Wednesday, November 07, 2007


So I just randomly heard about this scam, and judging from my previous experience with the internet, I expect it to spread like wildfire. It's based on social engineering, which makes it very dangerous.

Of course, we all know (hopefully) about the scam emails, especially from fake financial institutions. You know, the ones that say, "OMG your account needs to be re-verified, click this link and do it now, or your account is in jeopardy!" Hopefully you're smart enough to avoid those. If there's a shadow of doubt in your mind, navigate to the site manually through a Google search (i.e. without clicking that link!) - if they really need some new info (highly doubtful), they should let you know upon login.

But Vishing uses something we trust a bit more than email - the phone. Here's how it works: you get a call with an automated message saying "Your account has some questionable activity goin' down - call us back at this number ASAP" and you're like "OMG, okay!" and then you call back, and are walked through the automated BS like entering personal info and by that point it's too late. You're screwed.

Wanna know what you should have done? Looked up the bank's number yourself and called it. No need to thank me, I'm just doing my part to keep America safe.

No comments: