OT: a new scam

Err, no. Now you should download the Barclays App onto your SmartPhone and setup the key words that only a Genuine person calling from Barclays would know about.

I am fairly sure that it is only a matter of time before I get caught out by a parcel non-delivery scam at least to the point of clicking on it. Likely to happen when I am in a hurry, expecting a parcel from that courier and see the non delivery message appear at about the right time.

Sometimes it does happen although the regular guys know where to put stuff if I'm not in (increasingly rare in the Covid and post-Covid era).

All cold calls are presumed hostile is a very workable heuristic. I don't know why it isn't more widely advertised as a fix.

I guess if everybody did it then the cold calling sales model would break down and with it the income of telcos and cold calling centres.

I get paid by cheque about twice a year so it is entirely academic now. There are still a few Luddites who still insist on using them.

I use about the same number of cheques per year too. To pay Luddites that are afraid to give me their bank details and be paid online.

They are not tied to any account. You can even use another banks pinsenty device with a Barclay debit card and vice-versa

This is why Barclays are trying to cajole people into using the PinSentry that is part of their SmartPhone App (as opposed to using a PC to login to Barclays online banking).

The former allows you to set up extra secret words to confirm the identity of a genuine call from the bank.

You can't be living that far out in the sticks then if you still have 2 physical banks. I have to drive 10 miles to the nearest large towns in Sussex to visit a Barclays branch.

On the rare occasion that I have to pay a cheque into my account, they just swipe my debit card on their keyboard and auto-scan the cheque. Never been asked for my pin number and the receipt is just stapled into the paying in book.

YES, you do. I am referring to the Barclays App for Android or iPhones which has its own software PinSentry and you can also create words or phrases which will confirm the identity of an unknown caller who claims to be from Barclays.

If the OP had this on his SmartPhone (if he has one) then the scammer would have fallen at the first fence.

The physical PinSentry is being deprecated, certainly by Barclays. They only like to supply the extra large ones to people with poor eyesight, everyone else is steered towards the Smartphone App

Confirm that an unknown caller really is a genuine Barclays employee

I believe even those ladies (?) now offer contactless facilities

Cough. Everytime you fill a text or number box on a Smartphone, a software touch sensitive keypad appears. The only problem is that it is tad small for those without 20/20 vision and difficult to see in direct sunlight.

I hardly ever get an spam emails, but then I use Windows 10 and BT Internet. Perhaps your problem is caused by your obsession with Linux ?.

Including by you if you ever have a stroke or similar brain accident.

Android phones allow you to hide sensitive notifications. You must unlock the phone to see them.

Crikey. Anyone determined enough will shoulder surf you while standing behind you in the queue and use instant messaging to pass the PIN to his mate(s) outside who will follow you and watch you getting in your car or pinch you wallet while you don't know what is happening.

Or they follow you home and come back later for a bit of burglary and take the expensive car too. All while you are in the land of nod.

Sometimes making contactless payments when there are too many people about is better.

On 24 Oct 2022, Tim Streater wrote

I think I assumed that all dedicated email clients did this as standard practice -- Thunderbird certainly does, as well as the Android clients I've used on my phone. (I settled on "TypeApp", which has served me well for a few years now.)

Is this something that web-based email systems don't do? (I experimented briefly with web-based providers like gmail many moons ago, but quickly gave up on them. I can't believe that anyone in their right mind would consciously opt to use a clunky website interface instead of a dedicated client.)

An additional rule applying to emails is to ignore any email that doesn't address you by name. I've seen a number of otherwise fairly- credible scam emails that either omit the salutation entirely or are addressed to "Dear Customer". Sort of waves a bright red flag in your face.

My friend fell for exactly that and she's very cautious.

The scammer then signed onto her account and transferred money out of it, whilst she was still speaking to him on the phone.

The bit I don't understand is why the scammer chose to transfer several thousand pounds to an existing account (which happened to be held by a close friend of my scammed friend).

Of course the close friend returned the money when everyone ralised what had happened. BUT ... how would the scammer have planned to get hold of that transferred money?

Any ideas?

The con is worked to make you feel it is you who has to prove yourself to the scamming party. You are asked for the 'magic number' you have generated, allegedly to let the other party know you're the genuine account holder.

I use Thunderbird on my home machines, Outlook on the company ones, RoundCube as a web based email system for remote reading directly from my home-server and K9 on my phone (which is now tied up with Thuderbird and likely to become more like it). All except K9 show the destination when hovering over a link, K9 shows it when you press and hold a link.

Allow you to but the out of the box default is to flash up all incoming msgs.

My friend received an SMS with a fake "From" number. The SMS claimed to be her bank and asked her to ring their number.

When she rang, she was asked to verifty herself by giving the the "magic number" from her Pinsentry device .. and then they transferred money from her account.