My phone at work rings. The caller ID has a weird number (“50622961841” – yes, it’s got an extra digit in it). I answer. It’s a recording telling me I can get lower rates on my card (what card?) if I just hit one to connect me to a representative. Umm, okay. “1”. Recorded voiced: “Just a moment.” Human voice: “Hello, card center.”
At this point, I was mostly thinking that this was unsolicited spam, not a phishing attack. Either way, I knew I had a limited time to ask questions before they’d hang up. “Who is this? What company is this?” They hung up. Damn! I should have played along a little further. I imagine they would have asked for my credit card number. I could have then made something up to see how far the interaction would go. Oh well.
Clearly, this was a variant on a credit card phishing attack, except instead of an email from a Nigerian dictator, it was a phone call. I’m sure the caller ID is total garbage, although that, along with the demon-dialer, says that the scammer has some non-trivial infrastructure in place to make it happen.
So, the next time one of you receives an unsolicited call offering to get you lower rates on your card, please do play along and feed them random numbers when they ask for data. At the very least, there’s some entertainment value. If you’re lucky, you might be able to learn something that would be useful to mount a criminal investigation. Maybe half-way through you could suddenly have an important meeting to get to and see if you can get them to give you a callback phone number.
Update: reader “anon” points to an article from The Register that discusses this in more detail.