Binary Defense analysts also found the information described in this article as part of the regular monitoring of criminal forums and Darknet sites in our Counterintelligence service. Binary Defense tracks many phishing and telephone-based scams designed to elicit sensitive information such as passwords from targeted individuals. The most damaging phishing campaigns resulting in the highest number of victims make use of personalized information to make the scam seem legitimate. If a scammer on the phone spoofs their caller ID to match the victim’s bank phone number, and the caller has the victim’s card number, date of birth, and address, it can seem very convincing that they represent the bank. One such scam that has been prevalent recently involves placing a phone call pretending to be a bank to convince the victim to respond to text messages that the scammer says are to prevent fraud on the bank account. In reality, it gives the scammer access to transfer money out of the victim’s bank account using the Zelle person-to-person payment system. Details such as those provided in the free spreadsheet enable criminals to carry out these scams much more effectively. To protect against these scams, do not trust caller ID to identify a bank employee on the phone, and never give out passwords to anyone who calls or emails a link. If in doubt about the authenticity of a caller, hang up and call the bank at a published phone number. Enable Multi-Factor Authentication (MFA) to protect online accounts even if a password is stolen, and take quick action to secure accounts if a compromise is suspected.

Source: https://www.bleepingcomputer.com/news/security/hacker-posts-data-of-10-000-american-express-accounts-for-free/