more on Vishing (voice/phone phishing) - public incident

[David Farber <dave () farber net>]

Begin forwarded message:

From: Jeremy Epstein <jeremy.epstein () webmethods com>
Date: June 23, 2006 1:48:51 PM EDT
To: dave () farber net, ip () v2 listbox com, ge () linuxbox org
Subject: RE: [IP] Vishing (voice/phone phishing) - public incident

The Websense article notes that "the phone response does not mention the
bank name, which could be a potential indicator that this number is  
being
used for fraud against other entities."  In my experience, most (if  
not all)
of the credit card validation lines (which you call to enable the credit
card received in the mail) do not state the name of the entity - largely
because the huge credit card issuers have numerous different brands, but
they all share the same phone number.  As an example, I have branded  
Visa
cards from United Airlines, Amazon.com, and Micro Center, and they're  
all
really Chase Bank.  Until you enter your number, they don't know  
which type
of account you have.

So the fact that it doesn't mention the bank name could be appealing to
customer expectations that the name is not provided!

--Jeremy


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/