Most phishing attacks are pretty straight forward. They try to get the login credentials to your bank account, wipe you out and go on vacation. I’m not really sure about the vacation part, but the rest is pretty typical.

What else is typical is that the way to get your credentials is to send you an email with a link to a bogus website that captures your information and looks convincing enough so that you’ll provide it. Phishing attacks mostly come by email, but not always.

According to a Lifehacker article, a lawyer was the target of a phishing attack over the phone recently. The lawyer outlined the steps the hacker took to get his credentials, including PIN. And he almost got away with it.

From the article, the lawyer, Pieter Gunst, “got a call from someone claiming to be from his bank, asking him if he had used his card in a far-away city. When he said he hadn’t, the caller blocked the transaction and asked for Gunst’s member number, which he explained in the thread is a customer number—not a bank account number.

The person on the phone said they were sending a verification PIN that Gunst read back after receiving from the phone number he associates with his bank. He later realized that the scammer was resetting his password with the verification number they sent to Gunst’s phone.

The scammer read off a few other charges, Gunst confirmed he had made them, and the scammer said, ‘Thank you! We now want to block the PIN on your account, so you get a fraud alert when it is used again. What is your PIN?’ That’s when Gunst knew for sure that something was up. He hung up and called his bank’s fraud department directly. Giving out his PIN would have allowed the scammer to withdraw money from his account, had he not realized something was amiss.”

Never give out a PIN over the phone. Better yet, never trust anyone that calls you on your phone. Call them instead.

You now see that not all phishing attacks come via email, although most do. There’s not much you can do to prevent phishing attacks over the phone other than to use common sense. But there’s a lot you can do to protect yourself from phishing attacks that arrive via email.

DuoCircle protects your from more common phishing attacks that arrive via email. It provides the most important phishing protection of all: real-time link scanning. It sets up in 10 minutes, costs pennies per month per account and comes with 24/7 live technical support.

When phishing attacks arrive on the phone, just hang up. When they arrive via email, protect yourself with

Pin It on Pinterest

Share This