back to article 'Untraceable' phone fraudsters eye your credit card

Scams involving email and fake banking websites may get all the attention, but a recent rash of fraudulent phone calls shows criminals haven't given up on more traditional tools for tricking people into surrendering credit card numbers and other sensitive information. The calls begin with a recording that makes a tempting …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    credit card fraud

    I've been getting calls from the fraudulent reduce your interest rate folks for the last year here in Canada.

    They are very slick, sometimes they pretend to be your credit card company. And very persistent. I've just stopped answering the phone when it's an 800 phone number on the call display.

    Thank god for call display.

  2. Mr B
    Joke

    Henry Paulson wants his money back

    and he raised an army of spoofers to get it.

    If you don't spend your stimulus rebate ... someone will try to spend it for you.

    <SARCASM>It's good for the economy.</>

  3. Robert Moore
    Linux

    My phone

    That might explain why my phone was ringing off the hook last week.

    On the plus side it gave me man opportunities to be abusive to strangers. :)

  4. Leon

    Ha

    It serves them right if they think their credit card company will ask for those numerous details over the phone, or be it email.

  5. Anonymous Coward
    Anonymous Coward

    This is why...

    I firmly believe there should be an international treaty forged to make credit card and identity fraud convictions punishable by death.

  6. JakeyC
    Joke

    RE: This is why...

    Perhaps if *falling* for these scams were punishable by death, people would actually think about keeping their card details to themselves and not read them out to anonymous callers...

  7. Anonymous Coward
    Thumb Up

    Great Timing

    Just got the call as I was reading the article. And yes they refused to give me any information on where they were located or incorporated.

  8. Nordrick Framelhammer

    As far as I am concerned...

    if the average punter is stupid enough to give out that sort of information to some unknown caller on the other end of the phone then tough nuts to them.

  9. Aubry Thonon

    Citbank

    Kept on calling me about my account and the phone-monkey at the end of the line could not understand why I would not "confirm a few details" to "prove my identity" and some got royally pissed off when I asked to prove to *me* that they were from Citibank.

    Due to the stupidity of these phone exchanges, I changed banks in a hurry to one which publicly advertises that it will *not* contact you through email or phone. And so far, hasn't.

  10. Christoph Silver badge
    Alien

    @ Nordrick Framelhammer

    Tell that to HSBC bank who phoned me up and then asked me for my security information. And were puzzled when I refused to give it and insisted on phoning my branch myself so I knew who I was talking to.

    They are actually *telling* their customers to fall for this kind of fraud, and to give out security information to strangers who call them on the phone.

  11. This post has been deleted by its author

  12. sheepdog

    I got that HSBC call too

    Out of the blue one evening, HSBC called wanting to speak to me but wouldn't tell me about the topic until I went through "security". After going through their script I promptly said "then I do not wish to go through security with you" which they replied "well you can always ring us up to verify". So that's: ring HSBC up to ask about the reason why they want to speak to me with no reference to why I need to speak to them about a call they made and wouldn't tell me about why they wanted to speak to me!

    As for their supposedly sophisticated credit card fraud detection and having suffered credit card fraud, their fraud detection team deduced that the best course of action was to raise my limit!

    {no link between the call and the fraud}

  13. Anonymous Coward
    Thumb Up

    Name on card

    Yubin Fould

  14. Chris C

    Caller ID

    Caller ID is a well-established technology at this point in time. Here in the northeast US, Verizon charges $9.00 per month (per phone line) for Caller ID service ($7.50 per month for number-only Caller ID). And yet, caller ID is still completely useless because spoofing the number is so incredibly easy (or so I hear). The frustrating part is that it doesn't need to be. The communication company providing service to the caller knows precisely what the caller's phone number is (for companies with many phone lines, likely those using a PBX, the telecomm company knows all of the caller's phone numbers) and can therefore determine if the caller is spoofing the caller ID name and/or number, and refuse to connect the call (or, at the very least, display the correct name and number). The fact that they don't do that is (to me) proof that they care more about profits than about providing a useful service (not that any of us needed any more proof).

