Wednesday, May 15, 2013

Teach a man to phish

I've just been told by Ulster Bank that if someone called me and identifies themselves as Ulster Bank, then "everything is fine", they are, and I should start giving over personal details.

What?

I wrote a cheque that was being lodged, and somebody called to verify this. Private number, first question was for my date of birth. I asked of some way to verify that it was actually Ulster Bank, and all the operator kept saying was that it was Ulster Bank in Belfast, bemused that I didn't implicitly trust him.

I get the feeling he's had someone like me before, so offered to give me a phone number that I could call back so I'd be more comfortable - except that phone number was a direct line, and I had no way of verifying it was Ulster Bank either. Not a hope, buddy. He just didn't understand how this was a security problem - he told me I should be satisfied when the person on the end of this number answered as Ulster Bank - as if it would be impossible for an accomplice to do exactly this. His final suggestion was that I call my branch (fine) and he would verify with them later.

And so I did, bar from the fact that my branch had no idea how to deal with my approval for the withdrawal. The cheque bounced. I get a call from the branch suggesting I have the recipient re-lodge the cheque, and I ask him for advice - what should I have done?

His answer: "If the caller tells you they are Ulster Bank in Belfast, then everything is fine, you can talk to them". I give up.

No comments:

Post a Comment