Posted by: David Harley | August 3, 2014

Automated phishing scams to cell phones

For Betanews, Joe Wilcox reports that he received on successive days automated scam calls purporting to have come from Barclays and AT&T: Don’t fall for phone phishing scams.

The ‘Barclays’ call claimed that there had been suspicious purchases on the Wilcoxes’ account (which they doesn’t have), and wanted his card number in order to proceed. It’s not unknown for a bank to call a customer to verify a purchase, but you should expect the bank to authenticate itself to you before it starts asking for personal data.

‘AT&T’ claimed that the Wilcox account (which they also don’t have) had been breached and demanded the last four digits of Mrs Wilcox’s social security number. (I discussed the misuse of SSNs as an authentication measure at some length, in a paper for ESET: Social Security Numbers: Identification is Not Authentication.

Hat tip to ESET’s Aryeh Goretsky for flagging the article.

David Harley
Small Blue-Green World

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: