At 11:46 this morning I received an automated call from 800-331-3172. They said, IIRC:
Your AT&T account has been flagged for possible security violations. Please enter the last four digits of your social security number to avoid service interruption.
I immediately hung up.
How do I know with absolute certainty it was a scam? They called my Verizon phone.
Interesting.
The common practice of asking for the last 4 digits of your SSN creates the impression that this is a confirmation of identity without endangering your identity (because it’s only part of the SSN). So why would a scammer ask for just 4 digits? The implication is that just 4 digits is enough to cause trouble.
I wonder how that would be done. And if this theory is valid, it means that we have to stop giving out those 4 digits.
Which reminds me, much as it troubles my libertarian soul, this is where I say “there ought to be a law”. What that law would say is: “except where explicitly required by law, no agency and no private entity may ask for or store any part of any person’s social security number”. The “explicitly required” would be limited to the social security office, the IRS, and that’s about it.
My SS card says “FOR SOCIAL SECURITY AND TAX PURPOSES–NOT FOR IDENTIFICATION”. None of my children’s SS cards have any such markings. It used to be something like a $10K fine if anyone tried to use your SSN for anything other than tax purposes. No so anymore.
Answered a call at my folks an hour ago. ID came up Janice Ramirez, was a black woman speaking, said their elecricity was going to be cut off in one hour for nonpayment. They’re on autodraft, and she didn’t even identify other than “the electric company”. I told her I was aware of the scam and hung up
For the robocallers, consider leaving the phone off the hook until the pitch ends rather than hanging up as soon as you realize it’s a scam.
If it’s a live person, I say “Sure! Can you hold on just a sec?” quickly, and set the phone down without hanging up. Sometimes you’ll get a new drone who will actually wait a while for you to come back.
Doing this reduces the number of calls they can make in a given time period (not by a lot, granted, unless many do it) and reduces their ROI.
The one I’ve been getting regularly is a heavy Indian accent, calling from “Microsoft technical support,” (or some sort of sub-contractor) asking for me to change a setting on my computer because it’s causing problems in [some sort of vaguely defined local area internet geek-speek-ish]” Ummmmm.
No. Not changing my security settings for you. Not happening.
But I’d be happy to have a conversation with you asking how you sleep at night, knowing that you are trying to screw people up, mess with their lives and data, and help create a world full of spam, hurt their children, and generally act like a criminal through a phone line. The men usually either keep trying to plow through their script or hang up. The women usually get silent when I get to the part about opening children up to all kinds of things.
Gotta find entertainment where I can.
Very much the same as my experiences, although it is usually “Allo, I am calleeng from Government Office of Microsoft Windows”. I’m not nearly as nice with them. The last time I got that call I told them I was going to curse them and their children for seven generations, then launched into a Klingon-like babble. They hung up on me.
Yeah, that sounds about right. The specifics change with each call. I’ve gotten, oh, I don’t know, maybe a dozen of them in the last six months. Obviously they must get enough people biting to keep trying….
I like your approach, too.
I consider the WATS to have been appropriated by pirates, and I don’t answer any of the 800-series of numbers any more. A simple answering machine set to pick up on the fifth ring saves your sanity. If a legit caller does get the box, they will leave a message. We get 20 crapcalls for every legit call on our landline.
NO legitimate company EVER calls YOU and asks for any part of your soc sec number.
I never answer a call forum an unknown number. I figure if it’s important, they can leave a message. If not, they shouldn’t be calling. Most never leave a message. Pretty simple filter.
If the person knows where you were born, and your age, having the last four digits may allow them to construct your full SS #. I don’t recall the details, but the state is part of the number, and the year of birth is also included. In other words, the SS # is not random.
Yes, that sounds right. At least for those young enough and US-born to have their SSN assigned around birth.
If they already have your name and birth date, they don’t even need to reconstruct your full SSN – most websites that would use any part of your SSN for verification – including, IIRC, most .gov sites – only ask for the last 4 digits.
If someone wants to cause you problems, and they have your name, birthday, and the last 4 of your SSN, you’re pretty much hosed.
> As soon as I can figure a way to make it as simple as possible
> for aquaintainces and as painful as possible for telemarketers
> I may do that.
Do it using PBX software, and give your acquaintances a number to dial when it answers that will cause the software to actually ring through to your phones. Anybody who does not know the number to dial for access gets the answering machine treatment.
I would not expect ATT to be competent enough to call your ATT line, if you had more than one line. I would not expect any large bureaucracy to be competent.
At my job, we have mandatory annual computer security awareness training. It says it is a fireable offense to provide any personal information to an external website while using company computers. The training is run by an outside contractor, and we are required to enter our official company username and password to complete the training. The irony is lost on senior management.