Credit Card Fraud

Author
Discussion

bad company

Original Poster:

18,483 posts

265 months

Saturday 18th November 2017
quotequote all
For the third time in my life I’ve been a victim of fraud. A few weeks ago I checked my Lloyds Avios credit card statement and saw several transactions I didn’t recognise, all priced in US$. No problem, Lloyds refunded the money then I read this:-

http://www.telegraph.co.uk/personal-banking/credit...

This morning I received the email below which looks like the scammers know who’s accounts they compromised and want another go:-


Good Morning

I regret I am unable to locate your account with the information you provided.

Could you please resubmit your email, providing your full surname, post code and the last 4 digits of your account number.

PLEASE NOTE: When replying, please include your initials, full surname, your post code and the last 4 digits of your card number. To help protect your identity and stay safe online, please do not send any further information regarding your identity by e-mail. Alternatively you can send in your query by post to Lloyds Banking group Plc, Pitreavie Credit Card Operations, BX1 1LT.

Yours sincerely

Customer Service Officer, Disputes Team | Card Operations | Customer Support Operations | Lloyds Banking Group
E-Mail: LloydsDisputes@LloydsBanking.com


Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637
Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority.

Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority.

Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc.

HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813.

This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded.



Edited by barracuda.mod on Wednesday 22 November 21:23

matchmaker

8,462 posts

199 months

Saturday 18th November 2017
quotequote all
I don't know about anything else, but the postcode is wrong - it should be KY something.

bitchstewie

50,767 posts

209 months

Saturday 18th November 2017
quotequote all
That is Lloyds postal address.

Simply reading it there's a good chance it's real - the detail will be in the message headers which will show you where the email came from.

I'm surprised they're asking for any confirmation info via email.

James TiT

234 posts

85 months

Saturday 18th November 2017
quotequote all
matchmaker said:
I don't know about anything else, but the postcode is wrong - it should be KY something.
Why do you think that?

jmorgan

36,010 posts

283 months

Saturday 18th November 2017
quotequote all
Bank should not be asking you for details anyway. Bet if you check the sender (in the details) it is not who they say anyway. The only time I contact the bank is directly from the details of the bank I have on paper.

Problem is many will fall for this.

anonymous-user

53 months

Saturday 18th November 2017
quotequote all
James TiT said:
Why do you think that?
Have a guess.

FiF

43,960 posts

250 months

Saturday 18th November 2017
quotequote all
bhstewie said:
That is Lloyds postal address.

Simply reading it there's a good chance it's real - the detail will be in the message headers which will show you where the email came from.

I'm surprised they're asking for any confirmation info via email.
Agree that the detail will be in the message headers. Even so I'd still be wary.

I very very nearly got phished by a mail from Amazon. What made it tricky was that I was actually waiting for mail from Amazon, the timing of this was either very fortunate on their side, or very very clever, which implies some sort of inside info. Even now I'm not sure what made me check the detail in the email header, sure enough it was not from where it purported to be.

Lucky escape.

bad company

Original Poster:

18,483 posts

265 months

Saturday 18th November 2017
quotequote all
Not sure what you mean by ‘message headers’ but the email apparently arrived from - LloydsDisputes@lloydsbanking.com.

I was immediately wary as it said it was from $Lloyds Disputes. Lloyds would never include the $ sign. I’m a bit concerned that this is either a coincidence or they know that I do have an ongoing dispute with the bank, also why did it sail through the Yahoo spam filters?


bitchstewie

50,767 posts

209 months

Saturday 18th November 2017
quotequote all
bad company said:
Not sure what you mean by ‘message headers’ but the email apparently arrived from - LloydsDisputes@lloydsbanking.com.

I was immediately wary as it said it was from $Lloyds Disputes. Lloyds would never include the $ sign. I’m a bit concerned that this is either a coincidence or they know that I do have an ongoing dispute with the bank, also why did it sail through the Yahoo spam filters?
Email headers show where the message came from, easy when you know how but not easy if you don't know what they are sadly.

https://mxtoolbox.com/public/content/emailheaders/ may be worth a read but you don't want to post them up here.

Don't assume Lloyds wouldn't use the $ just because large companies often fk up.

As for why it sailed through Yahoo's spam filters - two options - Yahoo are st or it's a legitimate email.

