First of all, the Macdonald-Laurier Institute just published an updated version of my previous article on rising university tuition costs. Thanks to helpful feedback to that earlier post, I was inspired to dig into data from Ontario’s Sunshine List and, as a result, discovered a much more likely explanation for the (inflation-adjusted) doubling of the true costs of a Canadian university education in just 17 years.
Do check it out.
Today’s post will be noticeably different from anything else I’ve done here. It’s a one-off, but I think it’ll be worth your time. The target of my fury and disgust will be vicious and uncaring criminals. And, no, I’m not talking about federal civil servants (at least not this time).
In fact, this post will be a public service announcement about identity theft. But it’s also about how private companies are sometimes sufficiently incentivised to excel at tasks governments couldn’t dream of mastering.
Some of you might not know what I do for a living during those brief moments when I’m not slaving over posts for The Audit. Scary but true: among other things, I’m a Linux and cloud server administrator. In that particular capacity I’m constantly thinking about defending my infrastructure from hackers, scammers, and thieves. I’ve even taught the subject through multiple books and online courses.
Which is to say that I know a thing or two about digital security. So much, in fact, that I should be immune to identity theft attacks. Also scary but true: it turns out that, in fact, I’m not immune to identity theft attacks.
It all began when I was recently contacted by someone claiming to work in the fraud detection department of my credit card provider. I was told that warning flags had been raised over a couple of suspicious transactions using my card.
The visible caller identity information matched with what I’d expect from that company and I was receiving legitimate emails and text messages from the company in real-time throughout the call. Even the terrible on-hold music was the same as usual. In addition, the “agent” seemed to already have a lot of information about me and didn’t ask for many of the things you’d expect from scammers. The caller did an excellent job adopting the right serious-but-helpful attitude.
I was fairly alert from the start and looking for signs of trouble - and it’s not like I’m not already familiar with the standard trouble signs. But this guy was playing 4-d chess with me and was at least a few steps ahead. I even innocently threw him a complication that he couldn’t possibly have seen coming and he smoothly adjusted on-the-fly.
To further distract me, the scammer gave me a verification number. He told me to refuse to engage with any subsequent calls where the agent didn’t successfully confirm the number. Now I realize that he was just trying to prevent the real agents from intervening in his fraud.
But instead of cancelling my card, the guy was actually busy trying to put as many charges on it as possible. During the course of the call itself, the card was used to add to an Apple Pay account and to purchase ride shares through bolt.eu.
And it would have been much worse had the scammer’s methodology not included one or two flaws.
What was actually going on
Keep reading with a 7-day free trial
Subscribe to The Audit to keep reading this post and get 7 days of free access to the full post archives.