MilesBuzz! - Did I become victim of attempted I.D. theft or overboarding AX/DL marketing?

Got a call 2 days ago from AX confirming my application for the DL Skymiles cc. I never applied for this card, but agent stated it was a written, signed application they received fom me. Sensing potential fraud I asked more details about the application and if they could send me a copy, so I could investigate this. The agent refused to give any addl. details, just stating that they cxld the application.

Talk to a supervisor netted same result, with suggestion to call credit reporting agencies to put my name on "alert". Later in the day I got an e-mail referring to the same and asking me to call back to complete application.

Now, I am concerend if somebody really got all my personal data and is trying to abuse it. Or, did AX marketing just "create" this trying me to sign up for the DL AX card.

Naturally I want to view a copy of this application to take further steps and prevent any possible damage in the future.

How can I go about to shed more light on this?

not showing you the thing doesnt make any sense to me..

i would go ahead and do an alert. just takes calling one of the agencies, and theyll contact the others.

Make sure that you don't talk with the people that call you. Always call the number on the back of your card and ask to speak with the security/fraud department. You never can trust the people that call you.

just takes calling one of the agencies, and theyll contact the others.

Are you sure about that (the Secret Service web site doesn't recommend this approach)? I flagged my credit reports with all 3 providers about 2 years back, and had to call each individually and go through the automated process to flag my reports (all computerized..you never talk to a person).

List of who you need to call and steps a victim should take:

http://www.secretservice.gov/financial_crimes.shtml

Equifax Credit Information Services - Consumer Fraud Div.
P.O. Box 105496
Atlanta, Georgia 30348-5496
Tel: (800) 997-2493
www.equifax.com

Experian
P.O. Box 2104
Allen, Texas 75013-2104
Tel: (888) EXPERIAN (397-3742)
www.experian.com

Trans Union Fraud Victim Assistance Dept.
P.O. Box 390
Springfield, PA 19064-0390
Tel: (800) 680-7289
www.transunion.com

Make sure that you don't talk with the people that call you. Always call the number on the back of your card and ask to speak with the security/fraud department. You never can trust the people that call you.

This is very true. Did you give them any information at all? Did they read you your information to confirm it or ask you to give it to them so they could confirm it? I would call DL AX and speak to them about whether they called you or not, they will have a record of it. If they do not then I'd look into reporting this.

While I know banks go to great lengths to solicit credit card applications, this sounds over the top to me. I'm guessing that an identity thief was trying to pry (phish) information from you, like your social security number, yearly income, address and phone number, etc. You are smart to be suspicious. I would recommend placing "fraud alerts" on your file at all three credit reporting agencies, as listed above.

It is generally a bad idea to place fraud alerts on your credit reports unless you are absolutely certain that you are having continued actions of fraud against you. The reasons why are outside the relavence of this forum but you can find more info by searching at www.creditboards.com

Thanks all for your replies. Beside the phone call I also got an e-mail, stating ref #, number to call and a website to check on the status of the application. I opened the link and it asks for your SS # and your home ZIP code. Could even that be a fraudulent link?

I am just do not understand why AX does not want to provide details/send a copy of the supposed application ???

Amex can be obtuse and strange--oh wait, so can any bank or big corp!

Anyway, I once called them and they told me about a problem with some old account they had on file. They would NOT give me its info and I tried to tell the CSR that I HAD everything but it was in a box in the basement with spider webs on it so please let me have MY OWN FILES but he would not. I felt like in high school when the guidance counselor has files on YOU but you cannot see them!!

STUPID!

It's my freakin’ account, dude!

Anyway, he said if I had the account number he would tell me more, but still, so stupid! aghrgrhrgh!!

Similarly, this is about YOU and especially crucial seeing as how it COULD have to do with someone doing something with your credit without your knowledge.

…because they STILL wont help you determine if that is in fact the case, I say F**K ‘em hard!

Yup, trash Amex by reporting THEM as the fraudulent entity who is standing in the way of YOUR own security by LETTING this take place!

Find out who one would report such a thing to and write them enough angry letters repeating the problem and CCing every relevant agency and entity you can think of, including ALL THREE credit bureaus and make 'em solve it, disclose to you exactly what it is, and reprimand all those involved with holding you back.

They all inform us every single freakin’ day that everything is in place for "our own security" but that's crap. It is actually for THEIR protection, and this is purely proof of that fallacy!!

If you stick with this who knows you may help initiate a much needed change. I think the entire system of credit and the doings of the 3 major agencies listed above has many problems with it. Those agencies make blunders and they still act like stone faced power mongers. I have had to report things to the FTC and I will keep doing this. Of course that often falls on deaf ears but it's certainly better than sitting around wondering.

Maybe AMEX IS doing some marketing scheme trickery on you. If so, hey, good trick but that cant be legal! Totally report ‘em dude... Do it now cuz if you don’t, you'll be one year older when you do!


Also, I actually think Citi’s Identity Monitor service IS a good thing. YOu get scores and all three reports, with many services and alerts that help you deal with and learn all about credit. It’s free for the first month and can be billed directly to your card for $10 a month and canceled/totally refunded at any time. I actually KEEP the service and I use it to check my credit and have fixed many such errors on my own reports. It’s a pain and a long process that takes a few cycles of reports to get it done, but you need to do this and now would be a good time for you to find out what you have—or what THEY think you have! (I had a loan I closed and have the closed letter but all 3 agencies reported it still open and being paid! THAT was bad, but I had it fixed.)

Good luck and don’t NOT do this or we all lose!

:) MM

Citi’s ID monitor can be contacted at: 800 950 5114

very afraid. Although it seems unusually well put together, this has all the earmarks of a phish. Anyone asking you for information (like SS#) that they should already have (from a credit application) is a danger sign. I work for a bank and can tell you that I have seen some "websites" that I couldn't tell from my own institution.

I would recommend calling Amex's security department.

Are you sure about that (the Secret Service web site doesn't recommend this approach)? I flagged my credit reports with all 3 providers about 2 years back, and had to call each individually and go through the automated process to flag my reports (all computerized..you never talk to a person).


These days I think all you need to do is call just one Bureau.
A couple of months back, my neighbour has his personal info stolen. I gave em
the numbers for all three bureaus to call, but when he called the first one, they
told em they'll notify rest of them. I guess this is new.

i called experian. the automated thing said it would alert the others. i talked to a rep, he said the same thing. i then got written confirmations in the mail from all 3.

you can check the links in the emails to see if they are valid or phishing attempts.

but actually, yeah the call could have been bogus. my caller id shows 000-000-0000 for amex, but you can spoof callerid with a pbx for example. you need automatic number identification (ANI) iirc to be spoof-proof.

