I think phishing is becoming reasonably well publicised for a lot of people to know the risks, yet it never ceases to amaze me how legitimate companies missuse email communication - I feel it wrongly gives consumers a false sense of faith in the medium.
I was quite angered when I recieved the following from a company following an online purchase - needless to say I won't be complying with their wishes.
Does anyone know of anyone who I can complain to about this - how can a legitimate organisation justify requesting these kind of details over an unencrypted medium - if at all?
Dear XXXXXXXXXXXXXXXXXXXXXXX,
I am writing to request that you provide XXXXXXX with a copy of a recent statement for the card used to place the order for XXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXX XXXXXXXXXXXX.
This is an added security measure to help against credit card fraud.
Please fax to XXXXXXXXX, FAO XXXXXXXXXXXXXXX or alternatively you may scan the statement and e-mail it to XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX quoting booking reference XXXXXXXXXXX on all correspondence and blanking out any transactions & balance amounts if you wish, as we only need hard copy verification of the details already provided.
Incorrect details may lead to your order(s) being cancelled in the event of failing our further security checks. If we have had no contact within seven days any orders booked may be cancelled and a full refund applied to the credit/debit card used to place the order(s).
All documentation received will be handled in confidence, in compliance with the data protection act. Many thanks in advance for your cooperation and we apologise for any inconvenience caused.
Yours sincerely,
XXXXXXXXXX, Tel: XXXXXXXXXXXXX
Customer Services - Card Verification Dept.
XXXXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
XXXXXXX
XXXXXXX, Registered in XXXXXXXXXX no. XXXXXXXX
Almost as bad as Barclays Bank phoning me up the other day. The number was withheld, and I'm guessing it was Barclays because I have still yet to recieve the letter in the post. There is a good reason for the bank calling me, but the women on the other end couldn't grasp the concept that she was breaching security measures, that were put in place to protect *ME* not the bank! The conversation went something like:
HER: Before I continue can you give me your passcode and mothers maiden name.
ME: No. I'm sorry I don't give out that kind of information to someone calling from a withheld number. How do i know who you say you are?
HER: You don't. (confused) But I'm giving you information.
ME: No, I'm giving you personal information and I have no idea who you are.
HER: (indignantly) Fine, it was only a courtesy call anyway. We'll send you a letter instead.
Unfortunately far too many people are duped into providing confidential information by such tactics. I plan to write to Barclays, once I receive the letter, and complain.
Re:Telephone Phising
merlyn on 2005-11-22T23:44:38
I recently refinanced my home and my rental property (paying off the last of my credit cards that have not been empty since I was arrested in november 1993, yeay!), and was treated to a separate phone call for each of the primary and secondary loans on each of the properties. The only purpose of the call was to annoy me, and run up SMS message costs by calling my cell phone but not leaving a message, except to leave a non-message.When they finally reached me (rare, because I usually don't answer number-blocked calls), they wanted me to confirm DOB and SSN. And I said "no". They seemed shocked at that, but I said "you called me... I don't know who you are". I got an 800 number to call back, and although I couldn't verify the owner of that number (sheesh, just thought of that as a hole), I was happy to at least be the caller instead of the callee.
But on one of the calls, they had gotten my mailing address wrong. So, I said "OK, that's wrong, can you change it to XXX?" That seemed reasonable, but the reply was "no, we just make the welcoming calls: you'll have to call $customer_disservice to get that address changed". So the point of the call was: absolutely nothing. Sheesh. And yet they made four separate calls.
