Phishing is a scamming technique through the Internet and social networks that aims to obtain confidential information from the user fraudulently.
Its use knows no limits now that tens of millions of personal data populate the network and electronic devices.
Most often, this scam is produced via email or through instant messaging applications.
Your mobile rings and you do not hesitate to take the call. It doesn’t even come out as a hidden number.
Gunst replies negatively.
The operator then says: “Ok. We have blocked the transaction. To verify that I am talking to Pieter … What is your member number?”
Gunst gave it to him because he considered it to be useless information that was not going to jeopardize his confidential data.
With absolute realism, the supposed bank worker sends a pin to his phone with a normal bank number.
Then, read Pieter a whole series of transactions he has made with his card. The user recognizes them all.
Begin to believe that it is true that they have made an expense without their permission, but remain calm.
“Okay. Now we want to lock your pin so that you get an alert when it is used again (without your permission). What is your pin?”, asks the operator.
At that moment Gunst realizes what is happening. The scammers have created a whole story to generate in him that sense of insecurity.
They almost have him. “Are you kidding? I’m not going to do that.” Pieter replies altered. “But then we can’t block your card,” insists the operator.
The businessman hangs up the phone and proceeds to call the fraud department and the police. This time he has been spared.
Gunst explains that once he has given his member number, the attacker uses the password reset process to activate a bank text message.
They use it to access the account. Then they read some of the transactions he has made to give more credibility to the scam.
Even if they have access to the account, they need the pin to send money.
Everything that happens before ordering the pin is “perfectly credible,” Pieter acknowledges.
They use correct English and the bank verification code is what misleads you the most.
But asking for the pin over the phone didn’t add up so much, so they couldn’t cheat him.
The user recommends to everyone that, in case this happens, it is best to reset all passwords, make a report to the police and change the fraud detector that you can have installed.
Oooof. Was just subjected to the most credible phishing attempt I’ve experienced to date. Here were the steps:
1) “Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?”
— Pieter Gunst (@DigitalLawyer) October 7, 2019