Novel and scary phone scam

audreyh1 said:
Hmmm - that’s still quite a leap to target someone - guessing that there might be a shared user name with a financial institution?

And I don’t believe that the Experian hack disclosed login names for Experian accounts. It disclosed name, addresse, SS#, date of birth. It was unrelated to who had an internet access to Experian with a username.

None of my banks use email as user name, but I suppose some might.
Click to expand...

Equifax, not Experian.

I'm boggled that meaningful regulation of credit bureaus never came about after this, because it was the golden grail hack. Typical, though.
 
I have a simpler way to avoid this--I never answer my cell if it isn't a recognized number. I don't even have the ringers turned on for the house line anymore. I have transcribed voice mails sent to e-mail for both of them, so if it's important, I'll know almost immediately.

My cell phone also now has Google's call screening option, which starts with a recorded message to the caller to state their name and why they are calling, which is transcribed on the fly and displayed to me, and I can then decide whether to answer. But it's easier to just ignore. [emoji16]
 
^^^ Also, my credit card companies send e-mails and texts if they suspect fraudulent charges, so no calls there either.
 
Might be somewhat relevant to this thread. There was a massive breach on a site call Verification.io. Here is some idea of what was available to criminals:

In general, the 809 million total records in the Verifications.io trove include standard information like names, email addresses, phone numbers, and physical addresses. But many also include things like gender, date of birth, personal mortgage amount, interest rate, Facebook, LinkedIn, and Instagram accounts associated with email addresses, and characterizations of people's credit scores (like average, above average, and so on). Meanwhile, other records in the collection seem related to generating sales leads at businesses, including company names, annual revenue figures, fax numbers, company websites, and industry identifiers for categorizing companies called "SIC" and "NAIC" codes.

The data doesn't contain Social Security numbers or credit card numbers, and the only passwords in the database are for Verifications.io's own infrastructure. Overall, most of the data is publicly available from various sources, but when criminals can get their hands on troves of aggregated data, it makes it much easier for them to run new social engineering scams or expand their target pool.
Click to expand...

...and this advise...

Check HaveIBeenPwned to see if your data was in the Verifications.io exposure, and continue your general vigilance about using strong, unique passwords, monitoring your financial statements, and giving out your Social Security number as infrequently as possible. But also know that none of those measures provide a full solution to this society-scale problem.
Click to expand...

Full article: https://arstechnica.com/information-technology/2019/03/an-email-marketing-company-left-809-million-records-exposed-online/
 
Chuckanut said:
I pick very odd logon names such as bagofbolts or lineupnow. I always lie when asked to give a answer to a question like "Who was your 1st grade teacher?" Anybody with 1/2 a brain can probably figure out it was Mrs. Dechamp. But how many will guess 'polkabreath'?

All this info is stored encrypted by me.
Click to expand...
that’s a good point. the answers to security questions do not have to have any contextural association with the question.
 
googily said:
^^^ Also, my credit card companies send e-mails and texts if they suspect fraudulent charges, so no calls there either.
Click to expand...

i have our CC purchase alerts set as low as possible as a hedge against fraudulent use. one card’s alerts is set to $1.
 
Chuckanut said:
I pick very odd logon names such as bagofbolts or lineupnow. I always lie when asked to give a answer to a question like "Who was your 1st grade teacher?" Anybody with 1/2 a brain can probably figure out it was Mrs. Dechamp. But how many will guess 'polkabreath'?

All this info is stored encrypted by me.
Click to expand...

For security questions I give a correct answer (always lower case) but add 3 letters from the sites name. So if it is for company XYZ's site, the answer to "where were you born" might be: renoxyz
 
Chuckanut said:
I pick very odd logon names such as bagofbolts or lineupnow. I always lie when asked to give a answer to a question like "Who was your 1st grade teacher?" Anybody with 1/2 a brain can probably figure out it was Mrs. Dechamp. But how many will guess 'polkabreath'?

All this info is stored encrypted by me.
Click to expand...

Unless forced to use my email as the logon, a part of the ID I create consists of randomly generated numbers. The same with answers to those insecure Q & A challenges.

Answered stored in an encrypted password file.
 
easysurfer said:
Unless forced to use my email as the logon, a part of the ID I create consists of randomly generated numbers. The same with answers to those insecure Q & A challenges.

Answered stored in an encrypted password file.
Click to expand...

let's hope that encryption holds..
 
This is a pretty scary scam. I just recently had fraud on a card and they texted and emailed and also called. Don't recall if they asked for a code, but honestly I don't know if I would have been suspicious of that. The card in question isn't connected with a bank account. I did go check the credit card site, and I have been issued a new card. I think next time this happens I will just call the card issuer directly. Thanks for the heads up!
 
