Why I willingly handed over my credit card and PIN to a fraudster

&gt;If you call a landline, it’s up to you to end the call. If the other person, the person who receives the call, puts down the receiver, it doesn’t hang up the call, meaning that when I went to find my bank card, the fraudster was still on the other end, waiting for me to pick up the phone and call ‘the bank’.<p>Can someone explain this? This seems like a pretty glaring and obvious issue that I&#x27;m sure I would have experienced before. Is he saying that if he hangs up the phone and picks it up again and the person at the other end doesn&#x27;t hang up, then the conversation isn&#x27;t over?

Something similar has happened to me.<p>I was in Barcelona, regular tourist. Here come a guy saying he is a cop, in civil but showing some kind of ID. Saying I might have stolen my own credit card and asking to dial the PIN on his phone. I&#x27;ve fallen for it. They&#x27;ve taken 400 euros from my bank account.<p>I guess we don&#x27;t have to blame ourself, scheme exists, we might fall for we might not fall for it. This guys have training we don&#x27;t, we have good reason to not act in the smartest way!<p>I hate Barcelona.

This is why I&#x27;m terrible to my bank over the phone... I always ask them to prove to me they are from the bank and when they can&#x27;t - i hang up. It&#x27;s kind of annoying except I work above my bank so it&#x27;s pretty easy to walk downstairs. Maybe someday the bank will implement a kind of certificate to help me identify i&#x27;m really talking to the bank...

The phone thing I can understand, but why would a bank ever send a courier to pick up a card (and why would someone believe that they would)? I&#x27;ve never heard of such a thing.<p>Even if it&#x27;s got a chip, what could possibly be stored on the chip&#x27;s memory that would help? If there&#x27;s a problem with a card being compromised or cloned, they issue a new one.

I once got an SMS to the tone of &quot;This is &lt;my bank&gt;, you have to call us urgently on &lt;some 0800 number&gt; and quote reference &lt;blah&gt;&quot;. So the first thing I did was ring the number printed on my card and have a nice talk to them.<p>Turns out it was the bank, but they don&#x27;t do themselves any favours.

Wow, that admittedly had a lot of effort going into it. I&#x27;d like to say that I wouldn&#x27;t have fallen for it, but I&#x27;m not so sure. I think I wouldn&#x27;t have physically given them the card, though. Something about the whole thing just seems really odd they&#x27;d go so much out of their way for one victim.<p>But is this something more common in the UK, perhaps? The only scams I run into are these laughable phone calls I get from time to time - recorded messages like, &quot;This is card services from (fake phone static). Your card has been compromised. Please call us back.&quot; I never called the number back but from looking up online it seems that pretty much straight off the bat they ask you for your SSN, and I&#x27;m guessing they wouldn&#x27;t have any personal info about you.

&quot;As for the call, well, credit where it’s due, it’s pretty clever. If you call a landline, it’s up to you to end the call. If the other person, the person who receives the call, puts down the receiver, it doesn’t hang up the call, meaning that when I went to find my bank card, the fraudster was still on the other end, waiting for me to pick up the phone and call ‘the bank’. As I did this, he first played a dial tone down the line, and then a ring tone, making me think it was a normal call. He will have been sitting next to the first person that called me, no doubt laughing their heads off at how stupid I’d been.&quot;<p>Wow, what? This seems pretty crazy. I was wondering how they did it until I got to this point.

A clever scam with the land-line call.<p>I wonder where the fraudsters have got all his personal info (including his land-line phone number) from. Even if they got a hold of his receipt that shouldn&#x27;t contain enough info to get all the other details.

A good strategy is not to depend on a single bank or account.<p>At least in Europe it&#x27;s fairly easy to find banks offering accounts with no maintenance&#x2F;transactions costs , just open two accounts at two different banks, keep the same level of cash in both and if something happens you don´t have to go on a diet of canned beans waiting for the compromised account to be restored.<p>(Then again, some might argue that now you have twice the chance of being targeted by a scammer).

I found the title slightly misleading.<p>I was expecting an interesting article about a deliberate handing-over of credit card and PIN to a known fraudster, in an attempt to examine their behavioural patterns and maybe offer some anecdotal insight.<p>I felt the actual article was much less interesting.

I like to think having to send my card so they can inspect it would of been a huge red flag. What is there to inspect?

I wouldn&#x27;t be too hard on yourself. I would have probably fallen for it after the phone call. The answer isn&#x27;t that you&#x27;re stupid - the answer is, when other human beings exert a ton of effort to deceive you, sometimes you&#x27;re going to be deceived. Especially if it&#x27;s out of the blue and you&#x27;re not on guard. Human beings are pretty cunning and deceitful bastards.

Pretty dicey, I can see a day when your bank calls and you say, &quot;Thanks for calling, I know you&#x27;re my bank but I wonder if you wouldn&#x27;t mind answering a couple of security questions for me ...&quot;<p>The big risk though is going out to pick up your card, that gives you the opportunity to film them. If you know which ATM they are watching you set up a sting to catch them in the act.

It wasn&#x27;t explained how the crims got the pin number after he entered them into his phone.<p>I assume because each number on the keypad has a unique tone, they could extrapolate which keys were pressed?<p>Also how did they get his phone number? The phone directory?<p>Most shocking is how did they get date of birth and mothers maiden name!?!?

I was once SE&#x27;d (socially engineered) into providing the caller with my full name, address, DOB, but no financial information.<p>The caller had spoofed their caller ID to reflect a police agency, albeit out of my jurisdiction, but like the OP it was early on a weekend morning and I was quite well hungover, so I readily supplied the requested info.<p>It was a valuable learning experience and I admit to being &quot;schooled&quot; by the perpetrator but seeing that no actual harm was done I let the matter drop like the lead it was worth.

I imagine that a great many of us would be fooled by that sequence. It&#x27;s easy to consider yourself paranoid or careful and then be thrown off-guard by a well-optimised routine.

Phones in general are ridiculous for authentication. You can spoof nearly every bit of data, and there&#x27;s no way to know, and little weird bits of flotsam like this float to the surface occasionally and make it even worse than it normally seems.<p>If only I could ask them what <i>their</i> favorite restaurant is, maybe we&#x27;d <i>finally</i> have two-way verification. Nobody else picked McDonalds, right? That&#x27;s a safe choice?

Wait: The fraudster <i>gave you his license plate number?!</i>

Who pays for fraud cases? Do the credit card companies end up paying for all the merchandise when they reinstate the victims cards and forgive his debts?

Social engineering trumps hacking.