The very first thing you cover when studying for your initial Security certification is that a well-educated public is a safe public. Hi, my name is Gary Hunt and I am an Information Technology consultant in the Detroit, Michigan area. I am called upon to help deal with online security issues all the time. I have a podcast called “The Help Desk Podcast”. It’s at TheHelpDeskPodcast.com. No link…..just go there. I also have a blog at my firm’s (IT Solutions-MI LLC) website which is at www.ItSolutions-MI.com. Many of our episodes and many of our blogs cover issues exactly like this. In fact I am including this email as a blog today. You can find a copy of the email at this link.
Here is the issue:
I received an email from a very good friend of mine via email today. It was a warning about yet another credit card scam where they contact you over the phone. There were a couple of facts related to this scam that really bothered me.
- On the very first line the sender invites you to check out the validity of the emails claims with the Snopes website (a live link is given).
- Why does this bother me? How many times do I have to mention that you should NEVER click on a live link in an email? I know, this is from a trusted friend but the fact is, that trusted friend probably did not originate the email. They just forwarded it to their friends. I also know they were only trying to help but what if the original email was a part of the scam also? What if that link was a phishing site? Then you will probably mention that it looks exactly like the Snopes website. My counter to that is “isn’t that the very definition of a phishing site?
- Next the email describes how the representative on the phone identifies himself/herself as a VISA employee and gives the badge number. They then go on asking questions as if they are investigating card fraud that has been aimed at your account(s).
- Why does this bother me? Are you face to face with this person so that you can see their face and the employee identification tag? How do you know who this is? The fact is you don’t. So what should you do? Politely ask for their phone number, name and identification number. Tell them that you are sure they understand that given all the problems with stolen identity and such that you wish to verify this with their superiors. Tell them you are going to make the call. Be firm, don’t let them switch you to their superiors. If they hang up or give you false information then guess what, they were crooks and you just saved yourself some heartache. A note here: if you are communicating on the phone you obviously can never be sure who you are talking to. So the best you can do is hang up with their contact information and call them back. But don’t trust the phone number given to you. Go online to look it up or get it from the back of the credit card. I don’t even trust websites that contact me via email. I contact them myself and verify.
- Actually, your phone call should never get further than the last step.
- But the email went on to describe how the caller wanted to “verify” that you still have your credit card. They were after the three digit PIN number in the back of your card. NEVER, never, never give ANY information to anybody over the phone unless you originated the communication.
I hope that this helps. This was meant to be instructional. It was meant to give you a game plan so that you can fight back. If you have any questions you can contact me through one of the websites.
The Help Desk Podcast.com
“Sometimes We All Need to Use the Help Desk”