Home Forums FineTunedMac Community Lounge Search engines and privacy

Shortly after midnight this morning, I was jolted out of bed by my phone and a voice identifying himself as a fraud prevention specialist from my bank asking me to verify three charges to my VISA card in Florida. The charges were not major purchases, and one of them supposedly was made using a Samsung Galaxy phone, so I denied all three charges. At that point, I had taken the phishing bait and was entering the most elaborate phishing scam I have yet encountered, involving multiple an extended telephone conversation, multiple text messages, and a dummy website that accurately mimicked my bank's site. The fraud prevention specialist bona fide his identity by revealing he had my full name, address, last four digits of my SSN (I began to suspect he knew what color underwear I was wearing at the time.) It was the text messages asking for specific information such as bank login name along with a specified keyword that jerked me awake enough to spit out the hook.

After an extended conversation with my bank's fraud prevention department in a call I initiated verified the whole thing was a scam, I spent the next few hours changing all my financial login IDs, Passwords, secret question responses, cancelling my credit cards, and ordering new ones. I still have to identify and change all my recurring charges but that will have to wait until I get the new cards.

From my previous posts, it should be obvious I knew all that information was out there, but it was a shock to actually see it and see it weaponized against me. That only leaves one question: HOW THE H3LL DID THE SCAMMER TRIGGER MY IPHONE TO RING WHEN IT WAS ON DO NOT DISTURB?

Hi Joe, I have read your message three times with mixed feelings. In no particular order:

On both the major UK banks which I use, they say at or near the top of their websites that they will never phone you and ask for personal identification details, and urge their customers to phone them on a different line to verify that such phone calls are indeed scams. You have to use a different line because sometimes the bastards hang on to the original phone call and them pretend, again, to be the bank.

If someone as tech-savvy as you can be nearly sucked in, what hope is there for the rest of us?

You're in Texas, but why should VISA transactions in Florida be any of their business? That's an immediate red flag to me. It is absolutely absurd to think that every bank monitors everyone's transactions. You could have been in Florida. You could have borrowed, hired, or used a Samsung phone while out of state......

No doubt the late hour of this phone call added to the discombobulation?

Yet another reason why I don't have a smart phone, and I have no intention of getting one. If anyone (was stupid enough) to phone my cell/handy/mobile at that hour, I wouldn't even hear it. I don't take it upstairs to bed. My husband has a smart phone, but it's only switched on in very specific situations (such as being a hospital in-patient): otherwise, it's off.

As to the text in red, I have no idea (because I don't have a smart phone), other than maybe it wasn't on do not disturb as you thought it was? Someone else will come along with an idea, I'm sure.

Maybe you'd better change your cell number while you're changing all your financial IDs etcetera? Trouble is, pursuing this gloomy line of thought, the bastards will get hold of that number too, sooner or later. So here's an idea. Turn the thing off when you go to bed!

I can't speak for your phone, but I frequently message my daughter after midnight when she's got her phone set for silent delivery, and Messages gives me the option to override the silent delivery.

I still use an answering machine, and I occasionally see it blinking when I walk to the lavatory after I've gone to sleep, but I've got a hard and fast rule to never check it, because it may be a reason to not go back to sleep.

The banks here may ask for a PIN over the phone, but never the password. In this case, I was told they were sending me a text I needed to reply to with the information in authorize the fraud specialist to cancel the false transactions. (That is what triggered my thought processes into action because it was unusual.) The problem with the two telephone solution is fewer and fewer users have two phone lines, having canceled their land-line phones in favor of a cellular phone.

If I am in Texas and my credit card is being used in Florida, that makes the bank suspicious, which is good. Someone once used my credit card number to purchase a first class airline ticket from Dubai UAE to Berlin Germany (~$10,000 USD as I recall) fifteen minutes after I had charged a steak dinner in Fort Worth, Texas. Before I got to my car in Fort Worth, American Express called my cell phone to verify the legitimacy of the two transactions and someone got bumped from the flight to Berlin, and I was not out $10,000 USD. That is not the only time a bank's fraud department has called me about suspected false charges, but it is probably the most memorable.

I suspect the timing was part of the scam, for that very reason.

The fact I was using a smartphone, should have been my first warning. My phone is smart enough to automatically ignore any calls between 10:00 PM and 7:00 AM unless they are from a very few family and friends. My bank is not on that short list of callers. Had I not been sleeping soundly, I think I would have caught on to the scam much sooner.

I leave the phone on, with the idea that as the surviving senior member of my family, I want my children and grand-children to be able to reach me in an emergency and vice versa. Besides that, the IPhone also monitors my sleep patterns for health reasons and it is my most trusted alarm clock. How, the phone was triggered is still under investigation, but it appears the scammers may have tricked the telephone network into handling the call without actually using a calling or possibly as coming from an emergency notification number that the phone is not permitted to block.

