[vox-tech] one of the most pernicious spams i've ever seen.

David Margolis vox-tech@lists.lugod.org
Thu, 25 Sep 2003 11:45:04 -0700 (PDT) 

On Thu, 25 Sep 2003, Rob Rogers wrote:
>
> Name
> CC#
> CCV (that 3 digit number at the end of the signature panel)
> Pin #
> Mother's maiden name.
> MSN Acct name
> MSN password
> Social security #
>

My wife and I got some phone calls like this a few months ago.

When they'd call, they'd say that they were from wells fargo (we don't
have wells fargo, but 50% of californians probably do) and they'd say
there was a problem with my
account, and they needed to verify some information.  They'd ask for my
mother's maiden name, last four digits of SSN, etc.  They'd say _are you
still living at 123 front st._ hoping you'd say, _no, i live at XXX
whatever street_.  It was all very strategic and well done.  Any stupid,
optimistic, or gullible, person would just start spouting out personal
info.  My wife and I talked about how tragic it would be if an elderly
person answered, or a mentally disabled person, or anybody else who
otherwise might be a bit easier to take advantage of.  They were very good
at the scam.

The lady (it seemed like the same lady everytime) even left a phone
number.  When you called the number, it would be her on an answering
machine telling you to _go ahead and leave your name and social security
number_ at the tone.

We reported this all to the police and never heard back from them (what do
you expect?).

Us security minded folk are probably not very sucepible to this type of
scam (if you use SSH or GPG, you're probably smart/paranoid enough to be
safe), but think how many people online are.  Sometimes I want to say
_screw 'em if they aren't smart enough to not get scammed_ but then I
think of my dad who calls me to complain about the button on his webpage
that says _speed up you internet connection by clicking here_ not
working, and I guess I have to be a little more forgiving of the technically
challenged (not to say that tech-saavy folks are always security-saavy,
but whatever).

For what it's worth, from an HTTP/URI and JavaScript point of view, this
scam is clever, especially when it redirects the parent window back to the
REAL citibank site (that is just an excellent touch).

Dave M.