Phising, Vishing and Phone Fraud

Howdy one and all and welcome back to The Weekly Geek.

Jumping straight to the matter, it’s that time of the year for scammers to play (with themselves). You should have heard or read the numerous warnings of past scammers calling, claiming to be your bank or credit card, even giving you a lot of your information, that was gained numerous ways. Now an automated machine is calling and letting you know that your account with XYZ bank or credit card has been canceled or cut off or suspected in fraud use. In each case they want you to go to a web site to reactivate your account.

I have an idea, let’s NOT!

Instead of going into the variable ways of the scams and how they work, lets go to the rules to follow ANYTIME anyone calls wanting to report fraud to you.

  1. Ask for their first and last name
  2. Ask for their badge or employee number
  3. Ask for their call back number including extension to their desk (don’t trust your caller ID)
  4. Ask for their supervisors name (first and last), and phone number including extension
  5. Ask for their physical address so you can “take care of this in person”.
  6. Finally ask for their web site and have them spell it.

If the “caller” is a machine carefully write down everything you can, especially any phone numbers and web sites and email addresses.

Now here is what you do, thank the caller, if they lasted this long, and then hang up. Now you need to go through your receipts, bank statements and or credit card statements.

If the business (like your bank) is local, take your notes and go and visit them. I understand you have to work, however, if your boss has not been ripped off they will be soon so they should be understanding. If the credit card is not local, call the number on your past statement(s) and start going through their endless nameless numbers to get to the security department. Double-check and verify everything that was given to you on the phone and if it is true, deal with it.

If it is fraud, the bank or credit institution should be more helpful than a simple “thank-you” and possibly give you some ideas of who to call in your local law enforcement agency to report this on the city level. Give them all of the information you have collected and the phone number from your caller ID.

Now, if the call is for a bank or credit card you do not have or have never used, you still have some things to do. Your choices are limited.

First of all, don’t let on to the caller that you don’t have an account with that institution. Get the same information I listed above.

Now call your local police department and see if they have an investigative unit for fraud. Many smaller cities like the one I live in do not, however, do not let that stop you. You still want to file an incident report of some kind. If you really feel aggressive, call your local television station and let them know the specifics of what has happened to you, you never know, you might get your 15 seconds of fame in a positive light AND by spreading the word about the creapizoids doing this, you might save many people grief, cause them to shut down and move on earlier or maybe even get enough interest that they are tracked down and prosecuted.

It is my opinion that you should not confront the fraudsters directly. If you call back the number they gave you, they will smooth talk you. The caller ID number can easily be “spoofed” (faked, forged … you get the idea). The vast majority of these felons are very experienced in what they do, they will deal with you and move on, change tactics, phone numbers and web site in a matter of hours or days.

Ok, Mr. Geek, you have a lot to say, have you put you words into action? You might ask. Well, yes I have. This spring, I let my debit card out of my sight for the first time ever. It was at a new restaurant in my town. Twenty-four hours later it was being used in New Orleans according to a phone call from the card issuer. I asked the callers the above information and then had them close the credit card, not once did they ask me for any “verification” on my account, you see they would not need it if they were legit.

To double check, I went immediately to my bank and spoke with the bank manager who confirmed the call and abuse and misuse of my card. It was then let them know exactly where I used my debit card and the name of the place where it left my sight. In all honesty I don’t think they cared at the time but, later that month the restaurant was shut down so I have my theory.

I then contacted my local police department and reported the theft of my debit card. Again, they did not seem to care and told me that I would have to make a report in New Orleans. Being the passive-aggressive person I am (and since I am on numerous boards and charities) I went to the Chief of Police and later our Mayor, guess what, they now care, especially since they found three “stray’s” from Hurricane Katrina pulling this theft right here in our town.

Lest you think this was my only occurrence or that I am tooting my own horn, this summer the issuer of my debit card called again and told me of a charge that once again was suspected of being fraudulent. Man was I ticked, and I was ready to move my account from my bank. It seemed that everyone I spoke with that was a member of my bank had this same issue and no-one of any of the other local banks had this happen.

They gave me my card number, mailing address and other information to “confirm” and then asked me the CID number on the back of the debit card. Feeling totally trusting of them and steaming about this happening twice in abut two months I gave it to them. I never asked for a phone number, name or any information, after all they had called before and everything was solved in 48 hours. The callers even said they would, once again, cancel my debit card to prevent any further charges.

After hanging up, I went straight to the bank. I fussed, I fumed I made a donkey’s rear of myself to the poor young lady who tried to help me. The bank manager was at a meeting, about fraud of all things. What was steaming me was that this card had never left my sight, I have (for years) shredded receipts, there was just no way these people could have gotten my number, it had to be the banks fault! I was wrong.

It turns out that this too was a scam, it seems that most of the information they had (my address and bank card number) are public knowledge (why with all the other government involvement in my life is there not a law keeping my debit card numbers private – but I digress) and they simply needed my CID to start using my card on the internet.

You see the fraud did not start until after I hung up with the callers. Fortunately the bank manager knew of this type of fraudulent call, she immediately called her security department and canceled my card before too many charges were incurred. As a matter of fact the caller had given me a specific dollar amount that was charged and that is the specific amount they charged once and apparently will charge every day until the card is canceled by you not THEM!

I now hope you are alert and ready to defend your accounts. I have one more call to action. My friendly white hats, grey hats and script kiddies, I urge you to attack, it is one of “those” sites and needs to be taken out ASAP. Let’s see if we can flood it until the hosting company is forced to take it down.

Until we meet again, have a Scammer free week!