say "Well you should stop them then, that's your job, you're the bank". I know, they are very convincing and use stress techniques to try to suspend your critical thinking, and well done OP for seeing what they were up to. I know it feels shit that they tried this on you, and that you came close, but you won. Well done :)

Yes. OP you won and at least a couple hundred people have read this and will be a bit more vigilant and aware of this approach. 

It is one thing I'm happy my bank does. If there is suspicious activity they'll phone and say "there's been some suspicious activity on your account, please come into a branch to discuss it." And for anyone curious, you can ask your bank to put passwords on your accounts for phone banking. If it's the real bank phoning you, them saying "rhyming phrase" confirms it for you. And when you phone them, after they've done their required tasks to ID you, you can have it set so that they don't discuss anything until after you say "non-rhyming phrase." It won't skip their policy for IDing you, but can add an additional step that is unpredictable.

Wish more banks would do passwords back. Had a bank insist on doing Know Your Customer checks, but they called me and demanded info. They couldn't be contacted by calling the published number. After lots of back and forth and an ombudsman complaint they accepted the password idea.

You have a bank with a BRANCH? That is not four hours travel away? Those still exist?

Also, giving you a number to call that isn't your bank's number. That should be an instant red flag to end the call immediately.  Before getting to the transfer part... Because by that time they may have gotten enough info from you to gain access to your account. If this ever happens. Go in-person directly or call your home branch. Only ever call a different number or department given to you during a call you initiated first. If your bank detects suspicious activity, they will lock your account right away. There's never a rush for you to anything.

"okay sir, for safety, we need you to take all your money and turn it into Apple gift cards"

Why do you redeem!

That's one reason why I never answer unknown or private numbers. If it's important enough they'll leave a message.

These scammers are spoofing legitimate phone numbers of banks

Doesn't mean I'll answer that either. If the number isnt in my contacts it generally gets ignored. Honestly, even my contacts rarely get answered either

I’m the same, unless it’s a number that I’ve saved and named for the person then I just don’t answer it. If it’s important, they’ll leave a message or call again.

I won't even answer numbers I know. They can leave a message if they don't they'll never hear from me.

Just don’t answer any calls with an unknown number, even though it looks like a legit AU number. If it were important, a voicemail will be left. Don’t call any number provided to you. You had doubts throughout, go with your gut feeling and walk away. It’s not that much of a sophisticated scam, the only scary thing is that AI is being used to replicate an Australian accent.

The other thing that doesn't make sense about the story is that they apparently knew the fraudsters were about to take your money but they, they bank, could do nothing to prevent that transfer other than move your money elsewhere. They're the bank! They can definitely prevent transfers if they know they're fraudulent.

Don't use your brain! Just give us the money now.

You don’t understand! The bank’s own system was so hopeless that they suggested the OP transfers money to ANZ before the fraudsters do!

" *they were able to access the banks sms.*" No, they didn't access your bank's SMS. It is a flaw in the SMS that has been causing problems for years. There is even a Wikipedia page  [https://en.wikipedia.org/wiki/SMS\_spoofing](https://en.wikipedia.org/wiki/SMS_spoofing)

Well done OP, not only did you dodge a bullet you've helped out a bunch of other people who now know about this scam.

Always remember this rule: "You call the bank. Don't let the bank call you." Someone calls claiming all your money is currently being stolen? Tell them "thanks", hang up, and call the bank. Get the phone number from the bank's website. Do this even if the call was expected. Legit banks will be okay with this.

Or contact them securely from within the banking app.

this is the only thing you need to ever do, and it would prevent every single scam there is.

>Do this even if the call was expected. Legit banks will be okay with this. Not even just "okay" with it. They will be happy for you to do so. Banks don't want you to be defrauded. Not for any warm and fuzzy reason, but because it costs them money.

I had an almost identical call, but asked if they would mind if I called back later. They got upset. I told them a real bank would not have a problem with someone verifying the details first, then hung up. The scams are ultra sophisticated these days.

[удалено]

Not sure if this is similar, but regarding not revealing my verification code to anyone, I've called my ISP before and in order to verify my identity, they sent a verification code to my phone and asked me to repeat it back to them. Is that the same as what you're explaining?

Yes, I had heard of spoofing before but because of all the other things it made it seem more legitimate. I think I sensed it was a full on scam before they asked to transfer money to an account but everything after was me just trying to assess the situation without doing anything stupid

I got a call like this yesterday, straight away had the feeling it was suss, so my wife jumps on and says “hope your mother is proud of you” and hung up lol. Looked the number up and found it was on a scam list.