(if email was valid then call most likely was)

Thanks all for your replies. Beside the phone call I also got an e-mail, stating ref #, number to call and a website to check on the status of the application. I opened the link and it asks for your SS # and your home ZIP code. Could even that be a fraudulent link?

I am just do not understand why AX does not want to provide details/send a copy of the supposed application ???

Call AMEX immediately, as this is highly suspicious. You should never get any e-mail from any institutions asking you to "confirm" your information.

fuzz

damn, I got a paypal one recently that looked sooooo real i sent it to spoof@paypal.com and yelled at THEM because I think they need more control over what is out there... Even though its not their fault, I figure if the companies get flack, they will act.

as for this one, something tells me someone in FT is the scammer who is trying to do ya, and they happen to know what makes you tick--ie, they know you like delta miles maybe!

i dunno

good luck, but act now and demand answers
:)MM

I would guess no such application exists, and the people calling you are the scammers.

It is generally a bad idea to place fraud alerts on your credit reports unless you are absolutely certain that you are having continued actions of fraud against you. The reasons why are outside the relavence of this forum but you can find more info by searching at www.creditboards.com

Nothing on that site indicates that there are any disadvantages in the ordinary case of placing a fraud alert, unless you want to get instant credit or other credit where the lender does not normally do additional identity verification.

There are some messy cases described there, but they involve more complicated situations, like disputed hard inquiries and such which seem to have resulted in a different type of fraud alert from the usual one.

I would rather have the "fraud alert" state be the default state for credit reporting, given the frequency of how databases of personal information get lost or stolen through no fault of the people whose personal information is lost or stolen.

Call AMEX immediately, as this is highly suspicious. You should never get any e-mail from any institutions asking you to "confirm" your information.

fuzz

Exactly. No financial institution is going to ask YOU for your SSN, particularly in an email or unsolicited phone call. Not in today's environment.

I would forward the email and the link to the Am Ex security department.

Exactly. No financial institution is going to ask YOU for your SSN, particularly in an email or unsolicited phone call. Not in today's environment.Actually yes they will. I've received 2-3 calls before from a CC security department about unusual activity. They ask for my SSN at which time I berate them for it and say I'll call the bank myself. It has always worked out to be a legit call in the end.

Nothing on that site indicates that there are any disadvantages in the ordinary case of placing a fraud alert, unless you want to get instant credit or other credit where the lender does not normally do additional identity verification.

I would rather have the "fraud alert" state be the default state for credit reporting, given the frequency of how databases of personal information get lost or stolen through no fault of the people whose personal information is lost or stolen.

Sadly, I can state from personal experience that even having the "fraud alert" does very little to affect the behavior of companies that extend credit. I have had one on my credit reports for several years, since a mortgage application was lost in the mail.

Despite this, I have opened numerous credit cards since then, and only one or two out of maybe 10 have actually done any additional screening (and only one of those told me it was because of the fraud alert). Most did nothing out of the ordinary.

Actually yes they will. I've received 2-3 calls before from a CC security department about unusual activity. They ask for my SSN at which time I berate them for it and say I'll call the bank myself. It has always worked out to be a legit call in the end.

But you handled it correctly...I guess what I meant was, they should not expect you to give out your SSN in response to an unsolicited phone call or email.

Despite this, I have opened numerous credit cards since then, and only one or two out of maybe 10 have actually done any additional screening (and only one of those told me it was because of the fraud alert). Most did nothing out of the ordinary.

great news :(

Despite this, I have opened numerous credit cards since then, and only one or two out of maybe 10 have actually done any additional screening (and only one of those told me it was because of the fraud alert). Most did nothing out of the ordinary.

Usually a fraud alert lasts for 3 months. You then have to re-enable it if you
think you need to keep it there.

Sadly, I can state from personal experience that even having the "fraud alert" does very little to affect the behavior of companies that extend credit.

I seem to recall that at least one of the flags I placed was only for 6 months, and you had to renew it after that. I'm getting all the same credit card solicitations I did before flagging mine, but it's been 2 years now, and I was hoping whoever had my information would be done with it (in my case, someone accessed my employers records and got our social security numbers, and I had cell phone service opened in my name in another city).

Good to see the companies that track credit information are sharing this information now.

mine is 90 days, then you can renew for 7 years.

Usually a fraud alert lasts for 3 months. You then have to re-enable it if you
think you need to keep it there.

I followed the process referenced above to extend it to 7 years. I just did my annual credit report review last month, and the fraud alert is still showing on there - at least on the copy they send to me.

I never give any info when they call me. I always call back using a number I know is valid (not the # they give me either).

I would a) call Amex and see if the call was legit. If the call was legit, you can (and should) file a police report with your local authorities. They can ask Amex for the details of the incident. If the call is not legit, you may also want to file a report.

Usually a fraud alert lasts for 3 months. You then have to re-enable it if you think you need to keep it there.

The credit reporting companies will only do the 7 year fraud alert after you have already been victimized (you have to show a police report).

I.e. letting you lock the door for a longer period of time (even though the lock is not very good) after thieves have already come in to steal.:td:

Given how frequently personal information that can be used to commit identity fraud is lost or stolen (not to mention all of the places it has propogated by now, such as insecure computers and files at doctor/dentist/optometrist offices -- remember that until recently, health care plans typically used social security numbers as plan ID numbers), it would not be unreasonable to assume that your personal information is easily accessible by identity thieves.

Holding a legitimate Starwood AX card I called back to the number on my statement, which referred me to new accounts - this time an office located in Utah. The agent there confirmed that an application under my name was received and also confirmed the reference # which matches the one I got by e-mail.

Again, the agent would refuse to disclose any details, but he suggested to file a police report, so the police would be able to get details from them and follow-up. That is the next step I take.

The first call I got was obviously also from AX, but both persons I talked to had foreign accents, possibly Indian. I mention this as it increased my level of suspision (remembering those letters from Nigearia). Contrary, the (Indian) supervisor never mentioned to file a police report or provided any other helpt to get to the bottom of this and prevent any further damage.

For the time being, this also seems to clear Delta/AX marketing of any "excessive force".

The credit reporting companies will only do the 7 year fraud alert after you have already been victimized (you have to show a police report).
I had not been victimized and did not have a police report.

I requested the fraud alert in writing a few years ago and was told I have it for 7 years. I can't remember the last time I received a credit card solicitation or anything like it. So somehow I'm off the radar.

Just a suggestion about the police report...

There are usually questions to establish jurisdiction. I had an issue with PayPal a couple of years ago. When I called in, I told them that I only access PayPal from my residence, so it must have happened there. Their not nasty about it, they just don't want to be stepping on each other's toes.

BTW... it is amazing how quickly PayPal can replace funds when they receive a subpoena!

I had not been victimized and did not have a police report.

