Joho the Blog
|
|
|
August 17, 2005
I just heard about a telephone scam I would have fallen for, so I thought I'd pass it along. In essence, the caller says they're with the credit card company's security department. They read you your card number and tell you some malarkey about refunding you money. They ask for the security code on the back of your card to confirm that you're in possession of the card. As soon as they ask you for that code, you know they're scammers. That's all they want from you. Give it to them and you'll find a hefty charge added to your account. Apparently the credit card companies never ask you for that security code. Of course, the warning I received and am passing on to you might itself be a scam. In fact, maybe I'm hoaxing you right now. Bwahahaha...eh. Posted
by D. Weinberger at August 17, 2005 04:33 PM
|
Comments
Just as online banks unwittingly train their customers to accept e-mail correspondence with URLs in it (when they should simply request they visit their account), banks are also unwittingly training their customers to accept calls from their bank.
It all comes down to the self-centred complacence of the bank - as long as they make sure they only deal with bonafide customers they're alright jack.
This attitude is prevalent in many things. Even Windows exhibits it. Windows makes sure you're bonafide, but does it attempt to persuade you that you're logging in to the real thing? Nope.
Similarly, a bank will ring you up and ask to 'take you through security'. But, do they attempt to demonstrate that they're your real bank? Nope. Don't give a damn.
So they just train their customers to be easy Phishing targets.
Authentication is a two-way street. And moreover, both directions should be important to both parties - especially banks.
Posted by: Crosbie Fitch | August 18, 2005 04:28 AM
Oh, and I'll add that one of the biggest recent cock-ups to fall foul of this unidirectional authentication attitude is that of WiFi access points.
Until recently, companies only made sure that only staff could access them.
They forgot that there was nothing stopping their staff unwittingly utilising the WiFi access point provided by a nearby impostor - because the staff laptops made no attempt to check that the WiFi access point they logged into was an authorised one.
So, don't just make sure you're talking to the right guy, make sure that the other guy is taking pains to make sure they're talking to you, etc.
And yes, this also applies to WiFi coffee shops. Be doubly careful before logging in to your online banking service whilst you sip your latte, that you're using the coffee shop's access point as well as always using https - just in case.
It's quite easy to make a web proxy that rewrites the paypal welcome page and strips out all the https urls to replace them with http ones.
Posted by: Crosbie Fitch | August 18, 2005 08:10 AM
I totally agree with what you're saying. I wish more people felt this way and took the time to express themselves. Keep up the great work.
Chris Scanlon
http://www.bankcreditcard4u.com
Posted by: chris![[TypeKey Profile Page]](http://www.hyperorg.com/blogger/nav-commenters.gif)
|
March 7, 2006 05:34 AM
Awesome message! Usually when you are panic, you might tell them the security codes without thinking twice.
NiceCreditCard.com
Posted by: Ken Goo | May 20, 2006 03:29 AM
I think the worst scams are the recent tactics of the credit card companies themselves. Who would have believed a few years ago that if you made one late payment on your house, your credit card rates would skyrocket? Now its common practice.
The latest "scam" by these companies is two cycle billing. You can pay off your card IN FULL and still get a bill the next month!
What insanity!
Jennifer Wilson
Mywealthmatterspodcast.com
Posted by: Jen | October 17, 2006 10:46 PM
If you’re a credit card holder credit card safety should be one of your primary concerns. Before entering your credit card number into any website or giving it to anyone over the phone, make sure you know exactly who you’re dealing with and that their reasons for needing your credit card number are legitimate. Each month when your credit card statement comes in, don’t automatically assume everything on it is accurate. Read every line item on your credit card statement and make sure each and every charge is legitimate. If there’s a charge you don’t recognize, don’t assume it’s just something you forgot about. Get down to the bottom of the charge and make sure it’s not fraudulent.
If you want to make sure no one is using your good credit to run up a huge bill, you’re going to want to sign up for credit monitoring service so you can check your credit report frequently and be notified if anyone opens up an unauthorized account.
Not taking proper credit card safety measures can lead to serious consequences such as being victimized by credit card fraud and identity theft.
Posted by: finding credit card | January 10, 2007 05:13 AM
This what Mr Mitnik has been writing about! I especially like the story about an office worker of a big company getting a phone call 'from another departmant' and giving his pin and everything. People are silly, they are ready to give their personal information to about anyone, even to a person calling on the phone. Especially when you are told you're going to GET money! Folks, don't be stupid!
Posted by: credit card owner | March 15, 2007 01:28 AM
Think twice before getting to somebody your ID! It's so silly to yield to such kind of tricks! Be careful, don't give key to your pocket. It is your money take care abot it safe.
Posted by: protect your id | April 19, 2007 07:36 AM
I guess, people are just silly. I can't imagine giving my perosnal infomation to anyone over the phone, especially if it has something to do with SSN or credit card number.
Posted by: CreditDoc | July 10, 2007 07:11 AM
I have completely the same opinion that Mr MITNIK .
Posted by: rachat credit | September 25, 2007 04:05 AM