Phishing Attack – Phone Call (Example) | Cyber Security | Social Engineering

In this guide we will look at one example how a phishing attack can be carried out through a phone call. We will also look at what could happen to our data if the attack was successful and how we could have prevented this. More detailed information regarding phishing can be found on my other post titled “How Do I Overcome Phishing Attacks?”

Scenario

You receive a call from your bank saying that your account has been put on hold due to some suspicious transactions and in order to unfreeze the account you will need to answer some security questions. You have checked the caller ID and the call is coming from your banks phone number so you have no reason to be suspicious.

What is actually happening?

The caller may be using caller ID spoofing to make it look like the call is coming from the bank when it is not. The caller’s goal in this scenario is to get the answers to your security questions and potentially other sensitive data following this.

What will they do with my data?

The scammers may use this information to get access to your bank account and transfer funds. If you had followed through with the call, they may have asked more personal questions such as your social security number, birthdate, etc. This would have provided the scammer with enough information commit identity theft. Identity theft will enable to scammer to take out loans, credit cards or open bank accounts in your name. This information is likely to be resold on the darknet for other criminals to use the data for similar purposes.

What should I have done?

You should hang up the phone and called your bank using the number on the back of your card or from their website. This will ensure that you are speaking to the banks employees and can feel confident in sharing answers to security questions that may be required to pass security verification.