Phone Phishing Scams Are Becoming More Sophisticated

Discussion in 'HardForum Tech News' started by cageymaru, Oct 1, 2018.

  1. cageymaru

    cageymaru [H]ard|News

    Messages:
    19,245
    Joined:
    Apr 10, 2003
    Phone phishing scams are becoming more sophisticated as scam artists gain access to stolen data. They are now calling victims with spoofed Caller ID numbers that look like their financial institution and are armed with information like the last 4 digits of your credit or debit card, address, Social Security number, etc. They then ask the victim for the CVV 3 digit number on the back of the card and then the victim's pin number. They promise this is just to change the pin number on the new card that they are mailing so that it matches the old card. Some even ask the victim to type the pin number into the phone for security purposes. At that point the victim is penniless and the criminals have disappeared into the dark recesses of the internet to buy more data from security breaches.

    Answering a call on his mobile device from a phone number in Missouri, Jon was greeted with the familiar four-note AT&T jingle, followed by a recorded voice saying AT&T was calling to prevent his phone service from being suspended for non-payment. "It then prompted me to enter my security PIN to be connected to a billing department representative," Jon said. "My number was originally an AT&T number (it reports as Cingular Wireless) but I have been on T-Mobile for several years, so clearly a scam if I had any doubt. However, I suspect that the average Joe would fall for it."
     
    scojer likes this.
  2. clockdogg

    clockdogg Gawd

    Messages:
    841
    Joined:
    Dec 12, 2007
    That's it! I'm never answering the phone again. If these scammers want to contact me, they can use the proper channel, via my Nigerian personal assistant's fake FB account.
     
  3. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,224
    Joined:
    Apr 9, 2012
    The bank will never call and ask for personal information ever.

    They already have it.

    Neither will your credit card company
     
    zkostik likes this.
  4. JStamsek

    JStamsek [H]ardForum Junkie

    Messages:
    8,854
    Joined:
    Mar 24, 2016
    Simply not true. I work for a bank in the credit card department. When I call out to a customer, I have to verify their identity by asking for personal information. Yes, it often times can be a catch-22. But if they decline to authenticate, they get a letter in the mail. Or I direct them to a branch if they aren’t comfortable with me.
     
    CannonfodderCO likes this.
  5. Jim Kim

    Jim Kim 2[H]4U

    Messages:
    3,297
    Joined:
    May 24, 2012
    Never, ever answer a cold call. period
     
  6. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,224
    Joined:
    Apr 9, 2012
    I've never had my credit card company call me.

    TBH my bank had never called me either

    Why would you call a customer?
     
    zkostik and Jim Kim like this.
  7. JStamsek

    JStamsek [H]ardForum Junkie

    Messages:
    8,854
    Joined:
    Mar 24, 2016
    I’m not going to reveal business practices. But will tell you there are a number of reasons to speak to a customer. And can communicate your initial post is incorrect as I know first hand.
     
    CannonfodderCO likes this.
  8. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,224
    Joined:
    Apr 9, 2012
    Just seems weird to cold call and ask to verify information.
     
    tikiman2012 and NeoNemesis like this.
  9. vegeta535

    vegeta535 2[H]4U

    Messages:
    2,842
    Joined:
    Jul 19, 2013
    They do to verify what to their systems look like suspicious activities. Like your card being used in multiple locations at once. I traveled to the other side of the country and used my debit card and Bank of America called me like 5 mins afterwards of this transaction was me.
     
  10. NeoNemesis

    NeoNemesis 2[H]4U

    Messages:
    2,385
    Joined:
    Mar 10, 2004
    I’m inclined to agree. And given that it now seems completely impossible to differentiate between scammers and legitimate callers, it’s in your best interest not to given anyone any personal information at all.
     
    Master_shake_ likes this.
  11. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,379
    Joined:
    Mar 4, 2013
    I have received calls from my CC company to verify certain purchases. In one case, my card had been cloned. The others I simply verified that I really did make that purchase.

