irregular burbling

« July 2008 | Main | September 2008 »

August 21, 2008

SMS Phishing

So, I maxed out one of my credit cards the other day, and to my surprise I received a text from the card company saying that my account was over its limit and that I should ring this number to sort it out. Well, I say it was from them, but there was no indication beyond the name of the card being mentioned in the text that it was from the card issuing company. Also, the phone number supplied wasn't the one I had in my phone for that company's customer service line. Anybody could have sent it. Suspicious.

So instead of calling the number in the text, I rang my known-good number for the company and asked about the message. Turns out that the credit card company did send it and that the number given was for an automated payment system rather than customer service but still: training your customers to phone up numbers received via a random text message and give out their card details? What a dangerously insecure precedent to set! Banks and credit card companies don't do that sort of thing via email because of phishing and SMS has even fewer safeguards.

It's worth noting that the automated payment system was a voice recognition system so you wouldn't even need touchtone capability to create a fake version. If that's how credit card companies are operating these days then I reckon we can expect to see SMS phishing for credit card details taking off in a big way.

Posted by Jonah at 12:28 PM | Comments (3)

August 1, 2008

Happy Yorkshire Day



Posted by Jonah at 9:18 AM