This one is clever.
You receive a telephone call from someone purporting to be from your credit card company. They claim to be from something like the security and fraud department, and question you about a fake purchase for some amount close to [say] $500.
When you say that the purchase was not yours, they tell you that they are tracking the fraudsters and that you will receive a credit. They tell you that the fraudsters are making fake purchases on cards for amounts just under $500, and that they are on the case.
They know your account number. They know your name and address. They continue to spin the story, and eventually get you to reveal the three extra numbers on the back of your card.
That is all they need. They then start charging your card for amounts just under $500. When you get your bill, you are unlikely to call the credit card company because you already know that they are on the case and that you will receive a credit.
It is a really clever social engineering attack. They have to hit a lot of cards fast and then disappear, because otherwise they can be tracked, but I bet they have made a lot of money so far.
Source: Bruce Schneier, Counterpane Internet Security.
© Technews Publishing (Pty) Ltd | All Rights Reserved