Monday, June 29, 2020

Twitter Thread: Man Encounters Incredibly Believable Scammer


This guy's encounter with a dangerously believable scammer was something else. As it turns out, not all scammers are just fools getting trolled for their lazy, poorly calculated antics.

1.

Text - Pieter Gunst @DigitalLawyer Oooof. Was just subjected to the most credible phishing attempt I've experienced to date. Here were the steps:

2.

Text - 1) "Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?" Me: no.

3.

Text - Pieter Gunst @DigitalL... · 3d * 2) "Ok. We've blocked the transaction. To verify that I am speaking to Pieter, what is your member number?" Me: <gives member number> (that number, by itself, is useless).

4.

Text - Pieter Gunst @Digital... · 3d v * 3) "We've sent a verification pin to your phone." ~ Gets verification pin text from bank's regular number - Me: <reads out the pin>

5.

Text - Pieter Gunst @DigitalL... · 3d * 4) "Ok. I am going to read some other transactions, tell me if these are yours. ~ Reads transactions ~" Me: Yes. These are all legitimate transactions I made

6.

Text - Pieter Gunst @DigitalL... ·3d 5) "Thank you! We now want to block the pin on your account, so you get a fraud alert when it is used again. What is your pin?" Me: Are you effing kidding me, no way.

7.

Text - Pieter Gunst @DigitalL... · 3d * 6) Ok! But than we can't block your card Me: that is bs. ~ hangs up, calls the fraud department of bank ~ 2~

8.

Text - Pieter Gunst @DigitalL... · 3d V --> Once I gave my member number, the attacker used the password reset flow to trigger a text message from the bank. They used this to gain -- access to the account. --> Then read some of my transactions to give the call more credibility

9.

Text - Pieter Gunst @DigitalL... · 3d * --> Needed the pin to send money, failed at that step. --> Everything before the "what is your pin" seemed totally legitimate. English was perfect. The bank verification code, sent by the expected number, tricked me. --> The asking for my pin over the phone... not so much.

10.

Text - Pieter Gunst @DigitalL... · 3d * Stay safe out there people. And now... joyfully resetting all my passwords, filing a police report, getting additional fraud detection in place. Never a dull moment!

Submitted by:

No comments:

Post a Comment