R. Paul Wilson On: Credit Card Scams (3/4)
We’ve already taken a tour of secret skimming, bogus ATMs, Lebanese loops, digital pickpockets and PIN thieves.
In this third article, we’ll explore some more direct methods for stealing your details.
When Things Seem Too Good to Be True…
While many forms of credit card fraud in the past depended on secretly obtaining a victim’s details, modern scams succeed by asking people to hand over their own information themselves!
An early example of this was demonstrated by Frank Abagnale on the British TV show Secret Cabaret in the early 90s. He called a random number and told the person who answered that she had won a brand-new television thanks to some sort of prize draw.
The only thing she had to pay for was shipping, which was a small fee but needed a credit card number for insurance purposes. Within a few minutes, he had her card details, her name and address – everything a scammer would need to steal someone’s identity.
I’ve repeated versions of this myself and it’s surprising and somewhat disappointing how easy it is to get someone’s details with nothing but the empty promise of a non-existent reward.
Not everyone would fall for this so quickly, of course. So in some scams, a little more theatre is required to make people “pop” their data.
Credit Card Scam in Action: The Not-So-Good Samaritan
On The Real Hustle, we translated a clever online con game into a live-action scenario by stealing a young woman’s purse in a foodcourt.
I took her bag, put it directly into my briefcase and waited for her to notice. When she began to panic, I acted like a good Samaritan and told her she needed to call her bank and cancel her card right away.
As “luck” would have it, we shared the same bank and I had them in my contact list so made the call and handed her the phone. Nearby, Alex was in a van acting like the bank’s call centre (complete with a tape of background office chatter).
He took her details, called up her account on his imaginary computer then told her he was going to cancel her credit card, which had not been used. In order to confirm this, she was asked to enter her PIN into my phone’s keypad!
You can guess what happened next.
Alex recorded the number. Now had everything we needed to use her card (which she believed was now safely cancelled) and even create a fake identity or online account under her name and address.
This was all done live and in person, but all of this could have happened via phone or email with a variety of storylines designed to provoke a knee-jerk reaction from the mark.
A Classic Hotel Scam
A particularly clever (and still common) telephone scam is to call the room of a recently arrived hotel guest and pretend to be the front desk. The scammer explains that they had a problem with the guest’s credit card and need to retake their details as they were lost in the system.
I received this call myself in a New York hotel just a few minutes after arriving and quickly went to the front desk and asked whose call they transferred to my room.
If you’re traveling as a known gambler, expect to see a variation on this someday if you haven’t already.
Hoax Emails and Fake Websites
Translate these scams back to the online world and you may quickly recognise them since you probably receive dozens of scam emails every week.
Instead of a TV, it’s an African prince willing to share a fortune in return for paying a few legal fees.
Instead of a stolen credit card, a warning from your bank notifies you that your account has been hacked with a ‘helpful link’ to resolve the problem.
And instead of a fake, painted wooden ATM booth there’s a perfect copy of a real bank’s website where the pages actually capture your data, pass it to a scammer or automatically remove money from your real account.
Thanks to the internet, scammers can send millions of hoax emails from the comfort of their bedroom or office and make themselves increasingly difficult to trace if they follow a few simple steps to cover their tracks.
If you consider that maybe 1% of recipients might respond to a scam email (or click a loaded link) and that a million emails could be sent in a matter of seconds, then that’s 10 thousand potential victims.
If only one percent of that 1% actually pay off for the hustler, they could still make hundreds of thousands of dollars from one simple, devious email.
These scams can be made more attractive to a greater number of people while seeming even less believable to you or I who (hopefully) has an interest in deception.
But don’t make the classic mistake of thinking there isn’t a variation on this that might work on you. It’s not only what the email says but when you receive it that matters.
People become more vulnerable depending on their mental state or financial situation. It makes it very easy for a victim to trust a professional liar whose objective is to take advantage of people.
Scammers target the elderly or the bereaved without hesitation. The desperate and needy are also high on the hustler’s hit list because they’re easy to manipulate.
But anyone can get taken.
Imagine you just called your bank and then get an email apparently from that same bank that looks exactly like all the other emails you receive, with a link to a site that looks exactly like the site you’re used to using.
It’s highly likely you will connect the receipt of that email with your recent call to the bank and may go ahead and click that link without stopping to think.
This is pure coincidence.
The scammers had no idea you would be calling your bank seconds before getting their bogus email, but this is the kind of scenario that causes smart people to fall into simple traps.
Been There, Done That
I’ve fallen victim to credit card fraud myself. Not once but twice, and in both cases I received a full refund of the amount stolen.
In my next article, I’ll discuss how I dealt with both situations, and how my details were stolen.
Finally, I’ll discuss how we should all protect our information and our credit/debit cards with a few simple precautions and by using the technology available to detect fraud as soon as it happens.