Man in the Middle Scam
A good dose of skepticism may be just the thing when a bad guy is trying to trick you into sharing information. This slide show can help you better understand the “Man in the Middle” scam. This is where bad guys fool you into giving them an authorization code that's been sent to you from a company. Then they use the code to fool the company, pretending they are you.
In the “Man in the Middle” scam, the bad guy literally puts himself between you and a company where you have an account. In that middle position, he can convince the company he is you – and convince you he is the company.
To begin the scam, the bad guy already has your account information, including the phone number associated with the account. He logs into your account and then wants to steal from you or the company by making changes, ordering items or moving money. When he submits the request, the company texts an authorization code to your phone. But you don’t know it’s coming.
The bad guy calls your phone number and pretends to be the company. He may offer you a prize or describe an issue related to your account. He says to win the prize or resolve the issue, he needs the code you just received. That code is the authorization code you didn’t know about.
A bad guy may also use this technique if he doesn’t have your password. If he has your user name and phone number, he can simply click “forgot password.” He then calls you and uses the same trick to get you to share the new authorization the company sent you. Once he has it, he has access to your account.
This can sound convincing, because how else would he know about the text or email you just got?
If you give him the authorization code, he has what he needs to complete the transaction or take over your account.
Here’s how you can better protect yourself from the “Man in the Middle” scam.
- Be skeptical. Don’t believe them and don’t engage in a conversation.
- Hang up. Hang up the call. It’s not rude, it’s smart. Then call the customer service number on your bill to see if the prize or issue is true.
- Do not share information with people you do not know. Someone calling you like this is not someone you know, no matter how convincing they sound. They can even appear to be calling you from the company number. That’s called spoofing, and you can learn more about that on this Cyber Aware blog.
- Change your account information. The bad guy probably already had access to your account, remember. Go in right away and update your password and security settings. Contact the company to ask about additional security measures or monitoring for your account.
These steps will help you identify “Man in the Middle” scams and better protect your personal information.