PHISHING. It’s something that, invariably, will happen to all of us.
Phishing is the act of basically taking your details through social engineering – complete a survey to get cash, update your details, log in “for security purposes”, view “important bank messages”, etc. For the people doing the phishing, it’s all about getting your personal details in order to steal your money.
Traditionally, phishing attacks are more “click on a link, complete survey/update details”, but lately they’ve been getting more sophisticated, telling potential targets to “call a number and confirm their details.
But in a new variation on the traditional “phishing” attack, which usually asks victims to click on a malicious link, one Commonwealth Bank scam email asks customers to call a Queensland phone number in order to redeem a $500 “cashback bonus”.
“It’s an automated system with an American accent that welcomes you to the Commonwealth Bank of Australia and then requests an account number or says something’s expired and asks for your credit card number,” he said.
The voice recording then requested Howard’s expiry date and pin number, but he just entered in random digits.
“It actually told me the information was incorrect, which suggests that it’s hooked up to a payment gateway and it’s actually trying to do an authorisation on the credit card right then and there,” he said.
I’ve been hit three times now – the first time was easy to spot, the second easy as well, and the third time wasn’t so easy (but still contained enough tell-tale signs).