I have today received a spam message reportedly from Halifax Plc saying that there had been unauthorised use of customers online accounts. They say that they are doing a security check on all of their customers (I do not nor ever have had a Halifax account) and asking me to click on the link to confirm my online banking details. The email address is *security@halifax.co.uk* but the address at the end of the message shows Fraud Prevention Unit, Security Center Advisory, Halifax Plc. Obviously it would not show the American spelling of Centre if it was from UK!!

I know that one should never under any circumstances reveal details on-line if asked, but I worry that someone else might. Please be aware.

Glenys

I got one purporting to be from HSBC asking for verification of details of my accounts. Needless to say I didn't reply and sent it to my Account Manager.

UK

A friend emailed me this U.S. telephone scam warning, but I imagine it would work anywhere. I HAVE NOT AND WILL NOT look at the website they mention, but other than that, it seems good advice.
********************************************
"New Credit Card ScamSnopes.com (mhtml:{153F02F2-3F3D-4A31-9623-5F637A8ACF3E}mid://00000001/!x-usc:http://snopes.com/) says this is true. See this site -http://www.snopes.com/crime/warnings/creditcard.asp (mhtml:{153F02F2-3F3D-4A31-9623-5F637A8ACF3E}mid://00000001/!x-usc:http://www.snopes.com/crime/warnings/creditcard.asp)

This one is pretty slick since they provide YOU with all the information, except the one piece they want.
Note, the callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & MasterCard Telephone Credit Card Scam works, you'll be better prepared to protect yourself.

One of our employees was called on Wednesday from "VISA", and I was called on Thursday from "Master Card".

The scam works like this: Person calling says, "This is (name), and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in Arizona ?" When you say "No", the caller continues with, "Then we will be issuing a credit to your account. This is a company we have been w atching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the cr edit will be sent to (gives you your address), is that correct?"

You say "yes". The caller continues - "I will be starting a Fraud investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security.

You will need to refer to this Control Number. The caller then gives you a 6 digit number. "Do you need me to read it again?"

Here's the IMPORTANT part on how the scam works. The caller then says, "I need to verify you are in possession of your card". He'll ask you to "turn your card over and look for some numbers". ; ....


[Cont. next post]

[Cont from previous post]
There are 7 numbers; the first 4 are part of your card number, the next 3 ar e the security Numbers' that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you ha ve the card. The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?" After you say No, the caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up.

You actually say very little, and they never ask for or tell you the Card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. Are we glad we did! The REAL VISA S ecurity Department told us it was a scam and in the last 15 minutes a new pur chase of $497.99 was charged to our card.

Long story - short - we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or Master card directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost too late and/or more difficult to actually file a fraud report.

What makes this more remarkable is that on Thursday, I got a call from a "Jason Richardson of Master Card" with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up! We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening.|scold|

Most of us are aware of these scams, but I really worry about people getting caught up in them, especially the elderly.

I don't mean that to sound derogatory, I'm getting there myself! ;)

Glenys

I did get a phone call from my card fraud department, they asked if I made purchases at a number of places and included a few places I did at the time they stated. I confirmed the phone call with the phone number on my card, the call confirmed it was their fraud department who called and that my card/account had been stopped by them and a new card would be with me within 5 working days (well 3 actually).
It transpired that a number of items had been brought and the user's card (mine) had been declined, i.e. they were using a cloned card!

So if you do receive one of these calls, they will ask if you have the card on you, but I can't remember being asked for the numbers on the back.

Now thinking about it, a dishonest person could have denied using their card at places they did use it.

I did get a phone call from my card fraud department, they asked if I made purchases at a number of places and included a few places I did at the time they stated. I confirmed the phone call with the phone number on my card, the call confirmed it was their fraud department who called and that my card/account had been stopped by them and a new card would be with me within 5 working days (well 3 actually).
It transpired that a number of items had been brought and the user's card (mine) had been declined, i.e. they were using a cloned card!

So if you do receive one of these calls, they will ask if you have the card on you, but I can't remember being asked for the numbers on the back.

Now thinking about it, a dishonest person could have denied using their card at places they did use it.

We had the same thing happen, but were out when we got the phonecall so they left a message. We assumed it was a scam but called the number on our statement to check and found it was genuine. We had been cloned as well:mad:.
It seems as if the frauds are very similar to the genuine ones, so I would advise anyone to call their card company on a number known to be genuine before giving out any information.

Very sound advice from both Neil and LynA there. Not being a huge online shopper I was surprised to get a call from my bank about a possible fraudulent attempt using my card details. Being a highly suspicious type, I refused to give them details over the phone and asked for their contact names and so on. I then rang through on the number which the bank had given to me to report any problems and asked them to confirm the names and numbers I was given. They put me through to the fraud section and indeed it was all genuine. In fact, I had an inkling that the call was about a specific purchase which I decided against after entering details - they were quite vigilent and checking that I had actually cancelled because I wanted to, rather than some scumbag pulling out because they hadn't got all the details needed. So it does always pay to cross examine these "fraud" checks - I expect they are happy to see customers not simply taking their word for it!

