The most clever people on the Internet are the social engineers who work hard convincing you to willingly give up your security info. I had a run-in with them tonight. The call came on my cellphone from an 888 number.
First things first. When the Caller ID standard was established, pre-Internet, pre-VOIP, it was left insecure! As you’ve probably noticed, making up a phony number appear on your phone is no problem.
I answered the call and was greeted by the most robotic, lifeless, computerized voice I’ve ever heard. VISA, Inc. was calling, or so the voice said. My debit card’s use was being restricted for Internet and online purchases unless I pressed “1” to verify information or called the VISA security department.
The option for me to call VISA is an integral part of the scam. It adds a sliver of legitimacy to the call.
I stood there for a moment, staring at my phone. I was perplexed and confused. The call was almost legitimate enough for me to act.
I hung up.
I’m going to place a lot of the blame for this on the credit card company’s themselves. They have legitimized this kind of interaction by heavily leaning on automated systems like the one the scammers use. We are conditioned to believe credit card companies will call without human involvement or with obviously non-American voices.
We are used to calls where no questions can be asked!
A few minutes later Helaine’s cell rang. She, Stef and I all have six of the seven digits the same. The automated system was just dialing in sequence one at-a-time.
A quick Google search of the phone number shows others getting this call within the last two days. My guess is the number is changed often to keep from being blocked.
People are the weakest part of the security equation. We want to believe authority. We have a weakness for social engineering.