I have a Work focus setting on my iPhone, even though I'm retired. I suppose I could name it anything, haven't looked into it enough. But it only allows calls from my family and people I know or expect to call for some reason.
My phone usually shows a few missed calls every day, many of which are marked "Scam Likely." Seldom do any of them have an accompanying voicemail.
Yesterday, I happened to notice one as it came in from an 800 number, and I saw the word "Citibank" on the caller ID. I'd recently read about a massive data breach, so maybe that's what prompted me to pick up.
I got a pitch from someone claiming to be from Citibank Retail Services, asking if I was making a >$2K purchase at Home Depot and opening a new Home Depot credit account. Primed by the data breach report, I immediately bought into the narrative that someone was trying to use my personal information to open a Home Depot account and buy something online.
At one point, it felt sketchy and I said that to the guy on the phone. He said "I'm not going to ask you for any personal information." He said, "Please stay with me while I cancel this transaction."
That should have been my clue.
He'd placed me on hold while he was supposedly "waiting for my system to update," and then the call disconnected.
I was still kind of believing him, so when he called back, I picked up.
What finally tripped them up was a pin he said he was going to text me. That definitely set off red flags, but I was still kind of on the hook. We had some patter about a credit freeze and that I could go to creditkarma.com to do that, which I'd never heard of. But he was being very friendly the whole time, repeatedly thanking me for being so patient with him.
So when the "pin" (It's a verification code.) arrived, it was from Citibank and it said "We'll NEVER call or text for this code."
At one point earlier in the conversation, to address my skepticism, he said I could speak to his supervisor. When I read the text, I was certain it was a scam, but I wanted to see how good it was. I asked to speak to his "supervisor." Another guy comes on the line with a pretty good line, "So-and-so, Citibank Retail Services, floor supervisor, how may I help you?"
Unfortunately for him, that was all he was good at. He fumbled around when I asked him about the "We'll NEVER call or text for this code." I wasn't going to give them the verification code anyway, but I wanted to see how sophisticated they were. Pretty thin by that point.
I hung up.
So, they were able to put "Citibankonline" in the Caller ID somehow. The main guy was pretty smooth. I was "primed" by the news report of the massive data breach, and I almost bought it. The only thing that really saved me was the warning on the verification code. When he told me he was going to text me a code, I asked him why I had to receive a code to cancel a transaction that I never initiated. Couldn't he just cancel the whole thing at his end as a fraudulent application? He had a response that wasn't convincing, and the red flag was waving like crazy. I can't say for certain what I might have done, had that warning not been in the text.
So, I guess the lesson is, pay attention to the red flags, or your "gut" telling you something is wrong. And be sure to read the content of the text before you do anything.
I should have never picked up. That "Citibankonline" took me in, as stupid as that looks now.
Originally posted at Nice Marmot 08:14 Sunday, 18 August 2024