  15. Chris C

    @Leon re: Ha

    "It serves them right if they think their credit card company will ask for those numerous details over the phone, or be it email."

    Um, Leon, I don't know how to tell this, but the credit card companies *DO* ask you for those details over the phone. Maybe not all the time, but if they suspect the card is stolen, they *WILL* ask you for personal details and the credit card number and CVV/CVC to confirm that you are the account holder and that you are in physical possession of the card. At least (some of) the credit card companies here in the US do that (Citi and Bank of America).

  16. Jim
    Boffin

    Spoofed Caller ID

    I can think of one valid use for a spoofed caller ID.

    Many PBXs have a feature where your extension can be twinned to another number, typically a mobile. So when your work number rings then the PBX originates a call to your mobile. But this call will come from your trunk and caller ID will display that number. If the PBX is able to spoof the caller ID then you can see the actual originators number on your mobile rather than the PBX trunk number.

  17. Andrew Baker

    Caller ID

    In the UK it is common for the company that handles outgoing calls to be unconnected with the company which provides numbers and routing for incoming calls. We (I'm the CTO of a Telco) provide routing of incoming numbers (both geographic and NTS) to many large corporates - but don't offer them an outgoing service.

    I know that there are significant differences in how Telecoms is structured in N.America and I don't claim to know all the details of how it works over there - but I suspect that similar considerations will apply.

  18. Anonymous Coward
    Anonymous Coward

    Chargeback

    I don't understand how this scam can succeed. As they would be doing a customer not present (CNP) transaction the customer would need to initiate a chargeback and the fraudster would lose their money.

    It doesn't matter about the phone call, the card clearer (Visa, Mastercard etc) knows who the fraudster is as they have given them payment services after "a thorough screening process".

  19. Nigee

    "thorough"

    Yeah, right. However, the card details are probably being used for third party purchases from legitimate merchants, with the goods then being fenced. Or the card details are being sold in the black economy for that purpose. I suspect the card companies have rules about how soon payments are made to new merchants' accounts, just as the banks have put in a time lag for your new payees when you use online banking 'pay anyone'.

  20. tony trolle
    Stop

    extended car warranty

    a call or two every two weeks for about a year now.

    Some1 must fall for it these call centers cost money....

  21. Anonymous Coward
    Anonymous Coward

    How to not fall victim and avoid unneeded impulse-buys

    I am 100% firm in refusing to talk to anybody who makes any kind of unsolicited proposal to me and I always will be, no matter what the circumstances, no exceptions ever. I will be stubborn on this.

    In fact I take unsolicited proposals as a personal insult because I can decide all by myself without anybody's help whether and when I want to make a purchase. In the unlikely event that I desire to join the Jehovas, I would go to them, I don't want them to come to me first. Should I desire to have a newspaper delivery, I will call the newspaper to make a request, I do not want them to come to me first. Should I desire to sign up for another credit card, I will seek out the issuer on my own, I do not want them to approach me first. I never buy at the door and I never take unsolicited phone calls. If the idea to buy did not originate with me, I will simply not buy as a matter of principle. I also never go to any clubs, bars, pubs, cafes or restaurants which hassle passers-by trying to lure them to their premises

    If somebody approaches me first, I consider it an insult because they are suggesting that I am too stupid to know by myself what and when I want to buy something. I will respond in kind. In my book, it is entirely permissible to be rude to people making unsolicited proposals. If they don't immediately get the point from my body language (that I don't want anything) then I tell them to have sex and travel. I do not subscribe to the "they are only doing their job" philosophy.

    Follow this advise and you will find that not only will you not be scammed, but you will also save a lot of money by avoiding unnecessary impulse-purchases.

  22. Sceptical Bastard
    Paris Hilton

    Sorry?

    Have I understood the story?

    Your mobile (cell) phone rings. The caller offers you an unsolicited service and then asks for your "...credit card number and expiration, name, address, and in some cases social security number and other data."

