On the Internet, there are a lot of stories about idiot scammers getting messed with by funny people who have a lot of time on their hands. Scammers are stupid and obvious, and they could never possibly take anybody with half a brain in. Um, no. A lot of scams are so good you don’t even know you’re being scammed until it’s too late. There are things you can learn to do to protect yourself better, but sometimes even really smart people come very close to the edge.
Take Cabel Sasser, a tech guy who has even founded a software company, yet he almost gave a scammer her debit card pin code over the phone. He tweeted about the experience on Friday, and you can kind of see how he was almost fooled. It all sounded extremely convincing:
I almost just got scammed hard: a cautionary tale. So, I got a call from the 1-800 number on the back of my ATM Card: Wells Fargo. I answered, and a Fraud Department agent said my ATM card had just been used at a Target in Minnesota, was I on vacation? Ugh.
— Cabel (@cabel) September 21, 2018
I picked a random PIN and entered it. Verified it again. Then he asked me to key in my current PIN.
I paused.
“Don’t you… know my PIN?”
“It’s just to confirm the change. I can’t see what you enter.”
“But… you’re the bank. You have my PIN, and you CAN see what I enter…”— Cabel (@cabel) September 21, 2018
Apologizing for my paranoia, I had an idea: “Hey sir, I’m super super sorry, but something feels weird. I’ll call you back at the number on the back of my card, and we can finish this up. Is that ok? Sorry again. Anyone in particular I should ask for?”
— Cabel (@cabel) September 21, 2018
“Uh…. yeah you’ll just get another agent and… they’ll do it.”
I hung up. I called Wells Fargo back.
No one had used my card at a Target, and, yes, I was just four key presses away from having all of my cash drained by someone at an ATM.
Be careful, friends!
— Cabel (@cabel) September 21, 2018
Basically, someone very convincing called him from a number that came up on his phone as the same number associated with the help line on his ATM card. They claimed to be a fraud agent, and that Sasser’s card had been stolen and used at a Target. They wanted to help set him up with a new one. How nice.
The fake agent took him through all the appropriate steps, but then at the end, they asked for his current pin number. Many of us sail through these kinds of interactions while on autopilot, and could easily have just handed it over without thinking, or assuming it was some sort of verification thing. But it made Sasser suspicious because he knew the bank should be able to see his current pin number. When he hung up and called the bank directly, they told him no one had stolen his card, it hadn’t been used at Target, and the whole thing was a dirty, dirty SCAM.
It’s a good lesson, and does offer one solution: always hang up and call back.
Thread on a sophisticated scam. If you receive a call always hang up and call the number on the back of your card. A real fraud prevention rep will appreciate that step. https://t.co/uWPg0fqgTo
— Bill Nickles, AIFA® (@billnickles) September 21, 2018
Effectively, you can no longer trust any inbound call. Kind of like inbound email, it’s best to just go direct to the institution yourself by calling the official number yourself. https://t.co/DCiej88bAq
— Adam Nash (@adamnash) September 21, 2018
Or, never answer the phone at all! What kind of a maniac calls, anyway?