I have a problem with some people impersonating banks. I am concerned about family falling for the scam.
First of all let me tell you that I have minimal experience with security online. I just do the basics; I keep my passwords long and don't login from just any device. I watch out not to click weird links and I have a second wifi for guests. I try to get as much knowledge as I can, because I think it is much needed these days. Every little habit I pick up, I try to pass on to my family as well.
So to get to the point, a family member's colleague recently fell victim to a scam. Someone was impersonating their bank...and they just gave them every bit of info they asked for. That was over the phone. I know this sounds really dumb and I know this kind of scam happens a lot. The person lost some money and until now, the bank has not reimbursed it.
Now a few days ago, the family member this time, received an email from their bank. Remembering the fiasco from earlier, they told me.
According to the email, they had to get in touch with the bank via a link to solve a problem related to the reissue of a credit card.
Here it gets weird. Because we were waiting for a credit card that got reissued.
The problem is the reissue happens automatically, because the card wasn't lost. It's just an automatic renewal after the expiration date.
I did some searches with the email address the scammer used. Found that there is an account with a similar username to the email, on a site called 'raid forums'. To my surprise, it got recently taken down for providing hacked databases to scammers.
Now, I realise this is far fetched. Anything else could have happened. The most likely issue is that the card was used on an insecure online shop. But what if the bank was actually compromised and millions of customers are being farmed by scammers right now for this reason?
Today I talked to other people about it. Pretty much everyone has gotten a similar call, e-mail or sms the past few weeks. It is happening a lot!
I already contacted the authorities and explained everything. Got a burp as a reply and a tired 'we'll pass it on to the relevant department'.
But I do believe that they will pass it on to Europol at some point, since I mentioned the name of the forum and it is in an active investigation.
My dear technophiles, I am a very anxious person and right now, since that day I am searching for an answer; How did they know about the expiry date? I hope just from a payment on some shady site.
Is some device compromised in any way?
What if the bank got hacked somehow. I trust that they would never tell their customers until it is too late. That is how they operate.
Should I tell them to talk directly with the bank about it?
I have links, emails, phone numbers they use. I can post them here whenever, if it is allowed.
The scripts I used to get info from the email are on GitHub. I can mention them too, it it is allowed.
Thanks for taking time to read.
Sorry for any inconvenience.
