Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

Suspected scam this time re (Transfer)Wise

Seek assistance with all types of tech. - computer, phone, TV, heating controls etc.
richfool
Lemon Quarter
Posts: 3492
Joined: November 19th, 2016, 2:02 pm
Has thanked: 1195 times
Been thanked: 1280 times

Suspected scam this time re (Transfer)Wise

#498329

Postby richfool » May 4th, 2022, 9:07 am

I had 2 emails overnight, (into my junk mail folder) purporting to be from Wise (formerly Transferwise), saying that they carry out constant reviews of customer information and documentation and they had just reviewed mine and that all my documentation was in order. However they needed me to confirm my telephone number. Would I please log in (button below) and confirm my relevant telephone number.

The email looked genuine, but.......

1. It was sent to an old email address that I use for magazine subscriptions or when buying things online, whereas I use a newer email address with TransferWise.
2. It didn't show my name, just "Dear ...."
3. I received 2 identical emails, both during the the night.
4. I recently used TransferWise, from my smartphone, so they do know my telephone number and at that time they confirmed my transaction to the correct email address.

So I concluded it was a scam attempt and referred the emails as "phishing".

In any event, (if I had believed it) I would not have used the log in button on the suspect email. I would have contacted Wise separately by another route, probably via my laptop.

Just thought I would highlight this, in case others receive the same email.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Suspected scam this time re (Transfer)Wise

#498343

Postby Infrasonic » May 4th, 2022, 10:08 am

There's loads of phishing spam around currently purporting to be from major corporations.
On a daily basis I get Facebook, Paypal, Twitter + other social media, major banks and credit card companies et al to one old email account that has been involved in several address leaks.

The easiest way to check if it is genuine is to look at the message source headers.

Here's the relevant bits from a recurring spoofed Facebook phishing email.


...Authentication-Results: spf=none (sender IP is 194.150.214.104)
smtp.mailfrom=sitmulph.sintheolding.club; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=;
Received-SPF: None (protection.outlook.com: sitmulph.sintheolding.club does
not designate permitted sender hosts)


Spam filter scores.
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Antispam: BCL:0;


The real sent from email addresses will change as the old addresses get blocklisted.

One thing you have to be careful of these days is many spammers are using free email addresses like Gmail to send spam as they they then have a fully authenticated chain - which means emails can get through to your inbox if you don't run it on an exclusive contacts only basis as the SPF/DKIM and DMARC will all pass, and the major email providers work hard to keep their SMTP IP addresses off the grey/blocklists or just rotate them from their large allocation blocks.

If the spammers are clever with the wording and formatting they can score low on the spam filters too.

CliffEdge
Lemon Quarter
Posts: 1554
Joined: July 25th, 2018, 9:56 am
Has thanked: 452 times
Been thanked: 434 times

Re: Suspected scam this time re (Transfer)Wise

#498377

Postby CliffEdge » May 4th, 2022, 11:12 am

Received one supposedly from Microsoft support stating unusual login to my account, unusual login supposedly in India

Came from a Gmail account

Very convincing and alarming on first look

Have to pinch myself sometimes not to click on any links

pje16
Lemon Half
Posts: 6050
Joined: May 30th, 2021, 6:01 pm
Has thanked: 1843 times
Been thanked: 2066 times

Re: Suspected scam this time re (Transfer)Wise

#498379

Postby pje16 » May 4th, 2022, 11:18 am

Good warnings guys
It's good to be reminded you can never be too careful :roll:

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Suspected scam this time re (Transfer)Wise

#498387

Postby Infrasonic » May 4th, 2022, 11:49 am

It's been mentioned plenty of times before but the easiest way to put your mind at rest with these 'alert' style phishing emails that claim your account has been compromised is to use 2FA log in with a phone authenticator app. I use the Microsoft one and the Google authenticator app. There are other options from smaller third parties if you want to avoid the big players for perceived privacy reasons. It's transparent most of the time these days - you don't have to keep authorising things unless it's from an unwhitelisted device or potentially dodgy IP address.