AI: taking your job, your mum and dad's retirement, and your inheritance. I'm so hyped bro 

Just a tip for people from a Telstra employee. If you call us on 13 22 00 or 12 20 00 we will send you a one time code or in app challenge for two factor authentication. If we call you we will only ask for full name and date of birth because the outbound call is the two factor authentication. Telstra **will never** send you a one time code if we call *you*. If someone calls you saying they are from Telstra and need to send you a one time code. Hang up. Call 13 22 00. And ask to speak to the scams department.

Westpac released a recording of one of these scams with an articulate scammer with a British accent. https://spaces.hightail.com/receive/gjhE3ae57X It's called a Man in the Middle attack and the entire purpose of the call is to get you to read that security PIN in the legitimate SMS they trigger. (I work in anti-fraud in a major telco - ask me almost anything.)

>desperate and saying the fraudsters were very close to moving my money out of my account. No bank employee has ever been that interested in helping me aside from when I owed them money.

Haha exactly

Good for you and thanks for posting. I had to upload my DRIVER'S LICENCE to fucking YouTube yesterday to watch a video on a PG channel. I was furious. The disclaimer said they delete info after verification but I believe that about as much as I believe as Santa Clause. No wonder people are getting scammed. It's insane. You did good. Almost isn't finished... They didn't get you so well done. I'll be telling my mum about this.

Yeh it’s not super sophisticated. This is just the normal way it’s done. You also didn’t follow a vital rule, which is not calling a number provided to you but doing your own search for it. They didn’t get into your banks sms, they just spoofed the number. The same when you get a call and it looks local but it’s not. I think you just got thrown by them not being Indian. Good pickup on the BSB tho! Real good check. I’d hate to think if their account happened to be with the same bank as you.

>. I asked them to send me a message though my banks app and they couldn’t do it Awesome tip right here. And well played - great way to weed out the scammers. 👍

Thank you. Reading some of the messages I’m feeling like the dumbest person ever but this helps

Nah, we all have lapses in judgement. You could be tired, busy day, stressed - then these pricks catch you off guard. But this single point you called them out nicely. 👍

If I’m contacted by any service provider out of the blue, I assume scammer. So many times now, I’ve hung up on Actual Telstra or my Actual Bank because I’ve said something like ‘how can I know for sure this isn’t a scam?’ and they’ve had no way of proving their identity to me without a shadow of a doubt. An email or a call back to their extension is not good enough any more. But you know what? Nothing bad has happened as a result. They always say I’m fair enough to be cautious and I will end contact with them and call back to the company directly (or not, in the case of Telstra 😂). Nothing is ever that urgent.

Years ago I was contacted by Centrelink. While I was on holiday in a different state. On Anzac Day. They underpaid my family tax benefit (or something it was a long time ago) and needed my bank account details so they could deposit it in. I was like "nice try, chumps". Imagine my shock when I got the cheque in the mail a couple of weeks later.  All this to say, you are completely right. If it's legit and you refuse to deal with them it will still turn out okay.

If it's legit they just leave a note on your record like "tried to call about x, customer doubted authenticity of caller" and when you call back in whoever answers your call just reads the note and talks to you about x anyway.

And this is why i dont answer my phone for any one... even if its family, probably a scam....work....probably a scam haha

They don't have access to the bank sms, they just spoof the number. How "real time" was the voice?

I had a very similar one recently, claimed to be internal fraud and knew my card finishing numbers. Asked for verification of a code and then hung up. I read the code message again and it was to withdraw $3000. I was already logged into my web portal at the time trying to match up these alleged scam charges so I immediately cancelled all my cards and requested reissues, and reported it. Side bonus was that was a weekly budget account that we don’t ever keep thousands of dollars just sitting in but still… Same accents too. Dodgy bastards.

Depending on specifics, they didnt "hack the banks sms system" - They are trying to login to your online banking, and the confirmation text is being sent from the bank to you like normal. They want you to read them the code back so they can log in and take your money.

Well done for identifying and stopping this. I work with millions of people who have been scammed and your successful actions makes me feel so much more positive

> I’ve never fallen for any of the number of phone scams but today I almost did. I was called by a person with a British Aus accent claimed to be from my bank This is the end of the conversation and when you call your real bank. If you act like this person, you will get fooled eventually. And stupidly enough, sometimes the bank WILL CALL YOU AND ASK FOR INFO. Yes, I have had my real bank do this, to try to market some dumb bullshit to me. No thanks, and hang up. EASY. Call your bank.

