As one would expect, phishing techniques continue to evolve as society catches up with each evolution scam evolution. A thread of tweets from @DigitalLawyer this week captured the cybersecurity world's attention. The Twitter story provides an essential set of reminders to everyone.
Here is a quick summary of the scam. @DigitalRiver, our target, received a call saying that his bank card was compromised. The phisher requested the target's member number to verify his account. @DigitalRiver gave the ID, and the phisher used the details to trigger a password reset. The password reset sent a pin to @DigitalRiver's phone, which he gave to the scammer. At this point, the phisher was in the user's account and able to verify additional transaction details to build confidence in the story. Luckily, the scammer required one more PIN to move money, and the target caught on before the scammer could inflict more damage.
The lessons from this incident are clear and are a good reminder for all:
Everyone is a target. Technology literate and illiterate.
While it seems straightforward to identify scams, it can be harder to judge when you're in the midst of a conversation where your emotions are in play.
Do not share your PINs with incoming calls.
When in doubt, you must stop and think about what is happening. Despite sharing a reset pin, @DigitalRiver was able to prevent additional damage by continuing to be prudent.
The last step in the conversation is that @DigitalRiver called his bank's fraud department right away. Accidents can happen, and when they do, you need to take immediate steps to rectify them. The fraud department is there to help you.
With those lessons in mind, we remind everyone to stay vigilant and share their stories. While being a target may be embarrassing, it is much more important to protect and inform others.