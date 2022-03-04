HARRISBURG, Pa. (WHTM) — Jim had received calls before just like this one from his bank — from the same number, in fact, as the one that showed up on his called ID.

“He said there was suspicious activity, and in Texas,” said Jim, who asked not to use his last name, describing the man who represented himself as an agent in Northwest Bank’s fraud department. “He asked if I was traveling or out of state. Of course, I said no.”

So far, no harm done. And all very familiar.

“He said verbatim what they say when they call inquiring about a fraudulent transaction,” Jim said, “because it’s happened before where our card numbers got stolen. And, two other times in [the past] several years, I’ve gotten the call, and they blocked the transaction.”

Get daily news, weather, breaking news and alerts straight to your inbox! Sign up for the abc27 newsletters here.

The man said he needed some basic information to protect the account. Jim knew better than to just volunteer anything without checking.

“But he had my home address and my date of birth” plus the last four digits of Jim’s social security number, he said. “He read those off to me. So I got comfortable.”

And provided the username to his account.. The man, who sounded so official, knew so much and was calling from the correct number — the one listed on the back of Jim’s debit card — needed the username to verify his account. Or so he said.

“When he gave them his username, that was the missing piece of the puzzle, because now they could put in the username [and] click the forgot password button,” said Jonathan Weissman, a senior lecturer at Rochester (New York) Institute of Technology’s computing security department.

Next, Jim received a code on his cell phone, which the man on the phone asked Jim to read to him.

“I was flustered and thinking, you know, ‘I need to get this resolved quickly.’ And I provided him a number. Another text came in and said, ‘Don’t provide this number to anyone, not even Northwest.'”

“After reading that,” Jim continued, “he was still on the phone. I said, you know, ‘Please don’t do this. I know you’re not with Northwest.’ And then that’s when he hung up.”

Jim immediately called Northwest — the same phone number, of all things, from which the scammer had appeared to be calling — but thousands of dollars had already left his account via wire transfer.

Jim — a young, tech-savvy, working professional with an advanced degree — knows he’s not the stereotypical cybercrime victim. And he said that’s why he called abc27 News with his story: so no one else lets down their guard just that same little bit that he did.

“Unfortunately, cybercriminals are deploying increasingly sophisticated tactics to access personal information and accounts, including the use of spoofing, which is the act of disguising a communication, like a call or text, from an unknown source as being from a known, trusted source” such as a bank, Northwest Bank told abc27 News in a statement Friday.

Cybersecurity expert Scott Schober — president & CEO of Berkeley Varitronics Systems and author of three books, including “Hacked Again” — confirmed what the bank said.

“Spoofing scams are very common,” Schober said. He said criminals can easily access mobile apps that disguise their phone numbers. The apps go beyond that, even providing ambient sound to convince you the scammer in a basement is actually in a legitimate call center.

“In the background, you hear phones ringing — a little bit of chatter — and that’s actually just a button,” Schober said. They click on the app, which creates this background, which it sounds very convincing.”

So convincing that Schober himself once was almost convinced by a similar scam. But something in his mind told him to take one additional measure.

“I said, ‘Hold on a second. Just in case something happens, this call is very important to me. Can I get your name, your phone number and your email in case we get disconnected?'” Schober said. “Click. They hung up on me.”

Northwest said its actual agents will never ask you to read them a code from your phone.