PSA: Phishing Attempt POSING as Comcast.

Alan said:
As I said to the guy at Amazon, how can this happen? Why would you let someone else use my CC without at least an e-mail to me to confirm that they have my permission? This was not a clever bit of fraud, or a software security hole, it was simply someone like a waitress (or waiter) copying down the details of my CC and then using it on-line.
Click to expand...

It seems to be relatively easy to do. I manage some of my mothers accounts and was able to go online with just few bits of info and access all of her accounts.

One thing I have seen some places do that helps, they will not ship to an address that is different from the CC address without confirmation.
 
Alan said:
As I said to the guy at Amazon, how can this happen? Why would you let someone else use my CC without at least an e-mail to me to confirm that they have my permission? This was not a clever bit of fraud, or a software security hole, it was simply someone like a waitress (or waiter) copying down the details of my CC and then using it on-line.
Click to expand...

Now I'm curious. On one hand, would Amazon know that your CC# was tied to your email - or is that something that they are 'blind' to (for security reasons). It does work the other way round, the CC can be tied to your account. But this wasn't your account, it was a new one.

But that raises the question - what does it take to open an account? I would think they would need your billing address. That not matching the CC should be a red flag, no? But they would give their email address for this new account, so assuming they could open it, they wouldn't email you - your email is not connected with this account. Maybe they knew your address? A restaurant employee could easily Google that from your name and general location (ours comes up in publicly available property tax records). Once an account is set up, you can ship to a different address.

It's been so long since I created the Amazon account, I don't recall the steps or requirements.

Would a credit card freeze prevent this?

-ERD50
 
rbmrtn said:
It seems to be relatively easy to do. I manage some of my mothers accounts and was able to go online with just few bits of info and access all of her accounts.

One thing I have seen some places do that helps, they will not ship to an address that is different from the CC address without confirmation.
Click to expand...

But this is different - they didn't access his Amazon or Credit Card account - they set up a new account with his CC# (and maybe a googled address).

IIRC, the confirmation to ship to a different address is pretty minimal. And since this was 'their' account, they probably had everything they needed to confirm it.

-ERD50
 
ERD50 said:
Now I'm curious. On one hand, would Amazon know that your CC# was tied to your email - or is that something that they are 'blind' to (for security reasons). It does work the other way round, the CC can be tied to your account. But this wasn't your account, it was a new one.

But that raises the question - what does it take to open an account? I would think they would need your billing address. That not matching the CC should be a red flag, no? But they would give their email address for this new account, so assuming they could open it, they wouldn't email you - your email is not connected with this account. Maybe they knew your address? A restaurant employee could easily Google that from your name and general location (ours comes up in publicly available property tax records). Once an account is set up, you can ship to a different address.

It's been so long since I created the Amazon account, I don't recall the steps or requirements.

Would a credit card freeze prevent this?

-ERD50
Click to expand...

ERD50 said:
But this is different - they didn't access his Amazon or Credit Card account - they set up a new account with his CC# (and maybe a googled address).

IIRC, the confirmation to ship to a different address is pretty minimal. And since this was 'their' account, they probably had everything they needed to confirm it.

-ERD50
Click to expand...

When I asked the fraud dept guy why they would allow someone else to use my CC on their account he said that it is very common for this to happen, but that does not explain why they do not ask for permission, or even inform me that my CC under the name "Alan xxxxxxx" is being used by someone called "Louise yyyyyyyy".

He wouldn't tell me what the purchases were for so I don't know if they physical things being shipped to an address or if they were things that did not need a shipping address such as music downloads, on-line gift cards etc.

PS

I Googled my name (which is very unusual) and found my address very easily so the account could have been set up with my billing address even it the shipping address is different
 
Last edited:
I wonder if this is a case where it's.much cheaper for Amazon to resolve the fraud that occurs individually in a relatively tiny number of new accounts vs the cost in time if not money of cross checking CC info to existing accounts or contacting people when ship to addresses differ. Like many people we use one CC for only online charges, so a fraudulent account using that number could not likely be set up anyway (stolen CC info would probably come from a different card) against which it could be cross checked.

What a pain, though, Alan.
 
Alan said:
When I asked the fraud dept guy why they would allow someone else to use my CC on their account he said that it is very common for this to happen, but that does not explain why they do not ask for permission, or even inform me that my CC under the name "Alan xxxxxxx" is being used by someone called "Louise yyyyyyyy".
t
Click to expand...

It's very easy to do , amazon in particular. I mentioned I was able create an account using someones info ( my mother ) without a problem. I was surprised how easy. It depends a lot on the other party and how well they verify the account. A lot places now require the 3/4 digit security code which you don't have without the physical card. Amazon doesn't, also as another mentioned for amazon it is probably easier to write off the small amounts rather than impede the ordering process.

Amazon has been highlighted before on this...

