(That's a service that blocks people from using a "whois" query to learn the name and address of the party who registered a domain name. For Mac users, you can perform a Whois using the Network Utility.)
However when I checked the full list of 14 vendors, I found only those two had a domain service in common. Some of the others had their administrative name and address in the clear, a few used other anonymizer services.
The vendors were located in all different parts of the USA, plus one in Canada and one in Singapore. While Marian spotted similar boiler-plate language on a couple of sites, the others were quite various in design and layout. At least one has a very pleasant customer service operator as noted yesterday. Another actually called me to "welcome" me to their clientele. Although the caller was pretty clearly working from a call center in Mumbai, this was much more than I'd expect from a quick-buck shell company.
After getting mailing addresses for 11 vendors, I wrote up a letter informing them of the fraudulent order, stating no charge related to it would be paid, and demanding not to be on their mailing list or to have my name sold. Prepared envelopes and trudged off to the P.O. to send off 11 return-receipt-requested letters. $50 bucks in postage; maybe wasted money, but some of these vendors (like stay at home millionaire, about whom there are many complaints online) are very persistent once you express an interest.
Neighbor Michael thinks,
It looks to me like you have ordered something from a website whose computer has been hacked. The hacker then wholesales credit information to distributors (there's his or her money), who in turn re-package it and sell it tax exempt to users. In your case it looks like the user was testing the water. Was the card good? Did the cardholder have an alarm in place? etc. Having set off no alarm bells, he/she could then proceed to start ordering stuff big-timeMaybe. I've heard of people testing a stolen card number with a small purchase. However, this was more than a dozen purchases, which would surely be overkill. Plus, almost all sent confirmation emails (the Citicard fraud guy read me one transaction which hasn't shown up as email). Since I had never dealt with any of them, they didn't have my email address in their customer files, prior to the fraudster's order. So the fraudster had to have included my proper email with each fake order.
Seems to me, if I wanted to test a stolen card, one, I'd use an email address that came to me, not to the victim, and two, as soon as two orders cleared, I'd start ordering the 50-inch tvs. Not wait around for 10 more.
I can think of two other possible explanations. One, it's like Michael said, except that the fraudster was just getting into the game and testing his scripts. And had a bug in them, so he was running the same card over and over trying to get the code right.
Two, it is barely possible that the perpetrator didn't actually want to profit from the deal but only wanted to harrass me, personally. I am not aware of having any cyber-enemies like that... and if it was a case of cyber-harrassment, the orders would probably have included some porn. Thank goodness they didn't!
No comments:
Post a Comment