[conspire] 'Frighteningly effective' GMail phishing

Nick Moffitt nick at zork.net
Fri Mar 24 10:31:48 PDT 2017

Rick Moen:
> When we were reconnected, he said that in decades of police work, nobody
> had ever taken that precaution before.  I said I was not surprised.

I was once called by my bank's card fraud department, regarding
suspicious activity on my card (said activity was almost certainly "Nick
actually tried to buy something with it" as I tend to be an all-cash
kind of guy for most things).

So they informed me of the situation, and I recognised the transaction
and wished to authorise it.  At this point the person on the phone said
"All right sir, then I need you to just answer some identity verification
questions for me now..."

I balked: "But YOU called ME!"

"I'm sorry, sir?"

"You called me!  I need proof that YOU are who you say you are, before
I'll give over any personally identifying information over the phone."

He was suddenly off-script.  He had NO IDEA how to respond to this.

I called the number on the back of the card itself, and went through the
whole process again, this time identifying myself to the person on the
other side, confident that this was in fact the card services
department.  I remain astonished that not only did this fraud department
expect me to answer these questions, but they had nothing in the script
to answer the question of whether this was in any way secure or sane.

More information about the conspire mailing list