Caller ID spoofing is a phone number spoofing method where the fraudster appears to the victim as if he/she is calling from the bank's official number. The victim trusts and shares the password/SMS code.
Typical Flow
- "Your bank customer services" visible call
- "There is a suspicious transaction, we need to verify"
- "Please tell me the SMS code you received on your phone"
- The fraudster 3D Secure confirms the transaction with the code
- Account is emptied
Related Crimes
- TCK art.158/1-f fraud with information system
- TCK art.245/3 bank card crimes
- TCK art.135 personal data processing
Bank Responsibility
The bank's real customer service never asks for an SMS code. The victim may request partial compensation by claiming that "the bank's security infrastructure is not sufficient".
Supreme Court 11. HD
11. HD accepts that the bank that proves that the customer has been informed about "not sharing the password" can be relieved from liability for compensation, but banks with deficiencies in call center processes can be held partially responsible.
Prevention
- Hang up the phone, call the bank yourself (official number)
- Never use the SMS code. do not share
- In case of doubt, check from the bank application
- Activate 2FA
Cyber crimes/consumer law lawyer recommended.