So a Skunkworks mailing list user posted this (possibly new) way of mobile banking scam. He happens to be a Co-op bank account holder, so whether this vulnerability is limited to Co-op bank or can also apply to others. Here’s the thing, mobile banking via USSD is expected to be one of the most fool-proof methods, since it is not expected to work without involving your actual mobile phone. This person reports that there were attempts to use his shared fake PIN to probably make transfers off his account.
Forget the part where he actually did give away his PIN to a stranger, (no-one else is supposed to have it, whether old or new PIN, not even your banker) the fact that there were attempts at his account without involving his phone is quite worrying. What could be happening?
I recently got a call from someone claiming to be from Co-op Bank. He told be some bullshit about having upgraded their system and asked if I had received my new PIN number, I said no and he asked me for my old (current) PIN. I smelled a rat and gave him a fake one (1234). Hours later I tried the service (*667#) only to find myself blocked, on contacting the bank, they said that there had been numerous failed attempts hence the blocking.
Question is, I thought the M-Banking system is connected to my number, have those crooks cloned it? Is it an inside job? FYI, I got a similar call today but I took him on a wild goose chase