Sunday, September 20, 2015

Phony toll-free numbers scam can cost you

Can fat-fingering a toll-free number cost you money? You betcha.

I read about this in the September 2015 edition of AARP Bulletin: Phony Phone Numbers can Cost You, by Sid Kirchheimer. Scammers are buying up toll-free numbers that are one digit away from an established number so that when you misdial the number, you are connected to a fraudster.

In North America and some other countries, toll-free numbers start with an area code of 800, 844, 855, 866, 877 or 888. Some companies and organizations employ "vanity" toll-free numbers that spell out words or acronyms, like 1-800-FLOWERS.*

Be careful when dialing these numbers. What would happen if you misremember the correct area code and inadvertently dial 1-888-FLOWERS, for example? Would the same organization answer the phone? Not likely. This is exactly the kind of mistake that scammers are hoping you make.

The AARP article linked to above tells the story of a Snellville, GA man who thought he was calling the AARP travel benefits line. The representative on the line offered him "free" gift cards and travel vouchers, in exchange for a nominal $2 shipping fee. The caller provided her with his debit card number. The next day, charges against his bank account were invoked from "FreeShippingRewards" and similar companies.

Interestingly, the operator specifically told the man that she is not with AARP but would transfer him momentarily. By he did not get transferred to AARP, and operator had possession of his debit card number and had issued bills against it. All of this was legal.

Read the AARP article for tips on how to avoid this scam. A good rule of thumb is to never give your debit card number away. Remember, this provides full access to the money in your bank account, and affords you no protections. Additionally, if it's too good to be true, it probably is. Nothing is 'free' if you have to provide a debit or credit card number to obtain it. Be careful when you dial and don't give out any personally identifying information.

* For more information about how toll-free numbers work, see this FCC Guide, What is a Toll-free Number and How Does it Work?

Saturday, September 5, 2015

Protecting your PIN at ATMs and other card swipers

Criminals are inventing more "skimmers" that they use to steal the data from your debit card when you swipe or insert it at an automated teller machine (ATM) or other card swiping device, like those used at gas station pumps, convenience stores and other kiosks. But the account data that thieves steal is virtually useless if they don't know the card's corresponding personal identification number (PIN).

We all know to look closely at any swiping device and beware of any irregularities before swiping our cards, but today's skimming devices can be wafer-thin and undetectable to the average account holder. If you think it's a silly idea to cloak your fingers as you input your PIN on the touch pad, think again. There are cameras everywhere, some the size of a pinhole.

Security expert Brian Krebs has posted a lot of information about skimmers. See his latest post, More ATM 'Insert Skimmer' Innovations, at https://krebsonsecurity.com/2015/09/more-atm-insert-skimmer-innovations/.

Covering your PIN-typing hand at an ATM or gas pump is a simple method of protecting your PIN credential. This should be habit for you by now. If you haven't made it a habit yet, start today.

To see photos of skimmers and keypad overlays that thieves have put into use, Google this phrase: atm skimmer image. If you come across a skimmer, call the police. This step provides law enforcement an opportunity to open an investigation and conduct surveillance on the equipment.