In the News
Phone phishing scams are becoming harder and harder to detect. In Beware of phone phishing scam pretending to be your bank, Liz Koh at WAFB9 discusses an attorney who received a phishing call disguised as a phone call from his bank. Koh shares this cautionary example of a sophisticated phishing scheme that the attorney only discovered once he was asked for his account PIN. Koh explains that the attorney received a phone call alerting him of a potential fraud charge, requested his member number, confirmation of past transactions, verification code, and finally his account PIN. Koh furthers that because the attorney received a verification code from his actual bank, the attempt seemed legitimate. However, the attackers were using his background information to access his account in real-time.
Our Take
Phishing attacks can happen across a whole host of platforms and channels. Phone phishing attacks can be especially hard to distinguish from credible calls because the conversations happen in real-time and often invoke a sense of fear or urgency in the target. This emotional response is utilized by the attackers to encourage users to share their personal information with little hesitation given the urgency of the supposed situation. As with the attorney, sophisticated attacks can utilize legitimate channels of communication such as triggering a verification code to be sent from the actual bank to the customer. These additional details of a phishing attack not only increase the credibility of the attacker, but also represent how many attackers use their victims in real-time to steal their personal and financial information. Although any phone call alerting you of a potential financial fraud or loss should be taken seriously, always verify the incident before providing any personal information. Even simple forms of personal information can be used against you for your attacker’s gain.
Recommendations
How can you better protect yourself against phishing attacks?
- Refrain from sharing highly sensitive information over the phone, a speaker, or a messaging service
- Learn how to spot a phishing attack
- Don’t reuse your account passwords, and take advantage of multi-factor authentication whenever possible
- Check your email, financial accounts, and credit reports regularly for abnormal activities
- Stay up to date on the news regarding recent fraud and phishing attacks to see if you may have been affected