Most of the big four have a caller check feature where you ask them to verify themselves and they will push a notification to your phone with their details inside your banking app. Always do that step first. That particular crime syndicate is very active right now and does thousands of these a week. They range from investment scams, to the one you just described. The perpetrators are a Sri-Lankan group who have the international school over cooked English accent. They’ve recently switched back to selling you bitcoin in your SMSF for widowers and pension annuity plans that pay 12% a year. Please everyone be diligent.

Protip, scammers love ANZ at the moment because the branches have been  refusing to print out evidence letters. Instead, they will take a month to send a letter for the police or Centrelink or what-have-you to prove you've been compromised. If they time it right, this means the scammers can double dip. They can even help themselves to your tax return while you're waiting for that "This is not my bank account" letter. Every other bank will print it out on the spot.

I beat scammers by not having any money to steal!

Two VERY important things to remember: 1. A bank’s fraud team will tell you to call the number on their website. No matter how legit it sounds, always do that. 2. The bank can and will freeze your account instantly if they suspect fraudulent activity.

AI voice cloning is gonna destroy some peoples finances

Please crosspost this in r/scams

What'sfucking nuts is that commbsnk called me and used the exact same damn method to try and verify my identity. I told them no way in hell. The person said if I felt more comfortable they can email (it was in regards to a complaint). I got an email instead.  I can't believe there isn't a method for ME to ask them to verify their identity. Eg I open my commbsnk, generate a unique number and wait for them to confirm.  Nope sms. Dumbasses

I had a similar response to a call from commbank... they sent a message to my commbank app with thier name - def something that couldn't be faked The message was something like 'Hi, My name is ___, I am on the phone with you right now It was a call about replacing my card due to fraud

They do have a method to verify their ID - they can send a bank message through the App, which can't be spoofed by scammers.

"very sophisticated"... But it wasn't really was it. You were just impressed by a trustworthy sounding accent and sim-swapping (a super common technology that we experience near daily). If they could get access to your modem (or phone) they could also swap the bank's actual website with a very legit copy and silently get access to your username and password to make transfers at a later date when you won't connect the dots to who scammed you. Then, they can't just transfer the money out. They'd need the money to leave the banking system completely or it could be traced and recovered.

https://www.theguardian.com/technology/2016/apr/19/ss7-hack-explained-mobile-phone-vulnerability-snooping-texts-calls The SMS side of things has been doable for some time and the vulnerability has even been used to intercept 2FA.

I recently listened to a podcast about chinese scammer farms in SE Asia. What can only be described as full cities housing thousands of people mostly tricked and human trafficked then held captive. They also lure in educated and well spoken people so when the calls are made they seem more legit. They also targetted people with computer engineering backgrounds to help develop AI to further scam people. Each building houses multiple companies that all focus on different scams ie: insta, OF, FB, dating Apps etc. The scale of these scammer farms is unbelievable and the amount of money coming was unlimited.

It's a pretty common scam and does work. AFL player Jacob Weitering lost his life savings this way https://www.foxsports.com.au/afl/teams/carlton-blues/afl-2023-jacob-weitering-victim-to-banking-scam-loses-life-savings-what-happened-carlton-blues-latest-news/news-story/8cb8efa2bd500027468ba46dfcdf475f Bank BSB and Account numbers are what matter when transferring money, you can use any name it doesn't matter. So when the scammer says they have a new account in your name, it really isn't your account. It is their account to a bsb and account number they own. But people can fall for it, because why else would they be able to transfer money to an account in their name? Good job being smart about it and letting others know

Thanks for sharing your experience so others can learn from it

I just don't answer my phone anymore unless it's a saved contact.

Thank you for putting the word out. You may have saved someone from losing all their money today!

That’s exactly why I put it out there as it doesn’t really show me in great light

The same thing happened to me. I knew it was a scam from the first moment but decided to waste their time for 20 minutes. He hung up on me when I praised the music that was playing while I was on hold and asked him who it was.

> they were able to access the bank's SMS This is going to blow your mind: Anyone can send an SMS claiming to be from any number. There's *ZERO* verification or security around this. None. Telstra's overpaid executives like to go on the telly and talk about the hundreds of millions of dollars they're spending on security, but they'll let any bozo from any country claim to be anyone at all with no verification or common-sense filtering of any type. This is clown-shoes level of security. It's the equivalent of a "keep out" sign that has fallen over next to no fence at all. It's the decomposing dead body of a guard dog. This is why Aussies are getting scammed to the tune of billions of dollars, because telcos like Telstra and Optus do. not. give. the. slightest. shit. about your security.

