How easy is it to get caught up in a financial phishing scam? Just ask Twitter user Pieter Gunst. He faced “the most credible phishing attempt I’ve experienced to date,” he wrote, outlining the steps that almost fooled him. His ordeal is a reminder that even the most cautious people can be targeted by increasingly sophisticated scammers.
Oooof. Was just subjected to the most credible phishing attempt I’ve experienced to date. Here were the steps:
1) “Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?”
Me: no.
— Pieter Gunst (@DigitalLawyer) October 7, 2019
Here’s how it happened: Gunst got a call from someone claiming to be from his bank, asking him if he had used his card in a far-away city. When he said he hadn’t, the caller “blocked” the transaction and asked for Gunst’s member number, which he explained in the thread is a customer number — not a bank account number.
The person on the phone said they were sending a “verification PIN” that Gunst read back after receiving from the phone number he associates with his bank. He later realised that the scammer was resetting his password with the verification number they sent to Gunst’s phone. The scammer read off a few other charges, Gunst confirmed he had made them, and the scammer said, “Thank you! We now want to block the PIN on your account, so you get a fraud alert when it is used again. What is your PIN?”
That’s when Gunst knew for sure that something was up. He hung up and called his bank’s fraud department directly. Giving out his PIN would have allowed the scammer to withdraw money from his account, had he not realised something was amiss.
–> Needed the pin to send money, failed at that step.
–> Everything before the “what is your pin” seemed totally legitimate. English was perfect. The bank verification code, sent by the expected number, tricked me.
–> The asking for my pin over the phone… not so much.— Pieter Gunst (@DigitalLawyer) October 7, 2019
While Gunst’s example happened in the United States, these scam attempts are common all over the world. The Australian Competition and Consumer Commission’s Scamwatch (ACCC) says there were 2384 reported cases in August 2019 alone, totalling $107,720 in financial losses for Australians due to successful phishing attempts. In 2019, there have been 16,082 reports of phishing with Australians reporting around $891,556 in financial losses.
The ACCC Scamwatch’s advice for avoiding these scams: Never give out account or identity-related numbers over the phone. If you’re asked to confirm one of these numbers, don’t do it — it’s a trick.
In some cases, the scammer might be asking for you to fill out a customer survey or asking for your customer records because a supposed technical error wiped out their customer database. But once your information has been revealed, there’s no telling what else they could do with it. Not only could your cash be on the line — your identity could be at risk, too.
If you suspect you’re being targeted by a scammer, hang up and file a complaint online with Scamwatch.
As for Gunst, he wrote that he reset all his passwords, filed a police report, and was “getting additional fraud detection in place.”
[referenced url=”https://www.lifehacker.com.au/2019/08/an-internet-vampire-lord-tried-to-seduce-me/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2019/08/vampcullen-410×231.jpg” title=”A Vampire Scam Wants You To Send Blood (And Probably Money)” excerpt=”My Chemical Romance and Twilight shaped my mid-2000s, like many other teenage girls growing up during that time. The walls of my room were adorned with posters of men in black, skinny jeans with greasy dyed-black hair and thick eyeliner and my book collection consisted of four thick entries in the Twilight series.”]
Leave a Reply
You must be logged in to post a comment.