edmonton: IMPORTANT: New Phishing scam reported by RBC

daft_key (

daft_key) wrote in

edmonton,
@ 2008-04-25 14:42:00

IMPORTANT: New Phishing scam reported by RBC
Sorry about the length of this post, previously. I hadn't realized that it was pretty much a word-for-word copy of another email (it was forwarded around my office by our controller - I assumed "Linda" was our corporate bank representative)

Our controller has passed on the following alert from RBC regarding a new credit card phishing scam happening in Alberta:

Royal Bank of Canada received
this communication about the newest scam.

This is happening in southern Alberta right now and moving.
This one is pretty slick since they provide YOU with all the information,
except the one piece they want. Note, the callers do not ask for
your card number; they already have it.

This information is worth reading. By understanding how the VISA &
MasterCard telephone Credit Card Scam works, you'll be better prepared
to protect yourself. One of our employees was called on Wednesday from
"VISA", and I was called on Thursday from"MasterCard".

The scam works like this:

Person calling says, "This is (name), and I'm calling from the Security
and Fraud Department at VISA. My Badge number is 12460 , Your card has
been flagged for an unusual purchase pattern, and I'm calling to verify.
This would be on your VISA card which was issued by (name of bank). Did
you purchase an Anti-Telemarketing Device for $497.99 from a marketing
company based in Arizona ?" When you say "No", the caller

continues with, "Then we will be issuing a credit to your account.
This is a company we have been watching and the charges range from $297
to $497, just under the $500 purchase pattern that flags most cards. Before
your next statement, the credit will be sent to (gives you your address),
is that correct?"

You say "yes".

The caller continues - "I will be starting a Fraud Investigation.
If you have any questions, you should call the 1- 800 number listed on
the back of your card (1-800-VISA) and ask for Security. You will
need to refer to this Control Number. The caller then gives you a 6 digit
number. "Do you need me to read it again?"

Here's the IMPORTANT part on how the scam works:

The caller then says, "I need to verify you are in possession of your
card". He'll ask you to "turn your card over and look for some
numbers". There are 7 numbers; the first 4 are part of your card number,
the last 3 are the Security Numbers that verify you are t he possessor
of the card.

These are the numbers you sometimes use to make Internet purchases to prove
you have the card. The caller will ask you to read the last 3 number to
him. After you tell the caller the 3 numbers, he'll say, "That is
correct, I just needed to verify that the card has not been lost or stolen,
and that you still have your card. Do you have any other questions?"

After you say no, the caller then thanks you and states, "Don't hesitate
to call back if you do", and hangs up. You actually say very little,
and they never ask for or tell you the card number.

But after we were called on Wednesday, we called back. Within 20 minutes
to ask a question. Are we glad we did! The REAL VISA Security Department
told us it was a scam and in the last 15 minutes a new purchase of $497.99
was charged to our card.

We made a real fraud report and closed the VISA account. VISA is reissuing
us a new number. What the scammers want is the 3-digit PIN number on the
back of the card. Don't give it to them. Instead, tell them you'll call
VISA or Master Card directly for verification of their conversation.

The real VISA told us that they will never ask for anything on the card
as they already know the information since they issued the card! If you
give the scammers your 3 Digit PIN Number, you think you're receiving a

credit.

However, by the time you get your statement you'll see charges for purchases
you didn't make, and by then it's almost too late and/or more difficult
to actually file a fraud report.

What makes this more remarkable is that on Thursday, I got a call from
a "Jason Richardson of MasterCard" with a Word-for-word repeat
of the VISA Scam. This time I didn't let him finish. I hung up! We filed
a police report, as instructed by VISA. The police said they are taking
several of these reports daily! They also urged us to tell everybody we
know that this scam is happening. I dealt with a similar situation this
morn ing, with the caller telling me that $3,097 had been charged to my
account for plane tickets to Spain , and so on through the above routine.

It appears that this Is a very active scam, and evidently quite successful.

Pass this on to all your family and friends

Linda Haig-
Executive Assistant
RBC Investments, Trust Services
Royal Trust Corporation of Canada
301, 335 - 8th Avenue SW
Calgary , Alberta T2P 1C9 ; Transit #04184
Telephone: (403) 503-6070
Fax: (403) 299-4515

(Post a new comment)

raptortheangel
2008-04-25 09:07 pm UTC (link)

Can you please put the bulk of this behind a cut? It's just really long.

This is a pretty good scam; anyone who has cracked a merchant database has a great deal of information, but many online processors require that security number from the back of your card, which merchants are NOT supposed to store in any database. Once the thief has that number, they can pretty much use your card at will online.

Just remember, credit card companies will NEVER call you regarding fraudulent activities. They will always freeze your account until you call them, for the exact reason of scams like this one.

If someone calls claiming to be your credit card company and asks for information, tell them you'll call them back at the number on the back of your card, then do so. Guaranteed, your real provider will have no such record of needing information. More importantly, if the caller was reciting your information to you, cancel that card immediately and get a new one.