    In other words, a complete stranger from an unverifiable number asks you for all the data required for credit card fraud / identity theft.

    And you TELL them?

    Maybe we mis-heard Darwin - perhaps what he said was survival of the *thickest*

    Paris for obvious reasons

  23. John Edwards
    Paris Hilton

    How to hurt telephone scammers.

    I always deny that I am John Edwards and offer to call him in from the garden. The caller the hears me shout, "you have a call." At one minute intervals I apologise for the delay and let the caller hear further shouts of "hurry up". I once kept one of these monkeys on the phone for ten minutes.

    Paris, because I wouldn't keep her waiting even if I were in the garden.

  24. Anonymous Coward
    Anonymous Coward

    Simple question to ask any unknown caller.

    Can you tell me my name?

    That simple question usually often results in a swift end to the call.

  25. Ian Zirins

    @AC

    "I am 100% firm in refusing to talk to anybody who makes any kind of unsolicited proposal to me and I always will be, no matter what the circumstances, no exceptions ever. I will be stubborn on this."

    Totally my stance too. Register you rmobile with the Telephone Preference Scheme, then tell/challenge the caller - if they are not UK based they won't have heard of it - hang up, if they claim "random dialling", hang up.

    Paranoia keeps you safe....

  26. Steve

    @Jim

    If you set your office PBX up to divert calls to your mobile, then (if it is properly configured) it will add the signalling info from the inbound call to the outbound, and the exchange being called will get signalling information containing both numbers. i.e. it will have both the original caller's number, and the number from your PBX. It is up to the receiving exchange which of those numbers to present as caller. Most will present the original number if it was not withheld, otherwise they will present the number from the intermediate PBX. I do this all the time, and my mobile almost always displays the real caller's number, with no special config on my office PBX.

    Of course, if you have full control over the PBX then you can add any other signalling info you want, to make the call look as if it came from elsewhere, so the presented caller ID is rubbish. The receiving telco should, though, be able to retrieve at least the PBX number. In the UK that would, AFAIK, require a police request with a court warrant.

  27. Anonymous Coward
    Stop

    @AC - How not to....

    "If somebody approaches me first, I consider it an insult because they are suggesting that I am too stupid to know by myself what and when I want to buy something."

    Ah but this my friend is the very core of advertising/marketing. The majority of folks ARE stupid, I think that's a proven fact and so advertising and unsolicited scams work.

    I really honestly wish everyone were like you then all the asshat, pretty boy jerks in Marketing would be out of a job and we would all have peace from ads, scams, spams, phishers, vishers, 419ers and other assorted vermin.

  28. John
    Alert

    If you're going out of town...

    If you're travelling abroad, then call your card providers in advance. They will put a note on your account which ought to mean they don't auto-stop your cards on sighting 'suspicious transactions' from half a world away.

    It'll save you a painful call to the bank where they ask questions WAY off the list

    "what is the road next to the road you live?"

    "where do you buy your groceries"

    "what utilities do you pay with your card" (trick question - answer was none)

    This courtesy of Morgan Stanley. I was a bit peeved at first, but fair enough in hindsight, which is now your foresight.

    Happy travels!

  29. Roy Stilling

    Halifax too

    A couple of months ago they phoned several times, mostly when I was out, telling my wife they needed to speak to me but wouldn't tell her what about. When I was in I refused to "go through security" because I had no way of knowing if they really were Halifax (I don't doubt they were but why should I take the risk?). I suggested that if what they wanted to discuss was really important they should write to me. They didn't.

    I do think it's incredibly negligent of the banks to do this sort of thing when there's so many scams going on. Perhaps the next time someone falls foul of a scam they should hire a lawyer to find out if the bank makes outgoing calls that request security details and claim contributory negligence if they do.

  30. Nano nano

    Mutual security

    If I get an unsolicited call alleging to be from a card provider, I ask them for the last 4 digits of my account number. That helps sort the wheat from the chaff. (other questions might include billing address, their payments bank sortcode ...)

