Dan has a story of how his credit cards were stolen from his wallet and the scammer was able to get the account information changed so when the Capital One fraud department called to verify the suspicious charges, it was the crook who got the call. That way the fraudster could say, yes, I’m Dan, and I made those purchases in New York, even though I don’t live there.
Last week my Capital One credit cards were stolen, and the attack vector was so unique I thought I should share with the Consumerist hivemind.
The attacker got a hold of some basic identifying information of mine and called Capital One and got through to my account.
He then changed the address and phone number on my account to his address and phone number, then he ended the call.
He called back a few days later and reported both cards stolen.
Capital One canceled the cards in my wallet and sent replacement cards to the attacker.
He used the cards in New York (I do not live in New York) so Capital One called to confirm the charges…except they called HIM and not me. He confirmed the charges.
I then got a “thank you for confirming the charges” email in my inbox and called Capital One to find out this information.
If you haven’t done it already, you should call up your bank and get a PIN code or password added to your account so that your account info can’t be changed over the phone without it.