Consider the following scam. I haven't seen it in the wild, but don't see any reason why it wouldn't work.
1. Look up colleges with high percentages of alumni giving. This conveniently published in US News college rankings.
2. Obtain an alumni directories for target schools. I know these exist; I was recently asked to submit my information for mine.
3. (Optional) Obtain the "Giving Report" for the school. This can be used to target victims further, and to falsely authenticate yourself: "I see you gave N dollars last year, and we'd like to thank you for your donation. Would you like to follow up with another donation this year?"
4. Cold call the alumni asking for donations to their alma mater, obtaining credit card information. If an alumnus becomes suspicious, or a large donation, or asks for tax receipt records, simply "give up" on that one and "pass through" the donation via the school's official donation channel, using the credit card information obtained.
The general mechanism is this. Normally, when a spender (donor) provide credit card information, he or she looks up the recipient and contact them, implicitly providing authentication of the recipient (either the directory or the communication channel would need to be hacked). However, in this case, the recipient contacts the spender first, and we lose this "directory" authentication.
How might legitimate recipients avoid this scam (perpetrated in their name)?
2 comments :
I believe I was on the wrong end of just such a scam tonight! Caller asked for me to make good on a donation I "promised" three months ago in the amount of $19.73. When I asked why I would commit to such an odd amount, she asked if that was the year I graduated.It was, but that's public information. Would I like to pay off that commitment now with a credit card? Not likely! She then wanted me to talk to her supervisor to somehow prove her bona fides or she could give me a number to call to prove she was legit! A new identity theft scam in the offing?
I believe I was on the wrong end of just such a scam tonight! Caller asked for me to make good on a donation I "promised" three months ago in the amount of $19.73. When I asked why I would commit to such an odd amount, she asked if that was the year I graduated.It was, but that's public information. Would I like to pay off that commitment now with a credit card? Not likely! She then wanted me to talk to her supervisor to somehow prove her bona fides or she could give me a number to call to prove she was legit! A new identity theft scam in the offing?
Post a Comment