New kind of phishing - Journal of Omnifarious
Dec. 7th, 2008
04:15 pm - New kind of phishing
I just fell for a new kind of phishing scheme. They sent me a message which looked exactly like messages from my bank usually do and asked me to call an 800 number regarding restrictions places on my check card. The 800 number then put me through an automated process asking for my card # and my PIN. I didn't give them then PIN because I've forgotten it for that card.
Since I didn't know the PIN I hung up on the call and tried calling a different # for my bank to ask them what the heck was up. I'm glad I did that. I had the card cancelled immediately. :-(
I feel a little stupid. But I'd never seen a phisher actually set up an 800 # before. In retrospect it's obvious. They have money. It's not hard.
If the mail had had a link to a website I would've noticed that it was a phishing scheme immediately. It had a link to an email address @ my bank, but that was secretly a link to a website. I didn't mouse over it to find out though until after I realized it was a phishing scheme.
It also happened to hit me at just the right time. I'd happened to be using that card about the same amount in the past month as I'd been using it in the past 4-5 (I don't use that card often at all), so it was plausible they'd see that as a fraud issue.
Anyway, I'm posting this as a warning that phone #s in email messages are an even worse problem than links because there's nothing that really identifies who owns a phone # at all.