All very sound advice as Mark says, and most banks will be happy that you want to check, but I remember one occasion when I got hoist with my own petard.

Some years ago when my son was small the doorbell rang at 5pm - always an awkward time with me trying to get dinner ready and kids rampaging around after school. On the doorstep were two people who said they were doing a survey on crime in Thornhill and who made it sound as if they were under the auspices of the police, but they wanted to know what time my husband would be home as they needed to speak to both of us. I told them he wouldn't be home until seven, but after they had gone I became suspicious and rang the local police to check if they were genuine. They said they wanted to speak to these people as they had had a couple of complaints, and five minutes later I saw a police car pull up in our street and take the couple away. At seven o'clock sharp they were back on our doorstep, having apparently convinced the police that they were law abiding. They were, of course, trying to sell burglar alarms, and started their pitch by saying "Now as we KNOW you are someone who is extra security conscious....." |doh|

Hi I think it is about time these really sad people got a life, I am inundated with spam, - only some goes into spam filter! from HSBC, nationwide, Halifax, NatWest etc all stating the same thing, Where do these people get your email from!! I must have won every lottery going, not to mention the dearly beloved letters all giving sob stories, they all go into trash immediately. I too wonder if some folks are likely to be taken in by these spam mails and respond to them? |nopity|

Hi I think it is about time these really sad people got a life, I am inundated with spam, - only some goes into spam filter! from HSBC, nationwide, Halifax, NatWest etc all stating the same thing, Where do these people get your email from!! I must have won every lottery going, not to mention the dearly beloved letters all giving sob stories, they all go into trash immediately. I too wonder if some folks are likely to be taken in by these spam mails and respond to them? |nopity|

They get emails from many places. Firstly, there are programs which will trawl websites - in a similar way to the spiders used by the various search engines - which look for email links on websites which use a html tag called the mailto tag. If they find one - and many websites have them - they will add it to a list for spamming. Likewise, they will also hunt through mailing lists, forums etc looking for anything with the "@" symbol - those also get added to the list.
Once your address has been picked up, you will find it added to compilation CDs of email addresses which are openly sold by the spammers to their equally scumbag associates.
You can buy these email CDs easily and they are quite cheap for what is on them - tens of thousands of email addresses. If you ever respond to any of these spams - to "unsubscribe" or complain to the spammer for example - you have informed them that the address is live and in use, which gets you added to another CD which contains known live addresses and the spammers pay more for those address CDs.

Some people will ask how they can spam you on an address you have never used. Well, as well as the CDs, some spammers simply generate addresses randomly using programs to automate it. If you have more than one address, you can sometimes spot this when the same spam arrives at your different addresses at different times.

As well as the spammers themselves, some ISPs and mail servers don't help - some "bounce" emails which are sent to non-existant addresses. In itself, that isn't a major issue, but if the spammer faked your email as the sending address, you end up getting the bounced emails - often with attached viruses or other malware.
Poorly maintained Windows computers are the biggest problem with regard to spam however. A badly looked after system can be compromised easily and turned into a "bot" - a machine which can be made to do the will of the person controlling the compromised system. Bots are nearly always part of a huge number of machines - all compromised in the same way - which act as a huge supercomputer. This is what is called a botnet. The botnet can be used to send millions of spams per day or used to "take out" websites - often for major companies, in what is called a Distributed Denial Of Service - a DDoS attack. Even Microsoft have been victims of DDoS attacks, so these botnets can be very powerful.
The owner of a compromised system may not even be aware that their machine is spewing tons of spam or helping to take down some website or other - an individual bot tends to be only doing a small part on its own so the actions are not noticed by most people. That of course is useful to the controller of the botnet - he wants the machines to remain running as part of his "herd"!

A good firewall, anti virus software, anti spyware and sensible computer practices, such as never opening attachments unless you are 100% certain that it was sent genuinely to you and NEVER responding to spam - even if they do claim they will unsubscribe you, are basic ways to avoid becoming victim to more spam or worse. If you have email filters, either on your system or via your ISP, use them. If you can, the best way to avoid spam is to create a "whitelist" where you only accept mail from people on a list of known people - but in practice it is quite restrictive. For a child, I would always set up a whitelist, but that could prove too restrictive for an adult who may be contacted by people who are not on the list.

Mark

Very informative Mark and I hope people will take note.

Glenys

Yes, Mark, thank you.

I was fortunate enough to have a very computer-literate friend who pointed out the many pitfalls out there, and how best to deal with them, when I first went on line. Thanks to him and his advice - much the same as yours - I have so far avoided any major problems.

I was only tempted once when I was offered just a few tens of thousands - not untold millions - by the National Lottery. Being somewhat wary, I e-mailed the true Lottery site and was assured, yes it was a scam, that they were aware of the sender and were trying to deal with the problem. Be careful !!

Eileen

Many thanks Mark for the info - much appreciated |wave|