#1  
Old 10-17-2018, 12:08 PM
jasg jasg is offline
Charter Member
 
Join Date: Nov 2001
Location: Upper left hand corner
Posts: 5,461
Robocall phishing credit card scam

(Variations on this scam have probably been posted but this was so clever and dangerous, I will post again)

Last weekend, I got a landline call from a credit card company that went to the answering machine. It was a voice-synthesized robocall from my credit card company fraud department. They had my name, address and last four of the card number. They told me charges had been declined and requested an immediate callback to an 800 number.

Being cautious, I checked online and saw no new charges. I then called the number on the back of the card and asked for the fraud department. They told me that they had no record of attempted fraud or declined charges.

The rep suggested that he call the 800 number while I listened in. As the automated call started he said "Boy, that sounds like our automated menu system".

He then keyed in garbage responses to automated prompts asking me to confirm my ownership of the card by verifying:

1) Full card number
2) Security code from card
3) Last four of my SS#
4) My mother's maiden name

It all sounded so authentic... Had I taken the call, I might have started answering the questions. Even just one answer would have left me screwed...

NEVER respond to "Fraud Department calls" - ALWAYS hang up and call the number on the back of your card!
  #2  
Old 10-17-2018, 04:10 PM
Riemann's Avatar
Riemann Riemann is offline
Guest
 
Join Date: Nov 2015
Location: Santa Fe, NM, USA
Posts: 5,844
Quote:
Originally Posted by jasg View Post
NEVER respond to "Fraud Department calls" - ALWAYS hang up and call the number on the back of your card!
And yet, the number of times genuine contact violates these principles is astonishing.

Pretty much every electronic bill or financial statement that I get by email invites me to click on a link in the email, taking me to a link to enter my credentials to get into my account.

Half the time I receive a phone call from a financial institution or a medical insurer/provider I am asked to provide confidential identifying information.
"No, you called me. I don't know who you are."
"Um, data protection requires us to identify you."
"Okay, I'll call you back through the main number that I know. What's your extension?"
"I work in a different place, we can't take incoming calls."

Until companies making genuine phone calls or sending genuine emails get some basic common sense about security, they should be held 100% liable for losses due to phishing.

Last edited by Riemann; 10-17-2018 at 04:12 PM.
  #3  
Old 10-17-2018, 09:30 PM
Hari Seldon Hari Seldon is offline
Member
 
Join Date: Mar 2002
Location: Trantor
Posts: 12,143
On the rare occasion that I've gotten an email from the cc office, the instructions were invariably to call the number on the back of the card. And I will never click a link in an email without verifying with the sender that he actually sent it. And if the sender is unknown to me, I will never click on a link. Period.
  #4  
Old 10-18-2018, 11:02 AM
Johnny Ecks Johnny Ecks is offline
Guest
 
Join Date: Oct 2003
Posts: 396
There was an interesting article about that backfiring in England- basically, after using his card at an ATM with a sketchy guy hanging around, he gets a call saying there is possible fraud, and he should call the number on the back of his card asap. He hangs up, calls the number, they ask him a bunch of questions and request that he mail his card back to them. Turns out, English landlines don't (or didn't at the time) properly hang up until both parties hang up. The scammers just stayed on the line, changed people and waited for him to "call".
  #5  
Old 10-18-2018, 01:06 PM
Treppenwitz Treppenwitz is offline
Guest
 
Join Date: Jan 2018
Location: UK
Posts: 245
Quote:
Originally Posted by Riemann View Post
And yet, the number of times genuine contact violates these principles is astonishing.

Pretty much every electronic bill or financial statement that I get by email invites me to click on a link in the email, taking me to a link to enter my credentials to get into my account.

Half the time I receive a phone call from a financial institution or a medical insurer/provider I am asked to provide confidential identifying information.
"No, you called me. I don't know who you are."
"Um, data protection requires us to identify you."
"Okay, I'll call you back through the main number that I know. What's your extension?"
"I work in a different place, we can't take incoming calls."

Until companies making genuine phone calls or sending genuine emails get some basic common sense about security, they should be held 100% liable for losses due to phishing.
If there was a bigger word than EXACTLY!! I would use it. I could not have put this better.

j
  #6  
Old 10-18-2018, 04:42 PM
Mk VII Mk VII is offline
Member
 
Join Date: Nov 2003
Location: England
Posts: 2,809
Quote:
Originally Posted by Johnny Ecks View Post
Turns out, English landlines don't (or didn't at the time) properly hang up until both parties hang up. The scammers just stayed on the line, changed people and waited for him to "call".
The connection won't be broken until the calling party's phone transmits CSC [Calling Subscriber Cleardown] signal. It will be broken a set time after the called party clears down, or else the line would be permanently busied out. This default time has now been shortened.
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:32 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@straightdope.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Copyright 2018 STM Reader, LLC.

 
Copyright © 2017