The Bank Call Test
A call arrives claiming to be from your bank's fraud team. Work through what they ask you - and decide at each point what to share. Each decision reveals what the attacker gains.
Key rule: Your bank never needs your OTP, full card number, or password over an inbound call.
Caller
"Good morning. I'm Vikram from the State Bank of India Fraud Prevention Unit. We have detected suspicious activity on your account ending in 4821. A transaction of Rs. 47,000 was attempted from Bengaluru 12 minutes ago. To block this transaction, I need to verify your identity."
Question 1 of 4
What the Call Revealed
- Account detail knowledge is not proof. Last four digits and transaction amounts are available from breached databases. It proves the caller has data - not that they are your bank.
- OTPs authorise transactions - they do not block them. Reading an OTP to a caller gives them the authorisation code to move your money.
- The "suspicious transaction" was a distraction. Creating alarm about a fictitious event gets you into a compliant state before the real request arrives.
- Hanging up and calling back breaks the scam. Use the number on the back of your card - not any number the caller provides.
- Report to 1930 if you have already shared any information.