The woman was a scammer, and Gunst was just the latest target in a growing trend that's left thousands of Americans frustrated, broke, and without a clue how to get their money back.The over-the-phone scheme is a type of phishing scam. And in the last year, a whopping 26,379 people reported being a victim of some sort of phishing scam. Together they reported nearly $50 million in losses, according to the FBI's 2018 Internet Crime Report. While the number of reported scams increased slightly from the 25,344 phishing scams reported to the FBI in 2017, the losses skyrocketed by nearly $20 million.They are not going away anytime soon, as scammers are getting more clever and devious in their phishing attempts. Here's how you can avoid being the next person to fall for one.

How it works

Gunst ignored the first call from the scammer — he didn't recognize the number. But the same number called him again, and as a business owner accustomed to unknown numbers, he decided to pick up.Gunst says the woman on the other end claimed she worked with the bank, and someone had attempted to use his card in Miami. Gunst, who lives in San Francisco, told the caller it wasn't him.Still, having received legitimate calls from his bank regarding attempted fraud in the past, Gunst still did not suspect anything unusual.Virtual kidnappings are rattling families across the USThen it got weird.After confirming that he did not use his card in Miami, Gunst says the caller told him that the transaction had been blocked, and then asked him for his member number.Gunst then received a legitimate verification pin from the bank's regular number via text, which he promptly read back to the caller — not realizing that it was a password reset code.The person on the line — a scammer — was in. She could access his account and began to read off recent transactions that Gunst had actually made, lending a bit more credibility to the call.Then came the next question, which immediately set off a red flag: "We now want to block the pin on your account, so you get a fraud alert when it is used again. What is your pin?" Gunst hung up. That's a number no bank would ever ask for. He quickly called the fraud department at his bank, and began to rethink how the call went awry."The problem is the text should say what its purpose is," Gunst later explained to CNN of the verification pin, which he tweeted about in a widely-read thread. "'Someone is trying to reset your password. Don't give this number to everyone.' But it didn't. It was just a generic pin."He said that was a lesson for the bank to learn from.

The 'hack' used social engineering

We asked a hacker to try and steal a CNN tech reporter's data. Here's what happenedHackers may use what's known as social engineering to try and obtain or compromise information about you, which could then be used to gain access to something such as your bank account.What that means is simple: they tricked you, or someone who knows you, to compromise your account.CNN reporter Donie O'Sullivan recently agreed to allow Rachel Tobac, a cybersecurity executive and hacker who specializes in social engineering, to hack him as a means to show how a scam can work. She was able to get his home address, phone number, have his hotel points transferred over to her and even change his seat on an upcoming flight.And she was able to do this largely by using information that he posted online on social media: an Instagram check-in at a hotel and a tweet about a piece of furniture.How? Both the hotel and the furniture company handed his personal details to the hacker over the phone.

It's not always your fault

Companies that don't have the proper security procedures in place can often leave themselves and their customers vulnerable to a social engineering attack.A small company could easily be tricked into giving up personal customer information over the phone if a clever hacker has just enough information to seem credible.Small banks and companies have been known to put out member newsletters or even hold member appreciation events where it's posted on social media and people are invited to accept or decline the invitation, according to Ron Schlecht, managing partner of security firm BTB Security.A savvy hacker could've used that information to find members of that bank and use social engineering to find information such as their home addresses and phone numbers in order to phish them."It's unclear at this point where this happened, but there's no doubt in my mind that they knew that I was a customer of that bank and they thoroughly understood the security procedures of that bank," Gunst says. "It was rather targeted."While it's possible that Gunst's bank was compromised, Schlecht says that "it's more likely that they disclosed information without really knowing it was bad to do so."

Spotting the scam

There are a number of clues out there that should raise your suspicions. "If you've been randomlRead More – Source