An article by Panic’s Cabel Sasser has been doing the rounds over the past few days. And at first glance I thought ‘wow’. And then after some consideration, I thought ‘wow’.
Let me explain.
The first reading, leading to the first ‘wow’ was in line with everyone else. ’There’s a scam I have not seen - how the hell did they do that?
And on the second reading, two paragraphs leapt out at me …
I almost just got scammed hard: a cautionary tale. So, I got a call from the 1-800 number on the back of my ATM Card: Wells Fargo. I answered, and a Fraud Department agent said my ATM card had just been used at a Target in Minnesota, was I on vacation? Ugh.
Apologizing for my paranoia, I had an idea: “Hey sir, I’m super super sorry, but something feels weird. I’ll call you back at the number on the back of my card, and we can finish this up. Is that ok? Sorry again. Anyone in particular I should ask for?”
You see what I did there?
If that number referenced in the first paragraph really is the one on the back of the card - this is a hack that needs careful looking into, because it suggests that bad guys can now present a number to you as a call recipient that in fact is not the same as the number being called from.
I think that is where the first wow comes from.
But those two paragraphs suggest an alternative possibility which is that the first number was different to the real number. Close - maybe. But different.
I wonder whether this is the more logical explanation since how many of us really do know that number on the back of our credit card? Maybe just an simple error based on an assumption?