I requested the fraud alert in writing a few years ago and was told I have it for 7 years. I can't remember the last time I received a credit card solicitation or anything like it. So somehow I'm off the radar.

The fraud alert and the "opt-out" for solicitations are two different things. Anyone can "opt-out" without having to place a fraud alert. To do so, you just call 1-888-567-8688 which opts out of all three credit bureaus for marketing purposes.

By counterexample, even though I have a fraud alert on my credit reports, I still receive solicitations. Then again, I have moved since then and probably need to opt out again. Oh what fun. :rolleyes:

[QUOTE=Marathon Man;6853400]damn, I got a paypal one recently that looked sooooo real i sent it to spoof@paypal.com and yelled at THEM because I think they need more control over what is out there

I received an email about two weeks ago about a fraudulant charge to my paypal account. It provided a link back to the paypal website to log in and get more information. Only after being suspicious did I notice that the address I was directed to did not begin www.paypal.com/... I went to paypal.com and logged in and there was no information about fraud and all my charges were in order. I logged out and went back to the linked site and it looked exactly like the real thing. This scared the hell out of me as I have recently linked my checking account to paypal. After googling "paypal fraud" I came across too many cases of breached security and decided to close the account immediately. Somehow, someone found out that I had a paypal account and knew my email address and that could have been anyone. It's that simple if I had logged on I would be in deep ..... :eek:

".. found out .." ?? Hardly.

The phishers standard tactic is to take any name they stumble on, then tack-on every ISP they can think of .. Hotmail, Yahoo, gmail, whatever .. & blast 'em out. Pretty good odds that they'd hit on a few.

And apparently, the odds of hitting on a sucker are good enuf that they keep doing it :scratcheshead:

I get a handful of these every week, to emails that have never been anywhere near PayPal, or from banks I've never heard of. :D
I make a game of clicking their links & filling in another spammer's info ^

If you think your account's been comprimised, change the password -- NOW. (you knew that).

> Poll/Rant: anybody else find it ironic how your bank will let you login with a simple user-name & pin, but a 'certain' hotel chain wants your 16-digit ID ? :rolleyes:

/.

Wow, OMG THIS is classic!!!
Check it out--a bit of a tangent to start off here, but evryone MAY need a little humor break for a moment anyway in this thread:

My friend and I were sitting here reading this post and we just thought of things from the eyes of the "other side" for a fleeting moment... In a way, your quote could be reworded slightly so as to come from the mouth of and an airline or hotel executive trying to make his/her company some money but rolling eyes at all the savvy found on THIS very forum. Imagine that he/she could say THIS to his/her executive staff in a memo:

".. found out .." ?? Hardly.

The [FT'ers] standard tactic is to take any [deal] they stumble on, then tack-on every [promotion] they can think of .. [HHilton, AAdvantage, Delta], whatever .. & blast 'em out. Pretty good odds that they'd hit on a few.

And apparently, the odds of hitting on a [marketing sucker] are good enuf that they keep doing it :scratcheshead:

I get a handful of these every week...

I make a game of clicking their [emailed requests] & filling in another [customer complainer's] info ^

If you think your [airline's or hotel's points program's] been comprimised, change the [telephone prompts and we-word the conditions of the deal] -- NOW. (you knew that).

> Rant: [always bug them by telling tell them you repeatedly want] their 16-digit ID :rolleyes:

/.

hehehehe :)

...but, like, really... are WE the same thing to THEM?
OMG! Think about it!
:D :D :D


OK, back to being serious...

BTW, should you receive anything suspicious from Paypal, the thing to do is to call them (number is found on their website or when you log into your account) and/or forward your suspected email to their spoof@paypal.com address and you'd get a reply much like this one here:

Date: XX XX XXXX
To: "your email/name"
Subject: RE: QXXX - Thank you for your email to PayPal (KMM6XXXXXXXXXX) :kfX
From: spoof@paypal.com


Dear XX,

Thank you for contacting PayPal about a
fraudulent (spoof) email or Web
site. We appreciate you bringing this suspicious
email to our attention.

We can confirm that the email you received was
not sent by PayPal. Any
website which may be linked to this email is not
authorized or used by
PayPal.

Our fraud prevention team is working to disable
any website linked to
this email. In the meantime, please do not enter
any information into
this website. If you have already done so, you
should immediately log
into your PayPal account and change your
password, as well as your
security questions and answers. We also recommend
that you contact your
bank and credit card company immediately.

Please follow the instructions below to report an
unauthorized
transaction associated with your PayPal account:

If you are able to log into your PayPal account:

1. Log in to your account at
https://www.paypal.com
2. Select the "Resolution Center" subtab.
3. Click "Open a dispute."
4. Select "Unauthorized transaction," then click
"Continue."
5. Enter or select the transaction ID for the
transaction you would like
to dispute, then click "Continue."
6. Complete the report for Unauthorized Use on a
PayPal Account, then
click "Continue."
7. Confirm that the claim is correct, then click
"Submit."

If you cannot log in to your account, follow the
instructions below to
report an unauthorized transaction associated
with your PayPal account:

1. Go to https://www.paypal.com/
2. Click on the "Security Center" link located at
the bottom of any
page.
3. Under the "Report a Problem" column, click on
"Unauthorized
Transaction."
4. Click "Continue" under "Unable to log in?"
5. Confirm that the transaction in question is
unauthorized then click
"Continue."
6. Complete the report for Unauthorized Use on a
PayPal Account, then
click "Preview."
7. Confirm that the claim is correct, then click
"Submit."
8. Confirm your account ownership by entering the
financial information
requested, then click "Continue."

Lastly, we recommend taking a few steps to
protect yourself from
identity theft:

1. Download the SafetyBar, a toolbar for Outlook
and Outlook Express,
which identifies known spoof emails.
2. Get eBay Toolbar with Account Guard which
warns you when you're on a
potentially fraudulent (spoof) Web site.
3. Sign up for Equifax Credit Alerts for PayPal
Users, a program that
provides an early warning detection system in the
event of identity
theft. Find out more by visiting the PayPal
Identity Protection Center
at www.paypal.com/idprotection.
4. Frequently monitor your PayPal account for
suspicious activity.

For additional tips please visit the PayPal
Security Center at
https://www.paypal.com/security.

Thank you again for sending us your report. We
appreciate your efforts
to keep PayPal safe.

Sincerely,

PayPal
PayPal Account Review Department
__________________________________________________ ____________

Important: PayPal and its representatives will
NEVER ask you to reveal
your password. There are NO EXCEPTIONS to this
policy. If anyone
claiming to work for PayPal asks for your
password under any
circumstances, by email or by phone, please
refuse and immediately
contact us via our secure webform online.