That way any attempted log from an unwhitelisted device will alert you via the phone app and/or email.

If you keep an email address (or alias) exclusively for genuine security alerts that isn't used for account sign up to online services etc. then there's less likelihood of it leaking onto spammers lists via database hacks and becoming a target for spoofed alert emails.

richfool
Lemon Quarter
Posts: 3492
Joined: November 19th, 2016, 2:02 pm
Has thanked: 1195 times
Been thanked: 1280 times

Re: Suspected scam this time re (Transfer)Wise

#498394

Postby richfool » May 4th, 2022, 12:02 pm

Infrasonic wrote:It's been mentioned plenty of times before but the easiest way to put your mind at rest with these 'alert' style phishing emails that claim your account has been compromised is to use 2FA log in with a phone authenticator app. I use the Microsoft one and the Google authenticator app. There are other options from smaller third parties if you want to avoid the big players for perceived privacy reasons. It's transparent most of the time these days - you don't have to keep authorising things unless it's from an unwhitelisted device or potentially dodgy IP address.

That way any attempted log from an unwhitelisted device will alert you via the phone app and/or email.

If you keep an email address (or alias) exclusively for genuine security alerts that isn't used for account sign up to online services etc. then there's less likelihood of it leaking onto spammers lists via database hacks and becoming a target for spoofed alert emails.

For those who, like me, didn't know what was meant by a 2FA log in, I've posted a link and some information below. (It means a 2 Factor Authentication). Noted, now that I know what is meant, many financial organisations do use that system, or ones that I use do. I'm not sure if Infrasonic is suggesting one can somehow build in an extra tier of verification if the financial organisation doesn't use one.

I note also that some financial organisations (e.g. Wise) use my smartphone as part of the verification process and that in turn requires my fingerprint to verify me. Though, an afterthought, isn't there an increased risk if one loses one's phone or has it stolen?

https://www.merchantfraudjournal.com/tw ... tion-work/

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Suspected scam this time re (Transfer)Wise

#498430

Postby Infrasonic » May 4th, 2022, 1:33 pm

richfool wrote:
...I note also that some financial organisations (e.g. Wise) use my smartphone as part of the verification process and that in turn requires my fingerprint to verify me. Though, an afterthought, isn't there an increased risk if one loses one's phone or has it stolen?

https://www.merchantfraudjournal.com/tw ... tion-work/


Not a bad guide although it is American so the advice to get a Google number to use in place of a real phone number 'officially' won't work in the UK as they don't offer that service here. (There is a 'workaround' if you are prepared to use a VPN and proxy in via a US server to set the account up...).

Fingerprints.

You don't even have to have your phone stolen - washing your hands frequently can make your prints unreadable and effectively lock you out.
It happened to me when I had decorators in - had to wait a day, get in with a fingerprint and then change the phone unlock and apps to code use where possible. Changed back after the decorators left...
I've got two mobiles/numbers on two networks registered with most services and the MS authenticator app is on my main mobile and my Chromebook laptop as an Android app (no fingerprint needed). Both work.

JessUK98
Lemon Slice
Posts: 305
Joined: November 4th, 2016, 9:10 am
Has thanked: 87 times
Been thanked: 83 times

Re: Suspected scam this time re (Transfer)Wise

#498622

Postby JessUK98 » May 5th, 2022, 11:46 am

I had a spam text message from “Wise” funnily enough last night telling me that they’d stopped a large transfer from my account and a link to click. I blocked it. I don’t have a Wise account and don’t freely give out my mobile number so I presume they just bulk text a load of numbers and hope for the best.

I have the MS authenticator app (or get a code emailed/text to me for those sites that don’t offer 2FA though an authenticator app) and have recently started using the “Hide my Email” feature on my iPhone (that’s a paid for feature of iCloud+ though - I get it from purchasing extra cloud storage).