(Reply to this) (Thread)

	kiwibouldingue 2008-04-25 11:17 pm UTC (link)
	I received a call from my credit card company years ago regarding a hacker - they advised me to get a new card so the circumstances were different, but they exist nonetheless. The advice about calling the company back still applies and should be followed, though. (Reply to this) (Parent)(Thread)

	coolgirl888 2008-04-27 06:44 am UTC (link)
	I got a phone warning from my credit card company about a fraudulent charge just a couple months ago, so yes they will call you about fraudulent activities, but they don't ask you for any information. (Reply to this) (Parent)

	iamo 2008-04-27 08:37 pm UTC (link)
	Just to add my voice to this chorus, they definitely do sometimes call you about questionable activity on your card. (Reply to this) (Parent)

	thegreymouser 2008-04-25 09:11 pm UTC (link)
	If by "newest scam" you mean 4-5 years ago. Snopes! While I don't doubt that such phishing could occur, I doubt it's a real problem here in "Alberta" - the email is a near verbatim copy with a signature from a business card. Here it is again last year. (Reply to this) (Thread)

	daft_key 2008-04-25 10:48 pm UTC (link)
	Gaaa!! And to think I give other people shit for forwarding unsubstantiated chain letters warning of all the bad things that can happen when strangers call! At least the letter didn't mention vending machine change dispensers and dirty needles! (Reply to this) (Parent)

	daft_key 2008-04-25 10:50 pm UTC (link)
	I should've paid attention to the golden rule - if an "informative" email contains more than three sentences that end in an exclamation mark, it's probably a chain letter! (Reply to this) (Parent)

	puppytown 2008-04-25 09:17 pm UTC (link)
	Snopes says this is plausible: http://www.snopes.com/crime/warnings/creditcard.asp (Reply to this) (Thread)

	puppytown 2008-04-25 09:18 pm UTC (link)
	Ha, I am slower than the mouser. (Reply to this) (Parent)

	deganedward 2008-04-25 09:19 pm UTC (link)
	This has happened in the past as my bank rep who issued us our Visa cards gave us this spiel and let us know if anyone from Visa calls wanting information 'just to confirim', it's a fraud as they already have that info in their system. (Reply to this)

wyldthyng
2008-04-25 10:32 pm UTC (link)

ja, this is old news; part of me says "whoever doesn't know not to give their CVN away deserves what they get".

I think the CC companies should reserve one or two CVNs for people who suspect fraud - rather than their actual CVN, they give the 'alert' one and bells go off in the system when Suspect Company tries to put the transaction through.

But then, I'm smrt like that. :P

(Reply to this) (Thread)

daft_key
2008-04-25 10:46 pm UTC (link)

whoever doesn't know not to give their CVN away deserves what they get
Same thing for the guy who's credit card gets stolen because he accidentally left it on the counter at the gas station. As well as those idiots who get beat to death by a group of rowdy teenagers on a bus because he gave them a dirty look - he asked for it.

Not that criminals should bear the full responsibility for their actions or anything.

(Reply to this) (Parent)(Thread)

wyldthyng
2008-04-25 10:52 pm UTC (link)

oh they totally should. I was being semi-sarcastic. But remaining wilfully uninformed leaves you with SOME of the blame for the situation. Like when I booked movers and missed their minimum 3hr charge which kinda negated their low-low-hourly-rate shtick.

But ... I work in financial services.
I got an email from a lady who voluntarily gave me (and I don't mean I asked for it, I mean she provided all this as ID, in a freaking EMAIL):
her acct#
her PIN# (basically. not a bank, but a money handler)
her answer to her secret question
her password
her credit card#
her CVN

...?! a worse person could've cleaned her right out.

(Reply to this) (Parent)(Thread)

daft_key
2008-04-25 11:01 pm UTC (link)

I actually agree with you - was just being argumentative, as some people take the "blame the victim" bit a little too far. :)

I know what you mean with people being careless with important info (especially when talking about financial stuff). I manage accounting systems for a number of medium-sized businesses in Calgary (most sit between $100M and $500M in annual revenues) and I asked for a password reset recently from an IT guy at one of our clients. Instead of resetting the password, he emailed me the admin password (basically, the "do anything you want in the system" password).

You can just imagine what could happen if he got my email address wrong.

(Reply to this) (Parent)(Thread)

	wyldthyng 2008-04-25 11:03 pm UTC (link)
	~sputters~ Corporate and IT people are supposed to know better! Anyway. :) (Reply to this) (Parent)(Thread)

	daft_key 2008-04-25 11:10 pm UTC (link)
	ESPECIALLY IT people (who this was). I wrote a fairly strongly-worded email back to him explaining the possible can of worms he could have (and for all I know, might still have) opened. I also very quickly changed the password. (Reply to this) (Parent)

gambitsworld
2008-04-25 11:01 pm UTC (link)

Actually a police official was on the radio last week warning the public about this scam. Generally they get one or more of the victims credit card bills (usually out of the garbage) then the criminals have all the info they need, except the code on the back. A quick look through the phone book and they have your number, They call, you know the rest.

That is why everyone should SHRED EVERYTHING that has you name &/or address on it before throwing it out.

At least they are not from Nigeria and want to help you get free money from the government ;)

(Reply to this)

Username:		Create an Account Forgot your login or password? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…

About

Help

Get Involved

Legal

Store

LJ Labs