Almost scammed

[skipro33]

Haven't had it in years, but every single time my credit card was compromised, I was able to trace it back to a time when I used it in a restaurant and the waiter disappeared with it for a few minutes until bringing it back to me with the receipt.
Since then, I've always carried enough cash to pay for a good restaurant meal and I've never had it happen again.
I love the way they do it in many other countries where the waiter brings the machine to your table and your card is never out of your sight.

I've noticed most restaurants now have pay at the table. Either they leave some sort of electronic tablet, or the tablet is already on the table for the guest to use. On top is a light. When the bill is presented, the light turns red. When the bill is paid, it turns green. I suppose that makes it easy for the waiter to know when you've paid and they no longer need to concern themselves with you.
I find this very convenient because in the past, trying to get my bill, then get my CC back has been the longest wait for me, especially if we are going to the theater or some other venue after the meal. The waiter comes by, asks if there'll be anything else and then leaves the device with instructions to pay point when ready.
I use Goggle Wallet so it's easy.

 

[audreyh1]

I’m very glad to see that US restaurants are adopting pay at the table. We’ve insisted on using ApplePay recently and that has either had someone bring a device to the table or we are directed to a register which is fine.

 

[scrabbler1]

I pay with cash so at restaurants which use those devices at the table it's a PITA to get a paper check from the server before deciding on the final amount including tip. It was so much easier before those annoying devices began appearing at the table and turned paying the check with cash into a minor ordeal.

 

[JoeWras]

I pay with cash so at restaurants which use those devices at the table it's a PITA to get a paper check from the server before deciding on the final amount including tip. It was so much easier before those annoying devices began appearing at the table and turned paying the check with cash into a minor ordeal.

Hmmm. Usually they present the check, then come back with the device after you digest it. At least that's my memory.

 

[Al18]

Usually you can view the 'check' on the electronic device, before paying.

 

[audreyh1]

Lots of variations.

 

[audreyh1]

Speaking of scamming:

Meta reportedly projected 10% of 2024 sales came from scam, fraud ads
https://www.cnbc.com/2025/11/06/meta-reportedly-projected-10percent-of-2024-sales-came-from-scam-fraud-ads.html

 

[COcheesehead]

New scam alert. Got a voicemail, my wife did too saying someone was trying to purchase a new iPhone on our credit card and do we authorize the purchase. If not, press one. The big clue was it was a voicemail, they wouldn’t ask to press one in a voicemail. We checked and there are no new charges on any of our cards.

 

[jazz4cash]

I get at least 10 voicemails everyday directing me to press X or Y. It’s a bot. They might be scams or just aggressive telemarketing. I’ll never know.

 

[fosterscik]

Circling back to this...
Mike piper has a article describing a couple who fell for the same scam I reported. They lost money (fortunately only $4k) and as predicted Fidelity didn't reimburse them.

Here's the article for those interested.

 

[RetiredAndLovingIt]

New scam alert. Got a voicemail, my wife did too saying someone was trying to purchase a new iPhone on our credit card and do we authorize the purchase. If not, press one. The big clue was it was a voicemail, they wouldn’t ask to press one in a voicemail. We checked and there are no new charges on any of our cards.

I just got this scam voicemail this morning so it's still active.

 

[ERD50]

Circling back to this...
Mike piper has a article describing a couple who fell for the same scam I reported. They lost money (fortunately only $4k) and as predicted Fidelity didn't reimburse them.

Here's the article for those interested.

Thanks, I found something useful in that article - he mentions that Fidelity offers a Money Transfer Lock feature. It locks out any outbound transfers other than pre-scheduled transfers, preset auto-pay etc.

Although, if you log in you can unlock it, so I'm not sure how much protection this really provides, wouldn't someone need to be logged in to make an illicit transfer? Is it possible for someone to generate an external transfer that Fidelity would recognize as legit?

So I turned it on anyway, seemed like no downside. But then Fidelity sends me a text with the message that if I did not authorize this call the number, xxx-xxx-xxxx. That ticks me off. They should say call the number you have for Fidelity. They are just training people to accept the idea that it is OK to respond to a number from a text. Now of course, I recognize this as a repose to my action, but who knows how sophisticated these scams are getting? I also got an email, so if the scammer had already got into my email, they could see these to know to pounce into action.

