The technique is well established. Your phone rings, your bank number appears on your screen. Your advisor is on the line, and tells you that fraudulent payments are being made with your card for a huge amount. He calls you to check them and object to each of them. And this is potentially the start of the nightmare, which can result in your accounts being emptied. This is what we call the fake bank advisor scam, which has been booming in recent months.
A well-crafted process, and potentially devastating for the victims. Fortunately, with a few good reflexes, it is entirely possible to thwart these scam attempts. How do scammers work? What information are they likely to know about you? Which ones will they try to extract from you? And how can you protect yourself from it? 20 Minutes explains everything to you.
Real-false number for real scam
If the deception works so well from the first second, it is in particular because the fraudsters manage to clone the banks’ telephone numbers. So, when they call victims, it is their bank number that is displayed on their phone screen. But those days are about to be over. From this Tuesday, telephone calls imitating another number must be interrupted by operators.
These identity theft attacks, or “spoofing”, allow an interlocutor to fraudulently use an existing telephone number to pose as a banking advisor and extort funds, for example. The law, carried by MP Christophe Naegelen (Liot) aimed at regulating telephone canvassing and fighting against fraudulent calls, was promulgated in July 2020, and imposes control on telephone operators. Thus, from October 1, “operators have the obligation to check […] that the calling numbers displayed are authenticated and to interrupt the calls of those who are not,” indicates the Electronic Communications Regulatory Authority (Arcep).
But if professional numbers are now controlled using a number authentication mechanism, this measure alone will not put an end to all scams, operators warn.
Well-informed fraudsters
In addition, when fake advisors call their victims, the deception is all the more effective as they have confidential data about the victims they are trying to scam: cell phone number, first and last name, username, date. of birth and even the answer to the security question allowing us to identify ourselves, whether it is the name of our childhood pet or our mother’s maiden name: the fraudsters are well informed. Enough to give victims confidence to better deceive their vigilance.
How are they so well informed? Several routes are possible. Scammers may have collected your data during massive data hacks, by phishing – or phishing, by means of a false e-mail or SMS imitating your bank, the Post Office, an e-commerce site or even an administration. Or having acquired them when “you have used the same one on several sites, one of which has been hacked, or even in certain cases due to the presence of a password-stealing virus on one of the victim’s equipment”, noted the government’s cybercrime victim support site.
And to ensure the victim’s full cooperation, the perpetrators of the scam play on fear, making people believe that fraudulent operations are in progress, advancing large amounts to push them into complete panic and affect his discernment. Thus, by claiming to want to counter these fraudulent payments, the criminals claim to need additional information to supposedly block these transactions.
NEVER COMMUNICATE YOUR SECRET CODE
This is how they end up asking for their secret code from the victim who no longer has clear ideas. But if we had to remember only one rule, which deserves to be hammered out in capital letters: it is to NEVER COMMUNICATE YOUR SECRET CODE. Because scammers have only one goal: to obtain your password, this confidential code that only you know and which allows online access to your customer area, therefore to your bank accounts, and to empty them in one click , for example by adding beneficiaries and making transfers. Ditto if they ask you for your bank card numbers and ask you to validate the operations by clicking on the emails that your bank, the real one, will have sent you to validate the payments.
And it happens quickly, and the amounts stolen can climb very high. In 2023, the damage from all means of payment fraud represented nearly 1.2 billion euros, of which 379 million were linked to user manipulation such as fake bank advisor fraud, according to the Payment Means Security Observatory.
So to thwart any attempt at fraud on the part of a false advisor, you must keep a cool head (easier said than done), and remember a few absolute rules that will save the day: never communicate your connection or bank card codes, even if the so-called advisor on the other end of the line knows some of your personal data. A real advisor will never, ever ask you for them. And “under no circumstances validate operations of which you are not at the origin, even if your interlocutor claims that it is a question of canceling them,” insists UFC-Que Choisir. And in certain cases, the fake advisors, arguing “the urgency or seriousness of the situation, claim that it is necessary to secure or destroy your bank card and send a courier to your home to collect it” , warns the consumer association. Again, don’t fall into the trap, she continues: “The scammers then make withdrawals from an automated teller machine (ATM) or make online payments.” Do not give your bank card to anyone.
Hang up and call your bank again
If you receive such a call and doubt grips you, it’s simple: hang up before saying anything (which could play tricks on you), and call your bank immediately, especially if the fraudsters know certain of your personal data. If the criminals manage (until this Tuesday October 1st in theory) to duplicate your bank number, it is impossible for them to pick up the calls.
By calling your bank, you are sure to find a real bank advisor, who will report the attempted fraud, block access to your customer account and send you new connection codes by mail (username and secret code). ).
Protect yourself from hacking and know what to do if you are a victim
Finally, to protect yourself from these scam attempts, a few precautions should be observed. In addition to never communicating your secret or bank card codes, “never communicate sensitive information such as passwords by email, by telephone or on the Internet”, “use different and complex passwords for each site and application” and “apply security updates regularly and systematically”, recommends the government platform for assistance to victims of cybercrime. And do not save your banking details on merchant sites.
And if you are the victim of such hacking, keep all the evidence (screenshot of your call log if the criminals used your bank number) and immediately contact your bank, stop your payment methods and, if amounts have been taken from your account, file a complaint, then “dispute the transaction and request reimbursement from your bank, advises UFC-Que Choisir. She must reimburse you, unless she proves gross negligence or fraud on your part.” This may be the case if you have communicated your secret codes, but can be ruled out when evidence such as the call log, if the bank number was used, is provided.