Cabel Sasser narrowly avoided having his bank account emptied last week by a swindler running an ATM card scam, an escape from a financial nightmare that he recounted in a string of tweets.
The attempted fraud was carried out by an unknown male phone caller who had Sasser's Social Security number and appeared to be calling from the security department at Wells Fargo, the bank where Sasser has an account.
The attack marked a more sophisticated variation on older scams and represents a cautionary tale for millions of American consumers. The results of a consumer poll on phone scams and spam issued in April 2018 by Truecaller, a mobile app that helps block unwanted calls, showed that an estimated 1 of every 10 U.S. adults had been victimized by a phone scam during the preceding 12 months, with an average loss of $357 per victim.
"Unfortunately, phishing scams like these are all too common, and the fraudsters can be convincing," said Sarah Grano, a spokesperson for the American Bankers Association. "The best thing to do is trust your gut" and hang up if a call "seems suspicious."
The phone scam
Sasser, a co-founder of Panic, a software company and video game producer based in Portland, Oregon, said he was not suspicious at first. His cellphone's caller identification system showed the call apparently came from the 800 number listed on the back of his Wells Fargo ATM card.
A male caller identified himself as a fraud department agent and said the card had just been used for purchases at a Target store in Minnesota, more than 1,500 miles away from Sasser's home.
"It was a very smooth, very authentic-sounding call," Sasser said in a telephone interview. "I've had this happen so many times that I didn't even flinch at the fact that, great, another card got used someplace where it shouldn't be used."
Answering questions from the caller, Sasser said he had the card in his possession. The caller had him verify the card's security code. Then, the man read some disclosures related to obtaining a replacement ATM card. The procedure, familiar from previous security calls, "helped with the believability," Sasser said.
Next, the man asked him to key in a different personal identification code for the new card via his cellphone. That raised a red flag.
"There were no computer prompts or anything. I was just literally pushing numbers on my phone that he's just hearing on the other end," Sasser said. "I was starting to get a little nervous."
Finally, the man asked him to enter his current PIN number into the phone.
"That was the moment that pushed me over the edge – something is definitely not right here," Sasser said. "I asked him point blank, 'Don't you know my PIN number ... you're the bank?'"
The man said he couldn't see the number and then tried to allay suspicion by reading the last four digits of Sasser's Social Security number. Sasser said the numbers were correct, but something was "very wrong."
Now all but certain he was being scammed, Sasser nonetheless said he reflexively shied away from being rude.
"Somehow, I found the courage to push through that hesitation," said Sasser. "I said, 'I'm sorry ... something about this seems weird. I'm just going to call the number on the back of my card."
The man sounded "kind of defeated" as the call ended Sasser said. But a real Wells Fargo representative was anything but crestfallen when Sasser called the bank's security office.
"I spoke to a guy who was incredibly happy that I had stopped when I did," because many people don't and lose money, said Sasser. "He definitely said 'there had been no attempted fraud on your card, and that whole story had been totally made up.'"
Phone fraud numbers and warnings
Such scams are anything but uncommon.
In all, 77,999 people who filed complaints with the federal Do Not Call Registry in 2017 reported imposter frauds from live callers, according to the Federal Trade Commission. An additional 179,925 complaints reported similar frauds from recorded robocalls.
The Truecaller poll from April found that 18 percent of the respondents who said they had received scam calls during the preceding 12-month period cited bank problems, including calls that sought sensitive information about accounts.
In many cases, the scammers have already gathered information about potential victims, said Lauren Saunders, the Associate Director of the National Consumer Law Center. Social Security numbers can be bought in bulk on the Dark Web and other sites. Phone numbers for security departments at a bank, or other companies, can be spoofed so they appear on caller ID systems.
"Caller ID can be programmed to say whatever someone wants it to say," said Amy Nofziger, an AARP expert on consumer frauds.
Wells Fargo declined to comment on the phishing call reported by Sasser. However, the San Francisco-based bank said scams are "becoming more commonplace."
Avoid getting scammed
- Banks won't ask for PIN codes, so be suspicious of a call from anyone who does, said Nofziger. And don't shy away from confronting a suspected scam caller. "It is not rude to take control of the situation and take control of your financial security," she said.
- If you receive a phone call seeking information or access to an account, hang up and contact the financial company by using the number on your ATM card or on the firm's website, Wells Fargo said.
- Don't provide your account information or Social Security number to anyone who contacts you by phone or online, the American Bankers Association said. Use a combination of letters and numbers for passwords, and change them frequently.
Reflecting on the incident, Sasser said the scam was more sophisticated than anything he'd previously encountered. That's one of the reasons he shared the details.
"It tells me that the thieves are getting smarter, which means that we have to be getting smarter," he said.
Follow USA TODAY reporter Kevin McCoy on Twitter: @kmccoynyc