dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
56228
share rss forum feed

NightVisor
Premium
join:2001-02-28
Rialto, CA

1 recommendation

reply to nwrickert

SMS sent to cell phone

From: 3736

Message:
customer.notification@visa.com / "Card Block Alert". To find out why you receive this alert call 1-877-245-1472. Thank you. /

What happens when I call that number?
"Your credit union has identified your account as having fraudulent entries and your credit card has been blocked. Please stay on the and a credit union security specialist will assist you."

*sounds of call being transfered*

"To assist you with your account, please enter your credit card number"

At that point, I hung up.



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

said by NightVisor:

At that point, I hung up.
Wow! You're in a special class of people.
Off the top of my head I'll say less than 1 in a half million people who receive these respond to them.
Did you call out of irritation or were you initially unsure about the message?

NightVisor
Premium
join:2001-02-28
Rialto, CA

*deadpan* Define "special". *deadpan:end*

I wanted to see what the message hook was. I already knew it was a scam, but the number didn't show up in any search engines. Since this thread (the whole forum, actually) is regularly monitored by Google et al., might as well drop in the number and the message so if someone else searches, they'll find the info.



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7

Good thinking. And thanks for posting.



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable
reply to NightVisor

said by NightVisor:

*deadpan* Define "special". *deadpan:end*

"rare, uncommon, unique..."
in a complimentary way


Avelos

@qwest.net
reply to NightVisor

That's funny, I got the same text today. I noticed that it said receive instead of received after looking at it a couple of times. I didn't even bother calling, especially after that grammatical error. So then I googled (hah it's a verb) the 3878 text number and nothing showed up. Then I searched the message through google and found that people actually gave up their account information lol.


MGD
Premium,MVM
join:2002-07-31
kudos:9
reply to NightVisor

Your number must have been one of the first batches called. It has now shown up on several of the phone number websites:

»800notes.com/Phone.aspx/1-877-245-1472

»whocallsme.com/Phone-Number.aspx/8772451472

»www.callercomplaints.com/SearchR···245-1472

MGD

Expand your moderator at work


SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA

1 recommendation

reply to MGD

Re: SMS sent to cell phone

phishing MMS received on cell (t-mobile):

310@tmomail.net: We found a problem in your California account. Call urgently at (888) 666-9128

(Googling that number show numerous similar messages)



SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA

Here's an interesting followup to this after checking my online bill in more details. We have 4 lines on that account and not all numbers are adjacent. Still, all phones received the same text message literally within seconds of each other.

I called t-mobile to see if there are any security measures in place to possibly prevent such things in the future, similar to e.g. spam filters for e-mail.

I am curious if the target numbers were skimmed from the stolen t-mobile data.

Expand your moderator at work


carpetshark3
Premium
join:2004-02-12
Idledale, CO
reply to nwrickert

Re: [Phish] Telephone phishing thread

Did you ever get a reply from T Mobile? I have had the same problem. I do have messaging blocked as I don't want the service.
I have noticed, that if you pay your bill, TM sends an IM to all of the lines to thank you - I asked about that, and they have no fix apparently.
I'm also wondering about stolen numbers. The number I have was ported in from Verizon, and I never had a solicitor call. I do not give out the phone number except to those who need it.
CS

Expand your moderator at work

50934898

join:2010-04-06
New York, NY

1 edit
reply to nwrickert

nice website

this is really a nice website and i found some useful and informative material on it.



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7

I am glad you are finding it useful.

Expand your moderator at work


sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to nwrickert

Re: [Phish] Telephone phishing thread

I kept getting calls with a recorded voice asking "do you own a small dog?"

Finally, I googled it: »whocalled.us/lookup/5712145430

Bleh!
--
Think Outside the Fox.



SSidlov
Other Things On My Mind
Premium
join:2000-03-03
Pompton Lakes, NJ

1 edit
reply to nwrickert

Hi, I got one of these today on my cellphone. The Caller ID said 1402. (edit) I just checked my cell phone incoming calls log online and it says that the incoming call at that moment was 'me' -my phone number. (edit)

The automated voice was very poor quality.

The script went something like this:

"Hello, this is an automated message from Visa regarding your Visa Debit Card which has shown unusual activity. Due to this activity we have deactivated your card. To reactivate your card please press 1"

I thought at the time that this was fishy due to the low quality and that my Visa atm card messages would have come from my bank, rather than Visa. My bank has a pretty decent voice system. I called them and notified them that someone was phishing customers and ran it up to a supervisor level and suggested that they post something on their web page (as they do for other phishing) and maybe in the voice messages for the phone call center.

I'm concerned that

1. They knew I had a Visa ATM (which only the bank and Google know)
2. They knew my cell number (which is registered with the bank and Google) my cell is NOT associated with the card for payment purposes.
3. The new web Android market which I was playing around with the other day, has no HTTPS service on it only regular HTTP. I have my google sign-in set for HTTPS. (I keep getting that it's a insecure site, and market.android.com is an alias for goggle - which we know it is.)
--
»www.Warpstock.org



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

1. They knew I had a Visa ATM (which only the bank and Google know)

They probably don't know that. It is more likely that they try this on many people, and some will have Visa and might fall for the scam.

