You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Always Hang Up. Then Call Back.

Phone scams are sneaky. Here's a story on why we simply hang up and call a known number to verify.

No, this isn't about playing hard to get.

Credit card and bank fraudsters continue improving their game, and we have to be on alert. Always. You can't simply trust that it's really your bank calling.

And here is an actual scam to illustrate why it's always safest to hang up and call back a known number, either from a statement or the back of your credit card.

Mitch received a call from what he thought was his financial institution, warning him that fraud had been detected on his account.

In this real-world story, Mitch knows the safe behaviors. This one seemed legit when caller ID showed his bank's actual number when they called to notify him of questionable charges.

Mitch knew enough of scams to understand that fraudsters can and often do spoof phone numbers.

The criminals subsequently staged a well-choreographed, two-day scam. Remarkably, the entire fraud occurred over the phone without any online banking theft.

Mitch and his bank determined that his assailants never once tried to log in to his account online.

To up the ante, the criminals made calls Mitch's bank, pretending to be Mitch. They used the information from Mitch to fool the bank, all at the same time.

Another man called in posing as Mitch and provided a one-time code the bank texted to the phone number on file for Mitch’s account — the same code the real Mitch had been tricked into giving up — and then initiated an outgoing wire transfer.

This is when things went from bad to worse, as Mitch discovered the $9,800 wire from his account.

While Mitch fights to get his money back from the bank, the fraudsters are nowhere to be found.

Whether it's Phishing or any other form of Social Engineering, INFIMA's automated platform trains your team to avoid criminals' tactics.

Ready to learn more? Start here!

Original article here.
[https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/]

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.