Crooks are getting sophisticated and they are polishing their techniques constantly, waiting for the perfect moment to pounce. And you won’t believe the latest phone phishing scam that’s going around. It’s so clever that it’s even fooling tech experts everywhere.
New phone phishing scam you need to watch out for
There are tons of robocall scams going on at any given time. Some are so laughably obvious and easy to spot that you can see them from a mile away. However, occasionally comes a clever scam that’s so elaborate and professionally handled that even some of the smartest people could fall for it.
The new phone scam that’s rapidly spreading is one prime example – it’s so convincing that it’s even fooling tech experts!
This is what’s going on: crooks are now spoofing the 1-800 number that’s displayed on the back of our banking cards and they’re giving unsuspecting customers a call. They will then claim to be representatives from your bank’s Fraud Department and inform you that your card has unauthorized charges and it needs to be replaced.
This is exactly what happened to a software developer and if not for one quick detail, criminals could have drained his bank account in one fell swoop.
The fascinating case of Cabel Sasser
Cabel Sasser, founder of a software company called Panic Inc, was one step away from becoming a victim of this scam and he shared his experience on Twitter.
According to Sasser, he received a call coming from the same Wells Fargo 1-800 number on the back of his ATM card. The caller claimed to be from the bank’s Fraud Department and he informed Sasser that his card was stolen and used at a Target store in Minnesota.
“I answered, and a Fraud Department agent said my ATM card has just been used at a Target in Minnesota, was I on vacation?” Sasser wrote in a tweet.
The fake fraud agent then told him that he will assist him in setting him up with a replacement credit card.
And at this point, the ruse was on. As Sasser wrote, “So the card-replacement dance began.” (I’m assuming that the agent sounded so professional and legitimate throughout the whole process so as not to raise any red flags.)
“Is the card in your possession?” the fake agent asked him. And of course, it was. The scammer then asked him for the three-digit CVV security code printed on the back of his card.
After “verifying” the CVV code, the fake agent, out of the goodness of his heart, offered to expedite the delivery of his replacement card. The scammer then read some official sounding disclosures (like all banks do when you do business with them over the phone) and asked Sasser to enter a new PIN number.
Sasser then picked a random PIN code, entered it in, then verified it. At this point, the whole process still sounds standard and by-the-book, right?
Here’s the unbelievable part
Now, here’s the hook. After keying the new PIN, the fake agent then asked him to key in his current PIN.
At this point, most of us will probably assume that the bank fraud agent is sincerely trying to help us, and would have easily keyed in our current PIN code without further hesitation, assuming that it’s just standard procedure.
But thankfully, this made Sasser do a double take. “Don’t you know my PIN?” he asked.
“It’s just to confirm the change. I can’t see what you enter,” the ever-so-convincing not-a-real-agent person told him.
“But… you’re the bank. You have my PIN, and you CAN see what I enter….” Sasser replied. Now, he started realizing exactly what was going on.
The fake agent, of course, had another convincing answer to his doubts. “Only the IVR [interactive voice response] system can see it,” the caller explained. “Hey, if it helps, I have all of your account info up…to confirm, the last four digits of your Social Security number are XXXX, right?”
Surely enough, the agent had the last four digits of his Social Security number correctly. But still, something didn’t feel right.
Sasser then told the caller that he will just call back the number at the back of his card (which, funny enough, is the same number as the source of his current call.)
After calling back, the real agent who answered said that there were no fraudulent charges detected on his account, after all.
“I was just four key presses away from having all my cash drained by someone at an ATM,” Sasser confessed.
Later, a trip to his local Wells Fargo branch made him realize that he just narrowly escaped one of the most sophisticated and convincing scams that are spreading now.
“The Wells person was super surprised that I bailed out when I did, and said most people are 100 percent taken by this scam,” Sasser said.
How to protect yourself from scams like this?
These types of bank number-spoofing scams are relatively new and they can be extremely convincing. With all the massive data breaches from financial institutions like Equifax, don’t be surprised if crooks now have your sensitive information such as your name, phone number, address and Social Security number on hand.
But don’t be readily fooled! Here’s what you need to do:
- Phone number – If you receive a text or email claiming to be from your bank, do NOT call the phone number that is provided. Whenever you need to discuss banking details, always call the number that is printed on the back of your debit or credit card. That way you know the number is legit and you’re not going to be scammed.
- Security details – You should NEVER reveal your security details like your full passwords or PIN code over the phone. A bank will never ask for your online account password over the phone. They might ask you to answer a preset security question, which is fine, but never your password.
- Be vigilant – Never assume that a text message or email is genuine. Scammers can spoof phone numbers and email addresses to make them look official. Don’t click on links within these messages, always type the website address into your browser or call the phone number located on the back of your card.
- Trust your instincts – If a text or email seems suspicious, delete it immediately. Follow up by calling the company using the trusted phone number on the back of your card.
- Take your time – If you receive a call from someone claiming to be from your bank, don’t let them rush you into giving them sensitive information. The incoming number could have been spoofed and a scammer might be on the line. Just tell them that you need a moment and you will call them back. Then call using the phone number that you know is correct.
- Don’t feel pressured – If the person calling is pressuring you to give them sensitive data, stay calm and refuse. Just hang up the phone and call the company’s trusted number to follow up with the issue.