The author is simply not very good at defending against these scams.
A. Fraudulent charges are YOUR BANK's problem, not yours. There is no reason to take any risk or share any information. You can agree that charges are fraudulent, but that's the endpoint of your responsibility.
B. Don't give out any information to an inbound caller. None. (except to acknowledge fraudulent charges)
C. Don't try to figure things out. You don't need to reason through it. This author spends SO MUCH time trying to reason out whether this is or is not a scam call. WHY??? Just hang up and move on. If it makes you feel better, you can always call you bank back.
"Putting all of this together, the scales started to tip toward this potentially being a scam call, but I still wasn't certain. It was all circumstantial and conjecture, and a lot of it seemed very legit, plus the difficulty of accurately putting together the information needed to make an attack like this against me without also including strategic disinformation that would tip me off about where they got their data. I needed more information. It was time to push back on this."
>>WHAT??? Why do you need to push back? What's the point? Hang up!
"So, I was immediately suspicious, and started asking technical questions; "
>> NOW you're suspicious? Again, why ask technical questions here. Who cares? Move on!
This author spends FAR FAR too much time trying to outsmart the scammer - and in the process gets outsmarted himself.
Edit: Nevertheless, I give the author a WHOLE LOT OF CREDIT for being willing to post this. I'm sure he was a bit embarrassed, but sucked it up for the greater good and education of all of us. Thanks!
A. Fraudulent charges are YOUR BANK's problem, not yours. There is no reason to take any risk or share any information. You can agree that charges are fraudulent, but that's the endpoint of your responsibility.
B. Don't give out any information to an inbound caller. None. (except to acknowledge fraudulent charges)
C. Don't try to figure things out. You don't need to reason through it. This author spends SO MUCH time trying to reason out whether this is or is not a scam call. WHY??? Just hang up and move on. If it makes you feel better, you can always call you bank back.
"Putting all of this together, the scales started to tip toward this potentially being a scam call, but I still wasn't certain. It was all circumstantial and conjecture, and a lot of it seemed very legit, plus the difficulty of accurately putting together the information needed to make an attack like this against me without also including strategic disinformation that would tip me off about where they got their data. I needed more information. It was time to push back on this." >>WHAT??? Why do you need to push back? What's the point? Hang up!
"So, I was immediately suspicious, and started asking technical questions; " >> NOW you're suspicious? Again, why ask technical questions here. Who cares? Move on!
This author spends FAR FAR too much time trying to outsmart the scammer - and in the process gets outsmarted himself.
Edit: Nevertheless, I give the author a WHOLE LOT OF CREDIT for being willing to post this. I'm sure he was a bit embarrassed, but sucked it up for the greater good and education of all of us. Thanks!