this post was submitted on 15 Mar 2024
209 points (97.3% liked)

Technology

59605 readers
3302 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened.

you are viewing a single comment's thread
view the rest of the comments
[–] perviouslyiner@lemmy.world 14 points 8 months ago (2 children)

He said someone in the bank's supply chain was compromised, as they knew a lot of details that should have been known only to the bank. Also that the only information he gave away were the last digits of a card number.

[–] Brokkr@lemmy.world 13 points 8 months ago (2 children)

When a possible fraud department calls you, you shouldn't need to verify any digits of the card. Answer only yes or no.

Call them back if you need to give additional information.

[–] baronvonj@lemmy.world 13 points 8 months ago (2 children)

I've never had a legitimate contact from a fraud department that wasn't an automated message stating to call the number on the card. I've never had a human call me to initiate a live discussion.

[–] brianorca@lemmy.world 3 points 8 months ago

My bank has called me a few times. Each time they ask about specific transactions, so it's mostly yes/no answers. (Occasionally I've asked for additional clarifying info, but they never asked about card numbers or the like.) Usually it's been abnormal transactions that i know about, but a few times it was a cloned card number being used elsewhere, (before chip became standard) and then I had the card shut down.

I have. More than once. I always hang up and call back anyway.

[–] stealth_cookies@lemmy.ca 10 points 8 months ago (1 children)

You say that, but I've had my credit card call me about a charge and the information they asked was too specific. I hung up and called the official number and they confirmed it was indeed true and didn't understand why I thought the way they did it was a scam.

[–] perviouslyiner@lemmy.world 4 points 8 months ago* (last edited 8 months ago) (1 children)

It's scary how oblivious banks can be, and I think Brokkr is either lucky or optimistic about their procedures - I have seen even large banks like HSBC make "facepalm" mistakes like you described, and it sounds like Cory's much smaller credit union might even have outsourced their nighttime call handling to someone very close to the fraudsters.

Still curious how they managed to use Cory's card with just the card number and not the CVC2 code - is that a regional thing where some online shops aren't required to use it?

[–] xthexder@l.sw0.com 3 points 8 months ago

Depending on the credit card system used, there's various levels of fraud detection. Some stores use a point-of-sale system for in-person transactions, and those generally don't need the CVV code because you're supposed to have the physical card. It doesn't stop some businesses from using the system incorrectly, allowing them to charge a card without a billing address or security code.

This is part of why credit card signatures are basically useless compared to a pin that's required for all in-person transactions.

[–] 0x0@programming.dev 2 points 8 months ago

No, he gave away the last seven.