************************************************** **********************
This
email is sent to you by the contracting entity to
your User Agreement,
either PayPal Inc or PayPal (Europe) Limited.
PayPal (Europe) Limited is
authorized and regulated by the Financial
Services Authority in the UK
as an electronic money institution.
************************************************** *********************

Original Message Follows:

(they send you back the email you sent them for everyone's records)

..classic!"

Thankyew - thankyew ~ I'll be here all week :D
Please remember to tip your waiter.

/.

".. found out .." ?? Hardly.

The phishers standard tactic is to take any name they stumble on, then tack-on every ISP they can think of .. Hotmail, Yahoo, gmail, whatever .. & blast 'em out. Pretty good odds that they'd hit on a few.

And apparently, the odds of hitting on a sucker are good enuf that they keep doing it :scratcheshead:

I get a handful of these every week, to emails that have never been anywhere near PayPal, or from banks I've never heard of. :D
I make a game of clicking their links & filling in another spammer's info ^

If you think your account's been comprimised, change the password -- NOW. (you knew that).

> Poll/Rant: anybody else find it ironic how your bank will let you login with a simple user-name & pin, but a 'certain' hotel chain wants your 16-digit ID ? :rolleyes:

/.

Most ISPs will give you up to 10 email accounts. I reserved one for financial accounts - NEVER use it for anything else, only bank/cc signups. I use a different one again for Paypal. I've had some really convincing phishing emails (esp before phishing was big news and I was on alert for it), but beacuse they came to my general email address, I knew they were scams. I recommend this approach to others - it has served me well....

Most ISPs will give you up to 10 email accounts. I reserved one for financial accounts - NEVER use it for anything else, only bank/cc signups. I use a different one again for Paypal. I've had some really convincing phishing emails (esp before phishing was big news and I was on alert for it), but beacuse they came to my general email address, I knew they were scams. I recommend this approach to others - it has served me well....

I would do it again by changing everything to something like... "Most airlines have levels of status. They have numbers never used for anything else. elite status, exec status, etc... NEVER... --and regular old Joe's like me cannot call those numbers cuz they think of the economy traveling masses as phishers, using them on the cheap, so they dont reaaly like us... "

...and go on from there, but it wouldnt be as good, it's getting old, and people would think I was picking on ya. Tee hee hee.

;)MM

Somehow, someone found out that I had a paypal account and knew my email address and that could have been anyone. It's that simple if I had logged on I would be in deep ..... :eek:

You are VERY naive. They have no idea whether or not you have a PayPal account or any other kind of account.

These phishing emails are sent out by the millions and there are always suckers that click on the link and provide account and password information on the fake site that is harvested to steal from legitimate accounts. I get several dozen a month along with the Nigerian bank scam emails, National Lottery emails, and fake emails from Regions Bank, Citibank, eBay, etc. I don't have accounts at most of the banks mentioned in the phishing emails. None of the legitimate banks nor PayPal well EVER send you an email about fraudulent activity on your account and ask you to log in. That's a clue even if you don't notice the link goes to a phishing site.

You are VERY naive. They have no idea whether or not you have a PayPal account or any other kind of account.

These phishing emails are sent out by the millions and there are always suckers that click on the link and provide account and password information on the fake site that is harvested to steal from legitimate accounts. I get several dozen a month along with the Nigerian bank scam emails, National Lottery emails, and fake emails from Regions Bank, Citibank, eBay, etc. I don't have accounts at most of the banks mentioned in the phishing emails. None of the legitimate banks nor PayPal well EVER send you an email about fraudulent activity on your account and ask you to log in. That's a clue even if you don't notice the link goes to a phishing site.

OMG you mean the Nigerian bank emails are fake?

dayummmmmm!

;)MM

PS: I dont think its being naive to almost fall for those paypal ones... They look so real and when you are quickly checking emails at work or something, you may not pay 100% attention. I do and so do many people but we all make mistakes and not only are the scammers trying to get suckers, but they also play on the psychology and human errors of the populous.

I had tried to make a sep email addy for things like finance, etc but there's no point. Now I just tend to check my accounts like every single day, just the same way you'd make coffee the same way every day. It's normal for me and I always always triple check everything I do there. That's why I get upset if there IS ever any problem or potential for one. I do not do a lot with Paypal though, and mine has a zero bal now.

To the OP - you must do the following to protect yourself:

1) Request a copy of your credit report and look it over for any accounts that are not yours. Also check the inquiries to see what companies have been looking at your credit.
2) Put a Fraud Alert on your Credit Files.
3) File a police report with your local P.D. and request the report # and a copy of the report.

You need to do these things to protect your credit. Someone has your info. Maybe they weren't able to open an account with AMEX but that doesn't mean someone else won't give them credit. When the bill doesn't get paid, the company will come after you. The police report will help back up your story. Don't delay.

I have thought more on this subject and yes, you must act like NOW because even if it's nothing seemingly huge, it could hurt you! You see, unfortunately, the way things like this work is that often times the victim becomes doubly screwed when official agencies, credit companies and authorities--and even wives, work and friends--think YOU are the problem or part of it just because this "happened to you." As sick as this may sound, I once saw part of a program on TV about this where a woman who had credit fraud happen to her compaired it to having been raped back in a time where society would have blamed HER for this horror! She sadly had that happen to her too in her life but actually said that it was easier to get support after that crime because at least our society has begun to understand and try to help the victims. Yeah, I know... sorry.

It is by no means the same thing but it is a serious issue!

You see, credit worlds have no emotion. And so get marred by this experience even when it's not your fault it happened, and that totally would suck. You need to like triple back up everything you are in your world and if you dont, you will regret it later. Dont take this lightly because it could take years to fix what logically should not take years and that in itself becomes even more frustrating!

how do I know?
because I had credit problems once and THAT took years to fix even when it was fix years before. The 'spiral' is horrid. Those who have experience with this know what I mean. If one company gets in its books that you have X on your file, then even if you have it fixed, that company still has it and they could report it someday somewhere (and would not know they were wrong to do so) and the X could appear again even if you thought you stamped it out! It could go on and on and on and on...

I also know a couple of people who were victims of some credit fraud or major errors that later effected them, but all but one fortunately acted fast enough to have it dealt with. The one who didnt is blissfully gliding thru life on the coat tails of her more wealthy family I guess. oh well. some people.

I just forwarded this to <spoof@paypal.com> and I even asked them to fix the account and/or freeze it for me!

From: "PayPal" <service@paypal.com>
Subject: Update Your Account Information
Date: Mon, 18 Dec 2006 01:57:43 -0500
December 2006


Attention PayPal Online Client:

You have received this email because we have strong reason to believe that your PayPal account had been recently compromised. In order to prevent any fraudulent activity from occurring we are required to open an investigation into this matter.

If your account informations are not updated within the next 72 hours, then we will assume this account is fraudulent and will be suspended. We apologize for this inconvenience, but the purpose of this verification is to ensure that your PayPal account has not been fraudulently used and to combat fraud.

Please login into your PayPal Online account and complete verification process

(There was a link here I did not touch)

We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.

(the email looked perfect. I simply forwarded it and will not touch its contents)

To the OP - you must do the following to protect yourself:

1) Request a copy of your credit report and look it over for any accounts that are not yours. Also check the inquiries to see what companies have been looking at your credit.
2) Put a Fraud Alert on your Credit Files.
3) File a police report with your local P.D. and request the report # and a copy of the report.

Do 1 and 2, but DO NOT waste your time with #3. Your local police department has no jurisdiction over credit card fraud. If you are in the United States (and I am assuming you are), the U.S. Secret Service investigates credit card fraud, not the local police. How do I know? Because I had the same thing happen to me and found out the hard way.

file it with every police agency. WHY? because later if they ask you if you had, then you should have. Besides, having an official log of it somewhere will help you regardless. Keep copies of everything either way.

Do 1 and 2, but DO NOT waste your time with #3. Your local police department has no jurisdiction over credit card fraud. If you are in the United States (and I am assuming you are), the U.S. Secret Service investigates credit card fraud, not the local police. How do I know? Because I had the same thing happen to me and found out the hard way.

Absolutely not true. Local police can/will investigate/prosecute credit card fraud. Most likely they won't though because the crime didn't happen in their jurisdiction. They will take a report. The USSS only gets involved in very large cases.

Most ISPs will give you up to 10 email accounts. I reserved one for financial accounts - NEVER use it for anything else, only bank/cc signups. I use a different one again for Paypal. I've had some really convincing phishing emails (esp before phishing was big news and I was on alert for it), but beacuse they came to my general email address, I knew they were scams. I recommend this approach to others - it has served me well....

I use dedicated email aliase for every one of them. Now I have about 300 different aliases. Not an easy thing to manage, but if I get spammed or
get a phishing scam, I know how and where did these spammers got hold of
my email address.

I can just close that alias down without affecting other services.. etc.
and call up and yell at the bank/company/retailer who leaked my email address.

I use dedicated email aliase for every one of them. Now I have about 300 different aliases. Not an easy thing to manage, but if I get spammed or
get a phishing scam, I know how and where did these spammers got hold of
my email address.

I can just close that alias down without affecting other services.. etc.
and call up and yell at the bank/company/retailer who leaked my email address.

can you give me a detailed description of how you do this sort of thing in layman's terms? Sounds like a lot of work but yeah, it is worth it! I agree.

AND, if I get a chance to yell at a bank and make THEM listen to ME for a change about something THEY did wrong, then I definitely want that chance! the thing is I kinda follow what you are saying but not totally. And I still kinda use like one or two email addys for many things, but I now find the need to change all that from home.


thanks!
:)MM

oh, and um... like.. where do you people keep all the passwords and log in names you use for everything? I have sooo many accounts goin that I needed to scribble them down on a sheet of paper but of course that is bad. So then I made an excel sheet but it got too busy. This thing included all FF stuff, all Idines, all bank info and everything from the log in name for Staples online store to the ID for logging into some friend's private website about his new baby....

BUT where to keep it that can be more easily updated?

Right now I have all my digital STUFF on a FTP web site as back up because I dont like to keep ANYTHING on the hard drive or on any external disk or drive that could get lost, stolen or damaged. I have a 80gig HD that did die and it will cost me like $1,300 to get all the data off it and it is everything I ever did as a graphic designer from 1988 to present and that just plain stinks. I have tried the freezer method and it turns out that data recovery services are all that I have left as options for my problem. I wont fall into the same trap with my password management world! And now all my stuff is on that FTP site, which does its own updates. (if anyone needs info on how to do this, let me know)

So right now all my PERSONAL pdfs or messages I saved are on a disk but it is time to store them elsewhere and also store all passwords and stuff mentioned above in some secure place. Some of these may include, for example, a pdf scan of our passports, some info on the baby, bank letters or other. When it comes to passwords and log in IDs, etc, people have said they email them to themselves and I could do that, but like I said, some of the process would take a lot to manage and so I am still searching for better ideas. Between the pdfs I have made and these password things, I want to find a good place to put it that will be useful and efficient. I dont want to store it on Yahoo either because of increasing security worries about them, but something like it, which can be easily reached everywhere in the world would be good. I didnt want to store it on my FTP site either because that, while my own stuff, is not meant to be for my uber secure personal stuff.

thoughts welcomed, while on this subject...

:)MM

THIS is the stuff they should teach you in school!

I had not been victimized and did not have a police report.

I requested the fraud alert in writing a few years ago and was told I have it for 7 years. I can't remember the last time I received a credit card solicitation or anything like it. So somehow I'm off the radar.The fraud alert and the "opt-out" for solicitations are two different things. Anyone can "opt-out" without having to place a fraud alert. To do so, you just call 1-888-567-8688 which opts out of all three credit bureaus for marketing purposes.

By counterexample, even though I have a fraud alert on my credit reports, I still receive solicitations. Then again, I have moved since then and probably need to opt out again. Oh what fun. :rolleyes:

I am fully aware they are two different things.

I had already opted out in the past. I later sent letters to the bureaus asking for a fraud alert and they granted it. I should still have a letter I received buried somewhere. I even talked to one of the agencies once about a separate issue, and the rep said something like, "that happened because of the fraud alert."

can you give me a detailed description of how you do this sort of thing in layman's terms? Sounds like a lot of work but yeah, it is worth it! I agree.


I own a domain name for my emails... lets say it is:

cpx-email.com

for flyertalk i'll have something like

email-flyertalk@cpx-domain.com

email-bank1@cpx-domain.com
email-bank2@cpx-domain.com

email-airline1@cpx.domain.com


everything will be directed to a single mail box, but will have
different email ID for different companies/people etc..

Now if I start getting SPAMS on email-bank2@cpx-domain.com
(bank2 would replace the name of the actual bank)

I know for sure the email address got leaked out from bank2.

I can simply block email-bank2@cpx-domain.com and start the
investigation... call up bank 2 and tell them they screwed up!

oh, and um... like.. where do you people keep all the passwords and log in names you use for everything? I have sooo many accounts goin that I needed to scribble them down on a sheet of paper but of course that is bad. So then I made an excel sheet but it got too busy. This thing included all FF stuff, all Idines, all bank info and everything from the log in name for Staples online store to the ID for logging into some friend's private website about his new baby....


Do not ever store your passwords on any network enabled system, paper or
any other media that can be lost/stolen/mis-placed.

you are better off using a logic to create all your passwords with
numbers, special characters and letters.. caps too.

