Yesterday, I received an automated call from Barclays Bank warning about suspicious purchases. The number: 877-935-2427. The message asked for the card number to proceed. This morning, my wife received a call from 800-888-8804 indicating our AT&T account had been breached and asking to provide the last four digits of her social security number. We don't have accounts with either company.
Both calls phished for personal information -- something I'm used to by email but not to our cell phones. The proximity -- less than a day apart -- and the first of them ever disturbs me. I don't recall receiving these kinds of bogus calls before. To be clear: You should never give out personal information to automated systems. When there is a legitimate security breach, the service provider will ask for verification information already on file, not request account numbers or any portion of a social security number.
The first one might have suckered me, had I a Barclays account, because it played into typically bad customer service. I missed the call and rang back as instructed -- mostly out of curiosity -- and couldn't proceed at all. I wanted to talk to someone. The system requested the card number, even to talk to a representative, and disconnected when none was given. I cursed about typically bad customer phone systems then stopped -- realizing my stupidity. The card number was a gimme to someone else!
I searched online for the phone number, and the other today, and lots of people report receiving calls and wondering why. They don't have accounts. My question: What about the people who do have accounts? Which is why I bang out this warning post.
Here's what legitimate companies say about information disclosure:
- Bank of America: "We will never ask for (or disclose) your Social Security number, account information, passwords, or PINs".
- Chase Bank: "Don't share your passwords or any other login credentials with anyone. Chase representatives will never ask you for your Chase Password or security token code".
- People's Bank: "We will never ask you for personal information, such as account numbers, PIN numbers, address, social security numbers or passwords, in an email".
- City of Provo, Utah (online bill-pay): "Our representatives will never send you an email requesting you to validate personal information. Please be advised that we will never ask for you to update your social security number, date of birth, driver's license number, or other sensitive information via e-mail".
I randomly chose these providers from Internet searches. Meaning: Don't look for my accounts there.
Microsoft, which with customers has been the victim of phone scams, offers some advice here.
Banks and other vendors sometimes will contact you about legitimate account concerns. For years, when my annual Flickr payment paid, my bank would lock out the account and demand verification of payment. The automated calls never requested account or other personally identifiable information just verification. Did I authorize such and such payments on dates X, Y, or Z.
Got to ask: Have you received similar, suspicious phone calls recently?