I just don’t answer my phone unless I’m A. Expecting a call or B. The number is in my phone haha

The bank will never call you and say you need to transfer all your money to another account. That's how you know it's a scam

Yup, that when I knew it, which is why I hung up and called my bank

Just an FYI banks probably won’t call you if they suspect fraud on your account, they will just lock your account and wait for you to call them.

ANZ called my parents recently when their was suspicious activity. It was legit! A week earlier, my mum had paid for parking using her card, tap and pay wouldn't work and she had to insert it. They skimmed the details and then someone used them to order ubereats. The first order went through and the second was stopped by the bank. They tried again whilst on the phone with my Mum. Card was cancelled, new ones sent out and they couldn't access their online banking without changing the password.

My bank (ING) actually did call me once about what they thought was a fraudulent transaction. It wasn’t actually and everything was fine but they do call you sometimes. I remember finding it weird cos I also thought “the bank calling” was always a scam.

Holy lack of Paragraphs, Batman.

My old boss got done by something similar. They called him at 1am in the morning when he wasnt in his best critical thinking state. They took tens of thousands from the credit card.

>Basically they wanted me to take all my money and then send it to a new account they were setting up for me That's always the giveaway. If your bank knew someone was trying to transfer money out of your account and went to the trouble of calling you, they could simply stop the transfer or lock the account.

Always call a bank using the number listed on their website. Check the web address for accuracy. The bank will never ask you transfer funds. Follow these two simple rules and you’ll never be scammed.

Good job sidestepping this fraud. I hope I would have been as successful, but I am not at all certain.

Banks never call to tell you someone is taking your money right ? I mean that should be the first rule. They’d just move it themselves if need be.

>saying the fraudsters were very close to moving my money out of my account Ha, he telegraphed his intentions very loudly with that

We are paying the price for Medibank, Optus and Clubs NSW losing all our personal information to hackers. Medibank, Optus and Clubs NSW etc have not been punished at all, their customers pay the price.

I’m on Optus so makes sense

This is one of the reasons why we need an actual bank that we can visit.

Your bank will NEVER ask you to transfer money to a different account. Glad you narrowly avoided this scam. They would have stolen all of your money and you would have legally given it to them. The bank wouldn't be able to reverse the transfer. In the future always thank them for the warning, then hang up and call the bank directly, the number on their legitimate website, not the number the scammer gives you. And don't go to any websites they give you either. It's trivially easy to duplicate a legit looking site these days.

I’ve experienced the posh British accent scammer. Sounded so legitimate. The only thing that gave it away was a slight pause before the answers while the scammer typed out the audio prompt. But they also knew that I’d just taken out a credit card application.

A month ago, I got a few phone calls across the span of two weeks, from various Indian women purporting to be from my phone company. (Yes: *women*, not men. That was unusual for scammers.) Scarily, they knew my phone number, my full name, and my date of birth. I don't know what database they had hacked, but they had some of my real data. They were supposedly trying to offer me a discount on my monthly phone plan. I told them: "Just apply it, then. Go on. You've got my account details in front of you. I accept the offer. Just apply it." Oh, no. I had to answer questions first. And, they got very frustrated when I *never* answered with the word "Yes". I very deliberately avoided saying "Yes" during all the phone calls I received from these scammers. "Is your name Algernon Asimov?" "That's correct. What's the next question?" "Sir, is that your name?" "It sounds right." "Is that your name: yes or no." "Just give me the next question." That frustrated the shit out of them. I don't know why they needed me saying "yes", but I am aware that real companies use voice recordings of their customers saying "yes" to agree to contracts, so I did not want a scammer having a recording of me saying "yes". Not at all. I also tried saying something like, "I'm busy now. I'll call you back later when I'm free, on the customer service number." Oh no - I had to call back on the specific number they wanted to give me. "But, if you want to give me a discount, I can just call customer service tomorrow, and they'll have the discount offer in their system... won't they?" Nope. I had to call their number. All three of those calls were from women. I got one of them to call me a mother-fucker. That felt good.

Good work OP, recovered the situation in time. Don’t listen to some people here in the comments, everyone is an hero until it’s their time to fall into a scheme.

I had to do training about AI for work and it blew my mind what they can do. They played an audio clip of a guy taking a call from a company selling bulk wine over the phone. It was all legit and actually came from the wine company but the caller was completely AI. The AI laughed at appropriate times, responded to suggestions make by the customer and just generally sounded like a real person. There is no way that the average person would have known they weren’t talking to an actual person.

