I_Am_Weasel: Never give out personal information to anyone who calls you. Ask them for a number and call them back if it's necessary.

Never give out any information to people who call you, no matter how personal nor not. Like the women who called me, the other day, asking the model number on my printer; I asked why do you need it, she responded with a dial tone.

I_Am_Weasel: I once had a company, that I deal with, call me and just wanted to verify my credit information. She said "There's nothing wrong, we just wanted to verify the information". I asked her "If there's nothing wrong, why do you need to verify the information". The conversation ended pretty quickly.

Never give out personal information to anyone who calls you. Ask them for a number and call them back if it's necessary.

I do, however, like filling out information in response to e-mails from banks I get. They don't get any accurate information. You'd be surprised at how just entering random information gets you into a bank account for a bank you've never dealt with.

That's probably a pretty bad idea if you're serious. Those sites could be installing malware on your computer at the same time they're stealing your fake information.

NoScript would help a lot, but you can never be sure what sketchy 0-day is out there.

If you store any financial information with anyone online, you get exactly what you deserve.

/KeePass is free.
//Unbreakable.
///Don't be stupid.
////slashies

Lt. Cheese Weasel: //Unbreakable.

Nothing is "unbreakable".

\uses KeePass

Lt. Cheese Weasel: If you store any financial information with anyone online, you get exactly what you deserve.

/KeePass is free.
//Unbreakable.
///Don't be stupid.
////slashies

Online banking since 1998 and I love it. Also, I prefer lastpass.

serial_crusher: FTFA: For example, if I know your name, when you've used your card recently, last 4 digits and expiration date, I'm pretty confident I could use the information to my advantage. When you add data that is generally available online (such as someone's address), an attacker is well armed for a successful social engineer attack.

See, this is why I never say anything to the bank if they call me. I hang up the phone, call their 1-800 number, and say "hey, some guy called and said he was working for you, etc etc."

The Bank of America fraud protection people are apparently trained to call up, say they are BoA fraud protection, then ask for your CC info to verify who you are. This isn't a red flag operation either, this is how they honestly want you to validate your identity before they tell you there have been suspicious charges.

From the same corporation that deemed Windows to be "too vulnerable".

Good lord, it's like they're not even trying anymore.

Abner Doon: I_Am_Weasel: I once had a company, that I deal with, call me and just wanted to verify my credit information. She said "There's nothing wrong, we just wanted to verify the information". I asked her "If there's nothing wrong, why do you need to verify the information". The conversation ended pretty quickly.

Never give out personal information to anyone who calls you. Ask them for a number and call them back if it's necessary.

I do, however, like filling out information in response to e-mails from banks I get. They don't get any accurate information. You'd be surprised at how just entering random information gets you into a bank account for a bank you've never dealt with.

That's probably a pretty bad idea if you're serious. Those sites could be installing malware on your computer at the same time they're stealing your fake information.

NoScript would help a lot, but you can never be sure what sketchy 0-day is out there.

Not only that, but if they're smart enough to tie the referral codes to the addressee, it's like saying "why yes, this IS a live e-mail account and I WILL read and respond to things. Please, send me more spam!"

It's not really a big deal that they store those last four unencrypted. They're already printed all over your receipts (physical or digital) and they don't even do that much damage if known.

Source: http://codinginmysleep.com/2011/12/on-the-google-wallet-problem/

Where have all the Android fanboys/astroturfers gone? Ever since the Carrier IQ stuff they have just disappeared into the ether. It's crazy. Completely understandable, just weird to watch.

illegal.tender: Where have all the Android fanboys/astroturfers gone?

They are on other site biatching about Microsoft making Onenote and Skydrive apps for iOS

JohnBigBootay: Online banking since 1998 and I love it. Also, I prefer lastpass.

This.

Also, who cares if the Android application stores the information in plaintext? If it was encrypted, then the device would also need to store the key to decrypt it...which is pretty much useless in terms of security. It's better to simply have it stored in plaintext and protect it well through other means.

Also, credit card numbers aren't exactly critical information that must be kept secret at all costs -- customers aren't liable for fraudulent charges, and you can get the card replaced by the bank in a day or two. No biggie.

Twice Banned: I_Am_Weasel: Never give out personal information to anyone who calls you. Ask them for a number and call them back if it's necessary.

Never give out any information to people who call you, no matter how personal nor not. Like the women who called me, the other day, asking the model number on my printer; I asked why do you need it, she responded with a dial tone.

Seconded. I used to work for a place that ran this exact scam.

jsnbase: Twice Banned: I_Am_Weasel: Never give out personal information to anyone who calls you. Ask them for a number and call them back if it's necessary.

Never give out any information to people who call you, no matter how personal nor not. Like the women who called me, the other day, asking the model number on my printer; I asked why do you need it, she responded with a dial tone.

Seconded. I used to work for a place that ran this exact scam.

What kind of scam needs your printer model number? Is it just to get you talking so they can get different info?

/Who cares about the last 4 numbers of your CC? It's not like they need that to start social engineering.

Donnchadha: How does that scam work?

It's probably this one

Plain text? I was told they would be using Comic Sans.

heypete: Donnchadha: How does that scam work?

