PDA

View Full Version : A new twist on an old scam


modtinbasher
10th Dec 2007, 19:05
A friend sent me the following, it's a bit drawn out, but sounds quite a plausible new scam .........


This one is pretty slick since they provide YOU with all the information, except the one piece they want. Note, the callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & MasterCard Telephone Credit Card Scam works, you'll be better prepared to
protect yourself.


One of our employees was called on Wednesday from "VISA", and I was called on Thursday from "MasterCard".

The scam works like this: Person calling says, "this is (name), and I'm calling from the Security and Fraud Department at VISA. My badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify the details. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for 497.99 form a Marketing company based in London?"

When you say "No", the caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from 297 to 497, just under the 500 purchase pattern that flags most cards. Before your
next statement, the credit will be sent to (gives you your address), is that correct?"

You say "yes." The caller continues - "I will be starting a fraud investigation. If you have any questions, you should call the 0800 number listed on the back of your card (0800-VISA) and ask for Security. You will need to refer to this Control Number." The caller then gives you a 6 digit number.

Here's the IMPORTANT part on how the scam works. The caller then says, "I need to verify you are in possession of your card." He'll ask you to "turn your card over and look for some numbers."

There are 7 numbers; the first 4 are part of your card number, the next 3 are the security numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will "ask you to read the 3 numbers to him." After you tell "the caller" the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?" After you say, "No," the caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up.

You actually say very little, and they never ask for, or tell you your Card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of 497.99 was charged to our card.

Long story in short - we made a real fraud report and dosed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or MasterCard directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost too late and/or more difficult to actually file a fraud report. What makes this more remarkable is that on Thursday. I got a call from a "Jason Richardson of MasterCard" with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up. We then filed a police report, as instructed by VISA. The police said they are taking several of these reports daily!

con-pilot
10th Dec 2007, 19:10
Excellent post. I have not heard about this one. Well done and thanks.

Saintsman
10th Dec 2007, 19:32
This one I don't mind even though I've seen it several times.

The one to watch for are the ones that tell you to e-mail everyone in your address book to "let them know".

Then its bound to be a spoof.

frostbite
10th Dec 2007, 19:53
Thanks for that.

It's a neat variation that I reckon will work with a lot of otherwise cautious people.

unclenelli
10th Dec 2007, 20:04
It sounds like someone's been through your bin and found a credit card statement.
It'll have all the info on it that they can provide to you (issuing bank, your name, address)
The only thing missing they don't have is the 3 digit security code.

MORAL:
Shred or burn all your waste paperwork!

Lamenting Navigator
10th Dec 2007, 21:01
Shred anything with your name and / or address on it. If you have a coal fire, burn it.

Aaaaaaaaaaaaaaaargh!
10th Dec 2007, 21:10
It's a neat variation that I reckon will work with a lot of otherwise cautious people.It won't work unless you violate the first rule of owning a credit card, which is to not reveal information to anyone unless you initiate the conversation.

I have had the real card people call me and ask me things and I say I will call them back the at the number on the back of the card. They never get upset.

The other reason it will never work is that the three numbers on the back (not a pin, but I forget the name at the moment) becomoe illegible on y cards after a very short time, so I would be unable to read them out anyway :}

stickandrudderman
10th Dec 2007, 23:07
slightly tangentially:
I get very annoyed when my bank asks me for my password.
I refuse and ask them to ask me a question which only I would know the answer to.

Life's a Beech
11th Dec 2007, 11:34
Give them 3 random digits. That will at least waste a bit of their time, and leave more of a trail, as they've tried to use the card number.

OverTq
11th Dec 2007, 13:12
A "heads up" for you and any of your friends who may be regular customers at Tescos. Over the last month I became the victim of a clever scam whilst out shopping. Simply going out to get some bits and pieces has turned out to be quite traumatic. Don't be naive enough to think it couldn't happen to you.

Here's how the scam works: two seriously good looking 18 or 19 year old girls come over to your car as you are loading your stuff into the boot. They both start wiping your windshield with a rag and Windolene with their cleavage almost falling out of their skimpy T-shirts. It is impossible not to look.
When you thank them and offer them a tip, they say "No" and instead ask you for a lift to Devizes.

You agree and they get in the back seat. On the way, they start having sex with each other. Then one of them climbs over into the front seat and performs oral sex on you, while the other one steals your wallet.

I had my wallet stolen on November 4th, 9th, 10th, twice on the 15th, 17th, 20th, three times just yesterday, and very likely again this upcoming weekend as soon as I can buy some more wallets.

