If you have a sock drawer full of credit cards, having a card compromised is just part of the game. I can’t go more than a few months before I get an alert asking me if my card was used in one place or another.
The most recent case of fraud came while I was on my work trip to New York. Someone decided to steal one of my card numbers and go on one of the most depressing spending sprees I’ve ever seen in Huntsville, Alabama.
Obviously, it was fraud because who needs to go to Zaxby’s right after eating at Sonic?
So after getting that sorted out and receiving my new cards, I figured I was off the hook for a while. Then I got an email from Chase.
Or so I thought it was from Chase.
I’m usually really good at sniffing out fakes but at the time I was tired. With it seeming that someone is always somehow getting a hold of one of my credit card numbers, I just wanted to find out which card it was and to fix the problem.
I was almost ready to click on “Confirm Now” and then my brain clicked into gear.
First I noticed the email was sent to “undisclosed-recipients:;”
I didn’t even realize at first that “unknown” in the title was misspelled.
All it took was a right-click on Chase Online to see the originating email address:
I don’t think that’s one of Chase’s accounts.
At this point, I noticed the “behaviour” in the text and since I don’t live in the UK, that’s not what Chase’s US office would send me in an email.
(Note from Sharon [who had been a writing tutor in college]: Also, the 2nd sentence in the email is a run-on sentence. AND “bellow?” Do they want you to make noises like a bull?)
OK, so this was a phishing email wanting me to click on their link and give all of my personal information. I almost fell for it because I’ve had to go through the process so many times to clear fraudulent purchases, I’ve since become numb to the entire process.
Fortunately, my brain kicked in and I realized this was a fake email before I clicked on anything.
What can you do to combat phishing? Well, first of all, don’t click on links in fake emails. After that, you can report spoof emails to the banks. I’m not sure what happens when you do but doing so makes me feel better. You just need to forward the fake email to the respective bank at these addresses.
American Express: spoof@americanexpress.com
Barclays: internetsecurity@barclays.com
Bank of America: abuse@bankofamerica.com
Capital One: abuse@capitalone.com
Chase: abuse@chase.com
Citi: spoof@citi.com
Discover: emailwatch@discover.com
Sun Trust: emailabuse@suntrust.com
TD Bank: phishing@td.com
US Bank: fraud_help@usbank.com
Wells Fargo: reportphish@wellsfargo.com
If your bank isn’t listed, just Google “Phishing {your bank}” and you’ll easily find a webpage telling you how to report fraudulent emails.
Final Thoughts
It just goes to show that if someone like me, who knows all the red flags and warnings, almost fell for a phishing email, that anyone can. Credit card fraud is just one of the hazards we have to deal with when dealing in the world of points and miles. That’s no excuse to let your guard down when dealing with scammers. They depend on you not noticing they are using fake emails or links and that “they’re grammer isn’t quite proper.”
Like this post? Please share it! We have plenty more just like it and would love if you decided to hang around and clicked the button on the top (if you’re on your computer) or the bottom (if you’re on your phone/tablet) of this page to follow our blog and get emailed notifications of when we post (it’s usually just two or three times a day). Or maybe you’d like to join our Facebook group, where we talk and ask questions about travel (including Disney parks), creative ways to earn frequent flyer miles and hotel points, how to save money on or for your trips, get access to travel articles you may not see otherwise, etc. Whether you’ve read our posts before or this is the first time you’re stopping by, we’re really glad you’re here and hope you come back to visit again!
This post first appeared on Your Mileage May Vary
3 comments
I had someone steal the information from one of my Chase cards, which isn’t all that unusual. What struck me was that the rocket scientist used the fraudulent charge to pay their taxes. What could possibly go wrong?
The key on these phishing emails is the opening “Dear” statement. A bank or whatever legitimate company is sending this will ALWAYS use your name, not “client” or “customer”, etc. That is the number one thing to look for.
Before forwarding the email, make sure all of the email headers are showing. That can let them see where the email actually came from.