Never Trust Caller ID: Sophisticated Scammers Use It To Impersonate Credit Card Issuers

Over the last 48 hours I have received multiple phone calls on two different phones lines from scammers executing sophisticated impersonations of credit card issuers.

Ostensibly to both get their targets to answer their calls, as well as to enhance their “credibility” with their would-be victims, the crooks, in each case, spoofed the caller ID of a major credit card issuer. I personally received some calls impersonating Citibank’s Citi Cards division and others impersonating Chase; in each case the caller ID displayed when the call came in was spoofed perfectly – the numbers matched those found printed on at least some of the credit cards issued by the respective banks, or otherwise known to belong to such parties. Making matters worse, the phone company transmitted the Display Name of the spoofed caller ID – so the caller ID, for example, said “Citi Cards” along with the spoofed number.

I rarely answer any such calls even when they are from legitimate parties – I let them go to voicemail, and, if necessary, I call back at the number printed on the respective credit card. I was curious, however, about the particular calls that I received over the past couple days; I had ways of knowing before answering them that the caller was not the party who he/she claimed to be (e.g., the calls were coming in on lines whose numbers I do not give to credit card issuers), and, I was curious to learn more about the scammers.

When I accepted each of the calls, an automated message played. In some cases it told me that the issuing bank (appropriately named in the respective messages) was urgently trying to reach me about potential fraud on my account, and that it would connect me to a representative – who, of course, initially asked me to provide various information in order to allow him to confirm my identity. In other cases, the message was about lowering my interest rate – and I was connected to a rep who, likewise, needed me to provide my credit card details.

At that point, I hung up. (I did not have time to “have fun” with the scammers and waste their time as I have sometimes done in the past.)

While such scams are not new, and Caller ID spoofing has been utilized by scammers for years, the criminals’ presentation this week seemed far more on target than in the past; the scammers’ behavior and script seemed to more accurately than in scams of yesteryear mimic those of legitimate representatives of card issuers – dramatically increasing the odds of people falling prey to a scam.

As such, today is a good time to remind everyone:

1. Never provide any personal or financial information to anyone who calls you. Hang up and call the caller back at a previously-established valid phone number such as the one printed on the back of a relevant debit or credit card.

2. Never trust caller ID as a reason to override #1.

Stay safe!

(The image displayed above is the caller ID displayed during one of the calls – the caller was a scammer, not a representative of Citi Cards.)