, 9 tweets, 2 min read
Oooof. Was just subjected to the most credible phishing attempt I've experienced to date. Here were the steps:

1) "Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?"

Me: no.
2) "Ok. We've blocked the transaction. To verify that I am speaking to Pieter, what is your member number?"

Me: <gives member number> (that number, by itself, is useless).
3) "We've sent a verification pin to your phone."

~ Gets verification pin text from bank's regular number ~

Me: <reads out the pin>
4) "Ok. I am going to read some other transactions, tell me if these are yours. ~ Reads transactions ~"

Me: Yes. These are all legitimate transactions I made
5) "Thank you! We now want to block the pin on your account, so you get a fraud alert when it is used again. What is your pin?"

Me: Are you effing kidding me, no way.
6) Ok! But than we can't block your card

Me: that is bs.

~ hangs up, calls the fraud department of bank ~
--> Once I gave my member number, the attacker used the password reset flow to trigger a text message from the bank.
--> They used this to gain access to the account.
--> Then read some of my transactions to give the call more credibility
--> Needed the pin to send money, failed at that step.
--> Everything before the "what is your pin" seemed totally legitimate. English was perfect. The bank verification code, sent by the expected number, tricked me.
--> The asking for my pin over the phone... not so much.
Stay safe out there people.

And now... joyfully resetting all my passwords, filing a police report, getting additional fraud detection in place.

Never a dull moment!
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Pieter Gunst

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!