This past Wednesday UK police arrested nine people in connection to a phone scam that drained £60 million ($92 million) from victims’ banks. These scammers posed as bank employees on the phone; convincing the victims to provide confidential information. After the scammers got a hold of the personal banking information, they would transfer money to ‘mule’ accounts and then withdraw it from an ATM.
During the raid, police recovered dongles, SIM cards, mobile phones, laptops, and a ‘significant’ amount of cash.
The only technical part of this attack was spoofing the caller ID; and this is a old scam. The rest is just well-organized social engineering. If they sound legitimate, a lot of people will fall for the scam and hand over the compromising information.
The fix for attacks like this doesn’t happen with technology, it comes with education. People need to be more careful when speaking to banks and other financial institutions on the phone. If you get a call from a bank, ask to call back and use a number you found yourself, not a number they give you or one found through a web address they give you. Safety comes with precaution.