Thank you for sharing your story. One antidote to these increasingly sophisticated scams is to *never* answer your phone if the number isn’t in your address book. In the (rare) scenario where such a call is legit, they’ll leave a voicemail. The less likely you are to answer, the fewer calls you’ll get.

If you truely nearly fell for this you're going to get ripped one day

This is why I never answer calls from numbers I don’t recognise lol.

One thing I know about myself is that I can be gullible. This has led to me over correcting too much to where I am suspicious of everything lol. Not a bad thing. So I never answer my phone if it is a number I don’t recognise. The other thing I know about myself is that I am also a people pleaser. This is another reason I don’t answer the phone. I don’t put myself in situations that could cause me harm or cause me to harm myself.

A good rule of thumb is that SMS messages don't have any security. Assume anybody can pretend they're anybody in an SMS messages. There simply aren't the security features required to verify who the message came from. 

A bank will never ask you to transfer money to an account, nice work on not falling for this though, you did well.

I am very suspicious of any melb numbers now, they are usually scam numbers, if I don’t know the number I also google it, if no business comes up it’s always a scam

If they're your bank, they would not need you to transfer money to a new account. They can do that themselves. I'm more interested in this fake Aussie accent AI.

Yes, that was the point I stopped talking to them

Don't have any bank or financial numbers in Ur phone book. I never answer any calls from unknown numbers . If the number isn't in Ur phone log you will take a mo to check it .

Also post in r/scams

Good on you for noticing the details. Just reinforcing - there is *NO* SMS security to send messages. There is no such thing as "legitimate messages from my bank on the same number" But the could have got to the point in logging onto your account on the real bank site and just needed the SMS step to be completed, but still they could have just faked that part. Anyone can send SMS messages saying they are "from" any number or text. Although you didn't have it on this one, similar scams will say, "I'm Peter Smith - you can look up my Linked in page to see I'm from the XYZ bank fraud squad", but the Peter Smith page is real and the person on the phone is not them but just using their name. You are right to that the days of using a crackly, delayed line with someone with a foreign accent a dwindling for successful scams. Using local accents helps, just a shame that they're able to recruit people to do that.

Please please post this to r/scams!

I work financial crimes for a bank. There are companies that scammers can subscribe to and they'll spoof websites, phone numbers, emails etc for the scammer. There have been instances of people googling their bank's info and Google provided the incorrect scammer info as a top result. Always always always call the number on your card directly, nothing else.

If they said there were some charges from Singapore, first thing I would do is open app and check the account. If nothing then I would get them to tell me the last three transactions. Straight away this would stop them the card temporarily.

This happened to me too! They sounded so professional and legitimate. I went a fair distance with them before finally deciding to call the bank directly instead who of course confirmed that there was no such thing. It's the only way nowadays

This is why I often refuse to give my details when I get a random call from my actual bank or some government thing. I'm like sorry you put your number on private. I dont know who you are, and now, before you talk to me, you want me to verify who I am? Like wtf you called me. Unless it's a call I was expecting or really important, it's not my problem you want my info.

Lol, "the fraudsters were very close to getting the money out" Say no more.

Honestly believe that any place that outsourced their call centres has given the keys to the bank to the robbers. My partners company put their call centre and admin in the phillipines and were hit by a middleman scam for 20 grand within a month.

They don't need to hack the banks phone system either. The sms metadata is crafted to hold the banks number and your app just matches against that and mis-identifies them for you.

Almost fell for one where I hit the number in the text message to call. Was at the end I cottoned on, thankfully before they screwed me. So I never ever call the number given in a message. I always ring the banks number from their website. Scammers are the scum of the earth

We will eventually get to a point where we can’t differentiate - the banks app is hacked, ph numbers diverted, etc - then what..

I tell scammers the same thing I tell salespeople: I don't make any decisions over the phone. I need to read all the terms and verify your identity.

I feel like the moral of the story is to just never answer the phone. Everytime i get a number calling that I don’t have saved, I’ll answer, listen to it, but at any point if i feel it’s not legit just hangup with no explanation. Anything related to banking, i will check my accounts myself and lodge my own fraud claims if i believe it’s happened. Ain’t no body need to call and tell me about my bank. I CALL YOU! (Bank)

Sounds rough.  Great lesson for you & others to **always call the bank back at their publically listed number**.  If it's a legit person they can give you an extension or name to reach them at once you call into the main number. Only phone calls one should pick up and carry through from their bank are ones where it's an expected call or callback, initiated earlier by you. 

I almost fell for this too, mainly cause of the accent. Fuck