Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 03-06-2019, 01:43 PM   #21
Thinks s/he gets paid by the post
 
Join Date: Jan 2018
Location: NE Ohio
Posts: 1,245
Thanks for posting this. If a card is compromised, they send a replacement to the address on file. There should be no need for anyone to prove their identity over the phone at that moment, or to get a new card sent.
__________________

gwraigty is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 03-06-2019, 01:54 PM   #22
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 23,906
Quote:
Originally Posted by MichaelB View Post
This is what I do. When the CC company calls me and then says “we need to verify your identity” my response is “you called me, I’ve been identified but you haven’t”. I hang up and call back at the main contact number. It adds a bit of hassle but there is no way I’m giving any security or identity validation info to anyone without first confirming they are legit.
I did have that happen once before when a bank called me and started asking me questions to verify my identity. I said - you called me. I called them back. I think it was legit - just stupid on their part.

I have never been asked for a verification code to have new cards sent to my address. Nor have I been asked to read a verification code verbally on the phone. I will certainly never do that unless I made the call.
__________________

__________________
Retired since summer 1999.
audreyh1 is online now   Reply With Quote
Old 03-06-2019, 01:58 PM   #23
Thinks s/he gets paid by the post
 
Join Date: Jun 2004
Location: Diablo Valley (SF Bay Area)
Posts: 1,631
I just got a funny 1. I didn't recognize the phone number out of Texas so I let it go to voicemail. They need me to call back immediately because there's been fraudulent action on my social security number. Unless I call them immediately they are going to take legal steps against me. Well the weird thing is if I was a victim social security would not take action against me. I wonder how many people fall for this and call back.
gayl is offline   Reply With Quote
Old 03-06-2019, 03:07 PM   #24
Recycles dryer sheets
 
Join Date: Oct 2016
Posts: 205
Quote:
Originally Posted by GrayHare View Post
There's no hacking needed for this scam to work. I'd explain how but that would teach more scammers.

It is elegant in it's simplicity though... Isn't it?



EarlyBirdly is offline   Reply With Quote
Old 03-06-2019, 11:46 PM   #25
Full time employment: Posting here.
rk911's Avatar
 
Join Date: Dec 2018
Location: DuPage County IL
Posts: 614
the best defense is not to tell anyone anything or confirm anything if a call is reveived. i received a call like that from my credit card company a few years back advising me of a possible compromise of our card. they did not ask for any information. i politely thanked them and hung up. i then called the CC issuer and verified the information. it was a legit call. trust nobody on the phone.
rk911 is offline   Reply With Quote
Old 03-07-2019, 05:36 AM   #26
Recycles dryer sheets
 
Join Date: Mar 2014
Location: Dallas
Posts: 459
Quote:
Originally Posted by COcheesehead View Post
I set up email alerts on transactions in my account. I would have gotten an email as soon as the first transaction took place.
Lot of scammers change e-mail address and phone in your profile as soon as they hack your account. This happened to me. And lot of online accounts don't notify these changes to old e-mail/phone. They are getting smarter.
pjigar is offline   Reply With Quote
Old 03-07-2019, 06:09 AM   #27
Confused about dryer sheets
 
Join Date: May 2018
Posts: 1
Also, be aware that your Amazon email and password can be changed without your knowledge very easily (happened to me). All someone needs is your email, name, and address, then a phone call to Amazon customer service gets the control of your account (and knowledge of transactions) taken away. Took Amazon about 24 hours to get it fixed. The hacker didn't charge on my card, but used a few remaining $$ on an e-gift card I had sitting there on the account. Funny thing is, the fraudulent order took place the exact same day the gift card was put into my account. Same thing happened to a friend.

