This was a new one on MrConsumer. A New York friend recently called to say he was getting deluged with spam all of a sudden — over 120 in an hour. They kept mounting up in his inbox and for some reason they generally were not even going into his spam folder.
In the midst of this flurry of junk mail, he was trying to do his taxes and started reviewing his American Express account online. He noticed a $2000+ pending charge at Build.com. My friend knew immediately he did not make that purchase so he called AMEX. They canceled his card on the spot since its use at that online store was fraudulent.
My poor friend, one minute he is being spammed to death and the next he is the victim of credit card fraud. How unlucky can one get to have these two independent events happen to you in the span of an hour? Or were they really a coincidence?
MrConsumer postulates they were all part of a grand scheme by a very clever crook. Someone clearly gained access to my friend’s existing Build.com account which might have had his American Express number saved for future use. Or the scammer separately obtained his American Express account number some other way. With that information, it was easy to make a purchase (or many of them) and send the loot to anyone in the country.
But what does that have to do with the spam bomb that my friend experienced? Since online sellers usually immediately send a purchase confirmation email after an order is placed, the crook had to do something to lessen the chance that my friend would see it in his in-box. So he bombarded him with tons of spam emails at the very time the order confirmation was likely to be received hoping it would go unnoticed, get mistaken for spam, and be deleted along with the rest of the junk mail.
*MOUSE PRINT:
Fortunately, my friend was able to contact Build.com in time to cancel the order slated for next day delivery. Their security system also flagged the transaction.
So here’s the moral of the story. If all of a sudden you get hit with an unusually large deluge of spam, go through each one looking for an order(s) you never placed. Call your primary credit card issuer(s) to ask about any unusual activity they see on your account, including recent purchases and address changes. Delete any saved credit card numbers from online stores where you make purchases. And change passwords on any affected accounts.
I agree with your hypothesis Edgar. A novel approach.
Thank you. Yes, I was spam bombed last week but in an email that is not associated with a credit card. But I am checking them all any way. Thanks for the heads up.
This happened to me. Hacker got into my Discover card account and tried to take a $10k loan. My email account was flooded with spam. I scanned through it though and saw the Discover verification code and cancelled the card.
If you suddenly get an avalanche of Spam that’s likely what’s going on.
Thanks for the heads-up!
If this were to happen to me, I think I would go immediately to my credit card websites to check on activity. I think this would probably take a lot less time than plowing through hundreds of spam emails. Then again, using the email search option might be a good move, too.
I’ve been getting a lot of strange emails about purchases I’ve made but need to pay the shipping fee by clicking on a link in the email. I’ve marked all of them as spam but now I’m thinking I need to go through all of my credit card and bank accounts to see what’s going on. Thanks for the heads up!
Roofer, you should definitely do this. I will caution though, I work in IT, and the two most common phishing attacks we’re seeing right now are:
Emails that say you bought something non-material like a subscription (Amazon Prime and Norton Lifelock), and then telling you to call them if you want a refund. When you call they will try to both get your information, but also get you to pay them a “lesser” amount to assist with refunding the greater amount.
The second is like you say “You’ve bought this, but click this link to pay shipping.”
That’s pretty crafty. I have the credit card bank apps on my phone configured to pop up a notification any time a purchase is made. The spam bomb wouldn’t work in that case.