Today i just had a call from someone claiming to be from credit card service center. She introduce herself, confirm my name and ask some background check of my credit card usage. Sounds warm and friendly like most call center.
The next thing she says i am selected from hundreds to received a complimentary Discount Card that will enable me to get discount on stuff bought with my credit cards. And ...there is no additional membership fees i have to pay. Sounds too good to be true. She then confirmed the mailing address to send the discount card and wants to confirm the card number and expiry date.
Caller : Sir, we need to confirm your card credentials, you are using mastercard correct?
Me : Yes
Caller : Your card number starts with 5134 or 5200?
Me : It starts with 5134..
Caller : Do you mind telling me the whole number?
Me : Its 5134 XXX....
Caller : And this card expires on 2014 correct? What month is it?
Me : its November.
Caller : Oh, So you only had this card last year. Can you give your bank membership number for the card?
Me : I am sorry, Bank Membership number?
Caller : Yes, Can you remember it?
Me : I don't think so.
Caller : Its ok sir, the membership number is at the back of the card right after the space where you sign. There should be some numbers there.
Me : Hmm.. I cannot give that number. You will be able to use this card for online transaction.
Caller : (Silent for 2 seconds) But sir, we wont be able to confirm your card and will not be able to send you the discount card.
Me : Nah, Its ok, i don't need it. nice try though. (hang up).
So folks, this is one example where social engineering can be used to get information from you. Always remember that your credit card security number is not to be shared with anyone else since most online transaction only requires your card number, full name on card, expiry month/year and the security number. All those information they can easily get except for the security number. Some other banks like maybank uses TMOS password to verify the card on top of the security number. But TMOS is also limited to some merchants.
But my question is, how did they get my number and also most of the card information? They have my phone number, home address, full name on card... I think i should give my bank card center a call..
No comments:
Post a Comment