Please pass this message on to all the men you know to warn them about this scam

airship
11th Dec 2007, 13:27
I think the scammers in modtinbasher's post should be running the country. I suggest we should pay them each 2 million a year + generous pension and get rid of Gordon Brown's lot... :ok:

If anyone ever has an identical experience to the one mentionned by OverTq at any supermarket in the south of France, then please PM or email me immediately s'il vous plait...?! OK, I'll beg! ;)

Binoculars
11th Dec 2007, 13:39
I confess I am at a loss as to the idea of supplying the three digit thingy on the back of your card. If you provide it online does it not defeat the purpose of having it at all? Is it not like asking for your password?

Signed,

Dumb and dumber of Mackay.

west lakes
11th Dec 2007, 13:52
THe 3 digit security code is used (in the UK anyway) when making online & telephone purchases, it acts as a sort of PIN by confirming you have the card with the number you've just quoted.
I can only imagine that the scammers will then use it to make purchases.










I'm off to Tesco's tonight!

G-CPTN
11th Dec 2007, 14:01
The three digit number doesn't prove that you are holding the card (otherwise the scam wouldn't work), merely that you are aware of what that number (and the other details required for the transaction).

You could memorise the number (and, indeed the other details) and then effect an online purchase . . .

Using your card at a non chip-and-pin outlet where the operator needs to verify that the signature given matches that on the back of the card (where the three-digit number is printed) has always been open to 'fraud' (the operator has a copy of the other card information).

What numptie thought up that 'security' feature?

anotherthing
11th Dec 2007, 14:01
Binoculars

The 3 digit code (CCCV code) is to verify that you are currently in possession of your card, or thats the theory - see above.

Obviously if someone has stolen your card, they have all they need.

As for using it on websites - you should only ever use it on sites you trust, and they should have a locked padlock on the bottom toolbar on your screen signifying that they are using a secure encrypted server.

Any retailer worth their salt will have this setup.

As for giving the info away by phone - the first post on this thread was a handy, well meant one, but I still can't understand how people who are capable of working the internet and posting on forums are capable of falling for these scams!

GCPTN - as technology for card security advances, the fraudsters remain half a step behind..... they will always be able to find a way around a security scheme.

What would be better is if the CCCV code was sent out to you in the same way as your pin. And if you had the ability to change it, like you can your pin - even better.

Unfortunately in todays culture of people needing spoon-fed things, I'm sure many poeple would be aghast at having to remember two sets of digits :ugh:

HKPAX
11th Dec 2007, 20:41
OverTq: think you get the prize for the funniest post on JB for a long time!

The Flying Pram
11th Dec 2007, 20:54
modtinbasher - I was sent his one about a week ago. I did some Googling and it turns out to be yet another hoax. 1st reported back in 2003. See here (http://urbanlegends.about.com/library/bl_credit_card_fraud.htm)

G-CPTN
11th Dec 2007, 21:13
So modtinbasher's text is word-for-word identical with the link provided by The Flying Pram, so it wasn't a recent event that happened to a known acquaintance, but yet another perpetration of a (plausible) urban legend.
I do believe, however that it is a viable scam and folk should be aware of the possibility.

I do recall receiving a word-for-word call from my credit-card company a few years ago, though I cannot remember whether they asked me to read out the number (though they did ask me to verify that I was still in possession of my card), so the story rang true with me when I first read it. There for the grace of God go I (as I didn't receive a surprise billing) - maybe the normal security subsequently intercepted the rogue transaction (it's too long ago to check now, and I'd certainly have noticed a large purchase - or even one that I didn't recognise). I even ring up to check when I see something billed from (for example) Wales when I've never been there at that date only to find that it's the headquarters of someone I've traded with based in London.

25F
11th Dec 2007, 21:53
"word-for-word identical" - except for swapping dollars for pounds, and Arizona for London, etc.

Blacksheep
12th Dec 2007, 02:25
Unfortunately in todays culture of people needing spoon-fed things, I'm sure many poeple would be aghast at having to remember two sets of digits Two numbers? I have to remember hundreds. So I only have one password for everything where it can be changed. Where I cannot change the password I have to write it down somewhere. Which all defeats the purpose of passwords.

No, I don't do internet banking, telephone banking or even send emails that contain any financial information. I don't even have any financial information on my PC as it is possible for fraudsters to hack into it while I'm on-line. Personal data is on another computer that is never connected to the internet and I transfer files into/out of it using a 4 GB Sony Microvault. Am I paranoid? Perhaps, but I do know that nothing that goes out on or connects to the public internet is secure and it never will be.

modtinbasher
12th Dec 2007, 09:27
Ok, I've been scammed as well then by posting what I thought was an original that might assist folks..... as in canoe speak, I 'did it in good faith!'


MTB

ChristiaanJ
12th Dec 2007, 15:13
modtinbasher,
I wouldn't say you been scammed as such..... no harm done.
Sounds plausible enough to me...
And if it simply reminds a few people once more to be careful with their credit card info, it will even have been useful.