I’m quick to judge (and harshly) those who get scammed by email. I never download attachments or click links in emails from people I don’t know. I often check email headers or URLs to see if they’ve been spoofed. As for giving out my credit card info over the phone… never! And then I did.
I got a phone call one morning this past week from a woman who works in the billing department of the health care provider I use. Said they’d received a payment slip from me (USPS) but I had failed to enter the credit card number. She knew the amount. I said I was busy at the moment but would call back. I did, by hitting that number in the RECENTS list on my phone. Asked for her by name and gave her the card number.
Dumb. Turned out she was legit but dumb none the less.
When discussing this with my less-dumb friends we theorized how a scammer could have known the exact amount of the payment in question. Since I mailed it, someone could have intercepted that piece of mail and gotten the amount. Or, in theory, they could have social engineered the info from the health care provider. My obvious mistake was not verifying the correct phone number and placing the call instead of clicking the RECENTS link on my phone.
Surely, I cried, there must be a way to use my high tech smart phone to protect from such carelessness in the future. Turns out there are less than a dozen people who I would want/need to immediately take a call from. I’ve added those to my FAVORITES list in the iPhone and everyone else automatically goes to voice mail. Where they’re informed the best way to reach me is IM or email. And if they don’t already have my address or number, they’re SOL.
I’m still a little stunned I could have been so careless.