Scammers are calling unsuspecting consumers on
the telephone to steal credit card numbers. If you get such a call, just hang
up and do not engage.
Cyber-criminals
employ various tools and techniques to launch their scams, including malware,
hacked websites, and bots. They also like social engineering, because it is so
effective. When you get an email from a friend stranded in a foreign country
needing some money to get home, your first instinct is to help. When you are
surfing the Web and you suddenly see a pop-up window telling you your computer has been infected, you
get nervous at the prospect of losing all your important files. And when
someone calls your phone claiming you—or your loved ones—are about to be
arrested because of overdue taxes, it's hard not to panic.
Let's face it, fear sells.
"Probably the best way to react is to relax
first. High pressure situations are exactly how social engineers get you
to react too quickly," Robert Hansen, head of WhiteHat Labs at WhiteHat
Security, told SecurityWatch in an earlier conversation about phishing scams.
Give Me
Your Card Number
In this scam, I received a call over the weekend on my cell phone informing me my prepaid MasterCard had been suspended due to fraud. I pressed "1 to unlock the card," and was told to enter my 16-digit card number. Sadly, I didn't have a spare prepaid MasterCard (I keep a few on hand for testing purposes) handy, so I couldn't continue. It was pretty clear by this point that this was a scam, since I don't have a prepaid MasterCard.
A less paranoid—and more trusting consumer—may
have thought, oh, maybe the caller means my regular MasterCard. Here is a tip:
If an automated system calls asking for your card information, it's probably a
scam. Don't disclose card numbers or other account information during these
types of calls.
I got another call this morning, at way-too-early
6 AM, where a computerized voice said, "This is an official notification
from NetSpend. Your prepaid MasterCard has been locked due to suspicious
activity. Press one to unlock it." I still didn't have a test card,
so when I got to the point where it needed my card number, I pressed 0 and a
few other keys to see if I could get a human on the line. The call didn't sound
like a recorded message, but rather that the caller was using text-to-speech
software.
Another tip: if you don't have a prepaid card,
don't put in your debit card info. If you never use your debit card and get a
call about a problem with the card, be skeptical. Even if you do use the card,
hang up and just call the financial institution directly.
No human operator ever answered, so I hung up. I
went out and got a card this afternoon, to be ready for the next call. I am
actually looking forward to this.
How the
Scam Works
A quick search on ripoff.com, bbb.org, and other consumer advocacy sites show a handful of complaints from earlier this month from users who received similar calls. The format of the call differs slightly, and the bank name changes, but in general the recipient is directed to "press 1" to fix the issues with their card, and then to hand over information such as the card number and PIN, and sometimes even the expiration date and security code.
Scammers are calling to get your card
information and PIN so they can withdraw money from the account. The proper
response is to hang up, call the bank or financial institution directly, and
verify their information is secure.
My caller ID showed the call from 10000000000,
which would indicate the caller was spoofing a call over VoIP. According to
forum postings on 800notes.com, the scam uses a variety of numbers, with area
codes such as 223 and 323. It's not clear how the caller got my number. It
could have been random, or it could have been bought off mailing lists or
hacked from a database.
Protect your information. If you get a call
asking you to enter your card number—no matter what the reason is—just hang up
and call your bank directly. Don't finance the criminal's shopping spree.
For more
info about Corliss Group Latest Tech Review, visit our facebook
page and follow us on twitter @ CorlissTech.
No comments:
Post a Comment