By 2025, most of us have received a call from an offshore call centre claiming to be from our bank or credit card provider. Usually, it’s obvious… the script is clumsy, the accent forced, and the urgency unnatural.

But this weekend was different.

As a seasoned professional in the financial and cybersecurity space, I’ve heard my fair share of scams… yet this one caught me slightly off guard. I was genuinely shaken by the calm authority, depth of knowledge, and granular detail this group had acquired about me.

I managed to record most of the call… missing only the first few minutes while I gathered my thoughts and equipment… and I’m sharing it here both as an educational case study and a warning. The social engineering landscape is evolving… and this is what it sounds like.

It started Saturday morning… I received a call from my “Credit Card Company” claiming there was fraudulent activity on my account and they needed me to confirm my identity before they could continue the conversation.

I’ve heard variations of this routine before… so I explained that, since this was a cold call from a number I didn’t recognise, they were likely a scammer — and I wouldn’t be providing any personal information.

But this time, instead of the usual push for details or defensive bluster, the gentleman simply replied, “No problem… please hang up and call the number on the back of your card.”

Top Tip: If you have access to another phone — a second mobile or landline — use it. This avoids any chance of the scammer holding the line open on your end.

I called my card provider and got through to their fraud department… and it turns out, the original call was genuine.

They praised me for thinking ahead and not disclosing any information to the caller… and explained that their staff are now trained to recognise this kind of pushback and handle it calmly.

They told me that someone had attempted to add my card to a digital wallet on a new device — which had been rejected — and they needed to confirm whether it was me.

After confirming it wasn’t, the cards were cancelled… but it got me thinking.

How did they get hold of that particular credit card number in the first place…?

Within 10 minutes of ending the call with the genuine Fraud Department, I received another call… this time from 0330 133 3942.

At the time, I did a quick check on the number using https://who-called.co.uk:

The result was listed as “neutral” — meaning the number hadn’t yet been flagged as suspicious or linked to any known scam. In fact, it seemed I might have been the first person to look it up.

If the number doesn’t immediately link to a legitimate source via a Google search, that’s your first red flag.

The gentleman, with a South London accent, introduced himself as someone from my credit card company’s fraud department. He explained there had been suspicious activity on my account… and that he needed to confirm my identity before proceeding.

I pushed back immediately… “If you’re genuinely from my card company, prove it … using your official verification method.”

He responded calmly, saying this was for my benefit, and asked how he could prove himself to me.

I asked, “What are the last three transactions on my account?”

He paused for a moment… then rattled off three recent transactions with the correct amounts.

That threw me slightly. He was right… the details matched. But the number he was calling from didn’t match the one I’d called earlier … and that discrepancy kept me on guard.

Still, he didn’t seem to know the card company’s official method of identifying themselves to customers … and that was enough for me.

I told him firmly that I believed he was a scammer, suggested he turn himself in or find legitimate work… and hung up.

Ten minutes later… another call from the same number.

Same script.

Same calm, composed tone.

It sounded like the same man … though he claimed we hadn’t spoken before. He carried on as if it was a fresh call, again trying to extract information.

I called him out again… and terminated the call.

I received a call later that day I ignored from a mobile number that wasn’t in my contacts list so I ignored it, but I did notify my card issuer of the exchange, to check I hadn’t abused a genuine member of staff. They clearly stated no, since our conversation the card was cancelled, there’s no further reason for them to contact me that weekend.

Sunday morning rolls around… and my phone rings.

This time, the screen showed “No Caller ID.”

I answered, and the caller introduced himself as Michael, claiming to be from my card company’s Security Team.

Unlike the previous calls, he didn’t ask to verify my details — instead, he explained that I had already been “authenticated automatically” due to what he described as an escalation.

The reason for the call, he said, was that they believed there was an insider threat within the organisation… and for my protection, I should not discuss this matter with friends, family, or even Customer Services at the card company.

He stated clearly … and calmly … that they didn’t know who might be compromised… and that contacting the company directly could alert the internal threat and jeopardise the investigation.

Before we get in to the call, I’d like to explain a little about this particular type of scam and the Tactics, Techniques and Procedures (TTP) these guys use :-

1. They Pretend to Be Your Bank (But Do It Really Well)

The scam starts with someone calling you and saying they’re from your bank or credit card provider. They sound calm, professional, and even friendly — not the usual pushy or robotic scammer.

