Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishers Get Phoney

Posted by ryuzaki0 on from the punlarious dept.

Nick Johnson writes to mention a new twist on phishing. From the article: "The spammed message warns of a problem with a bank account and instructs the recipient to dial a phone number to resolve it. The caller is connected to a voice response system that is made to sound exactly like the bank's own system. The phone system identifies itself to the target as the financial institution and prompts them to enter account number and PIN."

9 of 236 comments (clear)

  1. This... by danimrich · · Score: 5, Insightful

    Makes me think that it is still the safest option to have customers do all their banking right at a teller.

    --
    where's all that Karma?
    1. Re:This... by Solra+Bizna · · Score: 5, Funny

      Until somebody makes a whole fake bank branch building.

      -:sigma.SB

      --
      WARN
      THERE IS ANOTHER SYSTEM
    2. Re:This... by Hoi+Polloi · · Score: 5, Funny

      Then they can fake accounts, fake investments, fake interest, and...hell, why don't they just open a bank?

      --
      It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
    3. Re:This... by buelba · · Score: 5, Insightful

      The real safe option is only to call the number printed on the back of your credit/debit card. What's amazing is how badly the banks are set up for this. The following happens to me at least twice a year:

      1. I travel for work, and use my credit card for all kinds of things I don't usually buy, like hotel rooms.

      2. My wife keeps using the same card for all the stuff we usually buy.

      3. The computer says: hey, someone maybe stole the card and is running up all those hotel charges!

      4. A human from the security department calls us to verify, gets voicemail, and leaves a callback number that is NOT the callback number on the card.

      5. I call back the number on the card. The human there says, "why don't you call the number they gave you?" I explain. They think about it and realize this makes sense. About 15 minutes later, I'm connected to the right people -- usually after going through a supervisor at the call center.

      The right way to do it, of course, is to have the human from the security department leave this message: To call us back, call the number on your card; then, immediately enter the following code to be directed to the right department. But they still haven't learned.

      I shudder to think what will happen when I'm eventually home when they call. I certainly won't do anything except hang up and call back the same number.

  2. Ah, but how.. by Squalid05 · · Score: 5, Funny

    ..do they know what bank i use? I've had emails from banks all over the world regarding my "account". The only email i havent got yet is from the bank i actually use!

    --
    To dare, is to do.
  3. Some revenge possible? by kanweg · · Score: 5, Insightful

    So, what if you enter a random number with random PIN. They have to go thru the trouble to make the card, only to find out it doesn't work. And their face pop up at the video camera's of the ATMs all the time with failed withdrawals.

    Bert

  4. Again the basic rules apply by JoeyB · · Score: 5, Insightful

    No one will ever ask you for your account number or pin. This is not so much a new twist as good old basic social engineering. It stands to reason NEVER to trust any unsolicited form of communication unless you check it out and NOT by calling the number the phisher provides.

  5. Re:Wow by aussersterne · · Score: 5, Interesting

    In the area where I live there has been a more serious "phone phish" going on. You receive a call from someone and claiming to be a police officer. They say that they're very sorry to have to inform you that your mother/father/son/daughter/sister/bother has been involved in a serious crash and is being flown by emergency helicopter to regional hospital X. So that the hospital is able to treat them the moment it touches down, the officer is trying to complete necessary admittance and insurance paperwork in advance, and what they need from you is your insurance policy number *and* the full name, address, phone, credit card number, and social security number of someone who can be billed in the event that the insurance policy is unwilling to cover the necessary treatment.

    From what I understand, these scammers have been doing pretty well, unfortunately, and as far as I know there are few leads. The public hasn't been told why... maybe they're using convenience store phones and/or pay phones.

    --
    STOP . AMERICA . NOW
  6. I specialize in this! by AriaStar · · Score: 5, Insightful

    It's a form of online fraud, and I specialize in its prevention. There are two simple things to do to prevent ID/personal info theft like this. Never click a link in an e-mail. I'd say you can hover over the link and you'll see it's masked, forwarded, just plain a different site, etc., but most of the population has no clue how to read those things anyway (though I'm sure most, if not all, of you here know how to). Go directly to the company's page if you have an account with them. If they need you to "verify" info or whatever, the legit site will tell you after you've signed in. Ignore it altogether if you don't have an account with the place supposedly sending it (right now it's very common to receive things from "Chase" asking to fill out a survery and get $20). The second is to call the regular customer service number you can get through 411. An agent via that number can connect you to whoever you need. If the e-mail says to call a certain number to get hold of a certain person, an agent can help you find that person, if he/she exists and is an employee of the company. No legit institution at which you have an account will address you as, "Dear customer," or some other impersonal greeting. Always by your name. It's at the point that I believe that, if someone has their ID stolen, they deserve it. We've all heard time and again not to click on links, and yet 3-7% of people still fall for these things. Yes, the number is that high. Scary, huh?

    --
    It's a girl!