If your systems gets some sort of trojan/virus, it can email out all
your personal information to someone else...and with everything on
one excel sheet.. you are in trouble.. you've just sold your life on Ebay!

For storage, I keep everything on a spinning disk(s). With a copy on
a different system (I sync it nightly)

Also cut CDs and DVDs and put them in a safety deposit box @ a bank
and one copy in a fire safe at home. They may not last long, but
4-5 years down the road, I'll put the same data on the newer media.
I don't need to get back to these media unless there is a disaster.


PS: I store everything including my emails on the systems I maintain.
I do not use any public domain for my email or personal data.

Your local police department has no jurisdiction over credit card fraud.

This is certainly not the case in California. I regularly sent officers out to take reports on credit card fraud and identity theft. The city I worked in participated in a computer crimes task force that operated over two counties, with investigators that handled this type of stuff full time.

From the Secret Service web site I highlighted earlier:

If you have been the victim of credit card fraud or identity theft, the following tips will assist you:

* Report the crime to the police immediately. Get a copy of your police report or case number. Credit card companies, your bank, and the insurance company may ask you to reference the report to verify the crime.

I own a domain name for my emails... lets say it is:

cpx-email.com

for flyertalk i'll have something like

email-flyertalk@cpx-domain.com

email-bank1@cpx-domain.com
email-bank2@cpx-domain.com

email-airline1@cpx.domain.com


everything will be directed to a single mail box, but will have
different email ID for different companies/people etc..

Now if I start getting SPAMS on email-bank2@cpx-domain.com
(bank2 would replace the name of the actual bank)

I know for sure the email address got leaked out from bank2.

I can simply block email-bank2@cpx-domain.com and start the
investigation... call up bank 2 and tell them they screwed up!

thank you!
I have some work to do but I have a domain email addy I can set up and use and will get on this. Your info is much appreciated!
:)MM

Do not ever store your passwords on any network enabled system, paper or
any other media that can be lost/stolen/mis-placed.

Yes, good idea but later you mention storing things on CDs and that is something that can be lost/stolen/misplaced...

you are better off using a logic to create all your passwords with
numbers, special characters and letters.. caps too.

Ok but there are still many companies and banks out there that pick their own passwords or log ins for you and you cannot change them ever. I know of three I have at least and one is a bank from overseas. I have several versions of my passwords that I can do from memory but how many times have we run into that situation where you have no need for a certain account or membership you have for so long that you kinda forget what one you used and when you type it in a few times it blocks you and now you have to go change it. plus, some work-related or other things make you change them every few months anyway.

If your systems gets some sort of trojan/virus, it can email out all
your personal information to someone else...and with everything on
one excel sheet.. you are in trouble.. you've just sold your life on Ebay!

For storage, I keep everything on a spinning disk(s). With a copy on
a different system (I sync it nightly)

Also cut CDs and DVDs and put them in a safety deposit box @ a bank
and one copy in a fire safe at home. They may not last long, but
4-5 years down the road, I'll put the same data on the newer media.
I don't need to get back to these media unless there is a disaster.


PS: I store everything including my emails on the systems I maintain.
I do not use any public domain for my email or personal data.


Good thinking here too, but those disks you keep at home could be lost and youd have to make a ton of trips to the bank safe dep box to get access to your stuff or else you would eventually have an issue with version control. That's when one is not sure what has been updated so they overright the wrong copy and you are set back to the last round. As well, this lifestyle, while it makes very practical sense, lends itself to someone with a ton of money or who never travels or who has a staff to handle many other things in life. It also relieves the companies we use of any responsibility of password control and security because by doing all of this we send a message to them that we would rather do it all on our own and even pay extra for it. Not that this is necessarily a bad thing but I dunno if my bank account with $50 in it and my rarely accessed but necessary Dell account is something I really need to have like gaurd dogs and bank vaults set up for. maybe it does, and maybe I'd be kicking myself if one of those DID lead to some compromising of my own world of credit or security, but that's maybe when I call on the services of some uncle named Vinny and go it on my own. ;)

Anyway, I have actually been in a fire, have lost data on that drive I cannot get into now (no one can without sending it to a data recovery place and spending coin so in a way all of it is safe until that day comes) and I have forgotten passwords to crucial accounts that took me many hours to recover with obtuse customer service people who dont believe I am me.

one of the most horrid examples of all of this in the reverse of everything we are talking about here was on a recent call to Verizon about my phone number at a vacation home we own in another state. I figured, on one lengthy day time ride to my mom's house with my baby for a visit, that I would call the company because someone told me the phone didnt seem to pick up calls so I wanted to see if there was some problem with my account or something.

CS would NOT give me ANY information even if I gave them my mother's maiden name and shoe size of my dead grandmother and her cat's nic name when she was a little girl! Nothing! nada! Turns out they have some newly enacted obscure and not so secure policy stating that one must quote the account number to the CSR in order to get past them on the call, and this is not just your phone number with area code, but the rest of the digits that appear on the bill!

WHO would know THAT unless you are sitting there looking at your bill at that moment!?!?!

I tried to explain again that I was traveling in a car, away from the phone, the house and the printed bill they mailed me, and that i may have written that on my last check but could not remember what it was. Sorry sir, no go!

It totally sucked. I was like, WHY would you chose THAT as the new stupid policy depictor!!! What happened to SSN and mother's maiden name, etc? Even my credit card uses that one! Nope! It's policy. (It's not necessarily right or logical, but we are a corporation so it's policy and we will not budge because WE think it is so)

But gawd, to check a small thing like "is there a problem with my bill?" is soooooooo simple! Like, why would this even matter? Can you at least tell me--if nothing else--if the account is OK? maybe it's a problem with the line so if the account is ok then i will know to go to repair, but if the account has some problem with it, then I will not spend time and money or a repair that is not needed. Sorry sir, nope! I cant tell you anything. ONe CSR even laughed!

I had called back 3x and was seriously frustrated. Besides this, the call hold time was BAD and LONG.

this was aggrevating and then as if some wind of change blew into the opened car window as I drove along, I recalled 3 of those digits from my paper bill! I told the next CSR these and she INSTANTLY gave me all the access I wanted! It was like... like a game to them! I was pissed off too but did discover that the billing was fine but there was a problem with the phone lines in that area, specifically affecting the houses near mine and including mine. I asked for a manager who was totally sympathetic and appolgetic to my angst and he and I chatted for some time. He then said that he agreed these rules sucked and that the CSRs should have also asked one more question that IS allowed but that they all seemed to have failed to do this: What is the ALTERNATIVE number you have listed on your account?