They might say there’s suspicious activity on your account and ask you to “confirm your identity” before they can talk to you. This sounds legitimate… but it’s exactly how they get you to drop your guard.

2. They Already Know Stuff About You

This is what makes it scary. These scammers often already know your name, address, date of birth — and even what you’ve bought recently. That makes them sound convincing… like they’re really from your bank.

They might say:

“We can see a recent Tesco charge for £14.52 and an Amazon order for £12.99 … was that you?”

And now you’re thinking, “Wait … that really was me… this must be real.”

3. They Tell You Not to Talk to Anyone

This is a huge red flag.

The scammer might say:

“We believe there’s a security breach inside our own company. Please don’t talk to customer service, your friends, or even your family. We’re keeping this internal for your safety.”

Why? Because they want to isolate you — stop you from getting a second opinion. And sadly, this tactic works very well.

4. They Trick You Into Sending a Code

At some point, they’ll say something like:

“We’re sending you a cancellation code by text… can you read it back to me?”

But that code? It’s not a cancellation code. It’s actually a payment approval code — and you’ve just been tricked into confirming a purchase or adding your card to a device they control.

5. If You Hang Up, They Call Again

Even if you hang up, they might call again. Same person. Same calm voice. Sometimes even the same script.

They’ll pretend they didn’t speak to you earlier … just to reset the conversation. It’s like trying to outlast you… hoping you’ll give in the second time around.

And now… the call itself

Here’s the conversation I managed to record. I missed the first couple of minutes, but I had recording equipment nearby and set it up as soon as I could.

I quickly realised it was a scam only because they quoted a couple of “facts” about my account incorrectly at the start.

As you listen, you’ll notice:

• They assert authority through tone and pacing.
• They speak faster when they’re unsure or trying to distract.
• They try to “flip the power” by saying I’m hearing but not listening.
• They mislabel the authorisation code as a “cancellation code”.
• And for those of us with experience in Banking or Finance… you’ll spot several factual inaccuracies confidently presented as truth.

Spoiler Alert: If you’re a professional reading this, please don’t comment on the obvious mistakes. The last thing we want is to help these scammers refine their scripts for the next victim.

Final Thoughts

Even as someone who’s worked in cybersecurity and finance for decades, I’ll admit… this left me shaken.

Not because I fell for it … but because I almost could have.

The scammers were calm. Polished. They had my data. They timed the calls perfectly. And if I hadn’t been trained to question everything … or if I’d been distracted, tired, or just had a rough day … it might have played out very differently.

And that’s what worries me most…

If this interaction gave me pause … what happens when they target someone who isn’t as tech-savvy? Or someone elderly, isolated, or living with memory issues?

These scams aren’t just clever … they’re designed to erode trust, exploit emotion, and isolate their victims. And they’re evolving.

So if you’ve read this far, please … check in with the people around you.

Make sure they know:

• Never to give out codes over the phone
• That a real bank will never ask them to keep secrets from their family
• And that no legitimate caller will be offended if they hang up and call back on the official number

Stay alert. Stay kind. And stay sceptical … even when the voice on the line sounds calm, confident… and oddly convincing.

What to Do If You Think You’ve Been Scammed

If you believe you’ve been targeted by a scam… or you think you may have shared sensitive information… take these steps straight away:

1. Stop all communication with the scammer.

Hang up… block the number… don’t reply to texts or emails.

2. Contact your bank or card issuer directly.

Use the number on the back of your card — not one the caller gives you.

Explain what happened and ask them to secure your account.

3. Report it to Action Fraud (UK).

Go to www.actionfraud.police.uk or call 0300 123 2040.

They’ll log it and issue you a crime reference number.

4. Check your credit report.

Use Experian, Equifax, or TransUnion to look for anything unusual… like loans or credit you didn’t apply for.

5. Consider CIFAS Protective Registration.

This adds an extra layer of ID protection when applying for credit.

You can find out more at www.cifas.org.uk.

6. Talk to someone you trust.

These scams are designed to isolate you… don’t let them.

A second pair of eyes or ears can make all the difference.