Now have my credit card removed from being stored on Amazon.
blthomps is offline   Reply With Quote
Old 03-07-2019, 06:47 AM   #28
Thinks s/he gets paid by the post
ivinsfan's Avatar
 
Join Date: Feb 2007
Posts: 4,600
Quote:
Originally Posted by pjigar View Post
Lot of scammers change e-mail address and phone in your profile as soon as they hack your account. This happened to me. And lot of online accounts don't notify these changes to old e-mail/phone. They are getting smarter.
Not in my experience, everytime I change an email address or a password I get an email from the vendor telling me a change has been make to my account and if I didn't do it I should contact them immediately.
ivinsfan is offline   Reply With Quote
Old 03-07-2019, 07:19 AM   #29
Thinks s/he gets paid by the post
 
Join Date: Aug 2004
Location: Laurel, MD
Posts: 4,692
I keep thinking there’s a database being assembled somewhere. Every call goes into the database. If I happen to answer the database records a male answered at xx o’clock on Tuesday or whatever. Best not to answer at all unless I recognize the number.
__________________
...with no reasonable expectation for ER, I'm just here auditing the AP class.Retired 8/1/15.
jazz4cash is online now   Reply With Quote
Old 03-07-2019, 08:39 AM   #30
Full time employment: Posting here.
FlaGator's Avatar
 
Join Date: Aug 2008
Location: The 850
Posts: 604
Quote:
Originally Posted by gayl View Post
I just got a funny 1. I didn't recognize the phone number out of Texas so I let it go to voicemail. They need me to call back immediately because there's been fraudulent action on my social security number. Unless I call them immediately they are going to take legal steps against me. Well the weird thing is if I was a victim social security would not take action against me. I wonder how many people fall for this and call back.
My 80 year old mother did, and after a lifetime of supporting herself, she's now on her children's payroll

It was a pretty elaborate scam. Last I heard it was in the hands of the FBI
__________________
Stay at home slacker dad since 2015
FlaGator is offline   Reply With Quote
Old 03-07-2019, 08:55 AM   #31
Moderator
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 5,813
Simple in restaurant solution. I'll call you right back, what's your number?



Scammers will probably try to force you into revealing information at that point. If they do, hang up. They could (but probably won't) give you a fake number to call. Turn on speaker phone, switch into your browser and type the number into the search box. If the first link isn't the bank's main site, hang up and be done. If it IS the first link, don't be tempted to continue the call. Hang up and call them back at the verified number.
sengsational is online now   Reply With Quote
Old 03-07-2019, 08:58 AM   #32
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
pb4uski's Avatar
 
Join Date: Nov 2010
Location: Vermont & Sarasota, FL
Posts: 24,712
Quote:
Originally Posted by kaneohe View Post
I was wondering how a real code could be sent by the scammer.......so I guess the bold above is the heart of the matter which perhaps you should emphasize in the future. Yes, thanks for posting.
I think the way it works is that the scammer is online with your user I'd and ready to change a password and receive the code from the bank. Then they call you with the OPs friends story... when the scammer click s on the change password link the bank sends a text with a verification code to the OPs friend.. the OPs friend tells the scammer the code, which the scammer inputs, changes the password and now has control over the account.

What is a mystery is how the scammer then gets money out without creating some trail. Also, in the few cases that I've wired money out of an account it required that I sign a form a secure email it to the bank... the bank then called me to verify the details IIRC.
__________________
If something cannot endure laughter.... it cannot endure.
Patience is the art of concealing your impatience.
Slow and steady wins the race.

Retired Jan 2012 at age 56...target 65/35/0 AA
pb4uski is offline   Reply With Quote
Old 03-07-2019, 09:20 AM   #33
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 23,906
Quote:
Originally Posted by pb4uski View Post
I think the way it works is that the scammer is online with your user I'd and ready to change a password and receive the code from the bank. Then they call you with the OPs friends story... when the scammer click s on the change password link the bank sends a text with a verification code to the OPs friend.. the OPs friend tells the scammer the code, which the scammer inputs, changes the password and now has control over the account.

What is a mystery is how the scammer then gets money out without creating some trail. Also, in the few cases that I've wired money out of an account it required that I sign a form a secure email it to the bank... the bank then called me to verify the details IIRC.
Another poster pointed out that if they had the online user name, all they would have to do is request a password reset online.

