Visa and Mastercard Scam

I received this email from Bob Roberts and it's worth passing on:

<HR>

Visa and MasterCard Scam. A friend was called on the telephone this week from 'VISA' and I was called on Thursday from 'MasterCard'.

It worked like this: Person calling says, 'this is Carl Patterson (any
name) and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. Did you purchase an Anti-Telemarketing Company a device/any expensive item, for ?497.99 from a marketing company based in (any town?)

When you say 'No'. The caller continues with, 'Then we will be issuing a credit to your Account. This is a company we have been watching and the charges range from ?297 To ?497, just under the ?500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (they give you your address), is that correct?'

You say, 'Yes'. The caller continues . . 'I will be starting a fraud investigation. If you have any questions, you should call the 0800 number listed on your card and ask for Security. You will need to refer to this Control number. They then give you a 6-digit number. 'Do you need me to read it again?'

Caller then says he 'needs to verify you are in possession of your

card' (this is where the scam takes place as up until now they have requested nothing!). They then ask you to turn your card over.

There are 7numbers; the first 4 are 1234 (or whatever, as they have your number anyway).

The next 3 are the security numbers that verify that you are in possession of the card' (these are the numbers they are really after as these are the numbers you use to make internet purchases to prove you have the card).

'Read me the 3 numbers.' When you do he says 'That is correct. I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?

Don't hesitate to call back if you do.'

You actually say very little, and they never ask for or tell you the Card number. But after we were called on Wednesday, we telephoned back within 20 minutes to ask a question. Are we glad we did! The REAL VISA security department told us it was a scam and in the last 15 minutes a new purchase of ?497.99 WAS put on our card. Long story made short.

We made a real fraud report and closed the VISA card and they are reissuing us a new number. What the scam wants is the 3-digit number and that once the charge goes through, they keep changing every few days. By the time you get your statement, you think the credit is coming, and then it's harder to actually file a fraud report.

THE REAL VISA/MASTERCARD DEPARTMENT REINFORCED THE POINT THAT THEY WILL NEVER ASK FOR ANYTHING ABOUT THE CARD SINCE THEY ALREADY KNOW EVERYTHING ABOUT IT!!!!.

What makes this even more remarkable is that on Thursday I got a call from 'Jason Richardson of MasterCard' with a word for word repeat of the VISA Scam. This time I didn't let him finish. I hung up. We filed a police report (as instructed by VISA), and they said they are taking several of these reports daily and to tell friends, relatives and co-workers so please pass this on to your friends................

Sound advice Graham and at least FM members will be aware of the scam. One thing I would add to that is, Banks or Credit card companies NEVER EVER ask for for bank details or card numbers via email. This is the scene for lots of scams of course.

The natural response to a phone call like you have described is instant panic and you wouldn't stop to think if it was a scam would you.

Thanks for the information Graham because I think I would have been one of the panic people for sure.

Isn't it possible to track down the call and then the police could go in with all guns blazing.

It never ceases to amaze me as to how many scams there are these days.

Just this morning I received a load more SPAM mail and instead of just leaving it in the SPAM bin and deleting it, I decided to have a look to see which of my addresses they are hitting the most. This one was "from" Natwest, where we have just a small account (for me to play on eBay) and it said to click on the link to verify my information.

I don't have log-on access to my accounts anyway so I phoned up Natwest and whilst they were on the phone I clicked the link. Norton immediately warned me of security risks and before I even got to their main screen I quit (with difficulty as well).

IT IS A SCAM and Natwest wanted to see a copy of the email.

It's so easy for people to fall into these traps these days.

Regular forum contributors will remember me warning you a few weeks ago about giving someone your passport number. You'd won a mobile phone and they would deliver when you produced your passport.

Oh yeh? Like Hell!

GIVE NOTHING AWAY without checking it thoroughly by ringing someone yourself.

Are we called Phishingmagic.com now then?

Printede this of and will place it on notice board at work. Thanks for the heads up Graham.

I now refuse to speak to people contacting me from financial institutions as they request personal information to validate your identity, yet it is difficult/impossible for you to verify theirs as they have called you...

thanks very much Graham

not much gets past your wallet mate

Good advice - I received one of these calls a while back, but the bloke rang off when I refused to give details. However, be careful when opening these kinds of email warning. Some dastardly types conceal viruses in "Credit card scam..." type messages because they know you will open them.

I'm an IT security specialist, and I really love it when they ask me to confirm my address, or whatever, and I say, "You should know where I live, if you have my account on screen as you say you do", and "How are you validating my answers".

All these methods of obtaining personal information come under what is known as 'phishing'. It's a good idea, when you receive an e-mail, for example from eBay, saying blah, blah, to right-click and select "view source". The link URL in the HTML tag should match the text displayed. The fakers usually show a plausible URL on screen, but the code takes you off to some IP address...

Monk, nothing much gets into my wallet these days either, I'm so poor it doesn't bear thinking about. Any contributions will be gratefully received.

Incidentally, it's Bob Roberts who should be thanked for this thread, it was he who passed the email on to me in the first place.

I think products such as Norton Anti-Spam check the message bodies of e-mails for oddities such as the address shown being different to the link... though they help sort the good from the bad, they aren't to be relied upon, i.e. "My spam filtering software's not complained about this e-mail, so it must be genuine".

Trust no one

I'm currently affected by fraud on one of my credit cards (which is being resolved). The transactions are registered against a .com company. Naturally, I visited the site which looks on first glance to sell vitamin suppliments, but reading the text says, "If you enter this website you have been billed on your credit card with the billing statement "******services.com". You have obviously purchased one of our great products for your personal business development at our shop www.[CENSORED].com.

In the event that your credit card has been billed like that and you did not make a purchase or did not receive the product you purchased or you are not satisfied with it please contact us immediately. Our customer support team will try to figure out any problem. You reach us at:"

By ringing the number on the site, you are telling the fraudsters, "Hey, you got my money, do you want to take more?". You MUST contact your credit card provider ASAP and NOT the merchant!

Graham, would you mind editing my last post to take out the name of the .com, I just noticed I left one in

why not print the name so no-one else uses this site ???

I don't honestly think it's a genuine shop, but rather they're generating card numbers and charging them? That's for the Credit Card company to investigate! They took $300 (~?170), and then less than a week later, within an hour, another 59p, ?1 and then hit it for ?200+. According to the card company, another four of their customers had had the same thing done to them. Just to be safe, I've requested the account be closed completely.

Makes you wonder just how safe it is to buy anything on-line

These hackers are that clever they can overcome any anti-fraud system within a few hours .....

The safest way is not to buy on-line at all, I suppose

My card provider has a facility to generate a special card number to use on the net for each payment. For example, I'm buying something for ?95, so I request a card with a ?100 limit. I'm given a card number, expiry date (only a few weeks long) and I provide these to the merchant. In theory, they shouldn't be able to take more than the limit allows, and it's not going to be around next month. I'd never actually used to numbers off the plastic card online...

...at the end of the day though, it is still the safest way to manage your money with cards). Just dont EVER EVER give any details over the phone.

Its a very simple rule, if some one phones then tell them you will ring back (and call your known number) and never put any details in emails.

Follow this, and you will be fine. If not, the card companies foot the bill anyway.

And frankly anyone who responds to the "you have won a prize" scam deserves what they get.