Honestly, I’m not sure it matters. They’ve all had such incidents. I read somewhere that about 30% of your fees and mortgage interest go toward fraud mitigation,monitoring, and restitution.
I always live by these rules
- call them back, don’t talk to them
- ask why you need to do anything. It’s exceedingly rare a bank would call you to do something legit there and then. “I will do it later” will help. In fact that’s how I caught the phisher as I noted the aggravation in 1% of his voice.
- use credit cards, not debit cards, for purchases. They have far more protection.
- use all the 2FA and password complexity you can
- never use real info for challenge questions. Never use maiden name of mother etc. you can put “14 green fish” as the answer to the question if you like.
- make sure they are FSCS regulated, and try not to exceed that limit.
- understand FSCS does not cover you most phishing attempts, since the bank will claim they tried to warn you and were not negligent
- use private tabs for bank interactions
Through this experience I have learned not to trust “what we know about you” information they share. Do not underestimate HUMINT. A bank snitch could give up something as seemingly innocent (to them) as your “join date” and it be a lynchpin piece of info for a scammer.
This may all seem obvious to an HM reader. But it’s worth refreshing and reiterating.
Honestly, I’m not sure it matters. They’ve all had such incidents. I read somewhere that about 30% of your fees and mortgage interest go toward fraud mitigation,monitoring, and restitution.
I always live by these rules
- call them back, don’t talk to them
- ask why you need to do anything. It’s exceedingly rare a bank would call you to do something legit there and then. “I will do it later” will help. In fact that’s how I caught the phisher as I noted the aggravation in 1% of his voice.
- use credit cards, not debit cards, for purchases. They have far more protection.
- use all the 2FA and password complexity you can
- never use real info for challenge questions. Never use maiden name of mother etc. you can put “14 green fish” as the answer to the question if you like.
- make sure they are FSCS regulated, and try not to exceed that limit.
- understand FSCS does not cover you most phishing attempts, since the bank will claim they tried to warn you and were not negligent
- use private tabs for bank interactions
Through this experience I have learned not to trust “what we know about you” information they share. Do not underestimate HUMINT. A bank snitch could give up something as seemingly innocent (to them) as your “join date” and it be a lynchpin piece of info for a scammer.
This may all seem obvious to an HM reader. But it’s worth refreshing and reiterating.