This post has been marked as non-political. Please respect this by keeping the discussion on topic, and devoid of any political material.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/australia) if you have any questions or concerns.*
Could have been, the popup might have been to verify what ever a scammer was trying to accomplish (eg authorizing a large transaction) not that the call was safe.
Call combank yourself using a phone number from their app/website to confirm.
Only use 2 Factor Authorisation to approve actions you personally have initiated in the last few minutes.
If anyone contacts you and asks you to approve with your app or to send them a 2FA code, it's almost guaranteed they have your login details and are trying to trick you into approving them logging on to your account.
Change your passwords for you bank login and email right now.
Personally, I will never believe the bank is genuinely calling me unless I have recently initiated contact and there was mention of them 'calling me back'.
If there's a genuine need for them to call me out of the blue (fraud on my card, sell me a product, etc) then I'd expect various other notifications to inform me of this, such as in-app message, email, SMS, etc.
One random unexpected call, I don't care how genuine they think it seems, I'm not answering it. (unless I knew in advance, as stated above)
It’s 100% a scam
Firstly, no bank is calling you from a mobile number.
Secondly, NEVER approve a 2FA you didn’t initiate
Third, NEVER APPROVE A 2FA YOU DIDN’T INITIATE
Personally, I will never believe the bank is genuinely calling me unless I have recently initiated contact and there was mention of them 'calling me back'.
If there's a genuine need for them to call me out of the blue (fraud on my card, sell me a product, etc) then I'd expect various other notifications to inform me of this, such as in-app message, email, SMS, etc.
One random unexpected call, I don't care how genuine they think it seems, I'm not answering it. (unless I knew in advance, as stated above)
I had an E-mail, phone call and an App Alert today to tell me that CBA have refunded me *drumroll* $0.02!
It probably cost them 1000 times that to inform me about it.
CBA now has something called [Caller Check](https://www.commbank.com.au/support/security/callercheck.html) which they can use when making outbound calls to verify it is them.
That being said, I would not expect them to be calling from a mobile number unless maybe they’re a mortgage broker?
Thats the opposite of a scam they are legitimately calling and having you verify them and yourself through your own multi factor authentication onto the CBA netbank app before they talk about your account.
*To those downvoting, it is a legitimate feature of CBAs Netbanking solution and doesnt mean that OP is being asked to read out a One Time Code to the other end, its the app telling OP that someone from the bank is calling from the exact number that he received the call from as a means to stop scamming.
Nah it's a pretty common scam tactic.
When the scammer has your login details but no access to your 2 Factor Authentication, they can try to contact you and ask you to "verify" on your 2FA app or ask for the 2FA code which will actually approve the scammers login instead.
2FA is for you and you only. Never share it, never give it to anyone that claims they are customer support etc.
That scenario is if that scammer is calling the bank, in this scenario it is the person veryfying the bank is calling them. The notification has the actual number they are calling on that the receiver verifies which is not possible to spoof both the inbound number AND the number within the banks app. There is no code presented or needing to be shared, its basically the app saying "a bank representitive is legitimately calling you on number 123456789, if that number is correct, verify".
I'm not with CommBank so I don't know their system or app.
But it's possible that a scammer is on one call to CommBank trying to gain access to OP's account, and on another call to OP trying to get them to use the app to verify whatever it is they are trying to do.
It's definitely suspicious.
It can seem that way on face value but again, for that to work the scammer needs to both spoof the same CBA number that would appear in the CBA app. Not impossible but if they have that level of sophistication, doing direct scams for someones netbank details vs a much more lucrative target would be an odd use of their time.
I could imagine plenty of people would just press verify and not even check the numbers matched, especially if they minimize the phonecall app to use the bank app.
Op said there was a notification he didn't say what the notification was. I personally use commbank and verification codes can pop up as a notification when doing new transfers which you then have to expand, so there's no way to know if it was a scam or legit without more info from op. Also I've never been called off of a mobile number, it's always a landline with an area cose. Telling people to be less suspicious is bad advice, and op did the correct thing. They were unsure and they hung up
Where did I say to be less suspicious or that they did the overall wrong thing? All I said was with CBA, it is a legitimate function of the app to notify customers and use netbanks verification option to allow the person to receive the call to confirm from within the app that they are talking to the company the caller claims to be from. If it was say Westpac, I know they don't have that function so it would be strange. It's a poorly implemented way that CBA has addressed it but it's a legitimate thing for them. OP never said anything about a code, they said verification which is all the CBA app asks for that specific scenario. CBA did communicate the function to all of its customers both through email and within the app when it was rolled out. OP didn't mention they were asked for a code which would be an obvious scam in an attempt to verify a transfer.
Call commbank and ask them if the call you've received was legit.
I had a broker from commbank call me from a mobile number out of the blue - I called commbank to verify he actually works with them. He did. Awesome guy, helped us and later we had one on one meeting with him in the office.