Just to scare everyone a little bit more....
This scam is similar to an online scam, often referred to as the "man in the middle" where you are sent a link to "your bank" to resolve some problem. The e-mail message or text looks like it is real, but it is just trying to get you to click on the link.

e-mail ------> fake website -----> real bank

screen <----- fake website <----- real bank

The fake website captures your logon ID/password and passes it on to the bank and the scammer can use that information later.

This telephone scam just uses your cell phone as the victim side of the communications, since it may be more likely for you to believe the caller. Not answering or not believing the caller is a good defense for this type of scam.
 
levindb said:
Just to scare everyone a little bit more....
This scam is similar to an online scam, often referred to as the "man in the middle" where you are sent a link to "your bank" to resolve some problem. The e-mail message or text looks like it is real, but it is just trying to get you to click on the link.

....
Click to expand...

Yes this does fall into the general category you mention and it seems particularly well designed. One must admire human ingenuity. One might think the request to verify the number "sent from the caller" is a form of 2FA. Of course, the fact the caller has used your phone is already a form of 2FA. But still it might trip up the unwary.

I guess the answer is to be a paranoid skeptic ... like me. Even I don't believe half the things I say. :)
 
levindb said:
Just to scare everyone a little bit more....
This scam is similar to an online scam, often referred to as the "man in the middle" where you are sent a link to "your bank" to resolve some problem. The e-mail message or text looks like it is real, but it is just trying to get you to click on the link.

e-mail ------> fake website -----> real bank

screen <----- fake website <----- real bank

The fake website captures your logon ID/password and passes it on to the bank and the scammer can use that information later.

This telephone scam just uses your cell phone as the victim side of the communications, since it may be more likely for you to believe the caller. Not answering or not believing the caller is a good defense for this type of scam.
Click to expand...

This sounds a lot like the typical "phishing" scams mentioned here and in other websites over the years. They are often made to appear scary, as in "Your account privileges have been suspended. Please click on this link to authenticate your blah blah blah." Those scammers love the word "authenticate."
 
I get calls every single day and all day long now that I am retired...

I found out that when I answer the call the first thing I do is stop the caller and I ask politely " What country were you born in ?? " and most of the time they don't want to answer and sometimes will begin to cuss you out... I know for sure I'm not doing business with that person... the best ones answer something like Florida or California... and I try to explain to them that those aren't countries... and then they start to cuss... so, I get to hear a lot of cussing every single day... all day long.. :dance:
 
I got a call this morning from a lady that said I just called her 5 minutes ago and she missed the call (same area code). She just re-dialed the number, which was mine. I told her that 5 minutes ago I was in the shower and the call did not come from me. Scammers...:facepalm:
 
A couple of months ago I was on my kindle reading the news, when I got an email from Audiobooks saying, Welcome to Audio Books and thanks for your purchase. Except I hadn't bought anything, my DH was in the same room and he hadn't either.

I log on to Discover and there's the charge, like 17.99. Call Discover and they tell me to call the number first and if it isn't reversed I can file a dispute. I call the number listed on the Discover charge, tell them I didn't order or want that book so I want the charge reversed. The young guy on the phone says no problem, but we are part of Amazon and to reverse it I need your Amazon username and password so I can access your account.

WWYD, I said I don't know who are you except that you made a false charge on one of my CC's so I'm not telling you anything. Hung up, logged on to my Amazon account and looked for Audiobooks which I did find along with a record of my recent "purchase". I now had a purchase order number and phone number straight from the Amazon website, which I called. The charge was reversed but I was pretty ticked because it took way too much of my time. I do not have one click ordering on my account and have no idea why I was charged and of course the rep just said "sorry about that."

It too bad the world is full of such scammy people.
 
Yes, indeed - the "real" representative would not mind a bit if you said "Mind if I hang up and call credit card/bank security?"

Of course they could have a henchman working there, too!

Omalley said:
A good reminder to thank the 'helpful' caller for the information and letting them know that you will call your bank/credit card/brokerage directly to verify the issue.

I will share this latest scam warning with DW and kids.
Click to expand...
 
ivinsfan said:
A couple of months ago I was on my kindle reading the news, when I got an email from Audiobooks saying, Welcome to Audio Books and thanks for your purchase. Except I hadn't bought anything, my DH was in the same room and he hadn't either.

I log on to Discover and there's the charge, like 17.99. Call Discover and they tell me to call the number first and if it isn't reversed I can file a dispute. I call the number listed on the Discover charge, tell them I didn't order or want that book so I want the charge reversed. The young guy on the phone says no problem, but we are part of Amazon and to reverse it I need your Amazon username and password so I can access your account.

