• Ask the Community

  • Sophisticated fraudsters just called me

I have just spent about half an hour with extremely sophisticated fraudsters on the phone. They knew quite a lot of details about me. They spoke perfect (native) Dutch, if I had to guess I would say they grew up in or around Amsterdam (I spoke to a total of 2 people). I received scam calls before, but they were always laughably easy to figure out, and obviously targeted at the elderly. This call felt professional and smooth. I expect a lot of people will fall for such a call.

The fraudsters called from a private number and pretended to be from "Bunq security", who wanted to "research fraud" on my account. They said they detected a fraudulent transaction, actual details don't matter. The fraudsters could tell me quite a lot of private details - including one of my Bunq IBAN numbers, my full name, my e-mail address, my physical address and my birth date.

The goal of the scammers was to install the remote control software Anydesk either on my phone or on my laptop. Their story is that it's a virus / malware scanner. I gave them an excuse for why I wasn't able to install it on my phone, and they tried to get me to install it on my laptop. After I gave them enough excuses to why I couldn't do it today, they just hung up. At some point I told them I will be able to install their software "Next Tuesday". They put on the pressure to do it right now, otherwise my bank account "would not be safe".

After looking through my records, I was able to pinpoint their source of the information they knew about me - a data leak from a company that had me as a client. I know it for a fact but I cannot divulge publicly how.

My conclusions from this conversation:

  • Fraudsters can be sophisticated. They don't all have a foreign accent and they don't all speak only English. Some speak the local language fluently.
  • Fraudsters may know a lot of details about you. Unfortunately companies you do business with have been hacked and will keep being hacked. It's not sufficient to ask for your bank account for confirmation. Better ask for something that changes over time - like your current balance, the most recent 3 transactions or something of the sort.
  • The fraudsters' goal in this case was to install remote control software on your phone. They might have other goals - to get you to send money somewhere, for example. There is no reason good enough to install software on your device as instructed by someone who just calls you up to ask you to do it.
  • The fraudsters pressured me to act now. That may be the clearest indication. If someone is asking you to do something to your account right now - be very, very suspicious. It's likely fraud.

Safe banking everyone!

    @arikb#276580 Good that you share your experience here! Advice for everyone: bunq won't call or SMS you! They contact you through the secure chat function inside the bunq app.

      @arikb#276580 Thanks for sharing this with the community. It's good to hear you were able to recognize this and remain safe 🙏

      Re-subscribing to @thijsoost#276593 words: bunq will never communicate with users outside of the in-app chat.

        @bunqVitaly#276594 just to clarify, this fraud attempt is not Bunq specific. They mentioned Bunq because that is the bank account I gave the company which leaked it to them. If they would have had a different account, they would have become the security department of that different bank.

        And not all banks use a secure chat.

          goed dat u het deelt. a big red flag: 1 bunq belt niet... en hebben niet eens een Nederlandse afdeling, het gaat allemaal in het Engels. maar goed dat je het verhaal deelt

            @beekie#276598 Bunq is een Nederlandse bank, het is redelijk om aan te nemen dat ze Nederlands tegen je praten als je niet goed op de hoogte bent.

              Same happened to me. Really pushing to install ‘their virus scanner’ or even Anydesk. They even sent me a text message coming from the Bunq 020 (SOS) number to confirm that I was on the phone with a Bunq employee.

                @KoenS#276610 There is no check on the source of SMS messages in the telephone system, so if you have the right type of access you can fake an SMS from any number, including non-numeric ones.

                Also, they have no "virus scanner". "My" scammers said it's a virus and malware scanner in cooperation with Anydesk. They just want access to your phone so they can send all your money to themselves.

                I have a question for you: Were you a customer of "GreenChoice", the Dutch energy provider, between the years 2017-2020? I am almost certain that this is where the information they had about me was derived.

                  @arikb#276580 same happened to me. How to know where did they get the info?

                    @Serendipity#276709 They probably got your info from another company that had a data leak

                      @Serendipity#276709 Were you a customer of "GreenChoice", the Dutch energy provider, between 2017-2020?

                        a month later

                        @arikb#276580 this just happened to me and I lost money as a result. Can someone please advise what fraudsters who have seen my bunq dashboard through Anydesk can do after I changed my password etc.?

                        How can I make sure my account is safe again?

                          Ik heb eerste week by Bunq phishing sms gehad. gerapporteerd by Bunq maar hun support is zacht gezeg zwak ik krijg geautomatiseerde antwoorden. Bunq moet tegenrekening koppelen aan de spaarrekening maar krijg geen antwoord :(.

                            @bunqVitaly#276594 Bunq moet tegenrekening koppelen aan de spaarrekening anders blijft jullie Bank geliefd bij scammers

                              @Soeheil#278051 bunq offers much more than just savings accounts. A reference account would protect only one part of customers, and it's unclear to me how much of a security win this would actually be even for customers that deposit only their savings at bunq.