  31. Steve

    @ How to not fall victim...

    "I do not subscribe to the "they are only doing their job" philosophy."

    I do subscribe to that philosophy - they are being paid to talk to me and if I happen to be a thoroughly nasty person who mocks and insults them in an attempt to make their life as unpleasant as possible, that's just part of the job. It's simple market forces. The more abusive we are to these people (advertisers/scammers - same difference), the more they will have to pay their staff to put up with it. The aim is to drive the staffing costs so high that it's no longer economical to phone me up to sell their tat.

    Alternatively, in the UK, tell them you want nothing to do with their organization and will consider it harassment if they call you again. A reasonable person in possession of that information would not call again. When they do call again, quote the Protection from Harassment Act 1997 at them;

    s1

    (1) A person must not pursue a course of conduct-

    (a) which amounts to harassment of another, and

    (b) which he knows or ought to know amounts to harassment of the other.

    (1A) A person must not pursue a course of conduct -

    (b) which he knows or ought to know involves harassment of those persons, and

    (c) by which he intends to persuade any person (whether or not one of those mentioned above)-

    (ii) to do something that he is not under any obligation to do

    s2

    (1) A person who pursues a course of conduct in breach of section 1 is guilty of an offence.

    (2) A person guilty of an offence under this section is liable on summary conviction to imprisonment for a term not exceeding six months, or a fine not exceeding level 5 on the standard scale, or both.

    I scared the life out of some kid from Beneficial Finance after I'd explained that the "DNS" note on my file meant Do Not Solicit and that it was put on there by the 2nd of their phone-monkeys to call me. Cue some very hasty apologising from his line manager.

  32. Anonymous Coward
    Unhappy

    @credit card fraud

    > They are very slick, sometimes they pretend to be your credit card company.

    This is, of course, not helped by credit card companies increased security checks on "suspicious" transactions which means every so often I get a phone call from my card providers security department to check transactions normally ending in a stand-off while I say I'm happy to give my card number to access my account but I'm not revealing other details to some one who calls me "out of the blue" ... in each occasion from the subsequent transaction details they ask me to confirm its pretty clear that they are genuine. But I amazed that given all the emphasis they place on not revealing security info + how you have to authenticate yourself to them if you phone up that they are oblivious to the fact that they might need to authenticate themselves to us when they call. Why they can't do something simple like call up and offer the option of calling back on an access number printed on your card and asking to be transfered to the security department.

  33. Antony Riley

    Advertising & Marketting.

    That's the thing about Advertising and Marketing, you need to be dumb enough to believe the rubbish you tell the customer otherwise they work out you're lying or not telling the whole truth.

    The best people in this profession I've known have always been particularly gullible or at the very least happy to believe half-truths and ask no further questions.

  34. Eponymous Cowherd
    Unhappy

    Great excuse.....

    for BT to listen in to all of your phone calls (preserving your anonymity, of course) in order to warn you about this kind of Phone Phishing. As a bonus they get to sell details of anything 'interesting' you may have said in the course of your phone calls to friends and family to Phorm so that they can ensure that you get better targeted cold-calls.

  35. Anonymous Coward
    Anonymous Coward

    Never over the phone - always visit your branch

    I chose to have my bank account with a bank+branch that is in walking distance from my office and if we'd move the office, I would have my account moved to the branch which is nearest to the new office location. When my bank calls in, I tell them "I am just across the road, I will be with you in 2 minutes", they have never had an issue with that. One time I got a call from a department at the bank's head quarters but even then I was able to go to my branch and have my account manager sort it all out for me while I was at the branch. The worst that can happen is that you conduct a telephone call with the bank at the branch from your account manager's desk, in his presence. You can always ask your account manager to authenticate the guys you're talking to using their internal procedures, which they have and use for their own ends anyway. It may be just a little inconvenient this way, but better safe than sorry!

