Subscribe NOW

Enter your email address:

Text Message our CEO:

650-283-8008

or on twitter

Free Resources

Click Here to learn more

In The Media

Phishing is When People Fish For Your PIN

by Larry Chiang on October 9, 2019

By Larry Chiang


Phishing. 


1/ Social engineering


Building trust by asking questions they know the answers to. 


2/ attack surface is anything with emotion


Humans. 


3/ texts can be spoofed


Texts and emails can be spoofed


Any asset touching the Internet that’s accessible by “PIN” is in jeopardy. 


Read Pieter Gunst’s tweet and comment what your thoughts are

Pieter Gunst (@DigitalLawyer)
Oooof. Was just subjected to the most credible phishing attempt I’ve experienced to date. Here were the steps:

1) “Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?”

Me: no.


Pieter Gunst (@DigitalLawyer)
2) “Ok. We’ve blocked the transaction. To verify that I am speaking to Pieter, what is your member number?”

Me: <gives member number> (that number, by itself, is useless).

Pieter Gunst (@DigitalLawyer)
3) “We’ve sent a verification pin to your phone.”

~ Gets verification pin text from bank’s regular number ~

Me: <reads out the pin>

Pieter Gunst (@DigitalLawyer)
4) “Ok. I am going to read some other transactions, tell me if these are yours. ~ Reads transactions ~”

Me: Yes. These are all legitimate transactions I made

Pieter Gunst (@DigitalLawyer)
5) “Thank you! We now want to block the pin on your account, so you get a fraud alert when it is used again. What is your pin?”

Me: Are you effing kidding me, no way.

Leave a Comment

Previous post:

Next post: