JMW wrote:I handed over almost £15k of my work's money to a scammer last month, on the basis of some chatty and very authentic-seeming emails with what I thought was a Partner (email address set up in his name). We only didn't lose it (because the authorisation came from me, with my correct access) because HSBC, thank god and I'll love them forever, flagged it as suspicious and handed it back when we called. Looking back I cannot believe how easily it happened, I put it down to extreme tiredness.
cosmicjellybean wrote:JMW wrote:I handed over almost £15k of my work's money to a scammer last month, on the basis of some chatty and very authentic-seeming emails with what I thought was a Partner (email address set up in his name). We only didn't lose it (because the authorisation came from me, with my correct access) because HSBC, thank god and I'll love them forever, flagged it as suspicious and handed it back when we called. Looking back I cannot believe how easily it happened, I put it down to extreme tiredness.
Having worked in IT over the last few years, the 'spoofed address' stuff at work is a nightmare. I dont blame people for falling for it, those guys are getting fucking good. We still get emails looking like they are from the CEO to specific people in finance. They even use his current signature. Ive had a few cases of minor fraud immediately refunded, and one for car insurance (I don't own a car) which I spotted a day later. Most recently my PSN got hacked, but I put 2 step verification on anything I can these days. That helps.
cosmicjellybean wrote:Jeeeesus. Well done for spotting that one!
Kow wrote:If you have the address, then surely something can be done?
Andy wrote:Kow wrote:If you have the address, then surely something can be done?
Just wanted to comment on this, because of an enquiry I had.
I took a report from a company regarding fraudulent use of a credit card. A former employee's company credit card had been used to buy jewellery from a large jeweller's online store. The company had never cancelled the card, and noticed when all of a sudden the normally empty statement had a couple of items on it.
Now, they had been reimbursed by their bank so normally, at that point, I would have to explain to the company that, as they are not out of pocket, they are not the complainer, and we won't do any enquiry unless the bank makes complaint (and if it's under £10k, the banks don't make complaint). However, given that it was important for them to know if their former employee, or any of their current employees who could have gained access to the card, were suspects, I made enquiry.
From the jewellers, I was able to get the delivery address for the goods. That address was in London. They were also able to furnish me with a number of failed transactions (attempted frauds) and, to make things better, a number of both successful and failed transactions for the same delivery address on a number of other cards. Somebody had themselves a nice fraudulent scheme going.
At that point, the locus of the crime is where the goods are headed, so I had to transfer the enquiry to the Metropolitan Police. They told me that they would only take on online credit card frauds where the bank in question handed them a package. (Basically, banks' fraud departments put together all the documentary evidence with all the required details, to save back and fore requests and warrants and so on.) None of the banks were making complaint, because no individual card had more than £10k of fraudulent transactions, and there are so many going on all the time, nobody there was joining the dots on these ones.
Now, if you can be arsed, you can ask banks to put together a package regardless. I've done it before when you know who the suspect is, and just need the evidence from the bank to charge them. The thing was, the banks said that it would need to be the Met requesting the package, and the Met were being pricks about it. I sent them all of the details, but as far as I know they did fuck all with it.
Frustrating.
Webbins wrote:I had a card scraped from using the pay at pump option at a nearby Shell station years ago. I initially noticed a couple of dodgy mobile credit purchases on my account and called the Halifax. After a quick look on the web I was amazed to find these pumps were using unprotected WiFi to the terminal in the station, so Johnny Twatbags could happy suit round the corner and scrape details to his heart's content. Halifax covered my small loss and the Shell station eventually dumped the pay at pump. Don't ever use this option now, I would hope those that operate the WiFi protect it.
poprock wrote:GOOD INTEL.
So what’s the deal with the petrol pumps then? Think they’re just running outdated systems?
It looks like you're new here. If you want to get involved, click one of these buttons!