Last week, I had a remote appointment with a client who had very recently suffered the trauma of being scammed. What was different about this client in comparison to many victims I see is that she was young and quite tech-savvy, and she had done lots of on-the job-training about scam detection. So she really was so shocked that she had been caught out, and wanted to discuss how she could better protect herself in future. Unfortunately, she fell for the scam because
How did this scam work?It was a phone call, where the caller said they were from her bank - advising that her credit card had been compromised, and they were detecting fraudulent transactions. So she/they needed to act quickly to prevent further loss. They gained her trust by telling her that, as a bank, they would not ask her for any personal details. Instead, they asked her to open her banking app. That certainly sounded like something the bank would ask. They told her that the scammers had changed her credit card’s CVC, and that she could verify this herself by going to the Card option in the banking app, and viewing the card details. She did this on her iPhone, and it showed her that the CVC was, as the scammer warned, different to her physical card’s CVC number. So she was very concerned. (I must say that I didn't know that they can be different, so this bit might have fooled me too.) It was then the next part that she can’t believe she fell for. The scammer said he needed remote access to her iPhone to assist from this point. She knows that this is the point at which she should have realised it was a scam and hung up. He told her to download a remote support app, called Zoho Assist - a common remote support tool used in technology support. He then walked her through the process of connecting with him and got her to share her iPhone screen - thereby allowing him to view the banking app, which was still showing the Card Details screen that he has previously asked her to check. She then saw verification code (NetCode) notifications appearing in quick succession, providing two-factor-authentication codes for approving new payments. The scammer told her this was proof that the scammers were currently actively using her stolen details while he was solving her problem, so she needed to stay on the line while he secured her account. In reality, he was the initiating payments and could also see those NetCode codes, allowing him to verify these fraudulent payments. The scammer was getting quite agitated that the remote session froze on occasion, or that the screen went to sleep. He just wanted to keep her on the line for as long as possible with the screen active, to put through as many transactions as possible. It was this agitation that finally set off the victim's alarm bells. She terminated the call, contacted her bank, removed the remote support app and reset her phone to factory settings as a precaution. Fortunately, only some of the approx. $10,000 worth of transactions went through successfully, but she still lost over $2000. She knows that it could have been far, far worse. Of course, this client knows that if her card ever appears to be compromised, there is the option to Lock Card Temporarily in here banking app. She knows that she should have done that, then hung up and contacted the bank to check about her card. She knows she could have Googled to find out whether the CVC can be different in the app to that on the card. This is what such a search would have shown: "If you have an eligible CommBank debit card, your digital card will have a unique CVC that is different to what is shown on your physical card for security purposes. While your physical card is in the mail, you can use your digital debit card CVC. After you’ve activated your physical card, either CVC can be used to make online or recurring purchases and set up digital wallets." Unfortunately, very few people are able to think clearly when in panic mode, being pushed to act quickly - especially when under the threat of losing large amounts of money. The scammers know this. Some good advice on scamsA couple of days after hearing this client's story, I received an email from my energy company, with some really good advice on scams, and particularly relevant in the above case. I have included this advice below, tweaked to remove the company-specific references and adding a couple more. The scammers may sound legitimate - but don't be afraid to hang up Need advice or support?In the hour-long appointment, we covered lots of things that this client can do to prevent being caught out in future and make sure her online world is as secure as possible.
If you too need support or advice in relation to scams and security - or on any other technology topic - make an appointment with iTandCoffee. And if you are a member of the iTandCoffee Club and you need advice about a suspicious email or text, forward it to [email protected] and we will let you know if it looks legitimate or is a scam. (Texts can be sent as screenshots.) Not yet a member of the iTandCoffee Club? Here's where to learn more and join.
1 Comment
Alison Jones
29/1/2024 04:17:09 pm
Well done to you on your help!! I'm sure this lady will be very grateful for your advice!!
Reply
Your comment will be posted after it is approved.
Leave a Reply. |
What's on at iTandCoffee ?Below is our list of videos, classes and other events that are coming up soon.
Videos shown are offered for eligible members of the iTandCoffee Club. If you have questions, why not join fun and informative 'user group' meetings, held once a month. All iTandCoffee classes are run as online classes (using Zoom), which means you can attend from anywhere. |
27 Sycamore St, Camberwell, Victoria Australia
(also located in Daylesford)
(also located in Daylesford)
Call +61 444 532 161 or 1300 885 320
to book an appointment or class, or to enquire about our services and products
SENIORS CARD WELCOME HERE:
Seniors Card holders qualify for a 10% discount on all classes booked and paid for online (excludes PTT sessions and classes already discounted during COVID-19 crisis). To activate the discount at the time of booking, select Redeem Coupon or Gift Certificate and enter 10OFFSEN before selecting Pay Now. |
© 2012-2024 iTandCoffee Pty Ltd. All rights reserved ACN: 606 340 434