Skip to content

I was a victim of online fraud at the holidays…..almost

I was a victim of online fraud at the holidays…..almost

Fraud of any type is disconcerting.  My recent experience with online fraud proves my point that regular Joes like myself can fight back and be part of the solution against fraud. 

On December 22 I received a mobile alert on my phone indicating someone from my household was shopping online at a retailer we frequently shop. 

I’ve enacted the mobile alerting capability that my credit card issuer offers so I get alerts when card-not-present (CNP) transactions are run. The value of the transaction was around $28 so I just assumed one of the other accountholders on the account was buying some last minute gifts.   

A few minutes later I received second alert from the same online retailer indicating another transaction had gone through. This time the amount was $512. 

I was caught off card by the amount. At first I thought I was going to be the recipient of some really cool stuff. But that feeling changed quickly to concern. 

I don’t know about you, but in my house we normally chat first about big purchases (even if they are to be given as gifts).  I called the other accountholder quickly who confirmed they had not been shopping online at all and had no insight to the transactions.   

I immediately called my credit card issuer who promptly cancelled the card and noted the two transactions as fraudulent. This was a simple and easy process and I commend my card company for making it this efficient. They even overnighted me new cards knowing that I still needed to do some last minute Christmas purchasing.

Next I checked my email account. 

There was a “thank you for your purchase” email which indicated that the $28 purchase would be received in a few days. There was also a change of e-mail notification from the retailer’s online account service. 

Whomever hacked into our online account had used a slightly altered email address so that the confirmation of the next transaction (the $520) would not come to us, but to the fraudster.   

Knowing that the email address was also the user name of the online retailer account, I tried my luck using the new email and existing password. 

Once logged into the account I could see that the fraudster had purchased a very expensive vacuum cleaner and had changed the “ship to” name and address (about 60 miles away from my house).  I now was able to look up the address, research the recipient name and even get a view of the street and house the merchandise was intended to be sent.  

The situation was alerted, noted, addressed and rectified in less than one hour, and as I said, my new cards were received in 24 hours. 

We were able to thwart this attempt. I’m one of hundreds of thousands of transactions that are attempted each year. In fact, one of my colleagues recently wrote about another similar fraud scenario and another shared data indicating CNP fraud was on the rise.  To help others fight fraud I recommend the following:  

  1. Enable any mobile alerting offered through your bank or credit card issuer

  2. a. Set-up mobile alerts based on CNP scenarios (i.e. online, eCommerce sites, etc.)
    b. Set-up mobile alerts based on credit or debit card transaction value thresholds (i.e. send a text for any purchase over $XXX) 
    c. Set-up mobile alerts based on ATM transactions (i.e. withdrawal amounts over $XXX or if your balance falls below $XXX) 
    d. If they don’t offer mobile alerting, keep asking until they do 

  3. Monitor your bank and credit card accounts frequently to stay aware of any unusual activity

  4. Make others in your household aware of such tactics 

  5. Frequently change passwords to online accounts and make sure you keep anti-malware and security protocols up to date on your household and mobile devices

  6. Share stories like this with friends and family so other can learn

I provided the bad “ship to” name and address to the user community of our fraud solutions in the spirit of sharing known bad data. 

I don’t know if the name used and address is just a front for accepting fraudulently obtained merchandise or if they also behind exploiting the online accounts with malware. 

What I do know is they won’t have that new expensive vacuum to sell for some quick money.