this post was submitted on 15 Mar 2024
208 points (97.7% liked)

Technology

58303 readers
4 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 137 points 8 months ago (4 children)

When a fraud department calls you, you don't need to provide any more information than your name and yes/no answers. If they are asking for any additional information, tell them that you don't trust their authenticity and that you'll call the number on the credit card. A legitimate agent will politely end the conversation there.

Then you better call that number on the card quickly.

[–] [email protected] 43 points 8 months ago

This is the solution.

Had this happen once, followed those steps, and the CSR was very interested in getting the details of the call. They put a freeze on that account for a bit as well. Nothing was taken.

[–] [email protected] 19 points 8 months ago (3 children)

True for any company asking for anything sensitive.

I've gotten scams from my internet provider asking me if I want to upgrade my plan with a new discount. Caller ID was spoofed and it sounded pretty legit, until they started asking me about my current plan tier and price. I was like "uh, you tell me. You're the one with access to my account info." After they hemmed and hawed about that, I just hung up.

Honestly, you should be suspicious of ANY incoming calls at this point. There are convincing scams that spoof the voices of people you actually know using trained AI. It's actually pretty easy to do now, since you only need a few seconds of audio to use as a training sample. Anyone who's ever posted a video with their voice on social media can potentially have their voice spoofed. I've warned my family about this, since most of us have our voice out there somewhere.

Phone calls are dumb. SMS is dumb. Phone numbers are dumb. Phone line security is basically non-existent. It's wild that phone numbers have become the de facto ID on the internet; almost everything requires SMS auth to register now. PHONE NUMBERS ARE NOT PERSONAL IDS.

[–] [email protected] 12 points 8 months ago (1 children)

An unanswered phone is a happy phone.

[–] [email protected] 3 points 8 months ago

Moss seal of approval.

[–] [email protected] 4 points 8 months ago

The worst thing imo is when a form will say they need to verify your identity, so they ask you to give them a phone number you can receive a text at to do a 2fa.

...how, exactly, does that verify anything other than that I own access to a phone number that can receive a text?

[–] [email protected] 3 points 8 months ago

SIM swapping to hijack OTPs is insane.

[–] [email protected] 5 points 8 months ago (1 children)

They should already have your name too if they're calling you

[–] [email protected] 5 points 8 months ago

They're going to ask for your name so as to confirm they've gotten a hold of the right person

[–] 0x0 2 points 8 months ago

Any department really, but that's just me.