    Simple solution for end user, if you have any doubts about the call, hang up and call the institution on a known number. Even if you think it is legit, the moment they start asking for PII, hang up and call them back on their customer service line.
     
  12. wizzi01

    wizzi01 [H]ard|Gawd

    Messages:
    1,900
    Joined:
    Apr 25, 2008
    If my bank calls me I always tell them I will call them back with the number on the card.
     
    katanaD, xmadror, GoldenTiger and 2 others like this.
  13. g00z13

    g00z13 [H]Lite

    Messages:
    121
    Joined:
    Sep 15, 2018
    seems the best way to protect yourself, I drove 3 hours away for a concert and when i used my card my bank called asking if it was me. I was annoyed and happy at the same time.
     
    cyclone3d likes this.
  14. JStamsek

    JStamsek [H]ardForum Junkie

    Messages:
    8,854
    Joined:
    Mar 24, 2016
    And I absolutely encourage that!
     
  15. Cyraxx

    Cyraxx 2[H]4U

    Messages:
    4,059
    Joined:
    Feb 21, 2005
    Now with the last 4 of my social, CC#, etc... If only they didn't have that pesky Indian accent. Try again fuckers :p
     
  16. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,892
    Joined:
    Aug 16, 2004
    Well for one a lot of them have some type of monitoring set up on all accounts to look for suspicious activity.

    I have been called a number of times by my credit card company to verify with me that I made specific purchases.

    It is a lot better than the old way they used to do it... their system sees activity that looks suspicious and they would auto lock your account until you called it to find out what was going on.

    This was very inconvenient when travelling cross-country multiple times a year. I had to make sure I always carried at least two credit cards in order to make sure I would always have at least one card that would not auto-decline after making a few purchases that were not in the city I was normally in.
     
  17. Crackinjahcs

    Crackinjahcs Limp Gawd

    Messages:
    143
    Joined:
    Jan 31, 2018
    I got the call from a New Jersey area code stating my service was going to be suspended for non-payment. (I had gotten the text confirmation of payment the day before.) I hung up, logged into my account from another device, saw all was well, and reported the fraudulent call.
     
  18. SvenBent

    SvenBent 2[H]4U

    Messages:
    2,790
    Joined:
    Sep 13, 2008
    You bank lack proper security..
    As long as you using a single permanent identification Token, copying the Identification is a hole in the security.


    -- edit --
    I feel i need to elaborate on this so its not just a bashing comment.
    In my bank overseas we stopped using permanent identifications a long time ago, or rather we added in an unique per interaction ID token so that copying the communication could no be used for a replay attack. even for phone conversations

    i have a small piece of papers the size of a creditcard stat unfolds to 3 time the size the area of a creditcard.
    it has multiplee row of numbers aligned.
    This is basically a very simple Public/privat key system on paper
    when i login or the bank ask me to verify myself they simple ask along this line
    Please inform me what is the responses code is on entry A7B2.
    and i would type/say the 6 digits corresponding to that entry.

    If some scam caller calls me and i was stupid enough to response they only have info tha can be used for 1 transaction and ONLY if they by pure luck get the same request from the bank when they call in.

    this added security reduce the chances of a succesfulle copy and replay ID information attack, dramatically.
     
    Last edited: Oct 2, 2018
    clockdogg and zkostik like this.
  19. Nebell

    Nebell [H]ard|Gawd

    Messages:
    1,543
    Joined:
    Jul 20, 2015
    I've been on the internet since late 90's and so far the only bad thing that has happened to me is that someone bought 2 digital deluxe versions of Rift, which was about €250.
    No idea how this happened though, Trion claimed it was me who did this, which sure as hell did not happen. I got my money back after disputing with PayPal.
    That was a while ago, back when Rift was released. No issues at all since then. So maybe it was Trion themselves who fucked up somehow because if NY account was compromised you bet more than €250 would disappear. Besides that, the next worst thing was that I get a rather harness virus from now and then.
    I don't even use antivirus or firewall on all my devices.
    But then again, I also don't answer phone calls at all, regardless who it's from :p
    I don't know how people get their money stolen. Or the thieves take a peek at my bank account and start feeling sorry for me and leave me alone, lol.
     
