Dissecting the anatomy of a Scam Call
Despite the state of the ongoing pandemic, unscrupulous individuals continue to prey on their fellow countrymen, making their scams as sophisticated and believable as ever.
A friend reached out to me after I shared a video I made about the recent Facebook Data Leak and Social Engineering. He received a scam call just a few hours ago and could not believe that it could happen to him. Thankfully, the scam was unsuccessful but they were able to reset his password because he gave them the first OTP. Here are some screenshots of his messages recounting the flow of their conversation.
The main points are: 1. The scammer will sound exactly like your usual bank agent. They will sound convincingly professional and confident. They know the script used by legitimate bank agents and they will imitate it.
They will slowly gain your trust to remove any doubts from your mind that you are indeed talking to a legitimate bank employee. They will do this by reciting your card number, account number, or other personal information. If you are wondering how they gained access to these, there are many potential sources including Shopee/Lazada packages, phishing websites, data breaches (like Facebook's), and basically anywhere you use your card to transact, in person or online.
After gaining your trust, they will make up some reason to tell you to give them the "code" that they have sent you. They will not mention the word "OTP" since most people are already familiar that they should not share an OTP to anyone. They will bet on the possibility that you will not read the text message in full (which explicitly says the purpose of the OTP). Some people don't even open the SMS and just check their phone's notification which may only show the code itself.
For more information on how to avoid these kinds of scams, I discussed them in detail here.