Fake Amazon Drivers Stealing Replacement Credit Cards

I am not sure if this has been happening in other parts of the country our just in the Phoenix Metro area:

PHOENIX (3TV/CBS 5) — Amazon and Capital One are investigating after Arizona’s Family uncovered a possible fraud scheme last week.

The criminal acts seem too similar to be a coincidence. Different men wearing Amazon driver clothes act like they’re dropping off a package but steal a replacement credit card right after FedEx drops it off at Valley homes.

This story takes me back to a somewhat similar experience I had happen to me about 4-years ago with credit card fraud. One morning I was on my to the office. I just checked my phone before I headed into the garage. I noticed 100+ new emails on my main email account. At first I thought the provider’s spam filter was borked as most of the emails seemed like spam. Then I noticed an ‘Order Cancellation’ email from Walmart.com Hmmm,  that’s odd I hadn’t ordered anything recently from Walmart. Apparently sometime during the previous night someone had managed to hacked into my Walmart.com account and ordered an iPad (they were also going to order a case separately, but never completed that order leaving it in the cart) and used the Capital One Card linked to my Walmart account. While, the iPad was going to be sent to my home address and since likely I would have been at work when it was delivered, there was a good chance it might not have been waiting for me when I arrived home.

As it turns out Walmart had automatically canceled that order on their end because the IP address which the order was placed from was not in the US. When I got tot the office, I changed the password on my Walmart account and removed the credit card from the account. I called Capital One and explained the situation and also canceled the card. I still believe the card itself was not compromised as it was saved to my Walmart account and had not been used anywhere else. However, this could have been the start of a later to be disclosed data breach (which it was not) sort like the Target Breach from 2013. Capital One could not dispute the charge at that time as it was pending and that didn’t matter as Walmart canceled the order on their end so the charge would have never posted.

The annoying part of all this was that Capital One card was the card associated with ALL my automatic payments. So when I retuned home that afernoon I had to switch the credit card for all the services I had setup on autopay. My ISP tried to charge that now cancelled card earlier in the day and sent me an email saying it failed. I made a one-time payment the same day so it would not be late. However, they hit me with a Return Payment Fee. I know that doesn’t make a whole lot of sense. The automatic payment was with a credit card so either it authorizes it doesn’t (I could understand chargeback). Apparently my ISP credits the payment to the account before they attempt to charge the card. Since the card failed they reversed or ‘returned’ the payment they had prematurely credited to my account). I was able to get my ISP to reverse the fee as ‘a one time exception’.

Back to all those emails. On my way into the office my phone was going off non-stop with new email notification. At one point I had to tun off the sound as it was getting annoying. I discovered the fraudster/scammers had used my email address to sign-up for newsletters on hundreds of sites. A lot of these emails were ‘please verify your email address’ so I decided at that time I better change the password on my email account as well just in case they happened to have hacked into that as well. By mid-day the new emails had slowed to a trickle and a couple days later no more new emails from sites I had never visited before.

Now, getting back to this scheme that is currently playing out in my metro area; How are the thieves knowing when these victims are getting their replacement cards delivered?

Security expert Adam Coughran believes among the ways the crooks can know is hacking emails after they scammed the victim’s credit cards. “They’re monitoring your email, so when you get the notice your card is going to arrive today, well, now they know your card with the email on the parcel is on the way,” said Coughran.

In my situation Capital One had shipped the replacement card to me via USPS. Since I was living in a townhouse at that time it was delivered to a secure cluster mailbox. I could have had the card shipped by FedEx, but that would have cost me extra and since I had alterative cards I could use I was not in a hurry. That being said though, it is strongly recommended if something like this happens to you: change the password on your email account associated with the credit card and/or the site which the card was compromised (in my case Walmart.com). Also, don’t re-use the same password on every site. This way the scammers can not see when and where you card s going to be delivered. Also some credit card companies do allow you to have your replacement cards overnighted to a different address (such as to your office) where someone can sign and take possession of the delivered package. This is a better option instead of having the carrier leave it on your doorstep or on your screen door. Then there was the time in early 2001 when FedEx left a package containing replacement severance pay checks (the first batch got lost in the mail) partially hidden underneath my doormat at my apartment. Luckily that day I had stopped at my apartment during my split shift. This was a brand new complex and I was next to a section where the next phase was still under construction. There was a lot of foot traffic in the area, but luckily the FedEx envelope was hidden enough so it was not visible from afar. Also being this was early 2001, eCommerce wasn’t as main stream as it is now so porch pirates were not much of an issue during that time.

One more tip if you have an account with FedEx or UPS you will get expected delivery notifications. You also have the option to have the delivery re-routed to a nearby FedEx Office location or UPS Store instead of being delivered to your home address. That way if you are not home, you don’t need to worry that someone is going to steal the replacement credit cards before you get home. Even if you do plan on being home this may not be a bad idea since now more people are working from home, the carriers won’t even your ring the door bell when the arrive. They’ll just simply leave the package at or on the door and by time you realize it has been delivered a porch pirate disguised as an Amazon driver may have already plundered it.

via AZ Family