Faughnan's Notes: CC Fraud Take II
A few more thoughts on this recent $7K fraud experience.
1. How did the crooks manage delivery of the stolen goods? In the Netfill scam there were no good to deliver and the faked transactions were for virtual goods.
2. Why didn't AMEX's fraud alarms go off? I have to assume they disable them, or tune them down, around the holidays. I've had AMEX question my purchase of underwear while traveling on business, but I didn't get a call about 6 separate $550 transactions in one day against one company.
3. Why NEWEGG? Why not spread the transactions around and make the fraud less obvious? Was NEWEGG an easy target for some reason?
4. Was the attack fully automated? That's the most interesting possibiliity. It seemed pretty stylized -- two near identical attacks two weeks apart, each beginning with a domain name change. Problem is, unlike Netfill, this seems to have involved delivery of physical goods. Hard to see how that could scale. I don't think this was an automated attack.
The more I think about the delivery of physical goods problem, the more I'm inclined to think this was a kid somewhere.
Update: This must be the season for credit card fraud -- I might have another one! My son's Brett Favre figure broke; I had trouble finding a replacement on the net and ended up placing an order with toyglobe.com. My AMEX card was charged the day I placed the order: 12/3/04; it was charged slightly more than expected. Nothing has come from Toyglobe.com (office is in my old home town: St. Laurent, Quebec). Their web site doesn't have a phone number. A web search finds a worrisome web page of complaints. Hmmm. Suspicious timing?
3080 Barclay # 6
Montreal, Quebec h3s1j8
5455 Vanden Abeele St.
St. Laurent, QC H4S 1S1