Scam or be Scammed
In a world of two factor verifications designed to protect privacy, confirming your identity is becoming so complex that even the heavy hitters have gone back to basics. A recent tax enquiry I had with the UK government (where I grew up) led to receipt of a four-page letter via snail mail, two months later. It’s a mystery as to why it couldn’t be emailed – my national insurance number is surely not a matter for national security. But then the post is the original non-hackable channel; the Hope Diamond, then valued at $1m, was famously posted from New York to Washington in 1958 for little more than the package insurance.
My Aussie bank is no better, insisting on snail mailing me letters thick and fast despite my preference selection of online only. From interest rate changes to modified terms and conditions, none of them receive my attention. So, I barely clocked one recently which said something about them needing to confirm my identity for their ‘Know Your Customer’ records. I’ve been their customer for twenty-five years and given the institution most of my wages in return for a roof over the family heads and permanent short nails thanks to the monthly vagaries of the Reserve Bank. I was confident they had copies of all my personal records, blood type and coffee order and I haven’t moved house or changed my name.
Next thing I knew, a very shouty and threatening text message appeared, saying that since I hadn’t called to verify my ‘Know Your Customer’ details (not possible online) the bank had immediately blocked all account withdrawals including direct debits.
What the??? I scanned my phone in panic. Is that even legal? There was a ‘helpful’ number to call and a reference to give whereby the whole thing could be cleared up nicely. It followed several prior genuine messages from the bank. But apparently scammers are ever more sophisticated and know how to infiltrate your existing message chains. It’s screaming scam louder than the kitchen smoke detector when your toast burns.
According to the Australian Communications and Media Authority scammers often urge the customer to immediately contact the number provided within the message to create a sense of urgency. In my case I tried contacting the bank ‘via a trusted channel’ (i.e. the advertised phone number) but was flicked instead to an online message service, which assured me that ‘messaging our team is like messaging a friend.’ Since the messaging assistant is virtual, I don’t really want to be friends with her, and besides, why would I be talking to a real friend about potential bank fraud on my account? Eventually I called the number in the message, crossing everything that it was fair dinkum based on my sketchy recollection of the paper letter I’d skimmed. I had to resupply all my personal info, info they already had and which had not changed.
Fraudulent activity triggers are just as sensitive. I welcome the mental image of a falcon taking out a nefarious hacker as he uses my hard-earned cash to pay for his boys trip to Ibiza, but please do take my word for it if the transaction’s authentic. Recently I heard of a journalist who paid a tradie a wedge of money for work he’d done in her garden. The bank stopped the transaction and called her to verify it. She was pleased to confirm it was genuine, until the conversation took a weird turn. Was she a woman living by herself? Was it a trusted tradesperson? How happy was she with the work? Had she told anyone else about it, or commissioned it all by her lonesome? After a protracted and fractious back and forth, alarm bells ringing loudly, she hung up on him. At which point her account was suspended for the weekend.
In my case, all turned out well and it wasn’t a scam. But I’m seriously considering a bag of diamonds as my next investment which I can bury somewhere secret. It’s starting to feel a whole lot safer than entrusting my life savings to an increasingly virtual institution.