I think the best thing to do if you genuinely think it’s real, is to go yourself direct to the organisations website (or call from a number they have given you in official communication previously), and NOT through any links from text messages or emails.

stevensfo
Lemon Quarter
Posts: 3438
Joined: November 5th, 2016, 8:43 am
Has thanked: 3809 times
Been thanked: 1398 times

Re: Suspected scam this time re (Transfer)Wise

#498682

Postby stevensfo » May 5th, 2022, 3:50 pm

JessUK98 wrote:I had a spam text message from “Wise” funnily enough last night telling me that they’d stopped a large transfer from my account and a link to click. I blocked it. I don’t have a Wise account and don’t freely give out my mobile number so I presume they just bulk text a load of numbers and hope for the best.

I have the MS authenticator app (or get a code emailed/text to me for those sites that don’t offer 2FA though an authenticator app) and have recently started using the “Hide my Email” feature on my iPhone (that’s a paid for feature of iCloud+ though - I get it from purchasing extra cloud storage).

I think the best thing to do if you genuinely think it’s real, is to go yourself direct to the organisations website (or call from a number they have given you in official communication previously), and NOT through any links from text messages or emails.


Yes, this is really sad. I've used Transferwise for years, but since their IPO, they've become like Revolut. i.e. they freeze your account at random!! You then have to send them a photo of your passport and hope that it's good enough, despite the fact that you already sent it years before.

Wise, who were regarded as the best fintech EMI on the planet, have now set their limit at 3000 euros/pounds, above which you have to pay 0.9% interest.

Do your own due diligence, AML, KYB etc. The minimum amount in each!

Steve

richfool
Lemon Quarter
Posts: 3492
Joined: November 19th, 2016, 2:02 pm
Has thanked: 1195 times
Been thanked: 1280 times

Re: Another scam

#499764

Postby richfool » May 11th, 2022, 9:07 am

Another scam doing the rounds, which I have received twice, is purporting to be from the NHS and suggesting that I have been in contact with someone who has tested covid positive and asking me to order a test kit through the NHS.

Unsuspecting and vulnerable victims have lost thousands of pounds after changes to Covid testing rules triggered a surge in scammers impersonating the NHS.

Free testing was phased out last month and most people must now pay for lateral flow tests – including carers of sick family members, who have been advised to continue testing at least twice a week.

Criminals have exploited the change and phished for bank details to steal huge sums of money. High street bank Santander has received almost 300 reports of NHS testing scams this year with victims losing more than £5,800 each on average.

Scammers send text messages asking victims to order a test and pay a small delivery fee but then use the details to pretend to be from the victim's bank. They then convince them they are being scammed and must move their savings into a "safe account".

https://www.telegraph.co.uk/money/consu ... ds-pounds/

Incidentally, I've had the (Transfer(Wise) email three times now, (asking me to confirm my phone number), each time on the (wrong) email address, - the one that isn't used on my Wise account.

pje16
Lemon Half
Posts: 6050
Joined: May 30th, 2021, 6:01 pm
Has thanked: 1843 times
Been thanked: 2066 times

Re: Another scam

#499765

Postby pje16 » May 11th, 2022, 9:09 am

richfool wrote:Incidentally, I've had the (Transfer(Wise) email three times now, (asking me to confirm my phone number), each time on the (wrong) email address, - the one that isn't used on my Wise account.

Guess computer says "No" :lol:

XFool
The full Lemon
Posts: 12636
Joined: November 8th, 2016, 7:21 pm
Been thanked: 2608 times

Re: Suspected scam this time re (Transfer)Wise

#499770

Postby XFool » May 11th, 2022, 9:29 am

richfool wrote:For those who, like me, didn't know what was meant by a 2FA log in, I've posted a link and some information below. (It means a 2 Factor Authentication). Noted, now that I know what is meant, many financial organisations do use that system, or ones that I use do. I'm not sure if Infrasonic is suggesting one can somehow build in an extra tier of verification if the financial organisation doesn't use one.

https://www.merchantfraudjournal.com/tw ... tion-work/

Just to point out that that explanation of 2FA login makes no mention of card readers, a method using the already well established Chip & Pin system.

