irregular burbling

« Happy Yorkshire Day | Main | Thought for the day »

SMS Phishing

August 21, 2008

So, I maxed out one of my credit cards the other day, and to my surprise I received a text from the card company saying that my account was over its limit and that I should ring this number to sort it out. Well, I say it was from them, but there was no indication beyond the name of the card being mentioned in the text that it was from the card issuing company. Also, the phone number supplied wasn't the one I had in my phone for that company's customer service line. Anybody could have sent it. Suspicious.

So instead of calling the number in the text, I rang my known-good number for the company and asked about the message. Turns out that the credit card company did send it and that the number given was for an automated payment system rather than customer service but still: training your customers to phone up numbers received via a random text message and give out their card details? What a dangerously insecure precedent to set! Banks and credit card companies don't do that sort of thing via email because of phishing and SMS has even fewer safeguards.

It's worth noting that the automated payment system was a voice recognition system so you wouldn't even need touchtone capability to create a fake version. If that's how credit card companies are operating these days then I reckon we can expect to see SMS phishing for credit card details taking off in a big way.

Posted by Jonah at August 21, 2008 12:28 PM


i have limited sympathy for the credit card companies losing so much money to fraud when they have massive holes in their security like this. thanks for the heads up though. :-)

Posted by: eelz at August 27, 2008 10:56 AM


Posted by: eelz at September 4, 2008 1:51 PM


Posted by: JAJA at September 12, 2008 8:31 PM

Post a comment

Remember personal info?