2. They knew my cell number

Or maybe they are just calling a range of numbers. You did say that the voice was automated, so the whole scam is probably automated.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.3; firefox 3.6.13


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

Click for full size
9827 messages in ~3 minutes
said by nwrickert:

1. They knew I had a Visa ATM (which only the bank and Google know)

They probably don't know that. It is more likely that they try this on many people, and some will have Visa and might fall for the scam.

Agreed
It's a hit or miss proposition for the visher, nothing to worry about.
said by nwrickert:

2. They knew my cell number

Or maybe they are just calling a range of numbers. You did say that the voice was automated, so the whole scam is probably automated.

Your number would be in this format along with hundred's of 1000's of other numbers. It's not personal to you at all.
x143090000
x143090001
x143090002
x143090003
x143090004
x143090005
x143090006
x143090007
x143090008
x143090009
x143090010
x143090011
x143090012
x143090013
x143090014
x143090015
x143090016
x143090017
x143090018
x143090019
x143090020
x143090021
x143090022
x143090023
x143090024
x143090025
x143090026
x143090027
x143090028
x143090029
x143090030
x143090031
x143090032
x143090033
x143090034
x143090035
x143090036
x143090037
x143090038
x143090039
x143090040
x143090041
x143090042
x143090043
x143090044
x143090045
x143090046
x143090047
x143090048
x143090049
x143090050
x143090051
x143090052
x143090053
x143090054
etc...
The image is from an SMS vish but it works the same for an automated voice vish.
Note the speed of the dialer, vishing is coming of age.


DC DSL
There's a reason I'm Command.
Premium
join:2000-07-30
Washington, DC
kudos:2

1 recommendation

reply to nwrickert

I just got a call on my landline from "000-000-0000 VERIZON DSL" Some snarky-sounding dude with an Indian accent said he was "from Verizon Security Department" to let me know my online account has been taken over by pirates because "Homeland Security Association" says they "detected copyright music, movies or adult material in [my] home." "If you please give your login ID, password, full name, SSN, and the bank account you pay your Verizon bill, I will verify I spoke with you and remove the restrictions imposed on you by law."

I told him I really appreciated his taking the time to contact me but "I am the Chief Executive Superior of Homeland Security Association and have to put [him] on report for not following the script correctly." He told me that I was going to "experience extreme legal difficulty," dropped a couple of f-bombs and hung up.

This is plainly an attempt to get account login credentials, along with bank account info. The scammers could also easily use the name of any ISP (AT&T, Comcast, etc.) DON'T GIVE THE CALLER ANY INFO, no matter what caller ID says.

As always, if you have any doubts about the legitimacy of a caller, hang up immediately and contact the company on the phone number from your statement.
--
"Keep calm and carry on."



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

said by DC DSL:

DON'T GIVE THE CALLER ANY INFO, no matter what caller ID says.

As always, if you have any doubts about the legitimacy of a caller, hang up immediately and contact the company on the phone number from your statement.

Yes, good advice.

Most of the phone calls that we get, with the exception of those from friends and work colleagues, seem to be fraudulent. They are either an attempt to get account information; a violation of DO NOT CALL; a dubious charity.

We have pretty much adopted a "just say no" and if they keep talking we hang up. And I decline to participate in telephone opinion surveys/polls, because too many of those turn out to be disguised marketing.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.3; firefox 3.6.13


jmorlan
Hmm... That's funny.
Premium,MVM
join:2001-02-05
Pacifica, CA
kudos:4
reply to nwrickert

Got the following text on my cell phone:

From: Important1
Subj: Important1
Msg: Important information regarding your Wells Fargo Account. For more information please contact us at 888-854-3824. Thank you.

I don't have a Wells Fargo Account.



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

That was probably sent to many people, on the off chance that some would have accounts.

The general rule applies - if you are concerned that there might be a problem, call the number that is on your credit card or bank statement. DO NOT call the number received in unsolicited text message, email, phone calls, etc.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.4; firefox 7.0


legendvpn12

join:2012-01-01
reply to nwrickert

Where to report if this happens?

Thanks!



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Post here.

If you think it's a serious enough case, you can report to your local police and possibly to the FBI. However, unless strong evidence is there, you will have difficulty getting the police to take it seriously.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 12.1; firefox 9.0



jimkyle
Btrieve Guy
Premium
join:2002-10-20
Oklahoma City, OK
kudos:2
Reviews:
·AT&T Southwest
reply to nwrickert

I jist posted this: »[Scam] Interesting phone scam

Anyone else have a similar experience? I googled the number and found two similar reports, including one from September 2011. Amazing that they would keep the same number and M.O. for so long!
--
Jim Kyle



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

said by jimkyle:

Amazing that they would keep the same number and M.O. for so long!

There's likely a black market in phone numbers to use for spoofing. So it might be a different "they".
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 12.3 Beta1; firefox 18.0