A NEW Scam

They have come up with a new scam to rip us off.  

I received a call from "Verizon wireless fraud division" who was contacting me to verify that I placed an order for a new iPhone today.  They were reaching out because it was getting delivered to a different address than mine.  I said I had not purchased anything today so he told me to give him a minute.  Meanwhile you hear the keyboard typing (great sound effect added) and then he mumbles to himself, and finally comes back on the phone with me and says he found it, it was purchased in Newark.  He said he can remove the order for me but he needed to verify some of my Information.   He started with my phone number he contacted me on, then he said he was sending me a text with a new password to block anything else from getting charged.  The text came from a Verizon number and actually had Verizon listed on my caller I.D.  He used all of Verizon's lingo and policies such as" Verizon will never ask for the password over the phone." Then he asked to confirm my zip code, which I did.  Again he starts typing away and is talking to himself/me saying things like "oh ****, I mean shoot, I apologize for using that language, but they really tried doing a number on you".   At this point I asked for a call back number, which he stumbled with but finally gave me a verizon number to call back.  

I called VW Fraud Division and they confirmed it was a scam.  They looked up my account and didnt show any purchases nor did it show anyone from VW speaking with me.  They disabled my account access and sent me an email on how to re- activate it.  

She said they look for you to give them your password so they can order all kinds of equipment on your account.

Be careful 

Eric 


Stop. Call credit card company used to buy phone. They’d likely identify fraud way before Verizon


No, it was charged to my Verizon account.  I guess with the phones costing so much Verizon came up with a monthly payment plan.  I bought a phone last month in a Verizon store and when they rang me up they said the total owed at the time was $153.  The balance would be billed in monthly installments to my Verizon account.   

Wait  a minute, nothing was purchased.  The scam was....telling me there was a phone purchased so I would give them my info in order to cancel the purchase.  They would then be able to access my account to order whatever they wanted.  They would probably change my profile so that I wouldn't be contacted by Verizon. 


Honestly, NOBODY should ever ask you for your password for anything.  It infuriates me when I contact customer support people at some places that do that and I am very hesitant to do that.  They should be able to access your information using your account info ... after all, your account is with their company.


I understand. Always use a credit card to charge stuff like this. Then you have a company that has your back and you’ll immediately know you are being scammed. 


Verizon will ask you for your password.  I had a problem with my phone yesterday - access denied to my voice messages. I called Verizon Wireless Technical Support (number on my bill), and asked for help.  The first thing they asked me for was the password associated with my account. This is a number that they assigned at time of purchase (really an individual serial number) which they would need to get into the phone.  They told me that since I had never received this number (phone was a gift) the only way someone could help me access my messages was if I went in person to a Verizon store and presented valid ID.  I assume this is a security issue which is great if you have the information needed yourself, which I do not.


that's not really a "password" they asked you for. It's more like a pin that is used just to identify yourself to them. It can't be used for anything else, like accessing your account for a withdrawal or purchase or something like that.

my son had the same issue with his debit card. customer support needed this pin for them to help him, but he had never been assigned the pin, so he had to appear in person at the bank.

It looks like it's a new security procedure that companies are starting to implement and it also looks like they need to work out some kinks.

Worse, it makes the "we'll never ask you for your password" , which they've been drilling into our heads for years, confusing. Now it's "we'll never ask...except for this special time". How are you supposed to keep straight when it's ok or when it's not? And do we really need to keep track of yet another pin?

Overall this strikes me as a mistake.

Things never seem to get any easier...


DB is correct, it is just a pin number.   They asked me for it and I took a wild guess and got it right.  I must have setup the pin in the past because it was one of 3 passwords I use for other accounts.  


from Bob Roe:  I have about forty online sites where I have to use usernames and passwords and sometimes pins.   It is very difficult to keep them straight.  Do any of you have real good system for keeping all these sites and usernames and passwords efficient?  


RobertRoe said:

from Bob Roe:  I have about forty online sites where I have to use usernames and passwords and sometimes pins.   It is very difficult to keep them straight.  Do any of you have real good system for keeping all these sites and usernames and passwords efficient?  

I use LastPass to keep track of passwords and it works pretty well. (on the PC anyway - never got it work seamlessly on my phone) But to be honest, I have never followed the advice of making passwords for different sites unique.  That's a level of complexity I can't deal with.

Not to say all of my passwords are the same, but they're all pretty similar, and only involve a couple of different patterns. But I'd be lost without LastPass.


RobertRoe said:

from Bob Roe:  I have about forty online sites where I have to use usernames and passwords and sometimes pins.   It is very difficult to keep them straight.  Do any of you have real good system for keeping all these sites and usernames and passwords efficient?  

