Monday, June 25, 2007
Went camping and came back to a phishing trip
Hi all. I'm back from the Men's Retreat. 60 men and boys were there. 60! Some churches don't even have 60 Men! It was great. Great preaching - great fellowship - great food. Pictures to follow, but I just got back to work and had to address something right off the bat.
Starting Thursday, I'd been getting calls from the "Chase Bank Fraud Alert Center". I have a Chase card, but something seemed phishy. I Googled the phone number that was given (800) 454-9078 and sure enough - it's a phishing expedition. Well actually, about 1/2 the results said it was phishing - the other 1/2 said it was legitimate. Probably the phishers trying to cover up the news with noise.
I was all set to ignore the voicemails and get on with life, when my phone rang. Caller ID showed 800-454-9078. I picked up and got an automated voice telling me to enter my credit card number. I typed in some random numbers knowing that all Visas start with a 4 and I ended with 1585. I didn't have time to come up with a valid checksum number, but it seemed to work. I'm not sure everyone would know to do this, but it got me past the first part of the call. The automated voice asked me if I authorized a charge to a travel agency. Press 1 for yes, press 3 for no. I pressed 3, and was put on hold. After a while, I was disconnected.
Bummer! I was really hoping to be able to play with these scammers. What really shocks me is that Chase bank - the real Chase bank - has been allowing them to be operational since Thursday. I would think that they'd want to shut them down as quickly as possible, but as my Google search revealed, they've been operational for quite some time. I gave Chase 12 hours to investigate. If the phone number is still operational in 12 hours, I'm going to freeze my account. If the phone number is still operational in 24 hours, I'm probably going to close my Chase account.
Lesson to be learned: If a bank ever calls you or sends you an email about anything - DON'T RESPOND! Instead, go to the bank branch personally and ask about the subject of the email or call. It's pretty hard to fake being a physical bank, so that's pretty much the only way you can trust anyone today. Calling them directly may not work in the near future because many banks are going to IP phones which can be hacked, so the scammers can actually receive calls made to the bank. What a lovely world we live in now, isn't it?
Starting Thursday, I'd been getting calls from the "Chase Bank Fraud Alert Center". I have a Chase card, but something seemed phishy. I Googled the phone number that was given (800) 454-9078 and sure enough - it's a phishing expedition. Well actually, about 1/2 the results said it was phishing - the other 1/2 said it was legitimate. Probably the phishers trying to cover up the news with noise.
I was all set to ignore the voicemails and get on with life, when my phone rang. Caller ID showed 800-454-9078. I picked up and got an automated voice telling me to enter my credit card number. I typed in some random numbers knowing that all Visas start with a 4 and I ended with 1585. I didn't have time to come up with a valid checksum number, but it seemed to work. I'm not sure everyone would know to do this, but it got me past the first part of the call. The automated voice asked me if I authorized a charge to a travel agency. Press 1 for yes, press 3 for no. I pressed 3, and was put on hold. After a while, I was disconnected.
Bummer! I was really hoping to be able to play with these scammers. What really shocks me is that Chase bank - the real Chase bank - has been allowing them to be operational since Thursday. I would think that they'd want to shut them down as quickly as possible, but as my Google search revealed, they've been operational for quite some time. I gave Chase 12 hours to investigate. If the phone number is still operational in 12 hours, I'm going to freeze my account. If the phone number is still operational in 24 hours, I'm probably going to close my Chase account.
Lesson to be learned: If a bank ever calls you or sends you an email about anything - DON'T RESPOND! Instead, go to the bank branch personally and ask about the subject of the email or call. It's pretty hard to fake being a physical bank, so that's pretty much the only way you can trust anyone today. Calling them directly may not work in the near future because many banks are going to IP phones which can be hacked, so the scammers can actually receive calls made to the bank. What a lovely world we live in now, isn't it?
Comments:
Links to this post:
<< Home
Just so you know - its actually not a phishing expedition (understandably I'm a random person on the internet and you likely won't believe me) but you should probably call the number on the back of your Chase card and they'll tell you that yes the security center did call you and they'll transfer you over to verify the charges. Just happened to me. I agree its dumb for the bank to use the automated systems like that but its legit.
Post a Comment
Links to this post:
<< Home
