Phone Phishing Scams Are Becoming More Sophisticated

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,345
Phone phishing scams are becoming more sophisticated as scam artists gain access to stolen data. They are now calling victims with spoofed Caller ID numbers that look like their financial institution and are armed with information like the last 4 digits of your credit or debit card, address, Social Security number, etc. They then ask the victim for the CVV 3 digit number on the back of the card and then the victim's pin number. They promise this is just to change the pin number on the new card that they are mailing so that it matches the old card. Some even ask the victim to type the pin number into the phone for security purposes. At that point the victim is penniless and the criminals have disappeared into the dark recesses of the internet to buy more data from security breaches.

Answering a call on his mobile device from a phone number in Missouri, Jon was greeted with the familiar four-note AT&T jingle, followed by a recorded voice saying AT&T was calling to prevent his phone service from being suspended for non-payment. "It then prompted me to enter my security PIN to be connected to a billing department representative," Jon said. "My number was originally an AT&T number (it reports as Cingular Wireless) but I have been on T-Mobile for several years, so clearly a scam if I had any doubt. However, I suspect that the average Joe would fall for it."
 
The bank will never call and ask for personal information ever.

They already have it.

Neither will your credit card company
 
The bank will never call and ask for personal information ever.

They already have it.

Neither will your credit card company

Simply not true. I work for a bank in the credit card department. When I call out to a customer, I have to verify their identity by asking for personal information. Yes, it often times can be a catch-22. But if they decline to authenticate, they get a letter in the mail. Or I direct them to a branch if they aren’t comfortable with me.
 
Simply not true. I work for a bank in the credit card department. When I call out to a customer, I have to verify their identity by asking for personal information. Yes, it often times can be a catch-22. But if they decline to authenticate, they get a letter in the mail. Or I direct them to a branch if they aren’t comfortable with me.
I've never had my credit card company call me.

TBH my bank had never called me either

Why would you call a customer?
 
I've never had my credit card company call me.

TBH my bank had never called me either

Why would you call a customer?

I’m not going to reveal business practices. But will tell you there are a number of reasons to speak to a customer. And can communicate your initial post is incorrect as I know first hand.
 
Just seems weird to cold call and ask to verify information.
They do to verify what to their systems look like suspicious activities. Like your card being used in multiple locations at once. I traveled to the other side of the country and used my debit card and Bank of America called me like 5 mins afterwards of this transaction was me.
 
Just seems weird to cold call and ask to verify information.

I’m inclined to agree. And given that it now seems completely impossible to differentiate between scammers and legitimate callers, it’s in your best interest not to given anyone any personal information at all.
 
I've never had my credit card company call me.

TBH my bank had never called me either

Why would you call a customer?

I have received calls from my CC company to verify certain purchases. In one case, my card had been cloned. The others I simply verified that I really did make that purchase.

Simple solution for end user, if you have any doubts about the call, hang up and call the institution on a known number. Even if you think it is legit, the moment they start asking for PII, hang up and call them back on their customer service line.
 
Simply not true. I work for a bank in the credit card department. When I call out to a customer, I have to verify their identity by asking for personal information. Yes, it often times can be a catch-22. But if they decline to authenticate, they get a letter in the mail. Or I direct them to a branch if they aren’t comfortable with me.

If my bank calls me I always tell them I will call them back with the number on the card.
 
If my bank calls me I always tell them I will call them back with the number on the card.
seems the best way to protect yourself, I drove 3 hours away for a concert and when i used my card my bank called asking if it was me. I was annoyed and happy at the same time.
 
Now with the last 4 of my social, CC#, etc... If only they didn't have that pesky Indian accent. Try again fuckers :p
 
I've never had my credit card company call me.

TBH my bank had never called me either

Why would you call a customer?

Well for one a lot of them have some type of monitoring set up on all accounts to look for suspicious activity.

I have been called a number of times by my credit card company to verify with me that I made specific purchases.

It is a lot better than the old way they used to do it... their system sees activity that looks suspicious and they would auto lock your account until you called it to find out what was going on.

This was very inconvenient when travelling cross-country multiple times a year. I had to make sure I always carried at least two credit cards in order to make sure I would always have at least one card that would not auto-decline after making a few purchases that were not in the city I was normally in.
 
I got the call from a New Jersey area code stating my service was going to be suspended for non-payment. (I had gotten the text confirmation of payment the day before.) I hung up, logged into my account from another device, saw all was well, and reported the fraudulent call.
 
Simply not true. I work for a bank in the credit card department. When I call out to a customer, I have to verify their identity by asking for personal information. Yes, it often times can be a catch-22. But if they decline to authenticate, they get a letter in the mail. Or I direct them to a branch if they aren’t comfortable with me.
You bank lack proper security..
As long as you using a single permanent identification Token, copying the Identification is a hole in the security.


