This is good advice, despite it being a pain sometimes! I once got a voicemail from the fraud department at my bank, with a number to call back. I googled the number and all that came up were stories about being scammed. So I was 95% sure it was a scam, but called my bank directly just in case. The person who answered assured me they hadn't contacted me, and it was indeed a scam. I later got a follow-up voicemail from the "fraud department", from the same supposed scam number, which I ignored.
Then, the next time I went to use my card, it was blocked. I called the bank again and spoke to someone new, who informed me that the original calls had been legitimate - they had the same reference number and everything - and the card had been blocked due to lack of response!
Obviously a false positive on the scam detector is less of a problem than a false negative, but was still pretty incredible. No idea what was with all the people talking about being scammed from that number online; I can only assume that they (like the first rep) assumed it was a scam, since if the bank needs to call you, they should tell you to call back using the number on your card, not some random number they give you. But apparently that's exactly what they did.
This has a similarity to the original story here, in that the original sounded like: "They behaved a lot like a scammer would, but I also totally expect my real bank to behave like a scammer would".
Many years ago, I have worked in a call centre for a bank and the process for calling customers was exactly what you’d expect from a scammer.
In the standard/credit card section (not, for example, credit card debt collections), it was rare to have to make outbound calls, but when they were needed, no information could be given out until the customer answered security questions. Some customers questioned this because it was exactly what they’d been told never to do. They were told that of course it was right to be cautious, and they could call back, but that they would need to wait in the queue and likely speak to a different person. This was all before they could even be told what they were being called about.
Perhaps half the people questioned the process upon receiving the call (“you called me, and you want ME to prove who I am?”, but very few hung up and called back.
From memory, this was mostly improved later on - no security questions needed unless some sort of action needed to be taken on the account.
This happened to me with Bank of America’s fraud department. I had a charge that tripped the fraud detector on a relatively new card. I don’t recall the sequence of events, but I believe I was prompted to request a callback from the fraud department. When they called back I had to answer a bunch of PII questions, and then they pushed a 2FA code to me and asked me to read it back over the phone. I told him, the 2FA message literally says to never give this number out to anyone, but they insisted it was necessary to continue. I was shocked that the banks fraud department would be so cavalier.
Many banks today have communications preferences options and I've told all of my banks that do to never call me directly. If I receive any sort of legitimate call from them I immediately follow up with a strongly worded letter that they should not have called me and violated their own security policies.
The only thing we can do about "bank behaviors make it easier for scammers" is to change bank behaviors. It's not an easy process, but unfortunately it is a necessary process.
One of the wonders of the world is how much unnecessary data they collect - just because they can demand it - with nary a thought of how much of a liability that is.
Guess it will take a few years of getting slapped for it to filter down.
He is looking for a definite red flag that it's a scammer. This is a terrible strategy and he should know better. One suspicious act and you should hang up and call the number on the back of the card. Really you should just not take calls from the bank ever and call back on the number on the card.
I had something similar. One time I got a phone call from a "Scam Likely" and decided to answer it. And it was an automated message from my bank asking if some purchases in another state were real or fraudulent. At this point I began to second guess if it was a scam or not, but had to assume it still was. I ended up logging into my account and seeing the same fraudulent purchases that it listed over the phone. So I called the number on my card and had it all settled. I found it weird that the original call was a false positive though.
Probably because the phone number is calling about a scam (fradulant charge), and then when they hang up, people report the phone number as a scam because they don't understand the difference.
STIR/SHAKEN has been the law in NA (where the GP) is for a year or two, so it should no longer be easy. It's a problem a lot of countries are tackling.
Some scammers are making fraudulent charges, then calling victims as the bank to “fix” them. Skips over a bunch of red flags because the bank has every reason to be calling.
Then, the next time I went to use my card, it was blocked. I called the bank again and spoke to someone new, who informed me that the original calls had been legitimate - they had the same reference number and everything - and the card had been blocked due to lack of response!
Obviously a false positive on the scam detector is less of a problem than a false negative, but was still pretty incredible. No idea what was with all the people talking about being scammed from that number online; I can only assume that they (like the first rep) assumed it was a scam, since if the bank needs to call you, they should tell you to call back using the number on your card, not some random number they give you. But apparently that's exactly what they did.