Imagine that you get a call from your bank. They need to verify your ID so they start by asking for 2 particular characters from your 10-digit passcode. Is it safe to give them out? Even just 2 characters? No it’s not. Here’s why.
Someone has infected your office PC with malicious software of some sort, as the result of a phishing attack. The software
managed to find your online banking username and password and has sent it to the hackers. They’ve logged in as you and have requested a transfer of funds from your account to theirs. Now the system is asking for 2 characters from your passcode in order to approve the dishonest transfer. So they call you, pretending to be from your bank, and persuade you to divulge that information.
Sounds far-fetched? Sadly not. It happens hundreds of times a day and it’s a well-known scam. So stick to the golden rule about never divulging your banking PIN or passcode to someone. Not even if they sound really convincing. And not even if they only ask for 1 or 2 characters or digits. In many cases, that will be all they need.