For Betanews, Joe Wilcox reports that he received on successive days automated scam calls purporting to have come from Barclays and AT&T: Don’t fall for phone phishing scams.
The ‘Barclays’ call claimed that there had been suspicious purchases on the Wilcoxes’ account (which they doesn’t have), and wanted his card number in order to proceed. It’s not unknown for a bank to call a customer to verify a purchase, but you should expect the bank to authenticate itself to you before it starts asking for personal data.
‘AT&T’ claimed that the Wilcox account (which they also don’t have) had been breached and demanded the last four digits of Mrs Wilcox’s social security number. (I discussed the misuse of SSNs as an authentication measure at some length, in a paper for ESET: Social Security Numbers: Identification is Not Authentication.
Hat tip to ESET’s Aryeh Goretsky for flagging the article.
Small Blue-Green World