Amazon Lets Thieves Shop With Stolen Credit Card Numbers, Says Report - Business Insider
 
Bestwifeever said:
I wonder if this is a case where it's.much cheaper for Amazon to resolve the fraud that occurs individually in a relatively tiny number of new accounts vs the cost in time if not money of cross checking CC info to existing accounts or contacting people when ship to addresses differ. Like many people we use one CC for only online charges, so a fraudulent account using that number could not likely be set up anyway (stolen CC info would probably come from a different card) against which it could be cross checked.

What a pain, though, Alan.
Click to expand...

Programming should be easy enough and it would cost Amazon next to nothing to have their software automatically send an e-mail every time the same credit card is set up against multiple accounts.

Even Facebook sends me an e-mail when I log in for the first time using a different PC. (sometimes I clear all cookies from one of the 3 laptops/netbooks I use).
 
rbmrtn said:
It's very easy to do , amazon in particular. I mentioned I was able create an account using someones info ( my mother ) without a problem. I was surprised how easy. It depends a lot on the other party and how well they verify the account. A lot places now require the 3/4 digit security code which you don't have without the physical card. Amazon doesn't, also as another mentioned for amazon it is probably easier to write off the small amounts rather than impede the ordering process.

Amazon has been highlighted before on this...

Amazon Lets Thieves Shop With Stolen Credit Card Numbers, Says Report - Business Insider
Click to expand...

A lot places now require the 3/4 digit security code which you don't have without the physical card.
Click to expand...
When you copy a card's details you also copy the extra security code, so you don't have to have possession of the physical card.

PS
Thanks for that link
 
Alan said:
When you copy a card's details you also copy the extra security code, so you don't have to have possession of the physical card.
Click to expand...

Not sure what you mean by copy the card details. The CSC on the signature strip is no encoded on the magnetic strip.
 
Alan said:
Programming should be easy enough and it would cost Amazon next to nothing to have their software automatically send an e-mail every time the same credit card is set up against multiple accounts.
Click to expand...

What I am questioning is if they can really do that? I thought that the way the security worked, they don't really 'have' your CC#. They have an encrypted version which is not un-encrypted until you log in.

If it does work that way, they couldn't just hit a database of CC#s - they would have to get in, get the key, and decrypt each account, one at a time. And they would probably need to login as you - and I don't think they can get your password either, they can only reset it. I think the actual password check is all encrypted also - again, not something you can hit with a database query.

rbmrtn said:
Not sure what you mean by copy the card details. The CSC on the signature strip is no encoded on the magnetic strip.
Click to expand...

I think he meant manually copy - pencil and paper, like a shifty restaurant employee might do.

-ERD50
 
Alan said:
I Googled my name (which is very unusual) and found my address very easily so the account could have been set up with my billing address even it the shipping address is different
Click to expand...
IIRC, one can remove one's name from Google's search capability. Worth checking into?

I found that while my name is not common, there are enough of 'us' in the US and Europe to make it not easy to figure out who I am and get my address. I have no Facebook or Twitter and only appear on one website, which I may clean once I leave the profession.
 
rbmrtn said:
Not sure what you mean by copy the card details. The CSC on the signature strip is no encoded on the magnetic strip.
Click to expand...

You are thinking hi-tech and I'm thinking low-tech.

You hand over your card to the waiter to pay your bill and he takes it away, returning with the CC slip for you to sign. In that time he can take out a piece of paper and write down the 3 or 4 digit code to use with the rest of your details which he either writes down or uses a card reader to quickly record your details.

In the UK, and in some restaurants in Canada, your card never leaves your possession or sight because they bring a wireless hand-held device to your table where you do the swiping or they do the swiping, and then print out the bill for you to sign.

Even on trains in the UK you can pay for your fare when the ticket collector comes by as they all carry wireless CC machines hanging from their neck.
 
Alan said:
You are thinking hi-tech and I'm thinking low-tech.
Click to expand...

Got it. I wasn't even thinking about that, I was thinking more of amazon online transactions. And in addition to someone manually copying everything, they install fake skimmers that read your card info and capture it. Remember when you just had to worry about them stealing the carbon copy paper from the imprint machine...
 
rbmrtn said:
Remember when you just had to worry about them stealing the carbon copy paper from the imprint machine...
Click to expand...

:LOL: Those days are long gone.

Also, the CC receipts often had your CC number printed on them so I used to mark it out with a pen leaving just the last 4 digits.
 
You must log in or register to reply here.

Similar threads

Mr._Graybeard
I got phished
2 3 4
Replies
85
Views
5K
isisdave
I
C
PSA BMW Financial Services
Replies
4
Views
473
COcheesehead
C
2
MYGA Phishing attempt? (Anyone else asked to 'provide a bank statement'?)
Replies
16
Views
1K
pb4uski
pb4uski
calmloki
Phishing for idjits
Replies
3
Views
593
MissMolly
MissMolly
Amethyst
Strange, unpleasant CC application - Capital One
2
Replies
47
Views
4K
rodi
rodi

Latest posts

Back
Top Bottom