2) "Ok. We've blocked the transaction. To verify that I am speaking to Pieter, what is your member number?" Me: <gives member number> (that number, by itself, is useless).
-
-
Show this thread
-
3) "We've sent a verification pin to your phone." ~ Gets verification pin text from bank's regular number ~ Me: <reads out the pin>
Show this thread -
4) "Ok. I am going to read some other transactions, tell me if these are yours. ~ Reads transactions ~" Me: Yes. These are all legitimate transactions I made
Show this thread -
5) "Thank you! We now want to block the pin on your account, so you get a fraud alert when it is used again. What is your pin?" Me: Are you effing kidding me, no way.
Show this thread -
6) Ok! But than we can't block your card Me: that is bs. ~ hangs up, calls the fraud department of bank ~
Show this thread -
--> Once I gave my member number, the attacker used the password reset flow to trigger a text message from the bank. --> They used this to gain access to the account. --> Then read some of my transactions to give the call more credibility
Show this thread -
--> Needed the pin to send money, failed at that step. --> Everything before the "what is your pin" seemed totally legitimate. English was perfect. The bank verification code, sent by the expected number, tricked me. --> The asking for my pin over the phone... not so much.
Show this thread -
Stay safe out there people. And now... joyfully resetting all my passwords, filing a police report, getting additional fraud detection in place. Never a dull moment!
Show this thread
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Im surprised they couldnt transact with access to your account online.
-
They needed the pin.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.