My only knowledge of Wise came about after some cash was transferred from my credit card to an unknown Wise account.

richfool
Lemon Quarter
Posts: 3492
Joined: November 19th, 2016, 2:02 pm
Has thanked: 1195 times
Been thanked: 1280 times

Re: Suspected scam this time re (Transfer)Wise

#509431

Postby richfool » June 24th, 2022, 10:49 pm

Re: 2FA security checks, - Can someone explain to me how the 2FA type security checks will work when one is overseas and uses his credit card to pay for a flight or service? (See below).

(We have just booked some flights from the UK and paid for them using our credit cards, the airline generated a code to be sent to our smart phones, which appeared to come from the card provider, and which when we keyed in, authorised the transaction.

So what will happen when we are on the far side of the world and have taken our UK SIM's out of our phones and put in a local SIM from that country, and we then book a flight or pay for something, as the card provider won't be able to send us any security codes, or rather we won't receive any they send.

Julian
Lemon Quarter
Posts: 1385
Joined: November 4th, 2016, 9:58 am
Has thanked: 532 times
Been thanked: 676 times

Re: Suspected scam this time re (Transfer)Wise

#509440

Postby Julian » June 24th, 2022, 11:13 pm

richfool wrote:Re: 2FA security checks, - Can someone explain to me how the 2FA type security checks will work when one is overseas and uses his credit card to pay for a flight or service? (See below).

(We have just booked some flights from the UK and paid for them using our credit cards, the airline generated a code to be sent to our smart phones, which appeared to come from the card provider, and which when we keyed in, authorised the transaction.

So what will happen when we are on the far side of the world and have taken our UK SIM's out of our phones and put in a local SIM from that country, and we then book a flight or pay for something, as the card provider won't be able to send us any security codes, or rather we won't receive any they send.

Yup, it’s a nightmare. I spend about 7 months of my time in the UK each year and the other 5 months at my holiday home in South Africa where I have a local SIM card. The answer I am afraid is that if the supplier really does only support sending the 2FA code to a mobile(*) is to swap back to your UK SIM card just before doing the transaction and once the transaction is complete (I.e. you got the code and have confirmed that it was accepted) swap back to the local non-UK SIM card. It is highly advisable to turn off mobile roaming before doing the swap to the UK SIM so that your phone doesn’t pull down any data when the UK SIM is in and if you are on PAYG you also need to make sure that your UK SIM has credit to forward the SMS message that will be sent to the UK number. There have been days when I have been at my holiday home and working on financial matters when I have probably done at least 5 swaps between my UK and South African SIM in a single afternoon. It is a total pain. I really do wish that more organisations would offer the option to use a Google Authenticator compatible 2FA code generator. HMRC for instance used to only use send-to-mobile but now I can use my code generator for them (and for my GMail and quite a few other services that I use) which is a huge improvement in convenience.

One other option might be to get a virtual UK mobile number from someone like Zadarma (https://Zadarma.com/en/) that can be set up to email incoming SMS messages to your email account assuming you have email access when abroad. That is an extra cost (about £3 a month) and since the number then becomes the bank (or whatever organisation’s) contact number on record for you so depending how you set it up might be less convenient for contacting the bank since I have my virtual number set up to forward all incoming calls and texts to my “real” mobile number which is why I haven’t switched all of my banking contact numbers to it because I would run up forwarding charges for any incoming calls. (I don’t want to run a VOIP client on my mobile because I am concerned about what impact that might have on my battery.)

