The swindle SMS that turned out to be legitimate.
The bizarre history of how Danske Bank (Danish Bank) does the opposite of what they say they do.
By Bjørn Erling Fløtten, Trondheim, Norway. 1 November 2021.
TLDR; Danske Bank uses a different callback telephone number in its SMS messages from what its web page states.
This is playing directly into the hands of swindlers on the Internet.
Two days ago in the evening I got an SMS message from what appeared to be my bank, Danske Bank (Danish Bank), telling me my bank card had been temporarily disabled due to suspicion of fraud.
The message looked legitimate. It had the correct details for my account: The exact type of card and the last four digits of the card number.
The SMS message had a telephone number to call, +47 98701005.
Since I had just used my card to renew some domains with Network Solutions International (NSI), I thought the message made sense. This would be my first "international" transaction after a long period of wholly Norwegian transactions. And since NSI is not exactly a paragon of virtue on the Internet (dealing with them always feels like pulling a tooth and I never understand why I still use them for some of my domains), I was not exactly surprised either.
Out of curiosity I did call the number given, and a pleasant voice answered in perfect Norwegian. There was no call center background noise for instance, and no latency (that is, there were none of the characteristics typical of long-distanse scam operations). In other words it SEEMED quite OK.
I had of course decided beforehand to only accept a one-way flow of information, I was not going to give out more information about myself than what the SMS message already contained.
The man on the other end however immediately asked me for my Norwegian "personal identification number" (which is roughly equivalent to the American concept of Social Security Number).
I said that I was going to hang up, and google the telephone number first, and he was okay with that.
Now the bizarre part begins:
The number was not registered in some common telephone directory services like 1881.no and gulesider.no.
My gut feeling was that the SMS was legitimate. I therefore called them back on +47 987 01 005 and stated quite clearly that they were either hopeless incompetent or a swindler setup. The man on the other end gave me some mumbo-jumbo about this being a separate telephone number due to security, which really made me loose my temper and saying something equivalent to asking him to go to a very warm place.
Then I started looking more closely into it.
Googling "98701005" (the telephone number I was supposed to call) gives a web-page of my bank which says "Have you been exposed to swindle?" and which quite clearly stated that "Danske Bank will never contact you unsolicited through email or SMS and ask for your personal information" (my translations from Norwegian into English).
Note: In case Danske Bank corrects this web page, here are some screenshots of what I read. screenshot1, screenshot2,
Their contact number on that page however is +47 98708540, NOT 98701005.
I do not understand WHY googling "98701005" leads to that page
There is no reference to that telephone number on the text on the web page, nor in the original HTML.
It is however possible that Google connects through the phone number "98701007", googling exactly "47 987 01 007 danske bank" says on this page that "Teknisk support for District" has telephone number 987 01 007 (do not ask me how I originally found this out, I just stumbled upon this number in my first frantic attempts to understand what was going on).
I logged into my bank account to see if there were any messages for me, but there were none. Everything looked like normal. I sent my bank two messages about the occurrence, one secure through my logged in context, and one email to falskpost@danskebank.no (the address for which they request such information)
I also checked the second hit when googling "98701005" which says that the number is connected to swindle.
Note: In case this page changes, use this screenshot.
I then went to bed concluding that the original SMS message was a swindle, and my bank was not involved. In other words, that the swindler had gotten hold of a telephone number (98701005) very close to one of Danske Bank (98701007). But usually these numbers are given in series to the same (big) subscriber, so I was not wholly convinced either way.
Anyway, since I had not given away any information, I had no reason to be worried either.
BUT, the next day I discovered that my card was actually disabled! I went to my flying club with my son and could neither pay the club for our flight nor for the parking at the airport.
I then did some more research. Googling for instance "47 98701005 danske bank" leads to this page which says "take an extra look at the email address of the sender, or phone number, if you receive a message from us" (my translation from Norwegian into English).
Note: In case Danske Bank corrects this web page, use this screenshot
This is misleading communication and very bad for educating the general public about security. The From address in an email address can easily be forged and ordinary users do not have the necessary competence to analyze email headers in order to analyze which actual server the message was received from. And the sender phone number in SMS messages can not be trusted either (SMS has never been a secure way of communication).
So, I finally decided to call the bank on their OFFICIAL number for these cases, +47 987 08540.
The lady I talked to this time could confirm that my card was actually disabled, and that the SMS most probably was legitimate. When confronting her about the number I was asked to call back in the original SMS she would not comment but asked me to contact their ordinary customer service.
She also said that the cause for the card being disabled could be just as I suspected (like transaction different from history or dealing with a shady company with many customer complaints). She also said this it could also possibly be an ordinary security check.
So, to sum it up:
In other words, it makes its customer accustomed to responding in the same manner as how senders of fishing SMSs / emails hope to swindle people.
This is playing directly into the hands of swindlers on the Internet.
Updated 1 November 2021.
Contact:
