Re: [ot] [but important] e-Fraud

Here are some extracts from that thread.

SQ

-------------------------------------------------------
For anyone who thinks "can't happen to me", think again.

I tend to check my online accounts every week or so, not in any great
detail, just to keep an eye on what I'm spending, and on what. Being
with LloydsTSB, I have access to all of them online; personal, business,
and credit card (MasterCard).

So I suddenly remembered yesterday that I hadn't paid off the CC in a
while, so went online to check how much and pay it off with a transfer.

Looking at the total, I noticed 3 transactions, 1 on the 30th June and 2
on the 1st July, all with different references, and all for *exactly*
£50.

That's odd, I thought; I never get cash out with my CC, so the chances
of me buying anything for exactly £50 are a bit remote. Now it may be I
just forgot, but 2 transactions for exactly £50 on the same day? I rang
Lloyds MasterCard, purely to get some more details on what the purchases
were, to jog my memory, and about 30 seconds into the convo the nice
telephone support lady said "I don't like the look of this, one
moment" ...

.... I was then transferred to a fraud expert, who took a look, confirmed
something was up (money transferred by signature, not PIN), and within 2
mins the CC account had been closed, a new card issued, and a fraud form
dispatched. It will, sadly, take 3-6 weeks to get my money back, but at
least I won't be liable as I informed them in good time.

The thing is, I haven't bought anything from dodgy web sites, haven't
taken any chances with my CC, and haven't been anywhere where it could
have been cloned, at least not to my knowledge ... so how the ***
they've managed to do it I have no idea.

So it does happen, and successfully ... it'll be interesting to see if
they manage to nail whoever the cheeky monkey is.
-------------------------------------------------------
Same thing happened to us. From a US mail order company ... though we
hadn't ordered anything or even been in contact, they started with a 1$
then four 50$, all within ten or so minutes, then the bank rang my wife
within 15 minutes ... they said they knew of what was happening almost
as it happened. Apparently they start with a cc number (any number)
then try the three figure combination a few times ... and keep doing it
until they get a hit, then up the amounts.

Got the money back within the fortnight, so not too bad.

Scary thing is there is _nothing_ you can do to prevent it happening
and having to claim it back when it does. :(
-------------------------------------------------------
So it was purely a random chance attack? I didn't realise they bothered
doing that ... interesting. Normally Lloyds MasterCard seem very on the
ball, such as ringing my mobile recently to confirm when I spent some
money on wine, then realised I'd forgotten the whisky, and did a second
purchase in the same store within 2 mins ... what does surprise me is
that the fraudsters chose amounts that were so easy to spot ...
honestly, if I'd not seen an exact amount I'd never have spotted it, as
I don't bother noting down what I spend and where.

I'm considering starting to, mind.
-------------------------------------------------------

It's what we were told. Totally random and nothing you can do except
be vigilant and report such activity as soon as. We were lucky, the cc
co called us straight away, but it was mentioned in subsequent calls
about the incident that many people get scammed this way and never even
realise it.

> > Normally Lloyds MasterCard seem
> > very on the ball, such as ringing my mobile recently to confirm when
> > I spent some money on wine, then realised I'd forgotten the whisky,
> > and did a second purchase in the same store within 2 mins ... what
> > does surprise me is that the fraudsters chose amounts that were so
> > easy to spot ... honestly, if I'd not seen an exact amount I'd never
> > have spotted it, as I don't bother noting down what I spend and where.

They explained it to us as being the maximum amount that can be charged
'remotely' without needing the 3 digit security code, a signature was
all that was needed. The fact that the scammers (in our case) had also
got our code showed them up as minor league fuckwits, as it isn't
apparently necessary below £50, and if they'd chosen, say, £150
(£149.99) they might have got away with it. ;)

> > I'm considering starting to, mind.

I dunno about going that far, but it's definitely worth checking bills
regularly.
-------------------------------------------------------

Yeah I use my CC for just about everything, and pay it off once or twice
a month, so I doubt I'd have noticed normally.

>> > > Normally Lloyds MasterCard seem
>> > > very on the ball, such as ringing my mobile recently to confirm when
>> > > I spent some money on wine, then realised I'd forgotten the whisky,
>> > > and did a second purchase in the same store within 2 mins ... what
>> > > does surprise me is that the fraudsters chose amounts that were so
>> > > easy to spot ... honestly, if I'd not seen an exact amount I'd never
>> > > have spotted it, as I don't bother noting down what I spend and where.
> >
> > They explained it to us as being the maximum amount that can be charged
> > 'remotely' without needing the 3 digit security code, a signature was
> > all that was needed.

Ah ok, thanks; that explains why all 3 transactions were "by signature"
rather than by PIN.

> > The fact that the scammers (in our case) had also
> > got our code showed them up as minor league fuckwits, as it isn't
> > apparently necessary below £50, and if they'd chosen, say, £150
> > (£149.99) they might have got away with it. ;)

Out of interest, did they ever catch anyone?

>> > > I'm considering starting to, mind.
> >
> > I dunno about going that far, but it's definitely worth checking bills
> > regularly.
> >
> > 'The wife' does ours ... ;)

It's not so much the bill checking, more the fact that I simply don't
register what I spend, or on what, as it's never been an issue before. I
really should start, as it was only by pure luck that I noticed this
time.
-------------------------------------------------------
I had a call from Barclaycard asking if I had just authorised a purchase
to lastminute.com from Italy, I had not and they cancelled my card, this
was within an hour of the transaction taking place, well impressed with
barclaycard I was.

And no, no dodgy websites, no paypal purchases nothing.
-------------------------------------------------------

The one *slight* annoyance is that they cancelled the entire CC account,
or at least it's not appearing in my online menu. Maybe that's just a
precaution while they sort the new card out, but I was going to go back
and check more of my statements, to see if anything else was amiss.
I'll wait and see and then request paper statements if necessary.

> > And no, no dodgy websites, no paypal purchases nothing.

I'm still wondering how they do it then; I mean, have they got a
computer endlessly trying number after number and, if so, can't
MasterCard trace it and prosecute?
-------------------------------------------------------
They do that.

It'll be re-instated within the week with a new number.

Just as a precaution, if you take the offer to also change the account
to an Airmiles Duo at the same time, don't rely on their automated
balance transfer to move the balance over - if any late transactions
come in, they'll sit on the original account.

(FWIW, Airmiles Duo is worthwhile doing if you regularly cane your card
with business expenses, especially if you use the Amex card)
-------------------------------------------------------
The banks use a formula to generate valid card numbers - they're not
just a random 16-digit number (most cards use 16 digits, but not all).
The formula is not a secret.

Authentic numbers can be generated at will. The scammers just need to
find out if the card number is active or not. Once they hit on an
active account they'll start hitting it with charges.

The banks try very hard to play down their losses in order to protect
their reputation and avoid (yet another) banking scandal. In most
cases they choose the quiet option and just write these losses off.

The economic reality is that it simply costs too much to chase down
the crooks, which personally, I find terribly disappointing.
.