Criminals are resurrecting low-tech attacks to siphon tens of thousands of dollars from unsuspecting victims. According to financial fraud experts, so-called "man-in-the-phone" attacks require little more than a telephone and old-fashioned con artistry.
The scam works like this: The criminal calls a target, claiming to be the fraud department of the target's bank calling to alert the mark to potential unauthorized activity. The recipient of the call is then told to please hold while a fraud specialist is brought on the line. The perpetrator then calls the victim's bank, and bridges the call, while placing his portion of the call on mute.
When the bank's fraud department asks various questions in a bid to authenticate the victim, the criminal records the customer's answers. Depending on the institution, the answers may include the victim's Social Security number or national ID number, a PIN or password, and/or the amount of last deposit or location of the last transaction.
The criminal then calls the bank back (ostensibly reaching a different customer service representative), supplies the personal information needed to access the victim's account, and begins to initiate a series of wire transfers out of that account into another that he controls.More...