  20. M76

    M76 [H]ardForum Junkie

    Messages:
    9,002
    Joined:
    Jun 12, 2012
    I am called by my bank very often. And you have to authenticate yourself with some data, usually with partial information. eg. what city were you born in, or what month, what is your mother's first name, such things.

    They even called me when someone got hold of my credit card information in a data breach possibly and tried to use it to buy gold in italy.
     
  21. DukenukemX

    DukenukemX [H]ardness Supreme

    Messages:
    4,381
    Joined:
    Jan 30, 2005
    I need this, make me this.

    Dr Weird: Steve? Send the phone spiders!
    Voice : We have a new long distance package featur-- SPIDERS!! AAAAAHHH!
    Dr Weird : I guess we're not interested! Muah, haah haah haah, haaah!



     
    Etherton and Master_shake_ like this.
  22. xmadror

    xmadror Gawd

    Messages:
    610
    Joined:
    Feb 13, 2012
    If its not a number on my contact list and I'm not expecting a call I almost never answer, especially if its from a 800/888/866/.../ number or oversea.
    They can leave a voice mail if its something important enough and I'll call them back.
     
    Travolta likes this.
  23. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,677
    Joined:
    Dec 15, 2003
    I've assumed they're mixing in the data leaks. I stopped getting a ton of "neighbor" spoofing calls (local area code, 702) and have started getting former living place phone calls.

    I've lived in San Jose, CA (408) and near Seattle, WA (206). That'd be on my credit report. Most spam calls I get now originate from near those area codes. I'm guessing the psychology is that I'd answer assuming it's an old friend or family member.

    These days if you're not on my contact list and I'm not expecting a call, you're going to voicemail.

    The logical next step for scammers is to start tying the contact list to the target (there's plenty of apps that hoover up your contact list - heck, that Marco Polo app will text everyone on it when you install), that way they can spoof people on your list.
     
  24. Monkey34

    Monkey34 [H]ardness Supreme

    Messages:
    5,031
    Joined:
    Apr 11, 2003
    They do.....but the smart thing is to tell them you are hanging up, and will call them back. You then call the known number of the institution and verify if it was a legit call.

    1. I don't answer numbers I don't know
    2. I don't keep the numbers of banks/cards in my phone
    3. I don't talk to them unless I call them
     
  25. HorseproofBacon

    HorseproofBacon Limp Gawd

    Messages:
    294
    Joined:
    Nov 22, 2016
    I think it's long past time to institute the death penalty for crimes like this.
     
    g00z13 likes this.
  26. DNMock

    DNMock Limp Gawd

    Messages:
    399
    Joined:
    Apr 16, 2015
    Is that why a lot of places seem to be trending toward the 4 digit verification PIN number? Seems like no one asks for the last 4 of the social or anything anymore it's the 4 digit PIN you set up nowadays for verification.
     
  27. SvenBent

    SvenBent 2[H]4U

    Messages:
    2,790
    Joined:
    Sep 13, 2008
    Still stupid that you have to give out an ID tiken that identifies you as you and anyone else can use it in the future.
    The entire permant ID token needs to die
     
  28. mynamehere

    mynamehere [H]ard|Gawd

    Messages:
    1,764
    Joined:
    Jun 30, 2007
    This is why I always look up and call whatever institution the caller claim to be. My bank calls me about fraud with a call back number? I call them using a known good number, even if I entails waiting and being forwarded.
     
  29. Bigdady92

    Bigdady92 [H]ardness Supreme

    Messages:
    5,768
    Joined:
    Jun 20, 2001
    I Love these calls. I've gotten pretty good at my response.

    "Thank you for calling the Trump/Pence 2020 relection campaign, how much can I put you down for to support the greatest president America has ever had"

    "Hello?"
    <dead line>

    I've had the other end say god awful things and I cackle like a demon cause fuck all those people who work there, they know what they are doing.