A short list. Anyone asking for any of them is not your bank.
Bank fraud almost always starts with a question that sounds reasonable: "can you verify your security code?", "please confirm the one-time PIN we just sent". The fastest way to spot the scam is to know what your bank physically cannot ask for under their own rules. Memorise the list below; the moment any of these words comes up in a call or text, the conversation is over.
The bank's systems can see your account balance, your transactions, and your settings without ever needing the password. Bank staff cannot see it and have no reason to ask. Anyone asking is not from the bank.
The PIN is yours alone. The bank has no internal way to look it up, and no business reason to need it. Anyone asking — call, text, email, person in a uniform — is committing fraud. End the conversation.
When the bank sends a one-time code, it's for YOU to type into the banking app or website. The bank's own staff will NEVER ask you to read it back to them. If they do, it's because they're logging in as you on the other side of the call.
Banks do not need to install remote-control software (AnyDesk, TeamViewer, Quick Assist) on your computer to fix banking issues. If a caller claiming to be from the bank says "install this small program so I can help", they are setting up the takeover. Hang up.
This is a particularly nasty scam. Caller says "your account is under attack, transfer everything to this temporary safe account while we investigate". The 'safe account' is the criminal's mule. Banks never ask you to move money for safety reasons — they freeze accounts at their end.
Real bank fraud calls let you call them back via the number on your card, specifically because they know real callers might be impersonators. If the caller insists you stay on the line and log in, the wait is so the criminal can capture the session — never do it.
The three-digit number on the back of the card is for online checkout, not for verifying you on a call. The bank can identify you using your account number, address, and date of birth. They never need the CVV.
The bank doesn't need you to confirm your address, date of birth, or mother's maiden name on a call THEY initiated — they already have all that. The scam is to ask for it under the cover of a fake fraud-prevention call, then use the answers to break into your account.
Most bank scams hit you across multiple channels — email, SMS, then phone call. Read the lot.
whedo.it includes a print-friendly version of the never-ask list in our quarterly client training pack. Stick it next to the phone. The fastest training is the one already on the wall.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director