MobileMe Scam
in [Mac Applications]
|
Prev: Using Mail
Next: ghostscript.dmg for 10.6.3?
From: Wes Groleau on 16 Jun 2010 19:18 On 06-16-2010 17:43, John McWilliams wrote: > TaliesinSoft wrote: >> I just now received an email, supposedly from Apple, that asserts that >> my MobileMe account will be suspended for 48 hours unless I respond to >> the mail by clicking on a URL and then updating my account >> information, er uh credit card and such. I would suggest that anyone >> else receiving the message also ignore it. > > For amusement, I sometimes click through and enter information. Bogus, > of course, the idea being to make them waste time thinking they've got a > 'hot one'..... > > Anyone else do this, and is there a real downside? Call your card provider and ask for one of the fake numbers they use to catch crooks, then put that in with its associated billing address and all. -- Wes Groleau Kids say … http://Ideas.Lang-Learn.us/barrett?itemid=1361
From: Wes Groleau on 16 Jun 2010 19:23 On 06-16-2010 17:56, Richard Maine wrote: > of theirs. If you don't at least go to the trouble of making your credit > card number "checksum" right (there's an algorithm for that, which isn't > hard to find, but I didn't bother to do so for this posting), I'd guess I find that hard to believe. The sensible thing for a card provider to do would be to associate each account with a _random_ check number. If the number can be obtained by an easy-to-find algorithm, then any crook that sees the account number could use it on-line. Snap a pic of the card when the person gets it out at a store. Go to a grocery checkout lane that's closed and stick a mini video cam on the pole. -- Wes Groleau Transfer Students Can Stay at Beverly Hills High http://Ideas.Lang-Learn.us/russell?itemid=1439
From: David Empson on 16 Jun 2010 20:03 Wes Groleau <Groleau+news(a)FreeShell.org> wrote: > On 06-16-2010 17:56, Richard Maine wrote: > > of theirs. If you don't at least go to the trouble of making your credit > > card number "checksum" right (there's an algorithm for that, which isn't > > hard to find, but I didn't bother to do so for this posting), I'd guess > > I find that hard to believe. The sensible thing for a card provider to > do would be to associate each account with a _random_ check number. I have a FileMaker Pro database which includes the formula for verifying that a credit card number is valid. It isn't particularly long but it is complex enough that I haven't tried to analyse it. It wouldn't be hard for a crook to generate a random credit card number with a valid checksum, and the first four digits known to be valid (they identify the card issuer and the credit card type). The card number is no use by itself: at a minimum they would also need the name on the card and the expiry date. For most online purchase situations they also need the three digit validation code printed on the back of card (not embossed, and it is randomly generated each time you are issued a new card). > If the number can be obtained by an easy-to-find algorithm, then > any crook that sees the account number could use it on-line. > > Snap a pic of the card when the person gets it out at a store. If the crook can buy something online without the validation code, then a picture of the front of the card is sufficient. They probably need the validation code, so they'd have to take a picture of the back of the card. Some online merchants also ask for the billing address, which isn't on the card. They'd have to get into a greater degree of ID theft for that. > Go to a grocery checkout lane that's closed and stick a mini video > cam on the pole. For the most part, yes, as long as the camera is aimed at the underside of the card as it is swiped through the machine or inserted into the card reader. -- David Empson dempson(a)actrix.gen.nz
From: Jolly Roger on 16 Jun 2010 20:15 In article <hvbm50$mjc$2(a)news.eternal-september.org>, Wes Groleau <Groleau+news(a)FreeShell.org> wrote: > On 06-16-2010 17:43, John McWilliams wrote: > > TaliesinSoft wrote: > >> I just now received an email, supposedly from Apple, that asserts that > >> my MobileMe account will be suspended for 48 hours unless I respond to > >> the mail by clicking on a URL and then updating my account > >> information, er uh credit card and such. I would suggest that anyone > >> else receiving the message also ignore it. > > > > For amusement, I sometimes click through and enter information. Bogus, > > of course, the idea being to make them waste time thinking they've got a > > 'hot one'..... > > > > Anyone else do this, and is there a real downside? > > Call your card provider and ask for one of the fake numbers they use > to catch crooks, then put that in with its associated billing address > and all. Good idea. : ) -- Send responses to the relevant news group rather than email to me. E-mail sent to this address may be devoured by my very hungry SPAM filter. Due to Google's refusal to prevent spammers from posting messages through their servers, I often ignore posts from Google Groups. Use a real news client if you want me to see your posts. JR
From: Richard Maine on 16 Jun 2010 20:25
David Empson <dempson(a)actrix.gen.nz> wrote: > If the crook can buy something online without the validation code, then > a picture of the front of the card is sufficient. > > They probably need the validation code, so they'd have to take a picture > of the back of the card. > > Some online merchants also ask for the billing address, which isn't on > the card. They'd have to get into a greater degree of ID theft for that. That's all for if you are trying to buy something with it as a consumer. If you manage to get a merchant account yourself, you don't need any of that stuff. I've had a merchant account, so I know. The bank won't reject a charge because the validation code or address is wrong. At most, it just warns the merchant about the mismatch and then leaves it up to the merchant whether to go ahead with the charge or not. Anyway, that's the my merchant accounts (both of the 2 I had at different times) were. Most of that is required by the particular merchant rather than by the underlying credit card system, and it is to help protect the legit merchants from chargebacks. Legit merchants *REALLY* don't want chargebacks; they hurt a lot. Not only does a chargeback return the money for the individual transaction, but there are extra fees and if you get enough of them, your account is likely to get terminated. If you are a scammer who has gotten a merchant account, you don't care about all that. You'll take your money and run before things fall down. Of course, there are safeguards in the process of getting a merchant account, but it isn't as if it is inherently difficult. All you need is the one suitably done fake identity as a merchant; you don't need an ID for each credit card number you try to drain. -- Richard Maine | Good judgment comes from experience; email: last name at domain . net | experience comes from bad judgment. domain: summertriangle | -- Mark Twain |