Today I received a call from Vodafone. Vodafone is my mobile phone provider and the caller called me by name. He said he wanted to discuss my plan but before doing so, could I give him my 4 digit PIN to verify my identity . I was reluctant to give it. If they’ve called me on my phone to discuss my account and possible plan changes, why do I need to verify who I am? He said he’d sent me a text message confirming he was from Vodafone and it says we require your PIN to discuss details of your account. As if that proved he really was from Vodafone. I refused to give my PIN - I only provide this when I initiate a call requesting information. I’m concerned about porting my number scams. The only reason I can see for a telco to make an unsolicited call is to sell you something and I think it’s more than intrusive to request my PIN. Has anyone else had a similar call and is it genuine?
There is a perverse situation whereby companies need to assure it is really you, just like we need to assure it is really them, to combat fraud.
Good plan. Sometimes when I have an outstanding request where I need a call-back they will ask ‘the question’ in one form or another, and it will be an expected return call I initiated, not a cold call.
When in doubt, ask for the caller’s extension, get the company phone number from a reliable source (a bill, their website, etc) and call them back if you are so inclined. As you imply, never trust the numbers they provide as they could be answered in a boiler room in eastern Europe.
If the number they provide for a callback can be similarly verified from a reliable source that should suffice. I would also ask if I ring back, could any of the CSO’s continue the dialogue; if not that would be a possible red flag.[quote=“kristine.ravn11, post:1, topic:15392”]
The only reason I can see for a telco to make an unsolicited call is to sell you something
[/quote]
In the absence of an outstanding support request or the spectre of the NBN coming to you, absolutely correct.
While your plan is a mobile and this is probably not applicable, with the NBN the telcos are indeed being ‘proactive’ to sell their plans and sign us up as early as they can. You can find lots of information in the NBN threads about that, and transition could take from many days to even months so they can be pushy.
Where data mining is a common occurrence, it is easy for scammers to also find out the name of mobile phone holders. If you have used your phone number on line (Facebook, verifying access to a website, in an email footer etc), it is relatively straight forward to link the phone and phone user name.
Do you have the phone number they called on (check the received call logs)?
If you do, search online for the number and see if there are any reports of this number being from a scammer. Also, the number might also one posted online for Vodafone. A lot of businesses these days don’t hide their number when calling, as many people don’t answer ‘private numbers’.
It does sound suspicious that they are asking for your PIN when they have made the call to the phone under one of their customer contracts. While I can understand them asking for the PIN when you contact them, there should be no real need to ask for the PIN when they contact you.
One would think that, but companies worry about who answers a phone. A third person could agree to anything, not a good outcome for the account holder… it is a catch-22.
Exactly. You did the right thing.
I had Telstra do that a few years ago - called me to ‘review my plan’ (sell me something) and then asked to verify my ID - I asked them to verify their ID - of course they couldn’t. I asked for a number/extension/ID I could call them - turns out it was contractors working for Telstra anyway, so without convoluted effort how would I establish they were legitimate? I didn’t bother. Had a similar one a few years back with a call from the subcontinent - got him so flustered he ended up telling me he was offering a plan for 30 rupees a month, then realised what he’d said 
They never call you unless ‘they wan’t something’ - as you said, to sell something …
The only time they should require your pin in my books is when you call them so they can then verify it’s you calling. I refuse to hand over any personal details to anyone who’s called me if it’s not a callback for something I’ve initiated. There are too many hackers, scammers, con artists, fraudsters and ID stealing rackets out there to have a legitimate carrier be stupid enough to phone you up and ask for these things. Tell them to send you a letter. Never needed a pin with those.
Thanks for comments and feedback. Even if it was Vodafone called, and not a scammer, I stand by my decision not to provide my PIN.
I was going to suggest calling Vodafone’s head office. But better still, go here
https://www.vodafone.com.au/about/legal/fraud/scams which I got to by searching “Vodafone Australia scam report”. Phone tel:1300650410. I very much doubt that the call was legitimate. Telstra and others NEVER do this.
JohnN
Thank you John. I checked the numbers provided on the Vodafone website where they list all the numbers which are “legit” and the number that called me is indeed from a customer service member. So it was legitimate and could be because I am nearing the end of my contract - but why not just tell me that?
