> A couple days later, I got a call from my credit union.
People still answer phone calls like this? I've never trusted incoming calls if not a personal contact. If it's your bank you can call them back.
That person calling you, knocking on your front door, sending you an email or DM? At best it's someone trying to sell you something but likely someone trying to scam you.
There is no upside and lots of potential downside for trusting an inbound request of any kind.
Yes, this. An inbound unexpected communication of any sort cannot be trusted, so I don't trust them. If it seems real and important, I'll contact the whoever sent the communication using a communcations channel I know to be accurate. I'll call them back instead of talking to someone who called me, I'll never click links in emails/texts, and I'll ignore anything an email/text/whatever says and at worst interpret it as a signal that I need to contact someone separate from the email/text/whatever.
But most people do none of these things. They'll click links in emails, respond to texts, and so forth. I suspect that they do this either out of ignorance or laziness.
The problem is, as Doctorow discovered, we are all, without exception, vulnerable to phishing attempts and other con games. Not all the time, but if one catches you at just the right moment...
Put this comment up in every church and every retirement community. I haven’t searched, yet suspect this is the most common elderly fraud besides relatives manipulating them for their estate.
One time, I answered the most suspicious phone call from someone pretending to work in a recovery service and that I had to pay a medical bill to them. I asked what medical bill, they told me it was confidential.
I wanted to just forget about it, but after questioning my wife about it and thinking about for a long time and going through our bank records, we found that one time when she went to the doctor and didn't have her insurance info or something, so we never knew we had something to pay and instead of contacting us directly, the unpaid bill went straight to a third party recovery service. It was a small fee, so I assume they lost most of it by paying the recovery service. We didn't move or change email/phone number or anything, so the doctor's office must have failed to save our contact info.
The recovery service probably found our number just with names and basic info I guess.
And yeah, it makes sense that they can't tell us what it the bill about or which doctor's office it is.
> For just a moment, my finger hovered over the phishing link, and then I looked a little closer.
I've noticed that the older I get, the longer it takes me to positively identify these types of things. Not much longer - and I'm not old - but I can definitely foresee a future where I may not be able to trust myself with this stuff anymore.
I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:
No doubt. I think of myself as pretty fairly savvy at avoiding scams of various sorts, but I got nailed about a year ago. And as you might expect, there was one of those "this would only happen due to the the quirks of a specific set of circumstances" things that was part of the story.
To summarize: I had been wanting a set of wrenches. Specifically a set of Capri extra-long, double-box-end, 75 degree offset wrenches. But every vendor that sold them was sold-out. Except for a set that popped up briefly somewhere, that I opted not to buy that specific day, and then they were sold out again the next time I checked. And then lo and behold, one day I find a vendor that purports to have the wrenches I want. The price is reasonable, and their site looks reputable enough, even though I'm not familiar with the vendor.
You can probably guess how this ends. I enter my credit card info, address, etc. and click "order" and am promptly greeted by an "error message". It's only then that I notice a couple of discrepancies about the site that I probably should have picked up on earlier. I pretty much knew I'd been scammed at this point, but I held out hope that maybe, just maybe this was just a new vendor and they were still working the bugs out of their site. And no bogus charges appeared on my card right away... but then about a month later I got hit charges from a Dominos Pizza in Houston, and some online sales b.s. (acne treatment or something). Ding, ding, ding.
Luckily my bank made it straightforward enough to get my money back and get my card replaced. But it's still kind of embarrassing to fall for something like that. And the crazy thing is, if that exact set of wrenches hadn't been sold out (more or less) everywhere for 2-3 months, it would never have happened. But they were, and I let myself get a little too enamored with the idea of scoring a set and I dropped my guard just a bit and bob's yer uncle. :-(
He still slipped up on the second attempt - he asked the scammer for the out of hours number, rather than using the number on his card - I guarantee the robomenu will have a out of hours option.
Maybe he hadn't intended to call that number on the assumption it was his CU, but it reads like he did, and only realised it was another scammer because of the anger.
I don't know if STIR/SHAKEN is just not implemented widely enough to matter, or if it's just ineffective, but I have seen no changes as a result of it.
Doesn't surprise me. He's been wrong about many things before. Uber and Tesla are both doing very well financially.
More seriously, there have been Tweets[1] about small credit unions having this issue. Don't most small credit unions use the same outsourced tech provider?
Not the call center. I'm referring to the technology running the bank itself (handling transactions etc). Most credit unions use the same tech made overseas. It wouldn't surprise me if they're the source of the data leak.
People still answer phone calls like this? I've never trusted incoming calls if not a personal contact. If it's your bank you can call them back.
That person calling you, knocking on your front door, sending you an email or DM? At best it's someone trying to sell you something but likely someone trying to scam you.
There is no upside and lots of potential downside for trusting an inbound request of any kind.