A relatively new scam is on the rise where imposters posing as bank representatives are trying to swindle you out of your savings.
As with most convincing hoaxes, this one seems legitimate.
At first.
A scammer contacted
Pieter Gunst, a lawyer, and alerted him to suspicious activity with his bank card and asked for some information.
Luckily, Gunst saw the red flags and managed to end the call before he was defrauded.
Gunst took to Twitter to spread awareness of the scam and began his tweet with an onomatopoeic exhalation.
"Oooof. Was just subjected to the most credible phishing attempt I've experienced to date."
He proceeded to outline how the phone conversation went down.
"1) 'Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?'"
"Me: no."
Oooof. Was just subjected to the most credible phishing attempt I've experienced to date. Here were the steps: 1)… https://t.co/RJN23eJZ1a— Pieter Gunst (@Pieter Gunst)1570490450.0
The transaction was then "blocked" and the caller proceeded to ask for some information.
"2) 'Ok. We've blocked the transaction. To verify that I am speaking to Pieter, what is your member number?'"
"Me: <gives member number> (that number, by itself, is useless)."
2) "Ok. We've blocked the transaction. To verify that I am speaking to Pieter, what is your member number?" Me: <g… https://t.co/oDCEaPNeqz— Pieter Gunst (@Pieter Gunst)1570490450.0
3) "We've sent a verification pin to your phone." ~ Gets verification pin text from bank's regular number ~ Me: <reads out the pin>— Pieter Gunst (@Pieter Gunst)1570490451.0
That should have been a done deal, or so one would think.
But the imposter asked Gunst for further confirmation about recent transactions.
Then they asked for his PIN.
4) "Ok. I am going to read some other transactions, tell me if these are yours. ~ Reads transactions ~" Me: Yes. T… https://t.co/LEM3qTtSju— Pieter Gunst (@Pieter Gunst)1570490451.0
That was when the lawyer became wise to the phishing attempt and abruptly ended the conversation.
After hanging up, he immediately called the bank's fraud department.
5) "Thank you! We now want to block the pin on your account, so you get a fraud alert when it is used again. What i… https://t.co/D6ELjNYigU— Pieter Gunst (@Pieter Gunst)1570490451.0
6) Ok! But than we can't block your card Me: that is bs. ~ hangs up, calls the fraud department of bank ~— Pieter Gunst (@Pieter Gunst)1570490451.0
Gunst explained how he thinks the attacker was able to access his account's transaction history.
--> Once I gave my member number, the attacker used the password reset flow to trigger a text message from the bank… https://t.co/uqOjssPQNs— Pieter Gunst (@Pieter Gunst)1570490451.0
Here is an important rule of thumb:
Never trust anyone asking for your PIN number, regardless of who you think is on the other end.
--> Needed the pin to send money, failed at that step. --> Everything before the "what is your pin" seemed totally… https://t.co/ECNrMJHXlZ— Pieter Gunst (@Pieter Gunst)1570490452.0
Changing passwords is a necessary evil.
Stay safe out there people. And now... joyfully resetting all my passwords, filing a police report, getting addit… https://t.co/PNSFz0ZyLO— Pieter Gunst (@Pieter Gunst)1570490452.0
Those familiar with the stunt shared their insight.
@DigitalLawyer This is the stage I always turn it around on them, and ask them for proof that they are the bank. Af… https://t.co/VTgGzur3Db— Janna Bastow (@Janna Bastow)1570585467.0
@DigitalLawyer This is the step where you say "You called me. You know the number." and they hang up.— sweatingbanshee (@sweatingbanshee)1570570567.0
Keep in mind that if a caller posing as someone from your bank initiates contact, they should already know your card number and PIN.
@DigitalLawyer Useless (now), but this is where you messed up. They called you. My rule: never provide information… https://t.co/39aF5dBF1K— Ben Coverston (@Ben Coverston)1570591506.0
@DigitalLawyer They called you and therefore should have known your card number. That should have been a red flag.— JustACrazyCanuck 🇨🇦 (@JustACrazyCanuck 🇨🇦)1570569494.0
@DigitalLawyer If someone calls me, I’m not giving them anything until they give me some information and at minimum… https://t.co/zhV7ENpN8f— Beard (@Beard)1570573344.0
@DigitalLawyer This right here should've been the tip-off ... the rest of the saga proves the number itself is quit… https://t.co/TSSngHg46i— B-rantone (@B-rantone)1570581638.0
@DigitalLawyer This was the mistake! Everything else followed because of this piece of (seemingly) innocuous information.— Gen-axe-er (@Gen-axe-er)1570584435.0
Making things more complicated, different countries have different levels of requiring information.
@DigitalLawyer @factoryjones @kairyssdal Unless I'm missing something, I don't think this would work in the UK; we… https://t.co/DqxHgiGe7E— Alan Jackson (@Alan Jackson)1570571372.0
Nevertheless, you might want to think twice before answering the phone.
@DigitalLawyer THREAD LINKED BELOW: This is a REALLY devious phishing attempt. My advice? Never answer your phon… https://t.co/dcg4z3fBRW— Ray [REDACTED] (@Ray [REDACTED])1570573360.0
@DigitalLawyer As a millennial, I don't answer any phone call that isn't in my contacts. Someone could be communica… https://t.co/mdoqHB8fEa— Graveyard Dog 💀💀💀 (@Graveyard Dog 💀💀💀)1570568817.0
However, that MO does not work for everyone.
@snipeyhead @J4vv4D @ThomLangford @RayRedacted @DigitalLawyer I very much disagreed with the OP here. I can’t not a… https://t.co/OmO0J1a5gw— Stella (@Stella)1570682092.0
@RayRedacted @DigitalLawyer If everyone only used their phone to place outbound calls and never answered any inboun… https://t.co/sMOuLa4hY5— Joe Believes in Teddy Bridgewater (@Joe Believes in Teddy Bridgewater)1570645455.0
@RayRedacted @snipeyhead @DigitalLawyer “We have been trying to contact you for the past thirty minutes. Your *love… https://t.co/NRkPXag6Q0— Jaime Haw Jr. (@Jaime Haw Jr.)1570576533.0
The Federal Trade Commission reported 535,000 complaints about imposter scams in 2018, 69% of which were handled over the phone.
The FTC urges people never to give out their account information over the phone.
A bank or payment card company that is contacting you first will never ask you for your account number, let alone your PIN.
When you reveal private information, your money is not the only thing at risk of being stolen. Your identity could also be compromised.
If you think you have been a victim of a scam, immediately call the number from a bank statement or an official bank document and then proceed to file a complaint with the FTC.
And while resetting all your passwords is annoying, it will be worth the effort for your peace of mind.
******
Have you listened to the first season of George Takei's podcast, 'Oh Myyy Pod!'?
In season one we explored the racially charged videos that have taken the internet by storm.
We're hard at work on season two so be sure to subscribe here so you don't miss it when it goes live.
Here's one of our favorite episodes from season one. Enjoy!