It's probably this one

Yeah, that's the one. My place ran the toner phoner scam.

First person calls and asks for the copier information. Second person calls a few days later and says "I'm calling about your " then basically acts like they're your normal supplier.

At my place they would say something like "the price is going up at the end of the month, so I'll go ahead and send you a few at the old price." The 'old price' was something like ten times higher than you'd pay at Office Depot.

The rest of the scam involved giving angry victims the run-around and sending collection agencies after people. I think it works best with bigger companies where there's a chance to get someone on the line who won't realize there's a problem.

I handled shipping and was never on the 'sales floor,' so it took me an embarrassingly long time to figure out what was going on. Then I left.

Bottom line, don't give any info to anyone who calls you unless you're sure you know who they are.

Here's my CSB.....

It's like 9am on a Saturday, and I'm sleeping. My phone rings and it's some angry sounding guy. First, he asks if he's speaking to 'Mr Fark_Guy_Rob' then he tells me I need to verify my identity by answering questions that banks typically ask you....where do you live, phone number, etc, etc...

Naturally, I figured it was a scam so I was like, 'Umm why do i need to verify anything?'

And he said he couldn't discuss any account specifics unless I gave him the correct answer because of privacy laws. And I'm thinking, 'This is a total scam....'

I told him 'No' but because I felt like being a dick, I started asking HIM questions. Okay, what company are you? And where are you located. Well, can't you at least tell me how many loans I have? No well, what can you tell me....

Here's the funny part - everything he was willing to tell me was 100% correct.
It wasn't a scam.
He was actually calling from the student loan company claimed. As it turns out, I switched bank accounts and never updated my information. I hadn't paid them in months.

I_Am_Weasel: I do, however, like filling out information in response to e-mails from banks I get. They don't get any accurate information. You'd be surprised at how just entering random information gets you into a bank account for a bank you've never dealt with.

Wait, what? What do you mean by "gets you into a bank account"?

When I read about Google wallet, I decided I'd be a late adopter.

Actually, given all the weirdnesses with employees leaving laptops full of social security numbers and bank info in bars and in their cars, I've taken to paying cash where ever I can.

Back when I was with a brokerage firm, I'd have to verify people in outbound calls. When someone didn't want to answer my questions, that was fine by me (I'd give the 800 number and the reference number and move on). But I never understood why some folks would give me a five minute long speech explaining why they didn't want to answer. No legit caller cares.

In other news, Slashdot is still around...

"some information" => Internet Derp Machine => "Your Financial Information"
If they stored your google account username in plaintext they're storing "some information" in plaintext.

serial_crusher: FTFA: For example, if I know your name, when you've used your card recently, last 4 digits and expiration date, I'm pretty confident I could use the information to my advantage. When you add data that is generally available online (such as someone's address), an attacker is well armed for a successful social engineer attack.

See, this is why I never say anything to the bank if they call me. I hang up the phone, call their 1-800 number, and say "hey, some guy called and said he was working for you, etc etc."

I've never ran into a case where it wasn't a legitimate bank call, but that really is something you should be diligent about, in case it turns out to be social engineering.

I work for a Bank.

We have pretty strict rules for all call centre staff, they don't actually ever call a customer unless the customer requests it, just for this reason and they always schedule the call so you know it's coming at a certain time.

The only exception I think is if they are marketing, but marketing doesn't require account data to do a product origination, so they should still never ask anything really. Maybe just confirming that the data they already have is correct before starting the product for you.

Impasse: Lt. Cheese Weasel: //Unbreakable.

Nothing is "unbreakable".

\uses KeePass

Unless you're an idot, it is unbreakable. Let KP choose all your passwords. I have tons of accounts online and I don't know any of the passwords. Don't have to. We use it at work as well. Multi account psws and certs...only I know the one psw to open the db.

Yankees Team Gynecologist: I_Am_Weasel: I do, however, like filling out information in response to e-mails from banks I get. They don't get any accurate information. You'd be surprised at how just entering random information gets you into a bank account for a bank you've never dealt with.

Wait, what? What do you mean by "gets you into a bank account"?

There are several women with the same name as me who imagine they have my email addy. Wrong. I got to Gmail first. Doesn't stop them from entering my email addy on tons of things. I get all kinds of order/shipping, etc. confirmation emails.The most recent one was for a new bank account for the same chick who ordered fancy bathroom fixtures a month earlier. And the next time the imposter in Utah orders another Mac, I'm tempted to call UPS to have it rerouted to my house. I get so much of this sort of email that I'm starting to piece together all kinds of details about their lives that they probably wouldn't want a stranger to have.

So yeah, be careful about using "fake" email addresses and so forth online. Some of them belong to people who aren't as nice as me.

Lt. Cheese Weasel: Impasse: Lt. Cheese Weasel: //Unbreakable.

Nothing is "unbreakable".

\uses KeePass

Unless you're an idot, it is unbreakable. Let KP choose all your passwords. I have tons of accounts online and I don't know any of the passwords. Don't have to. We use it at work as well. Multi account psws and certs...only I know the one psw to open the db.

Unless you're an idiot, you know that no software is "unbreakable".