received unrequested security code request, what next?

JimKiler · May 19, 2017

at midnight last night i received a voicemail from 1.877.662.7447 saying to press one if i wanted a one time security code. There is no identifying information to know what website this is for. I was asleep and was not accesssing anything. I wish i could contact whatever company this was for but a reverse lookup had no idea who this was for.

Do i have any options besides changing 100+ passwords?

corkyg · May 19, 2017

Smells like phishing to me. I would just delete it. They can always get back to you.

Elixer · May 19, 2017

Yeah, you can ignore those.
For what it is worth, that # belongs to The Vanguard Group (investing).

JimKiler · May 19, 2017

Elixer said:
Yeah, you can ignore those.
For what it is worth, that # belongs to The Vanguard Group (investing).

thanks, now to call them.

JEDIYoda · May 20, 2017

Elixer said:
Yeah, you can ignore those.
For what it is worth, that # belongs to The Vanguard Group (investing).

Actually it will do you no good to call that number...the Vanguard group will do nothing about it. They probably have no clue what you are talking about and that number I would bet does not connect to the vanguard group!

Elixer · May 20, 2017

JEDIYoda said:
Actually it will do you no good to call that number...the Vanguard group will do nothing about it. They probably have no clue what you are talking about and that number I would bet does not connect to the vanguard group!

I was just pointing out who owns that # (https://personal.vanguard.com/us/serviceCenter/), nothing more.
I know it could have been spoofed, but that wasn't the question, which is why I said you can ignore those.

JimKiler · May 20, 2017

JEDIYoda said:
Actually it will do you no good to call that number...the Vanguard group will do nothing about it. They probably have no clue what you are talking about and that number I would bet does not connect to the vanguard group!

I would not call a random number. I called a different number and he said my account is secure.

JEDIYoda · May 20, 2017

JimKiler said:
I would not call a random number. I called a different number and he said my account is secure.

These people who do these scams also can redirect your call to a different number....so be very careful!!

Mike64 · May 20, 2017

JimKiler said:
I would not call a random number. I called a different number and he said my account is secure.

Backing up a moment - do you even have two-part authentication set up on that account, and specifically, with the phone number you got the call on as the "second part"? If so, did you think to ask if they could tell if someone had actually managed to log in with your user ID or email address, apart from whether anything had been done or any changes were made? (If the answers to those two questions are yes, yes, and no, respectively, it's probably worth a second call to ask that specific question. On the other hand, if the answer to either of the first two questions is "no", it seems to me it must have been a phishing call (which as an aside, would be really annoying, if we have to start thinking about crap like that in addition to email and web-based bullshit<sigh>), and if there's no record of a login since you yourself last signed in to the account, then presumably your existing password is still secure...

JimKiler · May 22, 2017

Mike64 said:
Backing up a moment - do you even have two-part authentication set up on that account, and specifically, with the phone number you got the call on as the "second part"? If so, did you think to ask if they could tell if someone had actually managed to log in with your user ID or email address, apart from whether anything had been done or any changes were made? (If the answers to those two questions are yes, yes, and no, respectively, it's probably worth a second call to ask that specific question. On the other hand, if the answer to either of the first two questions is "no", it seems to me it must have been a phishing call (which as an aside, would be really annoying, if we have to start thinking about crap like that in addition to email and web-based bullshit<sigh>), and if there's no record of a login since you yourself last signed in to the account, then presumably your existing password is still secure...

I do have two factor authentication on and while i did not ask that question he said there is issue so assume that means there was no login attempt made. He was trying to say it was because of setup. I think that was there way of saying the system called you when it should not have.

JimKiler · May 22, 2017

JEDIYoda said:
These people who do these scams also can redirect your call to a different number....so be very careful!!

that is why i do not trust any email or phone number. I will always go directly to the website and email or get a phone number. I have 0% trust in anyone who calls my phone anymore.

corkyg · May 22, 2017

I agree. For me CID is a vital tool. I do not answer calls from 800 numbers, out of area, or from cities and towns.

Mike64 · May 22, 2017

JimKiler said:
I do have two factor authentication on and while i did not ask that question he said there is issue so assume that means there was no login attempt made. He was trying to say it was because of setup. I think that was there way of saying the system called you when it should not have.

Sounds safe enough. Personally, I'd probably change the password on that account just to avoid any lingering doubt, but I don't see why there'd any need to change any others in any event, unless you're reusing the same one (which is a bad idea to begin with, of course...)

Search

received unrequested security code request, what next?

JimKiler

Diamond Member

corkyg

Elite Member | Peripherals

Elixer

Lifer

JimKiler

Diamond Member

JEDIYoda

Lifer

Elixer

Lifer

JimKiler

Diamond Member

JEDIYoda

Lifer

Mike64

Platinum Member

JimKiler

Diamond Member

JimKiler

Diamond Member

corkyg

Elite Member | Peripherals

Mike64

Platinum Member

TRENDING THREADS