OT: Credit card phishing attempt

Charleston Dave · February 2009

My famiily was attacked by a credit card phishing attempt this morning.

I got a call from (800) 300-8003 by someone who (a) knew the cardholder's name, (b) knew my personal cellphone number, (c) knew the expiration date on the card, (d) knew 3 of the 4 digits ending the account number.

I am letting forum members know because the only use of that card/phone combination in the last month or two was to buy BBQ and photo equipment online.

The ruse was that my "major credit card company" wanted to thank me for my prompt payment record in these troubled economic times by sending me a gas card worth $300.

I reported the attempt to my credit card company, who told me that there has been a lot of this particular phishing attempt going around since Christmas. We reviewed recent purchases and there was no harm done (yet).

So, be aware...free gas card ain't free if you accept it. Or, as my college econ professor was fond of saying, TANSTAAFL (They're Ain't No Such Thing As A Free Lunch).

According to www.800notes.com, this phone has been linked to repeated autodialing hangups and to efforts to get people to purchase coverage on credit cards.

Mainegg · February 2009

LOL they are something aren't they. Last week mid cruise! I got a note from the pursers desk :( my card was declined for that days charges. Well since I had been drinking Celtic's blue mt mist I had bought for him I knew my bar tab could not have been that bad

I logged on my lap top and I had a charge for 600.00 worth of CHINCHILLAS supplies! So went up to the desk and they called my bank for me. come to find out they had shut down my card. some one tried to buy over 20,000.00 in dive equipment and ship it to Singapore. plus a bunch of other stuff. Thank goodness I had another card with me. What made me the maddest was that it was a Princess card and I was supposed to get double points on the Princess ship for using it LOL.

Charleston Dave · February 2009

I was previously a victim of credit card fraud so I tend to be hypersensitive to this stuff. About a month after I took a business trip to Dallas a few years ago, somebody in a small town in TX about an hour from Dallas knew my credit card numbers, expiration, name and mailing address and ran up many thousands of dollars of purchases. I'm thinking it was staff in the hotel, or a WiFi intercept when I used my credit card to buy time in an internet café, but I don't know for sure.

On a subsequent trip to Dallas, I drove to that small town and met with the police. I even went to the house where they'd had things shipped that had been purchased on that card, everything from pizza to cellphone minutes to clothing to storage locker rent. According to the police that household had several residents with criminal histories. In this case, they managed to skip town before the long arm of the law came crashing in. Once I knew names, I did track one of the individuals to counterfeit software scams.

Didn't cost me anything but time and annoyance.

Mainegg · February 2009

It is frustrating! I have only one card that is used online and it has a low credit limit. and I check all my cards everyday online. A few years ago we really tackled our fiances and bills and paid off and canceled a number of cards. now we have 4, two joint and one personal each. It is scary how things get passed around and how fast it can happen. You almost need two so you have one that is good while they replace the compromised card! My stomach drops every time a customer flips open a wallet with about 15-20 cards and can't remember which one is any good. not to mention carrying all that right with the info that someone needs to make it work, for a short time anyways. I keep my credit cards in a small separate wallet from my wallet with my license and other personal info. a bit of a pain but if I loose my cc wallet they do not have me checking account and other info to bull sh*& their way into a charge. It was a good tip I got from a bank teller one time. she had just finished helping a customer close accounts when she lost her wallet with everything in ti.

egret · February 2009

Dave, not sure what they were after. Did they want to get more info from you regarding your credit card, or something else?

Celtic Wolf · February 2009

You should contact the companies you did business with. Obviously one of their sites has been hacked..

Tell us of the issue won't stop it from happening to us or others if we don't know which sites you went too..

Celtic Wolf · February 2009

and I damn well expect that dive equipment to show up in Singapore too... :woohoo:

tjv · February 2009

My wife has had her credit card info stolen and used twice. It is a hassle.

That is one of the reasons, I decided to let Google and Paypal handle all the electronic payments on my site. All I get is confirmation of a payment. Actually I don't want to handle personal information like that. I have some folks get upset with me when they call asking if they can order over the phone and I ask them to do it online. Just better that way in my opinion.

t

Fidel · February 2009

Simple advice from someone in the business:

If anyone you do not personally know ever calls you asking for any credit or personal information - regardless of how much they seem to already know about you - get a call back number and extension and verify that the number given goes back to the company they are allegedly calling from.