                              After all, if people go as far as installing software like Anydesk just because someone told them to (no offense to the victims, but objectively this is what happens), then the fraudster could probably also get away with making further adjustments to the bunq account of the victim to have the reference account changed.

                              And while you could argue that bunq should just not let the user change the reference account, what happens if the reference account at the other bank gets closed? This might not even solely be the user's fault, as every bank is just a company and can decide to terminate their customer relationship for several reasons. If something like that coincides with an event in the user's life where they need to withdraw money from their savings account without lengthy wait times, then they wouldn't be able to do so.

                              Ultimately, bunq itself has more background info on the situation of course, so it might be they'll come to the conclusion that there is enough of a security advantage to a reference account option to render these contra points nil. But as far as I personally can see, it's not completely black and white. Especially because with bunq you can be very sure that they will never call you and that all important communication is made solely through the bunq app, nowhere else. That being said, in many years as a bunq customer I have never received any phishing whatsoever, be it through SMS text or email. If there is someone out there leaking data, it's probably nothing to do with bunq themselves.

                                7 months later

                                Piratage de nos comptes bancaires, demande de rappel en urgence
                                Bonsoir, suite à un appel qui a duré plus de 2 heures le 5 décembre 2023 à partir de 16h18, soi-disant du service des fraudes du LCL notre banque en France avec le numéro de téléphone du service clients du LCL, nous avons été apparemment victimes d'un piratage sur nos comptes bancaires français. Aucun code d'accès à nos comptes n'a été communiqué ni nos numéros de cartes bancaires ni codes de carte bancaire. La personne détenait tous nos numéros de compte LCL ainsi que le solde de chacun de nos comptes.
                                Il a commencé par nous informer que des prélèvements frauduleux avaient eu lieu en provenance de Grande Bretagne et que nos cartes bancaires allaient être bloquées.
                                Il a procédé à la vérification de nos identités et nous a totalement rassurées, alors que nous étions en panique totale, d'autant que nous étions sur la route.
                                Le fraudeur nous a demandé ensuite d'ouvrir un compte bancaire sur votre banque Bunq à chacun de nos noms avec photos recto verso de nos cartes d'identité et numéros de téléphone. Pour cela il nous a fait télécharger l'application Bunq sur nos téléphones portables. Il nous a fait ensuite changer les codes d'accès remis sur nos téléphones portables par Bunq.
                                Il nous a ensuite fait procéder à des virements de nos comptes LCL vers des numéros Iban soi disant fictifs. La banque Bunq nous a été présentée comme filiale du LCL.
                                Après un appel de notre part au service clients du LCL nous confirmant la fraude ,nous avons directement appelé le service d'opposition aux cartes bancaires. Nous avons également procédé à la modification immédiatement de nos codes d'accès à nos comptes via internet et Android.
                                Néanmoins, cette personne, se faisant appeler Olivier Lucas Rochel, nous a demandé de procéder à différents virements sur des comptes fictifs dont il nous a dicté l'iban.
                                Nous étions en voiture de retour d'Annecy et le subterfuge était parfaitement réglé.
                                3 virements ont été faits de nos comptes LCL vers des numéros Iban probablement Bunq dictés par le fraudeur.
                                Un premier de 428€, un second de 426€ et un troisième de 481€.
                                Nous avons porté plainte dès le 6 décembre 2023 auprès de la gendarmerie française.
                                Nous ne parvenons pas à récupérer nos fonds, ce qui est un comble car nous avons été clairement dupées, et souhaitons impérativement résilier nos 2 comptes bancaires Bunq qui ont été ouverts par malveillance et donc sans notre accord.
                                La banque LCL doit déjà avoir pris contact avec vos services pour tenter de récupérer les fonds.
                                Vous comprendrez aisément l'angoisse que peut engendrer ce type de situation, d'où l'urgence d'un rappel de vos services pour nous rassurer. Dans l'attente et comptant sur votre réactivité pour régler cette affaire, très cordialement,
                                CG +33 6 85 50 46 81
                                NL +33 6 73 15 13 41
                                quebeconath@yahoo.fr

                                Non lu
                                Écrire un message...
                                Aucun fichier choisi
                                Envoyer le message

                                  @New-Vermilion-Dugong-2473307885#286322 Hi! If you have a question for bunq, please contact bunq support.

                                    a month later

                                    @New-Vermilion-Dugong-2473307885#286322
                                    I'm sorry to hear about your experience.

                                    I know it will probably not make you feel any better, but the amounts they wanted from me were over €18.000,-. So in some small way you have been lucky to lose only €1.300. I wish you all the best and I hope you recover your money.

                                    Je suis désolé d'apprendre votre expérience.

                                    Je sais que cela ne vous réconfortera probablement pas, mais les montants qu'ils voulaient de moi dépassaient les 18 000 €. Vous avez donc eu, dans une certaine mesure, de la chance de ne perdre que 1 300 €. Je vous souhaite tout le meilleur et j'espère que vous serez remboursé.