  36. TimM

    Debt management calls

    I get loads of these automated calls from services claiming to sort out your debts, press a button to speak to an operator etc, where I'm sure they'll take down plenty of details, credit cards etc. I never answer the calls, but my answer phone sadly gets filled with them.

    I can't do anything about it though, even with the Telephone Preference Service, because they all come from International numbers where UK laws have no affect. They are however British accents and clearly targeted at a UK audience.

    I can see how some might fall for it too as they spout stuff about government debt schemes which is enough to make some people think it's official.

    Wish there was a way to send an electric shock back up the line to callers you object to. Even if it just blows up their damn automated dialler.

    Anyway, my answering policy is simple... is the number one I recognise? If yes, then answer, if no or withheld then simply leave it to the answer machine. If they really have a need to speak to you they leave a message. Most don't. That just leaves the damn automated crud.

  37. Anonymous Coward
    Anonymous Coward

    @ Steve

    what I meant by "I don't subscribe to the they're-only-doing-their-job philosophy was that I don't accept it as an excuse as in "don't be mad at them, they're only doing their jobs". I DO get mad at them because I feel they shouldn't have chosen such a scumbag job and in my eyes they are very well responsible for what they do in that job. In fact, I don't even want to socialise with a telemarketer. In other words we're in agreement, those people deserve as much abuse as is legally permissible.

  38. Solomon Grundy

    @Chargeback

    If you truly think the system is that effective then you are a fool. A Lot of the processing takes place in tiny little offices that have little to no affiliation with the issuing bank or clearer - it's all been outsourced you know. It's a truly screwed up system.

  39. Anonymous Coward
    Anonymous Coward

    Here in Japan, telemarketers withhold caller ID

    Here in Japan telemarketers don't seem to want to show their caller ID, the calls always come in as "caller ID withheld". Since we have ISDN, we can distinguish "withheld caller ID" from "unavailable caller ID" (which you get when the caller uses a public pay phone or when the call comes from overseas via certain low cost routes).

    We have programmed our PBX to play a recording that we do not accept calls without caller ID and send callers to a menu where they have to punch in their number manually. The PBX will however tell us whether a number was obtained from the network or provided manually. We also send a SIT signal which some auto-dialers recognise as "I don't want you to call me" and hang up. Many auto-dialers also hang up automatically when they detect a recording at the other end. As a result, we do no longer get any calls from telemarketers who use auto-dialers.

    The only telemarketer calls we get which do not withhold caller ID are spam faxes. For some reason they all originate in Osaka from within three different blocks of numbers. We have programmed our PBX to signal "number not in service" when a call comes in from a number within these blocks. As a result, their fax robot gets a signal from the phone company that says that the number dialed is not in service, which eventually leads to them removing it from their database. But even if they don't, it doesn't matter to us because it is no longer possible for them to get through to our fax machine, nor do their call attempts keep our channels busy. Oh, the beauty of ISDN signalling!

    Of course caller ID can be spoofed and not all telcos prevent their customers from signaling a different caller ID. NTT exchanges do not accept a different caller ID other than numbers that you actually own. However, if a call originates outside of the NTT network, then it is possible that the caller's operator did not verify that they actually send a caller ID with a number they own, so we cannot be entirely sure that the caller ID is not spoofed. Nevertheless, it is usually possible to use PBX technology to screen out at least the bulk of telemarketers.

    I have switched my home phone line to ISDN as well and use an open source PBX software to do the same things we do on our PBX at work. My personal UK phone number is a 0870 number (rings here in Tokyo via VoIP) which seems unpopular with UK telemarketers because I never get any telemarketing calls on that number, though I did get such calls when I still had an ordinary London number. Its more expensive for friends and family to call me on that 0870 number, but I simply call them back using our local (and very affordable) VoIP service. Maybe you guys can discourage telemarketers by using an 0870 number, too. Just an idea.

  40. Law
    Paris Hilton

    Egg agents are good, their automated messages suck

    When they ring in person, they confirm a few little details of myself to me - and then just ask for the most recent purchase - no numbers, postcodes, passwords or anything. It's pretty good.