Oddly, it was my cell that I was calling them from so they were totally wrong! I asked the manager to kindly document this and he told me he could see those calls logged and would even take those reps aside for some further 'training." I asked him to fire them! 45 mins on the phone was stupid. he agreed. he then offered me some free service, etc and they are working on the lines right now. I actually told him, however, that I would rather the company just fix these problems and spend the money on training CSRs to deal with human issues and to understand real situations such as mine. And also to ask upper management and the suits to really reexamine what the heck they were doing in this sort of matter. He said he would try but he indicated in so many words that it would probably do not good in such a big company as theirs. He said I still get the money off so I thanked him and took the offer.

The fact is, your paper phone bill has these numbers printed on it.

ANYONE can find that in your trash or in your files at home or work. Dont matter. That's what the CSRs said was policy! See, they dont care if it is good, just if THEY say it is! IS THAT SECURE????? NO!

Verizon still only accepts checks in MA and VT and so I have to write them one from my checkbook, which I rarely do for anything else. (there's another security thang, btw)... You can even find the verizon acct numbers if you access an account online. Their big issue had been with customers whose wives or husbands split up with them but the person was making all these calls and then the other one had to pay for it but would call to complain. Sometimes it was a scam to get free service but they wanted to try to make it so only the right person(s) could call in on any given account. I then suggested that they do a little research on the culture of the customer. I have been with them for 5 years and have always been an over-paying customer but I have a small balance because this is a vacation home. Had they KNOWN their individual customers and taken some time out to be able to handle that kind of thing instead of just making blanket policies, they'd probably make more money on us all in the end.

Another problem I had was with Bank of America. They dont have enough people on staff as CSRs to take your calls. the bank denied a few charges I tried to make for XMASS gifts and while I appreciate the security alerts and "please call us to confirm this" notices from some automated call that I happen to have missed, it prompts you to call a number that keeps you on hold for like 30 mins! Every time I have ever tried to call BofA with this new credit card I have, it takes longer than that to get to someone. I once drove to a local branch (dont try to call a local branch cuz that too goes to the same line!) and when i sat with a manager, I shoved my credit card in her hand and gave her $60 in cash saying, your service sucks. Please pay my bill, send my card and money and ask corporate to get their act together.

I am about ready to cancel that card but have not had a moment to reorg my finances to do this--and re set my passwords in other areas revolving around it. I guess that would mean I'd have to burn a new CD this week, go to the bank in an armoured car and be escorted to my vault to replace the one that's in there now. then have it destroyed before it gets compromised. Wouldnt want someone to find out the pw to my old FTD flowers account now would I?

There HAS to be a happy medium, then again, maybe I should just check out as a consumer and go live in Fiji! (need miles to get there first)

;)MM


I thank those with such information and there will be many variations on it all, but seriously, there HAS to be a commonly used, easy to work with, practical but secure way. I guess I will have to invent one and spam you all with emails to buy my product?... hehehehe

Asking for you to provide your soc sec # over the internet sounds like identity theft to me.
We got the paypal email as well and it looked very authentic.
We also got a Citi post card recently stating our card may have been compromised and to call an 800# -- it looked suspicious as well...

Yes, good idea but later you mention storing things on CDs and that is something that can be lost/stolen/misplaced...

Thats just a storage (for Pictures etc..) Never for any passwords


Ok but there are still many companies and banks out there that pick their own passwords or log ins for you and you cannot change them ever.

I hate when they force a password on you. I dont have anything
at the moment that forced me to have their version of password.
If thats the only choice, I'd pick someone else.

I've seen many companies sending you password by email... and they've
heard nasty things from me :D


you would eventually have an issue with version control.

Nope! All my data stays on the hard disk(s) on the running
system. Only backup goes on the disks. Its either new data or
just a new copy. (you can also use a removable drive)
Immediate backup goes in the firesafe in the house. and
trip to the bank is whenever convenient.. nothing special.

I use "rsync" for nightly backup with all the preferences set
to my lining.. no need to worry about version control..
or overwriting data (never mind if you dont know what it is
.. its a useful tool on Linux./unix environment)

ANYONE can find that in your trash or in your files at home or work.\

thats why you invest in a good shredder and dont let anything
that has your name and address (plus any other information)
in the trash.


I guess I will have to invent one and spam you all with emails to buy my product?... hehehehe

I would know who the spammer is and I'd have some one knock on your
doors :D with a bill (charges for making me read all the messages :D)
(Yes you can do that..... )

With careful planning and some smart shopping, you can put everything
on auto pilot.. you dont have to worry about the routine stuff.. with
appropriate safe guards.
Only thing you need to worry about is earning more miles
from your next trip :)

Absolutely not true. Local police can/will investigate/prosecute credit card fraud. Most likely they won't though because the crime didn't happen in their jurisdiction. They will take a report. The USSS only gets involved in very large cases.

The Metropolitan Police Department in Washington, DC would NOT even write up a report for me and instead directed me to the Secret Service, which DOES in fact have jurisdiction over credit card fraud. Of course, they have quite a few employees in DC, too. I personally lost nothing, American Express did. A waiter in a local restaurant in DC took my credit card information and bought a computer online and had it delivered to my home while I was at work, waited outside the building, and signed for it and took off. The amount involved was $2,000, and the Secret Service did in fact investigate my case for several months, but never caught up with the perpetrator, who had quit working at the restaurant shortly after the theft and apparently also moved out of the area without a forwarding address. Probably, he moved on to another city to continue his scheme.

A waiter in a local restaurant in DC took my credit card information and bought a computer online

Out of curiosity, which restaurant was it?

To the OP - you must do the following to protect yourself:

1) Request a copy of your credit report and look it over for any accounts that are not yours. Also check the inquiries to see what companies have been looking at your credit.
2) Put a Fraud Alert on your Credit Files.
3) File a police report with your local P.D. and request the report # and a copy of the report.

You need to do these things to protect your credit. Someone has your info. Maybe they weren't able to open an account with AMEX but that doesn't mean someone else won't give them credit. When the bill doesn't get paid, the company will come after you. The police report will help back up your story. Don't delay.

I think this would be an overreaction. So far, the only "info." we know the bad guys have about the OP is phone # and email address. I'd bet that the OP can confirm from AmEx that there has been no application. The call and the email were just standard phishing, which the OP knew better than to fall for.

If everyone called the cops each time they faced a phish, it'd take 60 minutes to get through on the phone. Sure, the OP should keep an eye on the credit report, but that's all that's needed for now.

I'd bet that the OP can confirm from AmEx that there has been no application. The call and the email were just standard phishing, which the OP knew better than to fall for.

In fact, I thought he confirmed that there had been an application:

Holding a legitimate Starwood AX card I called back to the number on my statement, which referred me to new accounts - this time an office located in Utah. The agent there confirmed that an application under my name was received and also confirmed the reference # which matches the one I got by e-mail.

