The thieves behind phishing scams are getting more cunning in their tactics to steal access to financial institutions and banks. This is not good because once they get in, they’ll suck accounts dry, leaving hard working people without money and facing an uphill battle to restore their stability.
Even individuals with advanced degrees and high-profile occupations, like lawyers, can find themselves engaging with these crooks. And that’s step one to getting hoodwinked.
Recently, attorney Pieter Gunst showed how he was a target of a phishing scam—one he labeled “most credible.” So credible, in fact, that he almost fell for it, until he finally caught on that something strange was happening.
Gunst tells us the scam started with a caller from his bank needing to verify if he was using his card in Miami. After confirming he was not in Florida attempting to use his card, the caller tells him they will block the transaction. The caller asks for Gunst’s member number. He provides it since it can’t be used for account access.
Next, the caller tells Gunst he should have received a verification pin by text. He reads out the pin to the caller. Then, he and the rep go over other transactions under the pretense of verification.
A major red flag here. The caller asks for Gunst’s actual account PIN to block the account and generate a fraud alert if it’s used again. Gunst instantly knew something was wrong—to be clear, a bank will never ask for your PIN. That’s your secret. They just don’t need that information for anything.
He ended the call and notified his bank that something fishy was going on. He also reset all his passwords and pins.
Gunst realized the scammer had used his member number to reset his password. Once the scammer did that, they went over past transactions to establish credibility. But when the caller asked for his account pin, Gunst knew his bank would never ask him to repeat that kind of private information over the phone (or ever).
People on Twitter were surprised at how well thought out the scam seemed…until the very end. How many would’ve realized what was going before it was too late? I’m betting a lot of people would fall for this.
The lesson? Never give out any personal identification numbers to anyone who calls you, even if they sound legitimate. Because they aren’t—again, a bank won’t ask for that info.
Or, you could do what one guy said, claiming since he was a millennial he never answers his phone anyway. So, problem solved.