[kwlug-disc] Password scam

Chris Irwin chris at chrisirwin.ca
Thu Oct 23 17:33:43 EDT 2014 

On Thu, Oct 23, 2014 at 3:50 PM, Jason Locklin <locklin.jason at gmail.com>
wrote:

> A better rule-of-thumb is to never click the links. Just open a browser
> and type in, or use your bookmark to load the site. The policy of banks
> should be that "we will never send you links to our login page. Don't
> click on links in emails supposedly from us."
>

I'm amazed that a bank will have an anti-scam warning that tells you not to
click links in an email, while also sending out their own promotional
emails with links to their website. Granted, it's not directly to a login
page, but there is a "sign in" button on the page you're sent to.

I do the same thing with phone calls. I have received calls from
> "Mastercard" etc., and the first thing they want to do is "confirm my
> information." Umm.. you called me, let's verify you first. I just hang
> up and call the number on the back of the card.
>

I've actually had two inbound calls in the last month.

The first was a legitimate issue where an online purchase was flagged on my
credit card -- I had mistyped the CVV code, then ran the transaction again
with the correct one. Apparently that set off a warning flag, and they gave
me a call.

You're right about not trusting the call: They want to confirm my
information to ensure they're talking to me, but I have no way of verifying
them. I told them such, and he gave me the number to phone back (as if
that's any better, really). I phoned the number on my card (which actually
was the number he gave me, too), at which time I had to answer a thousand
questions and sit on hold.

As a security-conscious person, I gave a few minutes thought on how to
properly handle these calls. All I could come up with was just telling
people there is a problem with their card, for security reasons please hang
up and call the number on the card. Granted, most people would probably
complain about having to phone in themselves and sit on hold :(

The second was due to a recurring charge from a charity. The card is
expiring this month, so it likely was actually them (I haven't called back
yet). However, they wanted me to give them new credit card information over
the phone, on an inbound call. They also didn't seem to understand why I
wouldn't...


-- 
Chris Irwin
<chris at chrisirwin.ca>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20141023/feb9dbb7/attachment.htm>

More information about the kwlug-disc mailing list