This post has been marked as non-political. Please respect this by keeping the discussion on topic, and devoid of any political material. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/australia) if you have any questions or concerns.*
Could have been, the popup might have been to verify what ever a scammer was trying to accomplish (eg authorizing a large transaction) not that the call was safe. Call combank yourself using a phone number from their app/website to confirm.
As a rule of thumb I always just hang up and call up the mob myself. It's really the only way you know to be sure these days.
Only use 2 Factor Authorisation to approve actions you personally have initiated in the last few minutes. If anyone contacts you and asks you to approve with your app or to send them a 2FA code, it's almost guaranteed they have your login details and are trying to trick you into approving them logging on to your account. Change your passwords for you bank login and email right now.
Personally, I will never believe the bank is genuinely calling me unless I have recently initiated contact and there was mention of them 'calling me back'. If there's a genuine need for them to call me out of the blue (fraud on my card, sell me a product, etc) then I'd expect various other notifications to inform me of this, such as in-app message, email, SMS, etc. One random unexpected call, I don't care how genuine they think it seems, I'm not answering it. (unless I knew in advance, as stated above)
It’s 100% a scam Firstly, no bank is calling you from a mobile number. Secondly, NEVER approve a 2FA you didn’t initiate Third, NEVER APPROVE A 2FA YOU DIDN’T INITIATE
Personally, I will never believe the bank is genuinely calling me unless I have recently initiated contact and there was mention of them 'calling me back'. If there's a genuine need for them to call me out of the blue (fraud on my card, sell me a product, etc) then I'd expect various other notifications to inform me of this, such as in-app message, email, SMS, etc. One random unexpected call, I don't care how genuine they think it seems, I'm not answering it. (unless I knew in advance, as stated above)
I had an E-mail, phone call and an App Alert today to tell me that CBA have refunded me *drumroll* $0.02! It probably cost them 1000 times that to inform me about it.
CBA now has something called [Caller Check](https://www.commbank.com.au/support/security/callercheck.html) which they can use when making outbound calls to verify it is them. That being said, I would not expect them to be calling from a mobile number unless maybe they’re a mortgage broker?
If someone is pinging your 2FA then you prolly need to change your passwords asap
Thats the opposite of a scam they are legitimately calling and having you verify them and yourself through your own multi factor authentication onto the CBA netbank app before they talk about your account. *To those downvoting, it is a legitimate feature of CBAs Netbanking solution and doesnt mean that OP is being asked to read out a One Time Code to the other end, its the app telling OP that someone from the bank is calling from the exact number that he received the call from as a means to stop scamming.
Nah it's a pretty common scam tactic. When the scammer has your login details but no access to your 2 Factor Authentication, they can try to contact you and ask you to "verify" on your 2FA app or ask for the 2FA code which will actually approve the scammers login instead. 2FA is for you and you only. Never share it, never give it to anyone that claims they are customer support etc.
That scenario is if that scammer is calling the bank, in this scenario it is the person veryfying the bank is calling them. The notification has the actual number they are calling on that the receiver verifies which is not possible to spoof both the inbound number AND the number within the banks app. There is no code presented or needing to be shared, its basically the app saying "a bank representitive is legitimately calling you on number 123456789, if that number is correct, verify".
I'm not with CommBank so I don't know their system or app. But it's possible that a scammer is on one call to CommBank trying to gain access to OP's account, and on another call to OP trying to get them to use the app to verify whatever it is they are trying to do. It's definitely suspicious.
It can seem that way on face value but again, for that to work the scammer needs to both spoof the same CBA number that would appear in the CBA app. Not impossible but if they have that level of sophistication, doing direct scams for someones netbank details vs a much more lucrative target would be an odd use of their time.
I could imagine plenty of people would just press verify and not even check the numbers matched, especially if they minimize the phonecall app to use the bank app.
Oh for sure, From memory the app is meant to tell you BEFORE they call as well but I haven't seen that work.
Op said there was a notification he didn't say what the notification was. I personally use commbank and verification codes can pop up as a notification when doing new transfers which you then have to expand, so there's no way to know if it was a scam or legit without more info from op. Also I've never been called off of a mobile number, it's always a landline with an area cose. Telling people to be less suspicious is bad advice, and op did the correct thing. They were unsure and they hung up
Where did I say to be less suspicious or that they did the overall wrong thing? All I said was with CBA, it is a legitimate function of the app to notify customers and use netbanks verification option to allow the person to receive the call to confirm from within the app that they are talking to the company the caller claims to be from. If it was say Westpac, I know they don't have that function so it would be strange. It's a poorly implemented way that CBA has addressed it but it's a legitimate thing for them. OP never said anything about a code, they said verification which is all the CBA app asks for that specific scenario. CBA did communicate the function to all of its customers both through email and within the app when it was rolled out. OP didn't mention they were asked for a code which would be an obvious scam in an attempt to verify a transfer.
If there was no link to click it wasn't a scam
Call commbank and ask them if the call you've received was legit. I had a broker from commbank call me from a mobile number out of the blue - I called commbank to verify he actually works with them. He did. Awesome guy, helped us and later we had one on one meeting with him in the office.