Originally Posted by Bensheim

If someone as tech-savvy as you can be nearly sucked in, what hope is there for the rest of us?

As I have said many times before, there is enough money to be made using scams like this, that some really smart minds are devoted to getting around all our security provisions. The weak link is the human being. The great majority of successful exploits these days target the user's credulity and rely more on psychology than technology. Although there was some significant technology used in this attempt, it was/is dependent on human psychology for its success. Apple does a good job of taking care of the technical security, and we can help that by keeping our devices up to date. Countering the psychological attacks is more difficult and requires users to...

• be skeptical
• remain alert
• think and respond, don't react
• never, ever give out personal information (user ID, Password, PIN number, account number, etc.) unless you initiate the contact, using a known phone number, or url.
• if there is the slightest question, always assume the worst, no matter how appealing those children look and sound.

OS 13.6.2
Joe, your posting should be read by every member of FTM.


I get least (1) phone call a day which if I allow it to go to my answering service, will usually
end up with no message. Sometimes Visa will phone and tell me that a sizeable
withdrawal has been made and if it was not you, press (1) and they will adjust my account.
NEVER ever press anything if you should receive a call from any source you don’t know.
Note: Visa do not phone their clients about their account.

The same applies to amazon.I have received calls from someone purporting to be an
amazon employee telling me of a problem with my account and to press (1)
Note: Amazon do not phone customers regarding their account.

When I sign in to my financial institution, with-in (2) minutes I receive an email notifying me of that fact.
No-one can be too careful here days. New scams happen almost every day.

Sadly, some people are gullible.

jaybass

We get about five phone calls a week from these bastards. They usually pretend to be from Microsoft (needlesstosay I have no Microsoft products); or Amazon (Amazon do not have my phone number); or BT regarding the broadband (BT do not provide our broadband); or an outfit claiming to stop these nuisance calls (Oh, right...); or some "universal' utilities company; or someone/some outfit to do with my IP Address (which is specifically designed to confuse the callee and cause consternation) etcetera.

99% come from Asian call centres, the callers all have heavy Indian/Asian accents, and they usually adopt an English-sounding name like Gregory or Jane in a pathetic attempt to fool English targets. I've read a lot of advice about how to handle these, one was to just keep saying Yes to whatever they say, and eventually they will hang up. That worked for a few months but then I got an Asian bloke who thwarted my Yes-responses by becoming more and more disgusting and aggressive (e.g., do you want to suck my c--k?) which upset me a lot. Then I changed my responses to an instant F--- Off, but that upset me too. Here I am minding my own business when some scam bastard rings up and immediately makes me upset and angry.

So my husband took over answering the land line. His responses were either withering sarcasm, or bursting into loud laughter at them. (That works.)

In this country they're going to rip out all the copper wires over which land line phones operate, and replace them with digital. This means that our old landlines will no longer work at all, and we'll all have to plug our handsets into the broadband router. However, most old handsets won't work with routers, OR (in my case) there's no socket on the router to take a phone, so I'll have to get a new router whether I like it or not. Plus, these phones won't work in the event of broadband outages (which happen more often than I'd like) or a power cut. I'll also have to up my broadband package with my ISP to incorporate this new digital signal. I'm dreading it. Nearer the time (next Spring, apparently) I'll probably start a thread on it............sigh.

Near the top of my list of Scum of the Earth are these scumbag scammers, who rob thousands of unwary people out of millions of pounds. Most of the victims are "old" and that makes it/them even worse. I often wish I had magical powers whereby when they phone an English number, our of their ear-piece comes a loaded gun or a laser beam or something like that.

Yesterday, I got a phone call from a guy who started out with "This is your grandson". When I replied that I had no grandson, he said, "Just kidding. It's your nephew". I asked "Which one?" and he said "You know." I wasn't totally alert so I gave him two options and he picked one. When I told him that he didn't sound like my nephew, he said that he had a bad cold and was in trouble because he had been arrested for speeding. Of course, Caller ID said Caller Unknown, Out of Area. I never let him get far enough to hear his pitch about sending money to bail him out.

I never answer my phone. I let all calls go to my answering machine, listen to the message if they leave one, and return the call if it's legit. Other than on my birthday, virtually all of the messages are wrong numbers.

If there were a problem of any sort, you would contact, or be contacted by, the issuing bank, not by Visa. Visa provides the name and the network, everything else is the responsibility, and liability, of the issuing financial institution/bank.

Innovis is a strange organization in that they do business that's sometimes time critical by snail mail only.

You can request action on line, but it takes them as long as two weeks to let you know your results.

E.g., I requested a temporary lift of my freeze for one bank, and after two weeks of the bank's not being able to access my credit report I got a letter with a PIN number that the bank had to use to access it. ¯\_(ツ)_/¯