19

I have given someone my bank account details including my home address and phone number by email, supposedly so that money can be transferred into my account.

I am now quite sure this is a scam.

What do I do next, i.e. how do I protect myself from this scammer?

Ben Miller
  • 116,785
  • 31
  • 330
  • 429
Julianne bhana
  • 199
  • 1
  • 3

4 Answers4

30

Do not disclose any more information and change your passwords to the bank website. You might possibly have to change your phone number that you have linked to the bank account. This is important since you might be receiving One Time Passwords (OTPs) on the mobile number which can be used to gain access to your account. Personally, I think physical address is not doing much of a harm, but report this to your bank and let them know that you have done this so they can call you in case there is a large transaction that is happening without your knowledge. Ask them to get approval for any transactions above X amount (X being any amount in your currency that you deem large enough).

Keep an eye on your transactions and report any fraudulent transactions immediately. Report the fraud to the police.

And most importantly, do not share any personal details to an unathorized person in future. Be safe.

Arpit
  • 376
  • 2
  • 7
12

Report to your bank, close that compromised account and open a new account. Change any password, create a new email account if you have to and never chat to the scammer.

kachan64
  • 3
  • 1
Mohd Danish
  • 119
  • 5
12

When you say "details" I don't know if that includes your username/password to online banking. If it does, first step is change that password, but you should do that while you're on the phone. Changing your password is not enough, you must also do the next step.

Tell your bank. Right now.

Call them on their customer support line. Don't wait for an opportunity to visit a branch.

Because they can provide practical defenses about what is about to happen. Or, if it's already happened, time is of the essence in reversing it.

The more proactive you are, the more likely you'll get your money back.

Then, do mop-up activities

Notify Google that the mail is a scam, Gmail provides a way to report that.

File a police report. They may not want to take your report unless the bad guy actually tried a transfer.

I am breaking these out into "mop-up" to emphasize that these are not as urgent, and don't do them first.

Harper - Reinstate Monica
  • 59,009
  • 10
  • 94
  • 199
6

What do I do next? how do I protect myself from this scammer?

As others have noted, your first phone call is to your bank's fraud department to inform them of the situation. They deal with this every day and can advise.

If you gave the scammers your mobile phone number then you have an additional problem to deal with. After you call the bank, call your mobile provider's fraud department. Make sure you get the fraud department; the front-line phone support people for mobile phone companies are frequently undertrained and incompetent when dealing with cases of fraud. A good friend of mine has been dealing with a mobile phone fraud recently, and the phone support people got it all wrong until she spoke to an expert in the fraud department.

The kinds of problems to anticipate if they have your mobile phone number include:

  • They may execute a social engineering attack against your mobile phone provider to convince them that they are you, and that you've lost your phone, and get the company to replace it and charge your account. They get a new phone with your number, your phone gets deactivated, you pay for it, and then they use your phone number to commit more crimes. This is the situation my friend is in right now, and it is very upsetting. But it gets worse! The worse situation is:
  • If they manage to get control of your phone number via social engineering attack, or bribing a phone company insider, or whatever, and they also have your email address, then they can execute the following series of steps: first, they'll attempt to log in to your email, but they won't have your password. Suppose you have two factor authentication turned on. They'll start the password reset process on your email account, and now they have "your" phone to satisfy the two-factor authentication, and they can reset your password to a password of their choice. Now they have your password and your email address, so they'll then read your emails and figure out what other services you registered that email to, and they'll reset the passwords on all of those as well.
  • Then they'll look at your email contacts, your social networking friends, and so on, try to figure out which of them is the most gullible, and start further attacks against them. Got a grandparent? They'll get an email from you saying that you're in Paris and someone stole your wallet and grandma, can you send me $200 to this sketchy money company right away?

In short: our lives are in our phones, and many services use possession of a phone as a proxy for authorization. If they have your phone number, talk to a fraud specialist immediately, because these attackers will likely be sophisticated and know what to do with the resources they've got.

Eric Lippert
  • 5,016
  • 2
  • 20
  • 23