A very experienced reader shared this story last week, and I asked if I could share it here so that you guys are aware and can be careful yourself. Don’t think just because you’re “too smart” to be scammed, this could heave easily happened to any of us. Here’s the story unedited:
“I got scammed. I want to warn you all about it because it’s quite clever. Got a couple emails that my Venmo had been accessed from an unknown device. So I was alarmed but relieved when I got a call from Venmo. They ask me to verify my identity — and then they ask me to read the one-time 6 digit passcode they are texting me. Little did I know, this was me giving out 2-step verification to a scam artist. After I did that, large transactions started leaving my account. I said to them: “You guys clearly didn’t lock down my account well. The money is leaving now!” They said: “We will call you back in 10 minutes.” It was only after 2 hours that I realized I’d been scammed. Don’t read 6-digit passcodes over the phone… perhaps ever?!”
Clearly the scammer knew his Venmo email (the emails did come from Venmo) and also his phone number since they called him, and then did the 2 factor authentication while being on the phone with him. They would then type that into his account and BOOM! Accessed. I do believe he’ll get all his money back from either Venmo or his credit card, but what a hassle to deal with.
I know I’ve read passcodes over the phone, but that’s usually when I’ve dialed out to a credit card company and the rep would send it over. Moral here is – if YOU get called and get asked for the passcode, you may want to tell them you’ll call THEM BACK since it could be a scam.