Cory Doctorow talks about how he got scammed into giving someone his credit card number. If Cory can get scammed, anyone can — all it takes is getting caught at a moment when your guard is down…a “miracle of timing”.
This site is made possible by member support. ❤️
Big thanks to Arcustech for hosting the site and offering amazing tech support.
When you buy through links on kottke.org, I may earn an affiliate commission. Thanks for supporting the site!
kottke.org. home of fine hypertext products since 1998.
Cory Doctorow talks about how he got scammed into giving someone his credit card number. If Cory can get scammed, anyone can — all it takes is getting caught at a moment when your guard is down…a “miracle of timing”.
Discussion 4 comments
The last sentence sums it all up: "If you think you can't get scammed, that makes you especially vulnerable:"
Recently was scammed in a somewhat similar circumstance: small credit union customer and early Sunday morning I got an automated message from the (spoofed) correct 800 number using my name that said it was verifying an attempt to change my online banking password. To block the change, I needed to enter a code that would be texted to me. Verified my phone number and a text came through immediately. I noted the code in the notification, punched it in, and it said the change was blocked.
After the call, I realized that I was an idiot to enter a 2FA code and went and checked the text message more closely. It was a verification code to add a card to an Apple Wallet.
I panicked and called the actual (outsourced bad headset wearing) fraud center and explained what I did, and we put blocks on all the cards we have through that credit union.
About an hour later we got another call from the (real) fraud department asking if we just tried to spend a thousand dollars at the Apple Store in the nearest major metro area.
No idea how they got one of our debit card numbers, the name of the credit union, my phone number, and my name to put it all together for the scam.
I think of myself as pretty on top of this stuff, but we’ve been trained to associate passwords and text verification codes together so it didn’t seem overtly wrong in the moment. And the timing just happened to work in their favor as well - my partner was out running errands so I didn’t stop for that extra moment to ask if they had changed the password and think about the situation more critically.
I hate to think what people less acquainted with these things are up against.
My actual bank (a large global organisation which really should be better) loves to call me up and announce that the operative is calling from said bank with such confident authority, always accompanied with the need to go through security on my part. They are never prepared to be challenged. Hardly a surprise that phishing is prevalent with this level of conditioning but when they ask to confirm who they’re speaking to, I always say Santa or the Tooth Fairy. The fraudsters give up at this point (presumably they know they’ve not been nice) but legitimate employees have to persist.
Reading this last week just saved me from the same. Yikes!
Hello! In order to leave a comment, you need to be a current kottke.org member. If you'd like to sign up for a membership to support the site and join the conversation, you can explore your options here.
Existing members can sign in here. If you're a former member, you can renew your membership.
Note: If you are a member and tried to log in, it didn't work, and now you're stuck in a neverending login loop of death, try disabling any ad blockers or extensions that you have installed on your browser...sometimes they can interfere with the Memberful links. Still having trouble? Email me!
In order to leave a comment, you need to be a current kottke.org member. Check out your options for renewal.
This is the name that'll be displayed next to comments you make on kottke.org; your email will not be displayed publicly. I'd encourage you to use your real name (or at least your first name and last initial) but you can also pick something that you go by when you participate in communities online. Choose something durable and reasonably unique (not "Me" or "anon"). Please don't change this often. No impersonation..
Note: I'm letting folks change their display names because the membership service that kottke.org uses collects full names and I thought some people might not want their names displayed publicly here. If it gets abused, I might disable this feature.
If you feel like this comment goes against the grain of the community guidelines or is otherwise inappropriate, please let me know and I will take a look at it.
Hello! In order to leave a comment, you need to be a current kottke.org member. If you'd like to sign up for a membership to support the site and join the conversation, you can explore your options here.
Existing members can sign in here. If you're a former member, you can renew your membership.
Note: If you are a member and tried to log in, it didn't work, and now you're stuck in a neverending login loop of death, try disabling any ad blockers or extensions that you have installed on your browser...sometimes they can interfere with the Memberful links. Still having trouble? Email me!