- A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
- Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
- Hunt has detailed the attack and warned his subscribers in a timely fashion.
Then you tell them you will call them back, hang up, call the bank yourself and do it that way. If they are legit, they can tell you their name and extension and you can verify that is even real when you personally call the bank.
I did this once, it was legitimate but he refused to tell me even what department he called from. I said i wasn’t going to give personal into to an incoming call and i wasn’t calling back unless i knew why. He ended up mailing me a letter instead.
I almost got scammed a few years ago by being called about fraudulent activity the day after i reported fraudulent activities, in hindsight I think they just got lucky with timing, but I take no chances now.
Ever noticed how decades ago if someone defeated a bank’s security we called it bank robbery, but now it’s called identity theft and we get blamed for it.