Those with intent to defraud are calling for one reason - they don't have one (or more) piece of vital information they need to facilitate the fraud. A big piece is they will ask for the last 4 of your SSN. This is because the first 5 numbers are available and the last 4 are typically masked by information vendors and person location services. If someone gives you the first 5 and you give them the last 4 - they gotcha.

Do not ever ever give out or confirm information with anyone unless you initiated the call or have confirmed the identity of the caller. Caller ID can be spoofed.

A bank will not call you to verify your home address or confirm your SSN or account number. Don't fall into the trap folks. They may sound legit and sincere. If they are then they will gladly give you a call back number. Pressure to keep you on the phone is a big clue that they are not legit.

Rascal · February 2009

Sounds akin to the climate in Chicago, Wall Street & DC... For example: the globe (our Earth) is warming (ala Algoreleone) but now we're freezing to death and we need your money to stop it! Holy mackeral Andy, whatta we gonna do...? Hahaha... Fools, go get a reality check!!

Misippi Egger · February 2009

This may not be the same thing as your problem, but last week I got a notice from the company I have theft insurance with and they said a company that processes 100+ million transactions a day for the credit card companies had been hacked. The extent of the hack was not known, but to carefully check all transactions to make sure they were mine.

A couple of colleagues got a similar notice from their banks with new cards being issued.

Charleston Dave · February 2009

The initial pitch was that I had a $300 gas card waiting as a thank-you gift for good payment. The caller identified himself as "River."

I was immediately suspicious (since when is a credit card company that generous?) and stated that I wouldn't be divulging any personal information since they had called me instead of my calling them.

They quoted the last four digits of the credit card, but got one digit wrong. They are similar-looking digits, so one wonders if the ID theft was from a blurry copy that had only these four digits (typical cash register printout, except that that wouldn't have my cell phone number).

Certain then that the call was fraudulent, I terminated the call. The cardholder name and expiration date the phisher quoted were both accurate. The phone number they called me on was not the primary accountholder phone, so that leads me to believe that it might have been a hack from an online order where I provided my cell phone to the vendor.

After speaking with my card-issuing bank, which confirmed that the phishing attempt was just that, I reviewed recent charges with the bank and found nothing amiss. I called back the original phone, which was answered by a different person who then told me that they "represented major credit card issuers" and wanted the number at which they had first called me in order to proceed. I chose not to proceed.

I googled the 800 phone number online and found the calling history and consumer complaints I detailed upthread. If anybody would like to explore the issue further, or play liar's poker with a liar, the calling phone was 800 300 8003.

My guess is that they wanted to trick me into giving more personal info to facilitate ID theft, or perhaps sell me something while representing that it was a routine charge or "opportunity" provided by my bank.

Charleston Dave · February 2009

I understand your request for specificity, CW, but I cannot trace the hack to one particular site and I don't want Eggers to think badly of their suppliers when those suppliers are likely uninvolved or at worst innocent co-victims. For example, I did business with tjv but it was through Paypal and I therefore strongly doubt that his operation was hacked. If I screamed on the forum that after doing business with him my card was hacked, then his fine reputation would be unfairly smeared. I don't want that to happen.

If you have a particular personal interest in which sites, email me and I will provide the info privately.

I do plan to touch base with the online vendors of BBQ equipment and photo equipment.

Celtic Wolf · February 2009

I am not telling you to tell US. I am telling you to contact the people you did business with. Tell them what happened.

If my server was involved I'd want to know it was to fix the issue.

Telling us there is a potential problem out there does not fix the actual problem.

Charleston Dave · February 2009

Celtic Wolf wrote:

Tell us of the issue won't stop it from happening to us or others if we don't know which sites you went too..

My apologies, CW. I understood your phrase "we don't know which sites you went too" to be an implicit request for identification of the specific sites. Evidently I misunderstood you.

The reason I notified fellow Eggers here is that my purchases of BBQ equipment and photo equipment were possible risk factors for the phishing attempt, so those that make similar purchases should be aware that there is a potential for them to experience similar attacks.

As to notifying the vendors that may have been compromised, I have stated upthread that I will be doing so. Thanks for you concern and suggestions.

Charleston Dave · February 2009

Very useful comments, Fidel, thank you. I've been through this before but still learned from what you had to say. Thanks! I just follow the simple rule that somebody who calls me for financial information isn't going to get any in that call.

OT: Credit card phishing attempt

Comments

Categories