Call Forwarding Credit Card Scam
This is impressive:
A fraudster contacts an AT&T service rep and says he works at a pizza parlor and that the phone is having trouble. Until things get fixed, he requests that all incoming calls be forwarded to another number, which he provides.
Pizza orders are thus routed by AT&T to the fraudster’s line. When a call comes in, the fraudster pretends to take the customer’s order but says payment must be made in advance by credit card.
The unsuspecting customer gives his or her card number and expiration date, and before you can say “extra cheese,” the fraudster is ready to go on an Internet shopping spree using someone else’s money.
Those of us who know security have been telling people not to trust incoming phone calls—that you should call the company if you are going to divulge personal information to them. Seems like that advice isn’t foolproof.
The problem is the phone company, of course. They’re forwarding calls based on an unauthenticated request. AT&T doesn’t really want to talk about details:
He was reluctant to discuss the steps AT&T has taken to improve its call-forwarding system so this sort of thing doesn’t happen again. What, for example, is to prevent someone from convincing AT&T to forward all calls to a local flower store or some other business that takes orders by phone?
“We had some guidelines in place that we believe were effective,” Britton said. “Now we have extra precautions.”
It seems to me that AT&T would solve this problem more quickly if it were liable. Shouldn’t a pizza customer who has been scammed be allowed to sue AT&T? After all, the phone company didn’t route the customer’s calls properly. Does the credit card company have a basis for a suit? Certainly the pizza parlor does, but the effects of AT&T’s sloppy authentication are much greater than a few missed pizza orders.