Filed under: data security

Phishing by Telephone or Bad Credit Card Company Approach?

Wouldn't you think a credit card company would be sensitive to data security issues when on the telephone with a customer?  I once thought so.  Just received a call from an 800# that my smartphone didn't recognize and upon my answering, was told by the woman caller that she's from Capital One.  

She states that she wishes to speak with me about my credit card ending in "1234" (really, the 4 digits ending for my card).  So far, so good.  Next she states that she has to validate my identity and asks for my date of birth.

Dscf1361_2

I'd been wondering where the call really originated...based on the caller's accent, so when she asks for my date of birth I politely object. I wonder if I'm being phished.....  I decide to explain and advise her that I would provide her with only what's easily available about my identity, since she is the one who called me.  Right?  I also politely note for her that the number from which she has called me is not Capital One's regular customer service line and that this makes me even more uncomfortable.  

She becomes a bit offended with me, says I can call the number back and that would prove it's Capital One, to which I respond that dialing back and hearing somebody state "Capital One" would prove nothing.  Further, I explain, why do I need to provide any information for Capital One since it's Capital One who called me and who undoubtedly knows a great deal about me.  She thereupon said she would end the call and hung up.  

I've heard nothing since, but I still wonder:  Could this be a new variation on a phishing-type scam?  While I don't get many spam emails asking for my banking or credit account information, I've been spammed to death by email claiming to be from the IRS or USPS or UPS (all of which I've shared with appropriate authorities).  I don't really think it's a scam...but why chance it?

My takeaway?  If this was really Capital One, they need to revise their approach.  This one doesn't work.  Why should anybody answer the phone to some unknown caller who happens to have the last 4 digits of any piece of plastic (which probably isn't hard to find) and then provide more private information? 

What do you think?