Scammers Exploit Caller ID to Steal Personal Info

Dan writes in a story of a lady pretending to be Capitol One and asking for his social security information. The callerID showed up as a number registered to Capitol One.

Just another reminder to never reveal your personal information over the phone to anyone who calls you, only when you call them.

And that caller ID’s can be spoofed more easily than an iPod nano in Chinatown, or a gender confusion on Christopher street.

His full story, after the jump…

Dan writes:

    “I recently received a call from 1-800-955-7070 (registered to CapitalOne). When I answered, this is the conversation I had
    Me: Hello?
    Lady: Hi this is from Capital One. Have you received the information we sent you?
    Me: I didn’t request any information, can you please tell me what information was req-
    Lady: *click*

    Well that was odd. And it only gets worse.

    I called back the same number. I pressed random buttons (mostly 0) to get to a human.

    New Lady: Thank you for calling Capital One.
    Me: Yes I just got a call from you asking if I had received the materials you sent me. I never requested materials and I would like to know what is going on.
    Lady: CapitalOne will NEVER call you to verify receipt of any materials, we just don’t do that.
    Me: Well someone did. Could you please check my accounts to see if there was something sent out to me.
    Lady: *4 minutes of typing* Ah yes, I see on your second account [2 cards from the same company, I know, it's shameful] that someone entered a note this morning concerning your second card.
    Me: Yes, I got that 6 months ago. That’s all that you see? They called me yesterday about a card you sent six months ago, and you say that calling customers is actually against your policy?
    Lady: I’m glad to be of service, thank you for calling CapitalOne. *click*
    Me: *grumble*

    The next day, I got a call from the same number!
    Me: Hello, CapitalOne.
    Lady: Hello this is Maria from CapitalOne. Have you received the information we sent you?
    Me: Yes! I did!
    Lady: Very well, I would like to discuss that with you, but first let me get your social security number.
    Me: I’m not just going to give you my social security number, you called me from an unknown location.
    Lady: Well then you’ll get nothing else from me. *click*

    Since then, I haven’t gotten another call, but I have reported this second call to CapitalOne. They’re quite uninterested. I’m aware that faking a caller ID is simple, and I’m afraid that people are using a CapitalOne caller ID number, calling, and requesting all kinds of personal information from hapless customers who don’t know any better.”

Comments

Edit Your Comment

  1. sanloublues says:

    I don’t know if *57 still works, but that was the old school way to get around caller ID in the early 90s. It’s hard to check google for it because they don’t let you search for astericks, but searching for “star codes” and “call trace verizon” gets me:

    http://www.yashy.com/star.codes.html
    and the far more informative:
    http://www22.verizon.com/wholesale/clecsupport/content/1,,…

  2. nweaver says:

    Call the local cops. They can get the actual routing info from the phone company.

  3. ManiacDan says:

    Unfortunately, *57 would only trace back to the reported caller ID and ANI given by the originating call exchange center. Spoofing caller ID is easy and yet very complicated. I recommend picking up the last 2 issues of 2600 (Spring and Winter) if you’re interested.

  4. thejanna says:

    Recently someone told me about spooftel.com, which you can use to display any name and number you like on someone’s caller ID when calling them. I can’t read any of the disclaimers on their site at the moment, since the filter at my place of employment categorizes the site as “questionable,” but I’m sure it would have been easy enough for the Capitol One impersonators to use a service like this.