- Julian

(*) Some sites offer the option of emailing the code or using a compatible 2FA code generator e.g. Google Authenticator but my experience is that most do only offer the send-to-mobile option.

richfool
Lemon Quarter
Posts: 3492
Joined: November 19th, 2016, 2:02 pm
Has thanked: 1195 times
Been thanked: 1280 times

Re: Suspected scam this time re (Transfer)Wise

#509443

Postby richfool » June 24th, 2022, 11:31 pm

Julian wrote:
richfool wrote:Re: 2FA security checks, - Can someone explain to me how the 2FA type security checks will work when one is overseas and uses his credit card to pay for a flight or service? (See below).

(We have just booked some flights from the UK and paid for them using our credit cards, the airline generated a code to be sent to our smart phones, which appeared to come from the card provider, and which when we keyed in, authorised the transaction.

So what will happen when we are on the far side of the world and have taken our UK SIM's out of our phones and put in a local SIM from that country, and we then book a flight or pay for something, as the card provider won't be able to send us any security codes, or rather we won't receive any they send.

Yup, it’s a nightmare. I spend about 7 months of my time in the UK each year and the other 5 months at my holiday home in South Africa where I have a local SIM card. The answer I am afraid is that if the supplier really does only support sending the 2FA code to a mobile(*) is to swap back to your UK SIM card just before doing the transaction and once the transaction is complete (I.e. you got the code and have confirmed that it was accepted) swap back to the local non-UK SIM card. It is highly advisable to turn off mobile roaming before doing the swap to the UK SIM so that your phone doesn’t pull down any data when the UK SIM is in and if you are on PAYG you also need to make sure that your UK SIM has credit to forward the SMS message that will be sent to the UK number. There have been days when I have been at my holiday home and working on financial matters when I have probably done at least 5 swaps between my UK and South African SIM in a single afternoon. It is a total pain. I really do wish that more organisations would offer the option to use a Google Authenticator compatible 2FA code generator. HMRC for instance used to only use send-to-mobile but now I can use my code generator for them (and for my GMail and quite a few other services that I use) which is a huge improvement in convenience.

One other option might be to get a virtual UK mobile number from someone like Zadarma (https://Zadarma.com/en/) that can be set up to email incoming SMS messages to your email account assuming you have email access when abroad. That is an extra cost (about £3 a month) and since the number then becomes the bank (or whatever organisation’s) contact number on record for you so depending how you set it up might be less convenient for contacting the bank since I have my virtual number set up to forward all incoming calls and texts to my “real” mobile number which is why I haven’t switched all of my banking contact numbers to it because I would run up forwarding charges for any incoming calls. (I don’t want to run a VOIP client on my mobile because I am concerned about what impact that might have on my battery.)

- Julian

(*) Some sites offer the option of emailing the code or using a compatible 2FA code generator e.g. Google Authenticator but my experience is that most do only offer the send-to-mobile option.


Thank you for your reply, Julian. Hmmm, yes, not very easy to overcome. Some phones can hold 2 SIMS, but either way, I am reluctant to keep or put my UK SIM in my phone when overseas, - the Far East, - not Europe, as once before, upon arriving in Bangkok, O2 kept sending me text messages about roaming at a cost of £7.50 per day, and I wasn't sure whether they would apply that automatically or whether I had to authorise it in some way, or whether, as you made reference to, it is possible to turn roaming off. If they use one's email address would be useful, but I don't think they do. 2FA code generators sound a bit complicated to us.

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Suspected scam this time re (Transfer)Wise

#509451

Postby mc2fool » June 25th, 2022, 12:43 am

richfool wrote:Re: 2FA security checks, - Can someone explain to me how the 2FA type security checks will work when one is overseas and uses his credit card to pay for a flight or service? (See below).

(We have just booked some flights from the UK and paid for them using our credit cards, the airline generated a code to be sent to our smart phones, which appeared to come from the card provider, and which when we keyed in, authorised the transaction.