Who knows, the scammers may break into emails, and just be quiet about it, and have a robot filter any financial emails like that, and alert someone (or another robot? Seems like AI could handle this?) as an opportunity to jump in. Just don't respond to any email text directly. Simple as that.

 

[COcheesehead]

Thanks, I found something useful in that article - he mentions that Fidelity offers a Money Transfer Lock feature. It locks out any outbound transfers other than pre-scheduled transfers, preset auto-pay etc.

Although, if you log in you can unlock it, so I'm not sure how much protection this really provides, wouldn't someone need to be logged in to make an illicit transfer? Is it possible for someone to generate an external transfer that Fidelity would recognize as legit?

I use transfer lock down and it even stops me unless I unlock it.

 

[ERD50]

Just a general comment on this thread. Same as the first time I read, I am shocked that so may people have made comments about tips to determine if a text, call or email is legit.

Please stop. It bears repeating. If you guess wrong, you could be in deep trouble. Don't take that risk. There just is no downside to the simple approach that you ALWAYS ignore the contact, and if concerned, YOU initiate a contact through a previously KNOW number or website. NEVER click on or respond to anything in an email/text/call. And remember, they may have hacked your email, and know what's going on.

Another security tip that everyone should know. In your email app, disable the feature to automatically load images in the email. The scammers set those images up with a randomly generated number that they log in a database with your email address. To load that image, the email has to 'hit' their website. The scammers then tag your email as "LIVE". So keep them off by default, and only load trusted sites. I use the open-source Thunderbird (by the Firefox group), and that lets you whitelist and addresses that you trust that you want to load automatically, but other than a very few, I just click the 'load images this one time' button, when/if I want. 90% of the time, the images just make the email harder to read or print, so I'm better off w/o anyhow.

 

[athena53]

Another security tip that everyone should know. In your email app, disable the feature to automatically load images in the email.

Thanks- just did this with my gmail accounts.

We need these reminders- it's so easy to let your guard down when the call involves your financial accounts, your computer or someone in trouble (e.g. grandparent scams). I remember the first time I got an e-mal from someone pretending to be my pastor asking for gift cards for some worthy recipients. He was in and out of meetings but could I just scratch off the coverings over the numbers on the back and e-mail photos? I actually got up and picked up my purse, ready to go buy them before I remembered reading about this type of scam. Since then I've gotten similar requests from scammers pretending to be two of our past bishops and my current pastor.

Now I ask them a question only they can answer ("Can you tell me the name of the person for whom we had the most recent funeral?") I also had the pleasure of telling a "tech support" person something I learned here: dead silence followed by "But I don't HAVE a computer" in a bewildered voice.

He hung up.

 

[COcheesehead]

Just a general comment on this thread. Same as the first time I read, I am shocked that so may people have made comments about tips to determine if a text, call or email is legit.

Please stop. It bears repeating. If you guess wrong, you could be in deep trouble. Don't take that risk. There just is no downside to the simple approach that you ALWAYS ignore the contact, and if concerned, YOU initiate a contact through a previously KNOW number or website. NEVER click on or respond to anything in an email/text/call. And remember, they may have hacked your email, and know what's going on.

Another security tip that everyone should know. In your email app, disable the feature to automatically load images in the email. The scammers set those images up with a randomly generated number that they log in a database with your email address. To load that image, the email has to 'hit' their website. The scammers then tag your email as "LIVE". So keep them off by default, and only load trusted sites. I use the open-source Thunderbird (by the Firefox group), and that lets you whitelist and addresses that you trust that you want to load automatically, but other than a very few, I just click the 'load images this one time' button, when/if I want. 90% of the time, the images just make the email harder to read or print, so I'm better off w/o anyhow.

Don’t open emails from unknown sources. Once you open it, whether the image is downloaded or not, you have now been categorized as a live one and more spam will follow.

 

[CaptTom]

Re-reading this, I'm even more convinced that 2FA isn't security, it's security theater. Trying to deflect blame from the companies which get hacked, by making us somehow feel it's our fault.

The scam in the OP only exists because of 2FA. Without that, it couldn't have worked.

