The Dutch government recently published a PSA video aiming at raising awareness about phishing and scams. A supposedly Dutch hacker explains how to quickly make €100,000 in 5 easy steps.
First, he buys some debit cards and PINs from students in the streets. He then buys computers on a botnet to collect information about potential targets, reading emails and bank-related information. Calling victims, he convinces them (using social-engineering) to give him a two-factor authentication code from their smartphones. He then uses this code to wire money from the victims’ account to the accounts he previously acquired.
At this point the hacker gets a few thousands of euros from ATMs. Another technique demonstrated is to create a free WiFi hotspot in a public place such as a cafe, then collect information as careless customers use the hotspot thinking it’s provided by the cafe.
To get from €15,000 to €100,000, the hacker travels to Ukraine to rent a call center which provide social-engineering services, thus scaling the whole operation even further. After two days, the hacker cashes-in €100,000 which he uses to buy a brand new Lotus.
Even though the whole thing is fake, most of the techniques used are real and exploited daily by criminal organizations.