SCAM AWARENESS: ‘Man in the middle’ scam tactic


LITTLE ROCK, Ark. (KARK) – (4/5/19) As someone who reports on scams almost daily, I never thought I would become a victim of one, so I am sharing my story in hopes of preventing anyone else from becoming a victim. 

For me, it started with a phone call that appeared to be from my bank. A woman on the other end told me they noticed fraudulent activity on my checking account. Something about the call seemed off, so I asked her to verify that she was actually with my bank. 

Cyber Security expert and owner of Citadell Systems, Chris Wright, told me that I made the right move by asking for additional verification. 

“The biggest thing when you’re looking at things like phishing and these scam calls is your level of comfort. Don’t just assume that it’s legitimate,” Wright explained. 

The caller told me she would be sending a text message to me shortly with a code so I could verify she’s with the bank. I got that text, which is normal for my bank, so I continued talking with her. What I didn’t know at the time was the caller was likely talking to my bank on another phone and pretending to be me at the same time they were talking with me. 

“On the call with the bank, they’re pretending to be you. On the call with you, they’re pretending to be the bank. That’s a common attack method in cybersecurity called ‘Man in the Middle,'” Wright said. 

It wasn’t until I got off the phone and was able to log onto my online banking that I noticed the criminals withdrew hundreds of dollars from my account by using an ATM in Lakewood, California. 

“That’s really targeted. It sounds like they were actually trying to target you,” Wright said. 

As someone in the cyber security business, Wright focuses on trying to stay one step ahead of the hackers. He helps small businesses with their cybersecurity needs. 

“These people are very crafty and it’s kind of a devious craftiness, the stuff that we don’t normally think about,” he said. 

Wright suggested if you get a call from someone claiming to be with your bank, it’s okay to hang up and call the bank directly to let them know what just happened. He also said if you get an email, do not click on the link. Instead, you should go to the bank’s website on your own. 

When it comes to passwords, Wright said it is best to create long, strong passwords with 15 or more characters and if you do online banking, use a two-factor authentication for signing into your account.

If you have fallen victim to a scam and would like us to investigate it, email me.

Copyright 2021 Nexstar Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Don't Miss

Don't Miss

Trending Stories