Don’t open emails from unknown sources. Once you open it, whether the image is downloaded or not, you have now been categorized as a live one and more spam will follow.

As long as you have the "preview pane" and "auto-load images" disabled, there's no reason your e-mail client should give any indication to the sender that you've opened the message. Doing these things is good advice. Of course, deleting the message is even better, but (1) I'm not always sure, and (2) I like to keep track of the scams currently circulating out in the wild.

 

[Koolau]

Re-reading this, I'm even more convinced that 2FA isn't security, it's security theater. Trying to deflect blame from the companies which get hacked, by making us somehow feel it's our fault.

The scam in the OP only exists because of 2FA. Without that, it couldn't have worked.



As long as you have the "preview pane" and "auto-load images" disabled, there's no reason your e-mail client should give any indication to the sender that you've opened the message. Doing these things is good advice. Of course, deleting the message is even better, but (1) I'm not always sure, and (2) I like to keep track of the scams currently circulating out in the wild.

Yeah, what a royal pain to have to be on guard all the time - especially when the "bad guys" seem to be able to adapt quickly to things like 2FA.

 

[JoeWras]

Speaking of security theater... A few years back I got a Yubikey for Vanguard log ins.

Useless.

It was a lot of theater alright. Insert key/enter pin/touch key. Yeah!

Recently, it stopped working. Oh no! Now what? Oh yeah, I had an extra in the safe. Too much work. Let's see if I can reset my password. So during my log in, there was a link that said "Trouble logging in?" or something like that. Pressed it, gave it some info, got an MFA ping back to my phone and I was logged in. The first thing I did was disable the Yubikey.

The whole hardware key thing was useless since they let me reset my login so easily. Sure, there was the MFA to my phone, but see OP's OP. That was all about the scammer getting the MFA from you. MFA is theater too.

 

[gman57]

I NEVER do anything unless I initiate contact with known information. My phone doesn't answer unless you're in my contacts. I figure if important they'll leave a message. I don't use normal security question answers either. What's your favorite color? My answer would be something like Space Shuttle (not related to question).

 

[audreyh1]

Good reminder - had almost forgotten.

The phishing attempts I get these days are emails reporting a recent invoice for something I had purchased and a number or link if there is any error, ha ha.

 

[audreyh1]

I NEVER do anything unless I initiate contact with known information. My phone doesn't answer unless you're in my contacts. I figure if important they'll leave a message. I don't use normal security question answers either. What's your favorite color? My answer would be something like Space Shuttle (not related to question).

I was wondering if the texts were spoofing Fidelity numbers. I do have Fidelity contacts in my list - numbers I already get calls or texts from. But you still have to be careful.

 

[jazz4cash]

I use transfer lock down and it even stops me unless I unlock it.

Money Transfer Lockdown is a great feature but I don’t know why they set it up to block transfers between my Fidelity accounts. The text notifications are good in case your account is hacked. I suggested an option to re enable MTL after a transaction or in X days.
Security is mostly deterrence, anyway. Anything to slow them down and encourage them to find an easier target.

 

[COcheesehead]

Money Transfer Lockdown is a great feature but I don’t know why they set it up to block transfers between my Fidelity accounts. The text notifications are good in case your account is hacked. I suggested an option to re enable MTL after a transaction or in X days.
Security is mostly deterrence, anyway. Anything to slow them down and encourage them to find an easier target.

I find it only blocks transfers between dissimilarly registered accounts. I can transfer from a taxable to my HSA or Roth, but I can’t transfer from my account to my wife’s.
I definitely have to turn it off first for anything outside of Fidelity.

 

[jazz4cash]

I find it only blocks transfers between dissimilarly registered accounts. I can transfer from a taxable to my HSA or Roth, but I can’t transfer from my account to my wife’s.
I definitely have to turn it off first for anything outside of Fidelity.

I do get confused with some of the restrictions but I just went through this. When I click transfer every Fido account I choose has the MTL lockdown popup flag to choose another account or remove the lock. When you set it up you can specify which accounts to lock. I have a monthly recurring transfer to my local bank that is not blocked by the lockdown feature. When necessary you can lock or unlock instantly.