Share via


Are banks encouraging phone phishing attacks?

I recently called the support number to verify a charge on my Wells Fargo account and it surprised me when the automated teller requested that I enter my card number and then my pin number. I was always lead to believe that we should never share our pin numbers as that obviously breaches the security of our ATM cards - so I hung up and waited until I could talk with a customer representative. I just spoke with such a representative and apparently the bank is ok for you to share your pin number with an automated teller.

This seems very strange to me as how am I to determine whether in fact I am talking with an automated teller owned by Wells Fargo or an automated teller owned by someone with malicious intent. This possibility is greatly increased by the large number of phone numbers that the banks have - preventing me from even really knowing whether I am talking with Wells Fargo or not. This is made all the worse given the large number of phone numbers that banks appear to have nowadays. The enquiry I just made has had me dial 4 different numbers during which time I was also transferred 3 times - meaning I really have no idea who I am talking to. I can also imagine would be perpetrators obtaining numbers that are 1 digit off of major banks and obtaining ATM card information that way.

Is it just me or does this seem like a huge risk? Or is there something that I am missing here in terms of why this isn't a security risk? Also, do banks other than Wells Fargo also require customers to enter their pin numbers?

Comments