-- edit --
I feel i need to elaborate on this so its not just a bashing comment.
In my bank overseas we stopped using permanent identifications a long time ago, or rather we added in an unique per interaction ID token so that copying the communication could no be used for a replay attack. even for phone conversations

i have a small piece of papers the size of a creditcard stat unfolds to 3 time the size the area of a creditcard.
it has multiplee row of numbers aligned.
This is basically a very simple Public/privat key system on paper
when i login or the bank ask me to verify myself they simple ask along this line
Please inform me what is the responses code is on entry A7B2.
and i would type/say the 6 digits corresponding to that entry.

If some scam caller calls me and i was stupid enough to response they only have info tha can be used for 1 transaction and ONLY if they by pure luck get the same request from the bank when they call in.

this added security reduce the chances of a succesfulle copy and replay ID information attack, dramatically.
 
Last edited:
I've been on the internet since late 90's and so far the only bad thing that has happened to me is that someone bought 2 digital deluxe versions of Rift, which was about €250.
No idea how this happened though, Trion claimed it was me who did this, which sure as hell did not happen. I got my money back after disputing with PayPal.
That was a while ago, back when Rift was released. No issues at all since then. So maybe it was Trion themselves who fucked up somehow because if NY account was compromised you bet more than €250 would disappear. Besides that, the next worst thing was that I get a rather harness virus from now and then.
I don't even use antivirus or firewall on all my devices.
But then again, I also don't answer phone calls at all, regardless who it's from :p
I don't know how people get their money stolen. Or the thieves take a peek at my bank account and start feeling sorry for me and leave me alone, lol.
 
I've never had my credit card company call me.

TBH my bank had never called me either

Why would you call a customer?
I am called by my bank very often. And you have to authenticate yourself with some data, usually with partial information. eg. what city were you born in, or what month, what is your mother's first name, such things.

They even called me when someone got hold of my credit card information in a data breach possibly and tried to use it to buy gold in italy.
 
I need this, make me this.

Dr Weird: Steve? Send the phone spiders!
Voice : We have a new long distance package featur-- SPIDERS!! AAAAAHHH!
Dr Weird : I guess we're not interested! Muah, haah haah haah, haaah!



 
If my bank calls me I always tell them I will call them back with the number on the card.
If its not a number on my contact list and I'm not expecting a call I almost never answer, especially if its from a 800/888/866/.../ number or oversea.
They can leave a voice mail if its something important enough and I'll call them back.
 
I've assumed they're mixing in the data leaks. I stopped getting a ton of "neighbor" spoofing calls (local area code, 702) and have started getting former living place phone calls.

I've lived in San Jose, CA (408) and near Seattle, WA (206). That'd be on my credit report. Most spam calls I get now originate from near those area codes. I'm guessing the psychology is that I'd answer assuming it's an old friend or family member.

These days if you're not on my contact list and I'm not expecting a call, you're going to voicemail.

The logical next step for scammers is to start tying the contact list to the target (there's plenty of apps that hoover up your contact list - heck, that Marco Polo app will text everyone on it when you install), that way they can spoof people on your list.
 
They do to verify what to their systems look like suspicious activities. Like your card being used in multiple locations at once. I traveled to the other side of the country and used my debit card and Bank of America called me like 5 mins afterwards of this transaction was me.

They do.....but the smart thing is to tell them you are hanging up, and will call them back. You then call the known number of the institution and verify if it was a legit call.

1. I don't answer numbers I don't know
2. I don't keep the numbers of banks/cards in my phone
3. I don't talk to them unless I call them
 
Is that why a lot of places seem to be trending toward the 4 digit verification PIN number? Seems like no one asks for the last 4 of the social or anything anymore it's the 4 digit PIN you set up nowadays for verification.
 
Is that why a lot of places seem to be trending toward the 4 digit verification PIN number? Seems like no one asks for the last 4 of the social or anything anymore it's the 4 digit PIN you set up nowadays for verification.
Still stupid that you have to give out an ID tiken that identifies you as you and anyone else can use it in the future.
The entire permant ID token needs to die
 
This is why I always look up and call whatever institution the caller claim to be. My bank calls me about fraud with a call back number? I call them using a known good number, even if I entails waiting and being forwarded.
 
I Love these calls. I've gotten pretty good at my response.

"Thank you for calling the Trump/Pence 2020 relection campaign, how much can I put you down for to support the greatest president America has ever had"

"Hello?"
<dead line>

I've had the other end say god awful things and I cackle like a demon cause fuck all those people who work there, they know what they are doing.
 
Back
Top