Interestingly the most... clever, if not necessarily convincing, phishing attempt I've heard of, went like this:
1. Phishers call someone and pretend to be from their bank. If they've guessed the right bank and the person gives away their details, they win!
2. If they don't, and question the phishers authenticity, the scammers say "sure, just call us on the number on the back of your card".
3. The cardholder hangs up, and then dials the number for their bank, which they know and trust, because they've called it before or it's come from their card.
4. They get connected to a service representative, answer security questions, confirm that the transactions are valid, and then can relax.
5. A few days later, they get a call from their bank saying there's a whole lot of fraud on the account.
The trick to this one is that the phishers (a) call the cardholder on a landline and (b) when the cardholder thinks they've hung up, they haven't - the phishers just play a hook tone and then a dial tone.
In Australia at least (not sure about elsewhere?) if you call a landline number, the caller must end the call, or at least it used to be that way (I haven't owned a landline phone for a _long_ time. There's probably also a significant skew towards the elderly in landline owners, and in susceptibility to scam calls.
1. Phishers call someone and pretend to be from their bank. If they've guessed the right bank and the person gives away their details, they win!
2. If they don't, and question the phishers authenticity, the scammers say "sure, just call us on the number on the back of your card".
3. The cardholder hangs up, and then dials the number for their bank, which they know and trust, because they've called it before or it's come from their card.
4. They get connected to a service representative, answer security questions, confirm that the transactions are valid, and then can relax.
5. A few days later, they get a call from their bank saying there's a whole lot of fraud on the account.
The trick to this one is that the phishers (a) call the cardholder on a landline and (b) when the cardholder thinks they've hung up, they haven't - the phishers just play a hook tone and then a dial tone.
In Australia at least (not sure about elsewhere?) if you call a landline number, the caller must end the call, or at least it used to be that way (I haven't owned a landline phone for a _long_ time. There's probably also a significant skew towards the elderly in landline owners, and in susceptibility to scam calls.