Summary:
Cory Doctorow recounts being scammed by a phone-phisher who posed as a bank representative, tricking them into divulging their credit card number. Despite the author’s knowledge of scams and fraud, they fell victim to the scheme due to being on vacation, using unfamiliar ATMs, and feeling rushed and distracted. The fraudster exploited vulnerabilities in the bank’s after-hours fraud center and the author’s state of mind to obtain sensitive information. The author reflects on how AI-driven automated systems in banking may exacerbate such vulnerabilities, conditioning customers to interact with semi-automated systems that mimic phishing attempts. They emphasize the importance of raising awareness about scams and the need for companies to avoid creating new vulnerabilities in their systems.
The banks own scammy calls don’t help this. I had one a few years ago where they called me about a charge and their system asked for way too much information. I hung up and called the number on the card and they seemed confused when I explained how scammy it was after they confirmed the call was legitimate.
It seems like the best plan for any time your bank calls you is to hang up and call the number on the back of your card.
My bank called me recently, and I was sure it was legit, but then she wanted my date of birth to confirm she was talking to me and I said “I don’t give out personal information over the phone”. She don’t know how to handle that. I should have said “Can I have your date of birth to confirm who I’m talking to?” Next time…
My bank blocked a payment to my mortgage lender (I had more than enough money in the bank, but they had a bunch on hold when I transferred a recent deposit to savings).
The agent for the broker that called asked for a bunch of information that they should have had. I hung and and called back to find it was a legit call, but let then know that I their rep really sounded like a scammer and they should probably update their scripts