 I got a phone book from the dollar store.  I don't write the exact passwords.  I have a 'code'  I have a large bank of words I use and combine such as blue bunny lemon.  in the code I will write b???l????, that reminds me that it is bluelemon.

i also have various sets of numbers I use.  for example if the 4 digit number is 3579, I will write that out as 3####.  It reminds me it is the 4 set of digits starting with 3.

each password is a combo of 2-4 items in my password bank.  this works fine for things that aren't really sensitive like message boards.  for something like a bank account, I will use a combo of my standard words plus1 additional character


I am old school.  I write them all down on a piece of paper and "hide" the paper far from where I use the computer.  Every so often, I change the passwords and prepare a new sheet of paper so everything stays current.  When I had to change my passwords regularly at work, I would draw a cartoon that contained a code for the password of the month on a sticky and place the sticky in a handy location so I would be reminded of the new password since the words were changed so frequently.  The cartoon method worked when just a few passwords needed to be recorded but would never work for forty or more.  An approach you could consider, is to adopt the one time code technique used in spy novels.  Select a book.  Choose a page and line for each website.  Use the first or second or third or fourth letter from each word on the line as your password for that site.  Then in a notebook or on a piece of paper list the name or some other identifier for each website and next to it write the page number, line number and the number in each word you are using for your code.  Add a piece of punctuation or two that appear in the line to make each password stronger.  Since you know the book you used, you do not need to list that.  


from Bob Roe:  very cool idea Joan...I will feel like a spy.    The single notebook idea is also very good.  I got way too many pieces of paper lying around.  


 

RobertRoe said:

from Bob Roe:  I have about forty online sites where I have to use usernames and passwords and sometimes pins.   It is very difficult to keep them straight.  Do any of you have real good system for keeping all these sites and usernames and passwords efficient?  

 I use the notes app on my iPhone.   Each note can be individually locked.  I also isolate the app from the cloud and internet so the info stays resident in the phone only.  


I use LastPass to keep track of passwords and it works pretty well. (on the PC anyway - never got it work seamlessly on my phone) But to be honest, I have never followed the advice of making passwords for different sites unique.  That's a level of complexity I can't deal with.

Not to say all of my passwords are the same, but they're all pretty similar, and only involve a couple of different patterns. But I'd be lost without LastPass.

 Ditto!

(Both re use of LastPass and a couple of different patterns.)

Although LastPass isn’t as seamless on my iPhone as on my computer, I do use the app and find it helpful there also.


After setting up Lastpass, I started changing my passwords so that each account has a different password. For financial accounts, I use login names that are hard to guess. Since Lastpass keeps track of my passwords, it's no more complicated to have many passwords than to have a few. Most of the time, Lastpass fills in my password without my knowing or caring what it is. I just asked Lastpass to generate a password for me, and it came up with "tN9K^f4cBj1q". That's pretty hard for an algorithm to guess.


Tom_Reingold said:

After setting up Lastpass, I started changing my passwords so that each account has a different password. For financial accounts, I use login names that are hard to guess. Since Lastpass keeps track of my passwords, it's no more complicated to have many passwords than to have a few. Most of the time, Lastpass fills in my password without my knowing or caring what it is. I just asked Lastpass to generate a password for me, and it came up with "tN9K^f4cBj1q". That's pretty hard for an algorithm to guess.

 This is fine as long as you are sure you can access LastPass. However sometimes you need a password to obtain internet access. One example I’ve experienced is when purchasing WiFi service on airplanes and I need to know my frequent flyer account number and password. There are probably some others like that.  I have gone with the very encrypted passwords suggested by LastPass for my financial accounts, but am still using my ‘pattern’ passwords in many cases so that I can remember them when it is inconvenient or impossible to use LastPass. 


Lastpass is not super easy, to be honest. I wish there were a super easy way to be reasonably secure, but I haven't seen one yet. I typically do not use those crazy passwords. MacOS has a nice password generator in the Keychain Access app. I have it set up to generate passwords that are easy-ish to type and easy-ish to remember. I just generated one, and it gave me "year6-clue" which doesn't have a capital letter, but that's easy to remedy.


Tom_Reingold said:

Lastpass is not super easy, to be honest. I wish there were a super easy way to be reasonably secure, but I haven't seen one yet. I typically do not use those crazy passwords. MacOS has a nice password generator in the Keychain Access app. I have it set up to generate passwords that are easy-ish to type and easy-ish to remember. I just generated one, and it gave me "year6-clue" which doesn't have a capital letter, but that's easy to remedy.

 I use Windows, so I don’t have the MacOS option. At least LassPass is now somewhat compatible with my iPhone. 

I totally agree that it isn’t that easy. So, unfortunately, I haven’t been able to convince anyone else in my family to learn/use it.

Maybe biometrics will make this easier in the future. I do use the facial recognition on my iPhone for some of my accounts, but I also worry about it at times.



In order to add a comment – you must Join this community – Click here to do so.