Lawyer Takes to Twitter to Reveal the Incredibly Sophisticated Scam He Just Barely Avoided

The thieves behind phishing scams are getting more cunning in their tactics to steal access to financial institutions and banks. This is not good because once they get in, they’ll suck accounts dry, leaving hard working people without money and facing an uphill battle to restore their stability.

Even individuals with advanced degrees and high-profile occupations, like lawyers, can find themselves engaging with these crooks. And that’s step one to getting hoodwinked.

Recently, attorney Pieter Gunst showed how he was a target of a phishing scam—one he labeled “most credible.” So credible, in fact, that he almost fell for it, until he finally caught on that something strange was happening.

2) "Ok. We've blocked the transaction. To verify that I am speaking to Pieter, what is your member number?"

Me: <gives member number> (that number, by itself, is useless).

— Pieter Gunst (@DigitalLawyer) October 7, 2019

Gunst tells us the scam started with a caller from his bank needing to verify if he was using his card in Miami. After confirming he was not in Florida attempting to use his card, the caller tells him they will block the transaction. The caller asks for Gunst’s member number. He provides it since it can’t be used for account access.

4) "Ok. I am going to read some other transactions, tell me if these are yours. ~ Reads transactions ~"

Me: Yes. These are all legitimate transactions I made

— Pieter Gunst (@DigitalLawyer) October 7, 2019

Next, the caller tells Gunst he should have received a verification pin by text. He reads out the pin to the caller. Then, he and the rep go over other transactions under the pretense of verification.

6) Ok! But than we can't block your card

Me: that is bs.

~ hangs up, calls the fraud department of bank ~

— Pieter Gunst (@DigitalLawyer) October 7, 2019

A major red flag here. The caller asks for Gunst’s actual account PIN to block the account and generate a fraud alert if it’s used again. Gunst instantly knew something was wrong—to be clear, a bank will never ask for your PIN. That’s your secret. They just don’t need that information for anything.

He ended the call and notified his bank that something fishy was going on. He also reset all his passwords and pins.

–> Needed the pin to send money, failed at that step.
–> Everything before the "what is your pin" seemed totally legitimate. English was perfect. The bank verification code, sent by the expected number, tricked me.
–> The asking for my pin over the phone… not so much.

— Pieter Gunst (@DigitalLawyer) October 7, 2019

Gunst realized the scammer had used his member number to reset his password. Once the scammer did that, they went over past transactions to establish credibility. But when the caller asked for his account pin, Gunst knew his bank would never ask him to repeat that kind of private information over the phone (or ever).

People on Twitter were surprised at how well thought out the scam seemed…until the very end. How many would’ve realized what was going before it was too late? I’m betting a lot of people would fall for this.

The lesson? Never give out any personal identification numbers to anyone who calls you, even if they sound legitimate. Because they aren’t—again, a bank won’t ask for that info.

Or, you could do what one guy said, claiming since he was a millennial he never answers his phone anyway. So, problem solved.