"z0mg guyz i just spent 300 euros on clothes lol dont tell anyone"

I'm guessing he does it by being a bank himself (ad for a bank safety campaign).

The real bad guys have other methods, which you can google (try "online financial crime").

Nope, it is not a bank safety campaign, nor is it sponsored by any bank. It comes from the financial minister of Belgium. They do not have acces to your bank account information unless you are under a taxe fraud investigation.

If I were going to do this, I would: 1. Have done quite a few more people than I showed in the video, so you're seeing only the most dramatic. 2. Try to crack their email account by guessing their lost-password question from info on Facebook or other such sites, which is where I probably got the address as well. (Plus Facebook provides photo confirmation that you have the right $FIRSTNAME $LASTNAME.) 3. From there, the sky's the limit.

I don't know what the success rate of that would be, but I'm pretty confident I'd come up with plenty of fodder for a 2 minute video in well under a day of sitting in a tent.

And that's just my first knee-jerk thought. A few practice runs before hand and I'm sure I'd find some other easy tricks to pull.

I don't think he is actually breaking into mailboxes/cracking passwords. That seems really beyond the scope of what bank marketing would do.

You're assuming the whole thing isn't staged.

Yes, it probably was. It is a PSA and not a documentary.

But it didn't have to be. What I said would work often enough. It really could be done on the fly, even if it wasn't.

He didn't. He told the person how much money they spent on alcohol, or how much the house they were selling cost.

The house information would be available at a land registry, or on a credit report. The alcohol information might be available through a brag "I just spent 400 dollars on Z", or through some kind of facebook-tie in "I like X bottles of Y". Or loyalty points.

I wonder if he scans for any credit card data with an RFID reader.

That's only slightly more likely than mind reading.

Edit: D'oh! Changed "less" to "more"...

Would've been ok with "less" too.

how do you scan for credit card data with a rfid reader? very few credit cards have rfid.

Here's a story from earlier this year http://www.pcworld.com/article/249138/rfid_credit_cards_are_... And as other commenters have noted, you only need to "succeed" with a few people to put together this video, so even if only a small portion of the population has a vulnerable card it can be enough. But even a vulnerable CC might not have enough info, so we can consider an even more classic magician's/pickpocketer's trick of swiping the person's wallet off them without them noticing and getting a password reset on their online transaction history page using the physical card and info gathered from social networks to pull off the simple social engineering. Not very likely, but if we're trying to come up with ways to get at a person's transaction history...

The video is from Belgium, where RFID cards are the norm.

He did not, it is an advertisement spot.