[jillesvangurp]

My phone number (and some other details) were part of Nano Ledger's database that got stolen last year. So, some entrepreneurial scammer started calling me on a daily basis a few months ago. Really annoying. I'm well aware my phone number and email addresses are pretty much public information at this point. I actually put that on my web site even. But stuff like this makes me even less likely to answer unknown numbers. Hilariously, the scammer actually called me while I was giving a security briefing to our company about enabling 2FA. I put him on speaker and we had a good laugh while the guy insisted in broken English laced with expletives that he "had my money".

A few months ago some criminals social engineered themselves past my bank's security as well. The first I learned about this was a funny conversation (by phone!) from an actual Deutsche Bank employee asking me if I recently changed my address and phone number and whether I opened ten new accounts. "eh no?!..." Basically their fraud detection system kicked in before these people did any damage. I made a point of not doing anything else than confirming information they already knew (like my old address, email address) and asked for an on site meeting to discuss things in more detail. I realized instantly I had no way of verifying anything I was being told on the phone and might very well be talking to a scammer. As it turns out this was for real and the person actually managed to find my "old phone number" in some archive. Otherwise all my contact information had already been changed by the scammers. Thankfully I answered that call. Apparently, this happened to several people.

Basically, what happened was some persons just called the bank's help desk, asked them to reset my online banking access codes, and then somehow intercepted the pin codes (thanks Deutsche Post) before they reached me. The theory is that somehow the security of the distribution system was compromised. As far as I an tell, nobody broke into my building or mailbox. Then started they using them to change my address, etc. They got caught only when they created sub accounts and started transferring money.

[nonameiguess]

I've been called twice by my bank to warn me of possible fraudulent activity. Both times I hung up on them and called back at the bank's own public customer service line and asked them if that was really them calling. Once it was and once it was not, so I'm glad I was that careful.

[ricardobayes]

So they really had your money then?

[jillesvangurp]

The phone scammer, no. Just some idiot trying to get me to do stuff I should not be doing. Given how he conducted himself on the phone, he probably does not have a great conversion rate. People that do this are not exactly criminal master minds. But I guess some people get bullied into handing over their private keys, which I assume is what he was after. He clearly had some setup that auto dials numbers. After this, he apparently removed me from that list. So, tip: annoy the hell out of them and waste their time as much as you can when this happens to you. Putting him no speaker got a few giggles out of the team.

The criminals that got into my account got too greedy. The bank's fraud detection system kicked in and rolled back the transactions. But at that point they had complete control over my account. Very scary. If they had been more subtle, they could have likely stolen quite a bit. So, also not criminal master minds probably.