Previous Entry Share Next Entry
Mysterious Crimes
Bar Harbor
A few weeks ago, some malefactor got hold of Kestrell's credit card info and made some unauthorized purchases. This, in and of itself, isn't very mysterious; just part of doing business on the internet. The bank had already noticed and reversed one of the charges before we did, and was pretty efficient about dealing with the others and issuing Kes a new card. So we're out some time and annoyance, but no actual cash.

The mysterious part is, these unauthorized online purchases were mailed to *our* house. It makes sense for thieves to want to buy stuff, but why would they send it to us?

Theory 1: When thieves get a new card, they test the waters first by making a few smallish purchases to see if anyone notices. Banks know this, and have complex automated systems for detecting anomalies. And, just as in the spammer-vs-filter arms race, the thieves are getting more sophisticated about making test purchases which look legit to the bank's bots. The things that were ordered 'for' us were from *categories* of things that Kes *does* purchase on-line, though she wouldn't have ought these specific items.

Theory 2: The companies which were 'purchased' from are actually in collusion with the thieves. If no one notices the false purchases, they've made a sale. If someone *does* notice, the have some sort of insurance that reimburses them for being one of the thieves' apparent victims. One of the 'purchases' was on a monthly subscription model, so it's possible that if you don't notice (or even if you do), they'll send you more of it later and try to bill you for that. This is the one that the bank called as fraudulent before we even noticed, which also suggests a past history of complaints against this company. And despite the bank reversing the charges very quickly after them being made, on a Sunday, the packages were mailed out anyways. And the invoice (which explained the subscription model angle) wasn't actually included in the package, but mailed separately, later. Meanwhile, the other package, while it did include a packing slip, had a return policy that extracted such a large "restocking fee that I suspect it is seen as a profit center for them.

Of course, theory 1 and 2 don't contradict each other so could both be true.

Sharing the info, partially 'cause it makes a good story, and partially to increase awareness that this sort of thing is going on.

  • 1
One day my mother phoned me to ask if I'd bought her a computer. Um, I love you, but no. It seems a laptop had just been delivered. I urgerd her to call amex, and in fact it had been purchased with her card. Places like dell will ship to the billing address on the card but not elsewhere without further verification. My guess is the perpetrator assumed people are at work when deliveries arrive, and they can scarper off with the packages before the homeowner notiices. They won't figure it out till the card bill arrives. Sure enough, the next day there were footprints going around to the back of the house in the fresh snow. Creepy.

This is what I was thinking. Delivering expensive items to places other than the address on record raises a flag with a lot of fraud detection systems, and most delivery companies deliver around midmorning.

None of these cost as much as a hundred dollars, so *I* certainly wouldn't think it worth the risk of detection.

Theory 1, if true, and it seems likely, points to a fairly sophisticated attack. They'd have to know her purchase history, which might mean they're in, e.g., her Amazon account, or have access to her online credit card statements. (Or have been trash-picking or watching you, which is even creepier.)

So y'all might want to change a bunch of other security settings as well as the card number.

And having just been skimmed myself, utmost sympathies.

As someone who has had heart-to-heart conversations with a few convicted credit card fraudsters, allow me to just throw out the observation that not everybody who commits credit card fraud is a Sooper Jeenyus, not everybody who attempts a crime gets it right, not everybody who plans a crime comes up with a good plan.

I had a patient who was in a criminal conspiracy with her SO. The SO opened up a new credit card in the name of some random victim. But because of obvious safe guards, they had to have the statements sent to the victim's home address; my patient's job was to show up every day and look in the victim's mailbox, and pull anything the card company shipped to the victim that would alert the victim that there was this card in her name.

Then one day the lovers had a spat, and my ct failed to check the mail box in a "well see if I run your errands for you" snub. And that's how she ultimately became my client.

Well, yes, theory 0 was "Whatta maroon!" And is probably correct. I do have cognitive bias against people being that dumb, when demonstrably, many are.

I had a strange incident at amazon a month or so ago. I got an email telling me my order had been shipped.....seems that someone had used their own credit card,their own name, and shipping address on my amazon account. Very, very odd. (There was changing of passwords and notifying of amazon immediately.)

I know Amazon gets extra finicky when you first use a new delivery address. Could have been an attempt to slip something through, and *then* start making big purchases on your card, once it was a "known" destination. Sounds like you responded correctly.

...though I also get a fair amount of spam that somewhat convincingly spoofs an Amazon shipping notice, including a link that purports to be to ("Log in to check the status of this shipment, or report a problem") that presumably leads instead to some sort of installer...

Yeah, that's what I was thinking. Nowadays, about 95% of the time when an email seems completely on the up-and-up but just a bit *odd* in a way that makes you want to figure out what's going on, the link goes to what looks to be a malware site...

  • 1

Log in

No account? Create an account