You Can’t Be Too Careful

I got a call on my cell phone yesterday that Caller ID said was one of the banks where I have an account. However, the Mr. Number app I use to screen and block spam calls identified it as “Scam Likely,” so I let it go to voicemail, as I do with any number I don’t recognize.

That’s when things got scary.

Usually, I don’t bother checking voicemail (who calls people without an appointment these days anyway?), but the call had me concerned, so I did check this one. I’m glad I did. The message, left in a soft voice with an African accent on a bad connection, claimed to be from a rep from the fraud department of one of my credit cards -issued by a different bank from the one that Caller ID showed. Red Flag! But he also mentioned the last four digits of the card number.

He left two call back numbers, one 866 toll free number and one for international collect calls. I didn’t fall for that but instead called the number on the back of my credit card. I noticed that the real number called from a number chosen to resemble the real numbers, with the same area code and prefix.

As I was waiting for the phone system to get me to the right person, I noticed several card-not-present emails from earlier in the day, warning me about attempted charges at H&M.

I got directed right away to a human agent because the automated system for directing calls did not recognize my ZIP code. I soon learned why: these scammers had changed my mailing address on the card to some place in Virginia earlier in the day. (They had enough information to change the address just by calling customer service. How scary is that?)

I gave the scammers’ phone numbers to the credit card rep, who checked them and said that neither of the callback numbers, nor the caller ID number, belonged to the credit card company.

The card is now cancelled, and none of the charges went through. Luckily no harm was done.

I froze my credit reporting at all three major reporting services after the 2017 Equifax data breach. Now there are several more layers of security on my accounts. And I changed passwords just to be sure.

But the sophistication of the fraud was alarming: the call, on top of the address change, on top of the attempted charges. And it made me wonder how many people know about the threat to their identity security but haven’t taken steps to secure their data and accounts.

It’s worth warning: never call back “fraud departments” using the numbers they leave. Make sure that you have alerts set up for card charges so that you can ID fraud quickly. And if you haven’t yet frozen your credit reports, this would be a good time to do so.

The whole thing got me thinking about just how vulnerable we are to data security breaches.

It makes me especially nervous as we become more and more dependent on software and internet connections. When thinking about the Internet of Things –the devices we connect to the internet, from fitness trackers to coffee machines to refrigerators to DVRs and more—there’s a lot of value in stepping back to weigh the costs and benefits, and how much we want to depend on connectivity if analog does what we need it to do.

The US government recently announced the Securing Energy Infrastructure Act (SEIA), a new strategy to secure electrical grids by using analog and manual technologies to ringfence the most important control centers. That’s a move in the right direction.

Technology often is our friend –but when we don’t think enough about what might happen when our information gets into the wrong hands, it also presents a danger.

Artificial intelligence will increase the stakes as hackers and scammers use ever more sophisticated techniques.

You can’t be too careful these days.

This article is part of my new LinkedIn series, “Around My Mind” – a regular walk through the ideas, events, people, and places that kick my synapses into action, sparking sometimes surprising or counter-intuitive connections. 

To subscribe to “Around My Mind” and get notifications of new posts, click the blue button on the top right hand on this page. Please don’t be shy about sharing, leaving comments or dropping me a private note with your own reactions.