James TiT

234 posts

85 months

Saturday 18th November 2017
quotequote all
Never use mothers maiden name as a security question.

bitchstewie

50,767 posts

209 months

Saturday 18th November 2017
quotequote all
And never use Yahoo for email.

https://www.wired.com/story/yahoo-breach-three-bil...

Gmail with two factor for a "quick fix".

Gavia

7,627 posts

90 months

Saturday 18th November 2017
quotequote all
desolate said:
James TiT said:
Why do you think that?
Have a guess.
This is the new SantaBarbara bot. All posts are one sentence long.

4x4Tyke

6,506 posts

131 months

Saturday 18th November 2017
quotequote all
It is a scam, do NOT reply by email.

Banks do not ask for those details in emails.

The email address show in the text has nothing to do with the origin of the email or where your reply will go.

Any links in the email will take you to a phishing site that will attempt to capture online credentials.

Contact your bank by phone, using the number on the back of your card.


Edited by 4x4Tyke on Saturday 18th November 15:33

James TiT

234 posts

85 months

Saturday 18th November 2017
quotequote all
Gavia said:
This is the new SantaBarbara bot. All posts are one sentence long.
Most sensible replies are one sentence long. That is just plain top quality forum etiquette.

James TiT

234 posts

85 months

Saturday 18th November 2017
quotequote all
4x4Tyke said:
It is a scam, do NOT reply by email.

The email address show in the text has nothing to do with the origin of the email or where your reply will go.

Any links in the email will take you to a phishing site that will attempt to capture online credentials.

Contact your bank by phone.
I agree with that reply.

Hilts

4,380 posts

281 months

Saturday 18th November 2017
quotequote all
Yes, scam for sure.

Your bank knows all that stuff anyway.

Also it says 'providing your full surname'...as opposed to just half of it.

jmorgan

36,010 posts

283 months

Saturday 18th November 2017
quotequote all
4x4Tyke said:
It is a scam, do NOT reply by email.

Banks do not ask for those details in emails.

The email address show in the text has nothing to do with the origin of the email or where your reply will go.

Any links in the email will take you to a phishing site that will attempt to capture online credentials.

Contact your bank by phone, using the number on the back of your card.


Edited by 4x4Tyke on Saturday 18th November 15:33
I also filter such stuff out on my ISP online mail section before letting them to my computer. That online is also set to not load images. I would rather give as little fed back as possible to the sender that they have got an active account.

Not sure how much use it is, I then forward to the phishing department.

Escapegoat

5,135 posts

134 months

Saturday 18th November 2017
quotequote all
FWIW, I think it is definitely a phishing email, but has nothing to do with the recent fraud on your CC. IOW, it's a genuine conincidence.

The stuff they are asking for is vaguely familiar. ISTR that Brian Krebbs wrote about a bad security loophole with someone like Apple/Google/Amazon, where only the last 4 digits of the card number (together with that basic name info) were all that was needed to take control of the account.

Gavia

7,627 posts

90 months

Saturday 18th November 2017
quotequote all
James TiT said:
Gavia said:
This is the new SantaBarbara bot. All posts are one sentence long.
Most sensible replies are one sentence long. That is just plain top quality forum etiquette.
Nine months membership, not a peep until the last few weeks, when you became prolific, after SantaBarbara got called out.


FiF

43,960 posts

250 months

Saturday 18th November 2017
quotequote all
bhstewie said:
bad company said:
Not sure what you mean by ‘message headers’ but the email apparently arrived from - LloydsDisputes@lloydsbanking.com.

I was immediately wary as it said it was from $Lloyds Disputes. Lloyds would never include the $ sign. I’m a bit concerned that this is either a coincidence or they know that I do have an ongoing dispute with the bank, also why did it sail through the Yahoo spam filters?
Email headers show where the message came from, easy when you know how but not easy if you don't know what they are sadly.

https://mxtoolbox.com/public/content/emailheaders/ may be worth a read but you don't want to post them up here.

Don't assume Lloyds wouldn't use the $ just because large companies often fk up.

As for why it sailed through Yahoo's spam filters - two options - Yahoo are st or it's a legitimate email.
It's the return path you are looking for, that link above gives lots of examples how to open up the headers on your own email client. If not listed then the help in your own client shoukd tell you what to look at, right click on and so on.

If it is suspicious report it to your own bank, for Christ's sake Not by using the link in the mail, but direct and report it here too https://www.actionfraud.police.uk/report_fraud

Cheers, be careful out there.