When in Doubt: Hang Up, Look Up, & Call Back

kltaylor

(Source)

Note:  this is a good read and can be considered 'best practice' if something like this ever happens to you. 

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.

Today’s lesson in how not to get scammed comes from “Mitch,” the pseudonym I picked for a reader in California who shared his harrowing tale on condition of anonymity. Mitch is a veteran of the tech industry — having worked in security for several years at a fairly major cloud-based service — so he’s understandably embarrassed that he got taken in by this confidence scheme.

On Friday, April 17, Mitch received a call from what he thought was his financial institution, warning him that fraud had been detected on his account. Mitch said the caller ID for that incoming call displayed the same phone number that was printed on the back of his debit card.

But Mitch knew enough of scams to understand that fraudsters can and often do spoof phone numbers. So while still on the phone with the caller, he quickly logged into his account and saw that there were indeed multiple unauthorized transactions going back several weeks. Most were relatively small charges — under $100 apiece — but there were also two very recent $800 ATM withdrawals from cash machines in Florida.

If the caller had been a fraudster, he reasoned at the time, they would have asked for personal information. But the nice lady on the phone didn’t ask Mitch for any personal details. Instead, she calmly assured him the bank would reverse the fraudulent charges and said they’d be sending him a new debit card via express mail. After making sure the representative knew which transactions were not his, Mitch thanked the woman for notifying him, and hung up.

To read the entire article, please click on the Source link above.

kltaylor

It really is a good read.  I fail to be surprised at the level of detail that someone will delve into in order to obtain your information and use it for nefarious reasons.  This is yet another case of that, even if you've heard or seen it all ... this story goes to another level of WTH?!

Robin

Thanks @kltaylor
It was indeed a good read and very helpful. Will share this with my friends as well.

Marc

Putting a security freeze on your credit file, this one I highly recommend as its saved me from a fraud attempt in the past.  It’s a little bit of a pain when opening a new card or financing a major purchase but well worth the inconvenience.  Thanks for posting @kltaylor...

pwmeek

That was a classic man-in-the-middle attack, just using phones rather than data streams. The entities on the ends think they are talking to each other but there is someone in the middle pretending to be the one on the opposite end to each of them.