So what will happen when we are on the far side of the world and have taken our UK SIM's out of our phones and put in a local SIM from that country, and we then book a flight or pay for something, as the card provider won't be able to send us any security codes, or rather we won't receive any they send.

It's not the airline that generates or sends the code, it is the card company (Visa, Mastercard) as instructed (automatically) by your card provider (bank etc), and the sort you are talking about aren't sent to smart phones, they're sent to dumb ones too. :D Boring ol' SMS...

There are, AFAIAA, four possible solutions to the dilemma, not all of which will necessarily work and some of which may be a faff anyway:

a) some card providers have apps for your smart (but not dumb!) phone that handle the 2FA instead of using codes sent by SMS and allow you to authorise the transaction irrespective of your SIM, as long as you have an internet connection (be it by WiFi or 2/3/4G).

b) logging into your account and changing your mobile number to your non-UK one at the start of your trip (may not be possible)

c) a virtual UK mobile number, as per Juiian's suggestion

d) the SIM card shuffle, ibid

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Suspected scam this time re (Transfer)Wise

#509470

Postby Infrasonic » June 25th, 2022, 8:39 am

richfool wrote:
Thank you for your reply, Julian. Hmmm, yes, not very easy to overcome. Some phones can hold 2 SIMS, but either way, I am reluctant to keep or put my UK SIM in my phone when overseas, - the Far East, - not Europe, as once before, upon arriving in Bangkok, O2 kept sending me text messages about roaming at a cost of £7.50 per day, and I wasn't sure whether they would apply that automatically or whether I had to authorise it in some way, or whether, as you made reference to, it is possible to turn roaming off. If they use one's email address would be useful, but I don't think they do. 2FA code generators sound a bit complicated to us.


I've read on Thai forums that expats/holidayers are using their UK smartphones to pay in Thailand now, so presumably Apple/Google pay type apps. Apple pay doesn't need an internet connection to work, not so sure about Google.
Explainer here of how exactly Apple Pay works 'under the hood'...https://codeburst.io/how-does-apple-pay ... 2f7d9348b7

Apparently the Thai 7-11's don't accept the major credit/debit cards, so maybe investigate what local merchant options are available with the Apple/Google style solutions to reduce that scenario occurring in the Thai shops.

If a regular visitor investigate getting a Thai bank account - look for Thai banks that have a UK presence and approach them. It can be done.

A lot of expats make use of local law firm help packages to 'smooth' the progress of bureaucratic processes like visa renewals, local drivers licenses, bank accounts et al. Seems the rejection rate over the missed dot or cross on the t goes down significantly that way and it's all done in a matter of days rather than dragging on for weeks. ;)

richfool
Lemon Quarter
Posts: 3492
Joined: November 19th, 2016, 2:02 pm
Has thanked: 1195 times
Been thanked: 1280 times

Re: Suspected scam this time re (Transfer)Wise

#509501

Postby richfool » June 25th, 2022, 10:27 am

Yes, I am being told that some banks/providers do operate different procedures. E.g. daughter seems to think that HSBC ask her to open her banking app and verify the transaction that way (she has a debit card).

I also understand that one can use one's TransferWise card to pay for things. They seem to verify transfers through the App, so perhaps they would do likewise with payment transactions.

Last time I was in Thailand, I noted they were changing their cards to a more enhanced security chip, which amongst other things required a 6 digit PIN. I am aware that one can pay using Thai bank cards, but they don't open bank accounts for tourists nowadays.

I have never set up Google pay on my smartphone, preferring not to let them have any of my card details, in case I, or they, inadvertently charge me for something. I just "skip" the "set up card detail" options, if/when it wants to take me down that road.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Suspected scam this time re (Transfer)Wise

#509513

Postby Infrasonic » June 25th, 2022, 11:08 am

richfool wrote:... I am aware that one can pay using Thai bank cards, but they don't open bank accounts for tourists nowadays.



https://thethaiger.com/finance/bank-acc ... -thailand/

Can You Open a Bank With a Tourist Visa?

