Monday, January 11, 2016

A new phishing attempt

I recently had a phishing attempt via a phone call which was totally new to me. Nothing to do with computers but they seemed to want my credit card security information...
The guy claimed to be confirming and updating my entry in the telephone preference service (TPS) to which I do subscribe.

He knew, and I confirmed my name and address but then he asked whether I paid my phone bill by direct debit (this immediately alerted me to nefarious doings - why would TPcare?). I said I probably did but couldn't be sure but then he went on to talk about the credit card I've got registered with them (TPS is a free service and there is NO credit card registered with them!). I said I wasn't about to give him my credit card number but he said they already knew that and they just needed the expiry date on the card -for 'verification' purposes!

I asked which card, since I have several and he said it was a visa card and probably had an expiry date of 2016 and he just needed the month. This year did not match any visa card I have and I said so, so he suggested that maybe it was a mastercard.

This was now getting silly - if they've got the card number then they know what type of card it is! I apologised to him for not being so easily conned and hung up!

I assume they'd got details of me, my address and credit card number and just needed the security information to be able to make use of this. At one stage I think he said they just needed the expiry date and verification code (cvc) so I assume that's what he would have gone on to ask for.

It's a new approach and I don't know where they've got my credit card number from (or even which card it is) so I need to investigate further but I did want to bring this new approach to your attention and I would ask you to spread it about.

Obviously everyone knows not to hand out their security information to cold callers over the phone and yet these guys can be very plausible.