Now the OP mentioned that the victim’s user name had been compromised. I’m wondering how that could have happened. That is not the kind of information that would be lifted from an Experian breach.
__________________
Retired since summer 1999.
audreyh1 is online now   Reply With Quote
Old 03-07-2019, 09:39 AM   #34
Full time employment: Posting here.
GTFan's Avatar
 
Join Date: Apr 2013
Location: Atlanta
Posts: 847
Yeah that's what I can't figure out, how the bank username got compromised unless it was the same one used for Equifax.

That's a really smart scam btw.
GTFan is offline   Reply With Quote
Old 03-07-2019, 09:43 AM   #35
Recycles dryer sheets
MrsHaloFIRE's Avatar
 
Join Date: Jun 2018
Posts: 280
I had the reverse happen yesterday. Someone claiming to be from my brokerage called and wanted to authenticate me. My rule is I call you and then you can authenticate. I googled the generic customer service number, called it etc.. Turned out the first call was legit. Always lookup your own customer service number of you call in to check if something is legit.
MrsHaloFIRE is offline   Reply With Quote
Old 03-07-2019, 10:10 AM   #36
Full time employment: Posting here.
cbo111's Avatar
 
Join Date: May 2014
Posts: 502
We have an active scam in our area where the caller ID shows "sheriffs department." Lots of folks are inclined to at least answer these calls, but hopefully most do not fall for their scams.
cbo111 is offline   Reply With Quote
Old 03-07-2019, 10:29 AM   #37
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 23,906
Quote:
Originally Posted by GTFan View Post
Yeah that's what I can't figure out, how the bank username got compromised unless it was the same one used for Equifax.

That's a really smart scam btw.
But they’d have to know which bank. Really odd.
__________________
Retired since summer 1999.
audreyh1 is online now   Reply With Quote
Old 03-07-2019, 10:41 AM   #38
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 9,902
Quote:
Originally Posted by NgineER View Post
I thought that the text verification was a pretty secure alternative, but as the scammers get more and more sophisticated this could become a large problem. Especially for older folks...


No, text messages are not secure. I only use text messages for accounts that have no other option for 2FA. If possible I use an authenticator app or even one of those key devices.

SMS, the text system, is notoriously insecure.

Obviously, never give these codes whether they come from an app, a device or as a text message to anybody you don't know for sure.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 03-07-2019, 10:45 AM   #39
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 9,902
Quote:
Originally Posted by DatumPoint5 View Post
The OP's description made me think it was related to the SS7 hack on text message systems. This type of Multi-Factor authentication is no longer "secure" since the SS7 Network was hacked a few years ago.

Known as the SS7 network, the SS7 network is shared by every telecom provider to manage calls and texts between phone numbers. There are a number of well known SS7 vulnerabilities.

Click on this link to read the full story of this hack.
SS7 Hack

.
That was my first thought, but I see now that the weak link is we human beings who gladly give our 'codes' over the phone to people who we don't know. I might have fallen for that myself.

OP, thanks for the warning.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 03-07-2019, 10:54 AM   #40
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 9,902
Quote:
Originally Posted by audreyh1 View Post
But they’d have to know which bank. Really odd.
If you read Krebs on Security you know that there is a dark web out there where tons of information on ordinary people like you, me and the guy behind the tree is available for little cost. They only need a small % of people to fall for their scams to make a lot of money quickly.

https://krebsonsecurity.com/2019/03/...switch-empire/


Quote:
Earlier this week, a cybercriminal on a Dark Web forum posted an auction notice for access to a Web-based administrative panel for an unidentified “US Search center” that he claimed holds some four million customer records, including names, email addresses, passwords and phone numbers. The starting bid price for that auction was $800.
__________________

__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Reply

Tags
phone scams, scams


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How much can a phone scam artist know from my phone number? SecondCor521 Other topics 33 03-07-2019 05:21 PM
Scam or no scam ? Moemg Other topics 20 12-01-2009 09:19 PM
A Novel Social Security Question rcsj FIRE and Money 19 12-11-2007 03:13 PM
Novel Use for Dryer Sheets GMueller Other topics 8 02-28-2007 05:37 PM

» Quick Links

 
All times are GMT -6. The time now is 07:07 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
×