If the call is from your carrier, and they ask for your pin, then they will have your PIN on their screen to check who you are. So my answer would be "you tell me either the first 2 or the last 2 numbers and I will tell you what the other 2 numbers are. I don’t care if they want to establish if they are talking to the right person. the fact that scams and other phone hacks work is because their security was faulty. Send me a letter or an email and list all the other connections I have to prove to me that you are who you say you are. Point out that any mistake they make costs the company, any mistake I make costs ME.
Yes this happened to me with Telstra some years ago. They were trying to get me to upgrade my plan - It sounded genuine as they knew a lot of my details. When they asked for my PIN I refused and hung up. Anytime Telstra call me now I hang up and if I want to change my plan or make an inquiry I will call them instead. Also happened to me on my landline.
I got a call like that from Telstra. I called them back to confirm their details and surprisingly it was legitimate. On various other occasions I was told that I cannot verify their details and ended the call. Also, my band called and asked for my date of birth as proof of identification - we were caught in a catch 22 until he provided my account details including last transactions and last payment details. This widespread practice of unsolicited telephone “advice” is next to impossible to distinguish from scam artists fishing for your details.
Someone called me on my mobile and said they were from Vodafone the other day and calling about my account and when I immediately said, no thank you, I don’t even have an account with vodafone, they hung up
I had a similar experience with telstra when nbn was being rolled out. We booked an appointment and then a dork from telstra rang me on our home phone and insisted I qualify who I was by giving him my date of birth. I refused of course and asked him to qualify he was actually a Telstra employee by telling me what date the appointment in question was originally estimated to be. He told me that information was not allowed to be released! Ha it turned into hours of arguments with the stupid call centres. I even copied the silly supervisor’s conversation from the text conversation we had when I asked her “what would be the chance of a stranger who just happened to be a woman walking past my house, hearing the phone ring, for her to dash inside answer the phone with the occupants full name and then try to fraudulently gain some kind of information about me from Telstra?” She still did not conceed defeat! I spent two hours of her time arguing that there was no need for me to prove my identity to change an appointment for the nbn to be connected! It was an overseas call centre and she just did not get it! Privacy give us a break. When companies stop selling details to others then I might just might, respect their attempts to protectmy privacy.
@aidapottinger, your post made my day, thanks for sharing the story. Also, I appreciate how ridiculous the behaviour is from Telstra and how frustrating it can be - glad to hear consumers are standing up to them, while at the same time protecting themselves from potential scammers.
I was asked a while ago for my pin and I was more than happy to supply them with a 6 digit pin which they were happy to accept they then asked for my date of birth and address to further confirm my identity and so they could send forms via mail for me to complete which I never received I think because after they had accepted the incorrect pin I had supplied I knew to also supply a false birthday and address 
if they ring you dont give them any details. they should have it in their screen. if you ring them then its fair you need to prove who you are. as for giving out your pin isn’t there a line on pretty much every website that says - we will never ask you for your pin. i think so. never give your pin to anyone. they can re log in again after you are gone. like the guy at the vodafone store that recently changed my plan. he can have my licence to log in. not my pin
I am not trying to suggest we should be asked for and provide pins or passwords for incoming calls, but best practice companies usually have CSO terminals that do not display security related information and CSO staff are not allowed to have writing materials, although photographic memories are less easy to control. If they need to take a note there is a ‘scratch pad’ window on their screen that is live only for the transactional call.
Example, when your account comes up it might have your name and/or address and/or account number, and maybe even recent transactions, but the pin/password field will be empty. They enter the pin/password you give them and the system gives an aye or nae. They cannot see it, they cannot write it for later reuse, but they could in theory remember it although they probably talk to hundreds of customers on their shift.
How to tell if a company is working to best practice? Right. You can be assured they will all claim to with no way to tell, so back to square one, that they should not be asking for your pin/password.
That being written I have one company that has a separate ‘phone-in’ password that unlocks nothing but establishes identity with the CSO who then can further verify identity as required. Another has a voice recognition system whereby once long ago after rigorous ID checking their system recorded ‘At Company-name my voice is my password’. I repeat that and the system verifies my identity, no further ID related questions needed unless the agent gets suspicious for one reason or another.
You, after the Banking & Finance Royal Commission disclosures, might not trust (with now real proof of your reasons) CBA, AMP, NAB, Westpac, ANZ, Colonial First State, the Federal Government and…and…and…
Scams are getting so sophisticated these days. If I think the email might be genuine but have my doubts I usually forward it to the principal named asking if it is genuine. If I don’t get an answer in a day or two I delete the original.
