Phishing by Cell Phone
From an alert reader:
I don't know whether to tell you, or RISKS, or the cops, but I just received an automated call on my cellphone that asked for the last four digits of my Social Security number. The script went:Hello! This is not a solicitation! We have an important message for J-O-H-N DOE (my first name was spelled out, but the last name was pronounced). If this is J-O-H-N Doe, Press 1 now!
(after pressing 1:)
For your security, please enter the last four digits of your Social Security Number!
I have no idea who it was, because I'll be -- damned -- if I'd give out ANY digits of my SSN to an unidentified party. My cell's display is broken so I'm not sure whether there was any caller ID information on it, but I also know that can be forged. What company expects its customers to give up critical data like that during an unidentified, unsolicited call?
Sadly, there probably are well-meaning people writing automatic telephone scripts that ask this sort of question. But this could very well be a phishing scheme: someone trying to trick the listener into divulging personal information.
In general, my advice is to not divulge this sort of information when you are called. There's simply no way to verify who the caller is. Far safer is for you to make the call.
For example, I regularly receive calls from the anti-fraud division of my credit card company checking up on particular charges. I always hang up on them and call them back, using the phone number on the back of my card. That gives me more confidence that I'm speaking to a legitimate representative of my credit card company.
Posted on December 7, 2004 at 1:58 PM • 43 Comments