Thursday, January 29, 2009

Cautionary Tale

Damn, that was sophisticated.

Last Thursday, I was hit by a phishing scam. A phishing scam is essentially any social engineering hack used to gain personal information, like, let's say, a PIN for a debit card. The full text from the message sent to my cell phone follows:

Finance Center FCU Alert: Your CARD has been DEACTIVATED. Please contact us at 3317-286-2830 to REACTIVATE your CARD.

I dialed the number (without the first "3") and was greeted by an IVR asking for my 16-digit card number. I was then asked to provide the old PIN, then asked to provide the new PIN (I believe, twice). They thanked me, and I hung up. 3 days later, they visited a Chicago ATM and hit my card for a substantial sum of money, leaving me with -$330 in my checking. ISF fees also kicked my ass for nearly another $100.

This story resolves itself happily, as my bank, the real FCFCU or, now, Finacial Center, has a fantastic fraud protection program in place. When I walked in the door at 10:15 Tuesday morning (having discovered the charges the night before), I approached the manager: "I got ripped off. My checking account was cleaned out." Yada, yada, yada, 15 minutes later I walked out with some paperwork and the Credit Union already sent paper work to recover my funds. In a fit of mad efficiency, I also upgraded my checking account to get a better interest rate and refunded ATM fees.

As a former tech support worker for IU, I was very aware of the presence of such schemes. Our call center got calls from time to time with people worried about emails they recieved, and we would bust a little scam artist knowledge on them to help them keep themselves safe in the future. I feel like an idiot for getting ripped off, but I think the whole thing was just clever enough to snag reasonably intelligent people.