Slashdot Mirror


Phishers Get Phoney

Nick Johnson writes to mention a new twist on phishing. From the article: "The spammed message warns of a problem with a bank account and instructs the recipient to dial a phone number to resolve it. The caller is connected to a voice response system that is made to sound exactly like the bank's own system. The phone system identifies itself to the target as the financial institution and prompts them to enter account number and PIN."

5 of 236 comments (clear)

  1. This... by danimrich · · Score: 5, Insightful

    Makes me think that it is still the safest option to have customers do all their banking right at a teller.

    --
    where's all that Karma?
    1. Re:This... by buelba · · Score: 5, Insightful

      The real safe option is only to call the number printed on the back of your credit/debit card. What's amazing is how badly the banks are set up for this. The following happens to me at least twice a year:

      1. I travel for work, and use my credit card for all kinds of things I don't usually buy, like hotel rooms.

      2. My wife keeps using the same card for all the stuff we usually buy.

      3. The computer says: hey, someone maybe stole the card and is running up all those hotel charges!

      4. A human from the security department calls us to verify, gets voicemail, and leaves a callback number that is NOT the callback number on the card.

      5. I call back the number on the card. The human there says, "why don't you call the number they gave you?" I explain. They think about it and realize this makes sense. About 15 minutes later, I'm connected to the right people -- usually after going through a supervisor at the call center.

      The right way to do it, of course, is to have the human from the security department leave this message: To call us back, call the number on your card; then, immediately enter the following code to be directed to the right department. But they still haven't learned.

      I shudder to think what will happen when I'm eventually home when they call. I certainly won't do anything except hang up and call back the same number.

  2. Some revenge possible? by kanweg · · Score: 5, Insightful

    So, what if you enter a random number with random PIN. They have to go thru the trouble to make the card, only to find out it doesn't work. And their face pop up at the video camera's of the ATMs all the time with failed withdrawals.

    Bert

  3. Again the basic rules apply by JoeyB · · Score: 5, Insightful

    No one will ever ask you for your account number or pin. This is not so much a new twist as good old basic social engineering. It stands to reason NEVER to trust any unsolicited form of communication unless you check it out and NOT by calling the number the phisher provides.

  4. I specialize in this! by AriaStar · · Score: 5, Insightful

    It's a form of online fraud, and I specialize in its prevention. There are two simple things to do to prevent ID/personal info theft like this. Never click a link in an e-mail. I'd say you can hover over the link and you'll see it's masked, forwarded, just plain a different site, etc., but most of the population has no clue how to read those things anyway (though I'm sure most, if not all, of you here know how to). Go directly to the company's page if you have an account with them. If they need you to "verify" info or whatever, the legit site will tell you after you've signed in. Ignore it altogether if you don't have an account with the place supposedly sending it (right now it's very common to receive things from "Chase" asking to fill out a survery and get $20). The second is to call the regular customer service number you can get through 411. An agent via that number can connect you to whoever you need. If the e-mail says to call a certain number to get hold of a certain person, an agent can help you find that person, if he/she exists and is an employee of the company. No legit institution at which you have an account will address you as, "Dear customer," or some other impersonal greeting. Always by your name. It's at the point that I believe that, if someone has their ID stolen, they deserve it. We've all heard time and again not to click on links, and yet 3-7% of people still fall for these things. Yes, the number is that high. Scary, huh?