WWYD, I said I don't know who are you except that you made a false charge on one of my CC's so I'm not telling you anything. Hung up, logged on to my Amazon account and looked for Audiobooks which I did find along with a record of my recent "purchase". I now had a purchase order number and phone number straight from the Amazon website, which I called. The charge was reversed but I was pretty ticked because it took way too much of my time. I do not have one click ordering on my account and have no idea why I was charged and of course the rep just said "sorry about that."

It too bad the world is full of such scammy people.
Click to expand...
Absolutely ridiculous that they need your Amazon username and password to access your account and reverse the charge! That’s really weird if they were really part of Amazon. I hope you changed the password on your account.
 
This is why we still use a landline and answering machine. The house rule is "Don't answer cold calls, unless someone you recognize leaves a message."

Of course we do look at the phone screen, in case it's a contractor or Dr.'s office we're expecting to hear from. That would be rather hard to scam.


dixter said:
I get calls every single day and all day long now that I am retired...

I found out that when I answer the call the first thing I do is stop the caller and I ask politely " What country were you born in ?? " and most of the time they don't want to answer and sometimes will begin to cuss you out... I know for sure I'm not doing business with that person... the best ones answer something like Florida or California... and I try to explain to them that those aren't countries... and then they start to cuss... so, I get to hear a lot of cussing every single day... all day long.. :dance:
Click to expand...
 
audreyh1 said:
Absolutely ridiculous that they need your Amazon username and password to access your account and reverse the charge! That’s really weird if they were really part of Amazon. I hope you changed the password on your account.
Click to expand...

They are actually a division of Amazon. I don't know if Amazon bought Audiobooks and didn't want to change the name, but yes it was kind of a head scratcher, and annoying to....
 
ivinsfan said:
They are actually a division of Amazon. I don't know if Amazon bought Audiobooks and didn't want to change the name, but yes it was kind of a head scratcher, and annoying to....
Click to expand...

I would have pressed the (real) Amazon rep for more information on how you could be charged for something you didn't order. My first assumption would be a hacker got or guessed your password. But they didn't immediately change it, since you were then able to log on.

So that leaves an Auidobooks or Amazon error. That would really raise my eyebrows. E-commerce has been around long enough that orders shouldn't just accidentally be charged to the wrong account.

I smell a scam or insider fraud there somewhere. I'd demand an answer. How could someone protect from having it happen again, if they didn't know how it happened the first time? Next time you might not be so lucky.
 
CaptTom said:
I would have pressed the (real) Amazon rep for more information on how you could be charged for something you didn't order. My first assumption would be a hacker got or guessed your password. But they didn't immediately change it, since you were then able to log on.

So that leaves an Auidobooks or Amazon error. That would really raise my eyebrows. E-commerce has been around long enough that orders shouldn't just accidentally be charged to the wrong account.

I smell a scam or insider fraud there somewhere. I'd demand an answer. How could someone protect from having it happen again, if they didn't know how it happened the first time? Next time you might not be so lucky.
Click to expand...

Yes that's the problem isn't it, simply refunding your money isn't enough...I don't know how you demand an answer though. To be clear Audiobooks is an Amazon company but don't use Amazon reps, they answer the phone You've reached audiobooks...it could have been me or my DH (better guess) fat fingering a special offer on the kindle start screen, but silly me thought not having one click purchasing enabled would prevent that. I installed parental controls on my DH Kindle just in case.
 
Scary. I didn't realize user names for your banks are stored in Equifax? How did that happen... or did he use the same user name for both?

I wonder, can your friend sue Equifax for the balance, if he doesn't get satisfaction from the bank? Probably have to prove that's where the breach came from, which could be hard.
 
I know this is an old thread, but I saw a good article on CNN this morning about this very scam. The article includes details about how scammers use social engineering to get your personal information, for example, from small companies:

https://www.cnn.com/2019/10/27/business/phishing-bank-scam-trnd/index.html

"A small company could easily be tricked into giving up personal customer information over the phone if a clever hacker has just enough information to seem credible.

Small banks and companies have been known to put out member newsletters or even hold member appreciation events where it's posted on social media and people are invited to accept or decline the invitation, according to Ron Schlecht, managing partner of security firm BTB Security.

A savvy hacker could've used that information to find members of that bank and use social engineering to find information such as their home addresses and phone numbers in order to phish them."
 
You must log in or register to reply here.

Similar threads

jollystomper
Financial Advice Columnist falls for $50K scam
4 5 6
Replies
134
Views
10K
Koolau
Koolau
Gumby
Scam or Legit?
Replies
18
Views
1K
Walt34
Walt34
R
College Resident Assistantship(RA) and filing 2023 1040 tax form
Replies
0
Views
226
retire2020
R
Rianne
Airline Scam
Replies
21
Views
2K
audreyh1
audreyh1
A
Need to Repair or Replace Cell Phone
2
Replies
33
Views
1K
Another Reader
A

Latest posts

Back
Top Bottom