Yes, it is possible to open a Thai bank account with only a tourist visa. Most banks that let you open an account with only a tourist visa are usually located in tourist areas.

In Bangkok, you might want to go to banks located in Siam, Silom, and Sukhumvit areas. In Chiang Mai, try to go to Promenada, Central Festival, Nimmanhaemin, and the old town area.


Which Bank Should You Pick?
Bangkok Bank and Kasikorn Bank are known to be easier to work with. They are also known to be more lenient with foreigners than most other banks in Thailand. However, these two are not the only options you can consider.


I know a few Thailand regulars who recommend Kasikorn.

Bangkok bank has a UK presence...https://www.bangkokbank.com/en/Internat ... ss-Banking
Last edited by Infrasonic on June 25th, 2022, 11:16 am, edited 3 times in total.

stevensfo
Lemon Quarter
Posts: 3438
Joined: November 5th, 2016, 8:43 am
Has thanked: 3809 times
Been thanked: 1398 times

Re: Suspected scam this time re (Transfer)Wise

#509514

Postby stevensfo » June 25th, 2022, 11:08 am

Julian wrote:
richfool wrote:Re: 2FA security checks, - Can someone explain to me how the 2FA type security checks will work when one is overseas and uses his credit card to pay for a flight or service? (See below).

(We have just booked some flights from the UK and paid for them using our credit cards, the airline generated a code to be sent to our smart phones, which appeared to come from the card provider, and which when we keyed in, authorised the transaction.

So what will happen when we are on the far side of the world and have taken our UK SIM's out of our phones and put in a local SIM from that country, and we then book a flight or pay for something, as the card provider won't be able to send us any security codes, or rather we won't receive any they send.

Yup, it’s a nightmare. I spend about 7 months of my time in the UK each year and the other 5 months at my holiday home in South Africa where I have a local SIM card. The answer I am afraid is that if the supplier really does only support sending the 2FA code to a mobile(*) is to swap back to your UK SIM card just before doing the transaction and once the transaction is complete (I.e. you got the code and have confirmed that it was accepted) swap back to the local non-UK SIM card. It is highly advisable to turn off mobile roaming before doing the swap to the UK SIM so that your phone doesn’t pull down any data when the UK SIM is in and if you are on PAYG you also need to make sure that your UK SIM has credit to forward the SMS message that will be sent to the UK number. There have been days when I have been at my holiday home and working on financial matters when I have probably done at least 5 swaps between my UK and South African SIM in a single afternoon. It is a total pain. I really do wish that more organisations would offer the option to use a Google Authenticator compatible 2FA code generator. HMRC for instance used to only use send-to-mobile but now I can use my code generator for them (and for my GMail and quite a few other services that I use) which is a huge improvement in convenience.

One other option might be to get a virtual UK mobile number from someone like Zadarma (https://Zadarma.com/en/) that can be set up to email incoming SMS messages to your email account assuming you have email access when abroad. That is an extra cost (about £3 a month) and since the number then becomes the bank (or whatever organisation’s) contact number on record for you so depending how you set it up might be less convenient for contacting the bank since I have my virtual number set up to forward all incoming calls and texts to my “real” mobile number which is why I haven’t switched all of my banking contact numbers to it because I would run up forwarding charges for any incoming calls. (I don’t want to run a VOIP client on my mobile because I am concerned about what impact that might have on my battery.)

- Julian

(*) Some sites offer the option of emailing the code or using a compatible 2FA code generator e.g. Google Authenticator but my experience is that most do only offer the send-to-mobile option.



Hi Julian,

Would it not be easier just to have two phones? I'm in a similar situation to you and have many times been using an app on one phone and receiving the 2FA on the other.

Steve


Return to “Technology - Computers, TV, Phones etc.”

Who is online

Users browsing this forum: No registered users and 11 guests