Monday, July 03, 2006

My credit card story and phishing scams

Since my anniversary is coming up (no 7 year itch!!), I figured I should finally complete this post that I started because my credit card number was stolen on my anniversary last year. No, it wasn't some internet phishing scam or unsecured transaction, or even a phone scam, it was the old fashioned steal the number off the credit card by an unscrupulous waitress at the Wayside Inn. I know this because the entire week before, I had been down in NY visiting my mom and did not use my credit card at all. We went out for a fancy dinner and got this surly waitress who took forever processing the charge. The very next day with no additional purchases, I get a call from my credit card company asking whether I was buying racing equipment from the UK. I was glad the good folks at MBNA, where I get 2% of purchases going towards the kid's 529 plan, were on their toes.

The funny thing was a few weeks later, I got a security alert email from work saying that there was a phone scam where people claiming to be from the credit card company call you saying that there are unusual purchases on your card and asking for your information to verify that you are actually the card holder. I actually got my call as a phone message, so I had to call them back and I simply assumed that it was MBNA I was talking to (thankfully it was). But if I had taken the call, I would've completely given up all the information the person asked for, without asking to call them back. When I first checked this out on Snopes, Urban Legends Reference Pages: Crime (Security Guard), I could've sworn that this was labeled as a False hoax, but apparently I either read it wrong, or they have updated the page since I last looked at it. It is true, people are getting phished out of this info in this way.

In a related story, I read this scary article, Financial Cryptography: George's story - watching my Ameritrade account get phished out in 3 minutes. This is a really good story, here's a teaser:
As I'm checking emails I start receiving email notifications from my on-line
broker Ameritrade. The email notifications kept coming one after the other, you
just sold out of Duke, you just sold out of Home Depot, you just sold out of
Ford, I watched on my screen as the flurry of emails kept coming across my
screen, pretty much my entire portfolio of Stocks was being sold out right
before my eyes. I took notice of the time when I received the first email
confirmation, it was 9:31AM and as you know the equity market opens up at
9:30AM. My heart was racing, I was stunned and I said to myself this can be
happening to me, I'm a business and technology savvy as I've worked for major
investment banks and brokers as a consultant in the areas of technology trading
for equity and fixed income markets.


Anonymous said...

Your post is quite interesting to me on two levels.

First it reminds me that we have been so very lucky to be free of this sort of theft of hacking. The worst we have seen has been the other way around where people have put money into our account accidentally.....and of course times when our credit card company questioned our strange spending pattern when we were on an odd trip.

The second thing it reminds me is that while I am very careful to keep NOTHING of any significance on my home computers (login names, passwords, SS #, etc...) my wife has been relying more and more on cookies and netscape saving account and password information.

I run a hardware firewall, and a wireless network....but I probably don't check and secure all of it as much as I should....mainly because my little brain is programmed that my first line of defense is to NOT dangle my personal information in obvious places where others might pry....but I'm not thinking of the rest of my families method of operation.

Looks like I have another TO-DO item for today!

Anonymous said... more comment...this one might actually be short if I just post links to online articles. :-)

The thieves are using VoiP now to convince you the scam is legit! Calling a local number and getting what you think is your bank is not enough.... I guess we need to verify it in a phone book maybe.

Check these out: (I made them "tiny")