In fact, I thought he confirmed that there had been an application:

Whoa -- sorry, I didn't see that post.

Now I can't understand the scam at all. Why did the bad guys put in an app. in the first place?

Out of curiosity, which restaurant was it?

Palomino (adjacent to the Ronald Reagan Building), which is no longer in business.

* Report the crime to the police immediately. Get a copy of your police report or case number. Credit card companies, your bank, and the insurance company may ask you to reference the report to verify the crime.

Reporting the crime to the police will get you nothing other than a case number you can use to repair your credit. At least that is the case in Maryland. My SSN and work history were used by my ex-wife to obtain a 25K car loan without my knowledge. She admitted in an apology that she had done this. She canceled the loan, and all sent me all of the docs showing how she got the loan (the loan was even in my name). The Montgomery County Police said "a written confession not made in the presence of a police officer will not hold up in court" and then refused to even investigate the case. They simply gave me a form letter that listed my case # and the credit agency's contact info. I couldn't even get them to call her and tell her not to do that again.

With all of the concern over ID theft, if you are a victim you are on your own to repair the damage done and the thief is free to continue to victimize others.:mad:

Out of curiosity, which restaurant was it?

why complain? i mean you got miles for this, right?
tee hee hee

Reporting the crime to the police will get you nothing other than a case number you can use to repair your credit. At least that is the case in Maryland. My SSN and work history were used by my ex-wife to obtain a 25K car loan without my knowledge. She admitted in an apology that she had done this. She canceled the loan, and all sent me all of the docs showing how she got the loan (the loan was even in my name). The Montgomery County Police said "a written confession not made in the presence of a police officer will not hold up in court" and then refused to even investigate the case. They simply gave me a form letter that listed my case # and the credit agency's contact info. I couldn't even get them to call her and tell her not to do that again.

With all of the concern over ID theft, if you are a victim you are on your own to repair the damage done and the thief is free to continue to victimize others.:mad:

a cop friend, someone with a convincing phone voice that could sound like the DA or a burly NY cousin named Salvitore or Nunzio could help with "convincing her" of her mistake...

seriously!

so could keying her car or signing her up for tons of fake mail offers...

Would someone please explain this scam to me, since I just can't figure it out. I completely understand the phone call part, including the scammer's statements that he is from AX and that there was a rejected app. for credit under the mark's name. This the mark might find very alarming, and in the moment, the mark might divulge the cc and zip code info. in order to quickly solve the problem the helpful caller is working on.

But why actually apply for the credit with this approach? If the mark believes the scammer's statement that there was an application, then the actual application was superfluous. If, however, the mark doubts that there was really an application, then he is inherently starting to doubt the integrity of the caller. Then the mark hangs up, calls the real AX and the scam is blown. Also, the real AX might quickly contact the mark and explain the problem.

So, why the real application with this scam? I could understand the app. if the scammer were stalking the mark's mailbox and could retrieve the card. In combination with the phone call, however, it just makes no sense to me.

deleted misinformed response

There was no real application in the scam. It's bait to get more info. If the scammer gets that info, he uses it elsewhere for a different credit application, an "instant credit" application at a department store, or something else. I'm sure there are other possibilities besides AX.


That's what I thought at first, but see post #28 by the OP.

Sorry I missed that.

It looks like I just misread the OP's posts. I guess he believes that it really was AX on the phone. Thus, the only scammer activity was the application.

Would someone please explain this scam to me, since I just can't figure it out. I completely understand the phone call part, including the scammer's statements that he is from AX and that there was a rejected app. for credit under the mark's name. This the mark might find very alarming, and in the moment, the mark might divulge the cc and zip code info. in order to quickly solve the problem the helpful caller is working on.

But why actually apply for the credit with this approach? If the mark believes the scammer's statement that there was an application, then the actual application was superfluous. If, however, the mark doubts that there was really an application, then he is inherently starting to doubt the integrity of the caller. Then the mark hangs up, calls the real AX and the scam is blown. Also, the real AX might quickly contact the mark and explain the problem.

So, why the real application with this scam? I could understand the app. if the scammer were stalking the mark's mailbox and could retrieve the card. In combination with the phone call, however, it just makes no sense to me.

Based on what the OP has stated, my interpretation is as follows:

1. We know the call from the OP to AmEx was real, because the OP initiated it and called a number he knew to be valid.

2. Therefore, we know the email from AmEx was valid because it referenced the same app # (unless the scam is being pulled by an insider at AmEx which I consider a highly improbable theory, though not impossible).

3. Therefore, I also surmise that the initial phone call was truly from AmEx and not from the scammer, since that call led to the email which we know was truly from AmEx.

So, what does this add up to? An unsophisticated scammer sent in an actual app (whether using the victim's address or not - no one knows this detail as AmEx won't release it) in hopes of getting a card issued in the OP's name, and somehow, method depending on what address was used on the app, obtaining possession of that card.

All we know about the app is that it was filed in the OP's name, and probably SSN - whatever was on there was enough for AmEx to match it up to his existing real AmEx account and be able to call and email him. We don't know if the scammer used the OP's address, or another one. We don't know what the scammer put for phone numbers, employment, or if the signature is even close to the OP's.

It looks to me like a weak attempt to get credit in the OP's name, and luckily one that was easily thwarted.

...It looks to me like a weak attempt to get credit in the OP's name, and luckily one that was easily thwarted.

Yes, I agree. These scammers could use a refresher course at Scammer U.

Based on what the OP has stated, my interpretation is as follows:

1. We know the call from the OP to AmEx was real, because the OP initiated it and called a number he knew to be valid.

2. Therefore, we know the email from AmEx was valid because it referenced the same app # (unless the scam is being pulled by an insider at AmEx which I consider a highly improbable theory, though not impossible).

3. Therefore, I also surmise that the initial phone call was truly from AmEx and not from the scammer, since that call led to the email which we know was truly from AmEx.

So, what does this add up to? An unsophisticated scammer sent in an actual app (whether using the victim's address or not - no one knows this detail as AmEx won't release it) in hopes of getting a card issued in the OP's name, and somehow, method depending on what address was used on the app, obtaining possession of that card.

All we know about the app is that it was filed in the OP's name, and probably SSN - whatever was on there was enough for AmEx to match it up to his existing real AmEx account and be able to call and email him. We don't know if the scammer used the OP's address, or another one. We don't know what the scammer put for phone numbers, employment, or if the signature is even close to the OP's.

It looks to me like a weak attempt to get credit in the OP's name, and luckily one that was easily thwarted.

FOA, have been on the road and could not get onto FT until last night. Thanks all for your explanations and suggestions. Having to face such a situatio the first time, I learned a good chunk.

crhptic, you did outline the case exactly as it did unfold.

My next step will be now to file the police reports.

interesting