    Their automated messages suck though - i had a major headache with them ringing me to ring them back on "this number" - I just rang the number on egg.com and had a huge go at them, since then, no more automated calls (I'm guessing it's an opt-out system).

    Paranoia is an awesome way of protecting yourself from any sort of financial raping over the phone, be it from scammers, or the usual high-street criminals trying to get you to extend your current line of credit with them (Blackhorse!)

    Paris - trying to remember what her card number is

  41. NitricJerkSud
    Thumb Up

    RFC for SIF Protocol

    There needs to be a companion protocol to VoIP's 'SIP' created -- SIF. Through the SIF protocol, you could select on option on your phone to have the caller 'Stabbed In Face'.

  42. Schultz
    Flame

    Lifestyle challenge

    You ever buy something unsolicited over the phone / mail / email, you are guilty for the next few million spams in this world. Same thing with ordinary advertisement, if you fall for it, you are primary cause for the advertisement pollution everywhere. Capitalism at work :O.

    It's a lifetime/lifestyle challenge to avoid advertised products!

  43. Gis Bun

    Latest scammers

    Got this twice in one day - but they are stupid enough with their automated message to think that my voicemail message is actually me.

    Before deleting the messages, the callback telephone numbers were all zeros.

  44. Daniel B.
    Flame

    I'm immune to this one...

    I'm basically immune to this trick, as I have acquired BOFH-level treatment for telemarketers:

    Caller: Hi, is this <unkown person>'s house?

    Me: No. <SLAM>

    Caller: Hi, is this (my name)

    Me: Yes

    Caller: Hi, we're calling from HSB.... <SLAM>

    You can be as rude as you want to telemarketers as you like. I used to redirect my landline to my mobile, but after 5 days of cold calls, I decided to cease this practice. Good thing I can't get cold callers on my mobile :)

  45. Anonymous Coward
    Go

    Special handling for those special calls

    I've started getting sales calls come in on my VoIP line. (I have 2 UK PSTN numbers and one US number on it.) I've now taken to, where possible, adding telesales numbers to a special inbound route. A demo is up at 0870 312 0217 ;) The switching is done on caller ID so regular callers still get through normally.

  46. TimM

    Re: I'm immune to this one...

    You can be as rude as you like, but the problem is often their system is so automated that they just keep blindly calling you, often with someone entirely different each time (though I've even had the same guy call me 3 times in the same evening, not realising he's calling the same number. He doesn't get a choice, it's just the computer dials it for him and connects. He doesn't care, he's just paid to do X number of calls in an hour without bathroom breaks in his sweat shop call centre).

    The easiest thing is to just not answer unknown/withheld numbers or slam the phone down if there's no reply the instant you say hello, as this is almost always a computerised system that only connects you to the call centre monkey when it hears someone on the other end.

  47. Fatman
    Stop

    Untraceable phone phraudsters.

    My local phone carrier has a voice mail service that I use. One of the nice things about it is that all messages are time/date stamped. Also, the calling number is captured (most of the time). If I do not recognize the caller, I just press the button to delete the message.

    About 18 months ago, i was in the hospital, and while there, my debit card was stolen. The fraud department of my bank, called and left a message on the system. The phone number left, I did not recognize. So, Considering that it could be legit, I called the bank at its well published number; and asked to be transfered to "So and So" in fraud.

    "So and So" was a real person, who worked for that department; and after providing some information, I was able to reverse the charges. One of the "verification" questions, was the date and amount of my last deposit; something a phraudster would not readily know. I had the card canceled immediately, and a freeze put on the account. Once I got out of the hospital, i went to my local branch and removed the freeze.

    Anyone who "cold calls" me about financial issues gets the bum rush. If it is legit, I will call you back at a published number. otherwise, it is "Solicitor Be Gone" - a very LOUD air horn.

  48. tony trolle
    Stop

    fcc

    In the US you can report cold call to your mobile to the FCC. why only mobiles(cell phones) no idea.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019