Credit Card Scam // Social Engineering
Results 1 to 7 of 7

Thread: Credit Card Scam // Social Engineering

  1. #1
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752

    Credit Card Scam // Social Engineering

    I received this in an e-mail this morning. It is a great example of social engineering, and a scam everyone should be aware of also.
    Subject: VISA & MasterCard Telephone Credit Card Scam
    FYI and use. Please inform your cardholders.
    Also, the scam is not limited to U. S. Bank cards
    but also applies to Government Travel Charge Cards
    and personal credit cards.

    Tom Kaspar
    NGB GPC Program Manager
    ***************************************************
    -----Original Message-----
    Subject: VISA & MASTERCARD Telephone Credit Card Scam

    This information is worth reading. By understanding how the
    VISA & Mastercard Telephone Credit Card Scam works, you'll
    be better prepared to protect yourself. Thanks to Dr. Pat Cloney
    for passing this on. Those con artists get more creative every
    day.


    My husband was called on Wednesday from "VISA", and I was
    called on Thursday from "MasterCard". The scam works like this:

    Person calling says, "this is <name>, and I'm calling from the
    Security and Fraud Department at VISA. My Badge number is
    12460. Your card has been flagged for an unusual purchase
    pattern, and I'm calling to verify. This would be on your VISA
    card which was issued by <name bank. Did you purchase an
    Anti-Telemarketing Device for $497.99 from a marketing
    company based in Arizona?"

    When you say "No", the caller continues with, "Then we will
    be issuing a credit to your account. This is a company we have
    been watching and the charges range from $297 to $497, just
    under the $500 purchase pattern that flags most cards. Before
    your next statement, the credit will be sent to (gives you your
    address), is that correct?"

    You say "yes". The caller continues... "I will be starting a
    Fraud investigation. If you have any questions, you should
    call the 1-800 number listed on the back of your card (1-800-VISA)
    and ask for Security. You will need to refer to this Control #"
    The caller then gives you a 6 digit number. "Do you need me to
    read it again?"

    Here's the IMPORTANT part on how the scam works. The caller
    then says, "he needs to verify you are in possession of your
    card".
    He'll ask you to "turn your card over and look for some numbers.
    There are 7 numbers; the first 4 are your card number, the next 3
    are the 'Security Numbers' that verify you are in possession of
    the card. These are the numbers you use to make Internet purchases
    to prove you have the card. Read me the 3 numbers". After you
    tell the caller the 3 numbers, he'll say ,"That is correct. I
    just needed to verify that the card has not been lost or stolen, and
    that you still have your card. Do you have any other questions?"
    After you say No, the caller then Thanks you and states, "Don't
    hesitate to call back if you do", and hangs up.

    You actually say very little, and they never ask for or tell you
    the card number. But after we were called on Wednesday, we called
    back within 20 minutes to ask a question. Are we glad we did!
    The REAL VISA Security Department told us it was a scam and in the
    last 15 minutes a new purchase of $497.99 was charge on on our card.

    Long story made short, we made a real fraud report and closed
    the VISA card, and they are reissuing us a new number. What the
    scammers wants is the 3-digit PIN number on the back of the card.
    Don't give it to them. Instead, tell them you'll call VISA or
    Master card direct. The real VISA told us that they will never ask for
    anything on the card as they already know the information since
    they issued the card! If you give the scammers your 3 Digit PIN
    Number, you think you're receiving a credit. However, by the time
    you get your statement, you'll see charges for purchases you
    didn't make, and by then it's almost to late and/or harder to actually
    file a fraud report.
    What makes this more remarkable is that on Thursday, I got a
    call from a "Jason Richardson of MasterCard" with a word-for-word
    repeat of the VISA scam. This time I didn't let him finish. I
    hung up!
    We filed a police report, as instructed by VISA. The police said
    they are taking several of these reports daily! They also urged us to
    tell everybody we know that this scam is happening.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Thanks Moxnix,

    Great heads up,

    What happens your side of "The Pond" will happen ours a few days later...........bit like the second hand weather you keep sending us

    I will advise our local police, government and newspaper people.

    Cheers

    EDIT: The one thing that intrigues me is how do they get your telephone number? It is either an "inside job" or the people know you or someone you know well enough to have your phone number?

    That bit raises my suspicions?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Urban Legend perhaps (although, as they noted, it still offers good advice).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes MsM,

    I would suspect someone in the family had an "expensive habit", or the people concerned are being called at their place of business, or they are in the telephone book.

    Getting the card number is not so difficult, but we are looking at a gang operation here? Cannot be shop assistants, gas station attendants or whatever , as they see the whole of the card.

    As I edited my post, the obtaining of the phone number is the strange part of it.

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Phone numbers are all over the internet. They get the card number from a carbon (probably with a reference somewhere as to which cards belong to which bank) and your name (which would appear on the card itself). The rest is academic.

    The other way would be a using the number off the receipt. Some places track your purchases based on your phone number and this ends up on the receipt along with name and card number. Since many people think nothing of throwing away their receipts after their done (rather than taking it home or to work to shred), it's a matter of grabbing it out of the public garbage.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,228
    Originally posted here by nihil
    bit like the second hand weather you keep sending us
    AFAIK, we buy the weather brand new, then sell it to Tony at a discounted rate.
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  7. #7
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Oh this one is bad... No originality, and trying to hard to make it seem like they don't need the actual card numbers. Come on now guys, when someone calls and asks you for **** about ANYTHING, just say NO.

    (Heh, me of all people telling you to just say no )

    For this to work properly, you would have to find a web site that would allow you to make a purchase, or order, with out the actual card numbers. Not something that will likely happen with any reputable online business.

    If you really want someone's credit card numbers that badly, just do it the old fashion way and put a bit of effort into it. The easiest way to get things from people remains in the physical visit. Who would doubt someone standing in front of you with a uniform on?

    Or of course the air port way, which is the easiest. I wouldn't worry about this one much, but it would be fun to **** with the person on the other line.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •