?

Log in

No account? Create an account
entries friends calendar profile My Website Previous Previous Next Next
Mark Atwood
fallenpegasus
fallenpegasus
Public Service Announcment, defending against identity fraud.
When your bank or credit card calls you, do not "verify your identity" with your SSN, MMN, password, etc. You do that when you call them.

An example of a smart guy doing it the right way is here.


(And this would be a good idea to call up all your banks and credit cards, and change your voice password aka "mother's maiden name", to something other than your mother's maiden name...)
4 comments or Leave a comment
Comments
intrepid_reason From: intrepid_reason Date: March 6th, 2006 09:34 pm (UTC) (Link)
I use personal security codes. This after the asshat who stole my checks.
mauser From: mauser Date: March 7th, 2006 04:01 am (UTC) (Link)
Had I the technical expertise, my dream is to flood Phishing sites with bogus data, thus reducing the tactic's effectiveness, and possibly protecting the innocent. Currently, Phishing is very successful at screening only for the vulnerable and stupid.

Even better would be if the screening could be distributed so they can't log IPs.

Lately, every once in a while I try to track down the owner of a site that a phishing site is put on, and contact them to let them know their server's been hacked.
memegarden From: memegarden Date: March 7th, 2006 04:53 am (UTC) (Link)
A few months ago I had a similar experience: someone called and said they were from a bank I have a credit card with, and that I needed to make a payment. This was plausible, but some other factors weren't. The person I was talking with had what sounded like an Indian accent, said his name was John Smith, and was initially cagey about what company he was calling from when tugger answered. I asked the person on the line to read my credit card number to me to confirm that he was with the company, before I read him another number to pay with. He read me the last four digits. I pointed out that anyone could get those off a receipt, and asked for the whole thing. He asked me to tell him my address and home and work telephone numbers (note that he had called me) as confirmation before he would do so. I said that I certainly would not, hung up, and reported the call as fraud to my bank's online fraud reporting system (including the number they had called from), and called the bank to have my card cancelled and reissued. And felt proud of myself for not falling for it.

...

Then several days later I got another call from someone claiming to be from my bank and that I needed to make a payment, and this lady was willing to read me the full account number, and tell me a balance due that matched a bill I dug out of a neglected pile of mail.

Sheesh.

So, if anyone's wondering, Chase Bank's security and customer service protocols suck madly.

And then last month I had to cancel the new card because of losing my purse.

(eye roll)
From: neocuriosity Date: March 8th, 2006 04:10 am (UTC) (Link)
After having my identity stolen in 1994-1995, finding out about it only after I had put an offer on a house, and having about 8 different accounts racked up in my name (in California), and spending about 2 years writing letters and getting everything cleared up, I finally found out who did it (in 2000).

The punchline? I knew her in the Army, though I got out in 1991.

If I ever find her, I'm going to Kick. Her. Ass.

4 comments or Leave a comment