When in Doubt: Hang Up, Look Up, & Call Back

kltaylorkltaylor Moderator, Beta Tester Posts: 1,231
1000 Comments 500 Likes 50 Answers 100 Awesomes
edited April 2020 in Devices & Security
Note:  this is a good read and can be considered 'best practice' if something like this ever happens to you. 

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.

Today’s lesson in how not to get scammed comes from “Mitch,” the pseudonym I picked for a reader in California who shared his harrowing tale on condition of anonymity. Mitch is a veteran of the tech industry — having worked in security for several years at a fairly major cloud-based service — so he’s understandably embarrassed that he got taken in by this confidence scheme.

On Friday, April 17, Mitch received a call from what he thought was his financial institution, warning him that fraud had been detected on his account. Mitch said the caller ID for that incoming call displayed the same phone number that was printed on the back of his debit card.

But Mitch knew enough of scams to understand that fraudsters can and often do spoof phone numbers. So while still on the phone with the caller, he quickly logged into his account and saw that there were indeed multiple unauthorized transactions going back several weeks. Most were relatively small charges — under $100 apiece — but there were also two very recent $800 ATM withdrawals from cash machines in Florida.

If the caller had been a fraudster, he reasoned at the time, they would have asked for personal information. But the nice lady on the phone didn’t ask Mitch for any personal details. Instead, she calmly assured him the bank would reverse the fraudulent charges and said they’d be sending him a new debit card via express mail. After making sure the representative knew which transactions were not his, Mitch thanked the woman for notifying him, and hung up.

To read the entire article, please click on the Source link above.

"There's a fine line between audacity and idiocy."
-Warden Anastasia Luccio, Captain


  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    It really is a good read.  I fail to be surprised at the level of detail that someone will delve into in order to obtain your information and use it for nefarious reasons.  This is yet another case of that, even if you've heard or seen it all ... this story goes to another level of WTH?!
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • RobinRobin Administrator, Fing Team Posts: 3,706
    250 Answers 2500 Comments 500 Likes 100 Awesomes
    Thanks @kltaylor
    It was indeed a good read and very helpful. Will share this with my friends as well. :smile:

    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
  • MarcMarc Moderator, Beta Tester Posts: 2,145
    100 Answers 1000 Comments 500 Likes 250 Agrees
    Putting a security freeze on your credit file, this one I highly recommend as its saved me from a fraud attempt in the past.  It’s a little bit of a pain when opening a new card or financing a major purchase but well worth the inconvenience.  Thanks for posting @kltaylor...
    Thats Daphnee, she's a good dog...
  • pwmeekpwmeek Member, Beta Tester Posts: 137
    100 Comments 100 Likes 5 Answers First Anniversary
    That was a classic man-in-the-middle attack, just using phones rather than data streams. The entities on the ends think they are talking to each other but there is someone in the middle pretending to be the one on the opposite end to each of them.
    Bon Vivant and Raconteur
Sign In or Register to comment.