Tuesday, November 22, 2005 ... Deutsch/Español/Related posts from blogosphere

How they stole $2800 from my account (for a while)

One month ago or so, I did a very stupid thing. A few hours after I wrote one of my reviews at amazon.com, I received an e-mail inviting me to

(looks good, does not it?) and asking me to update my debit card number and so on to improve the community and so forth. Convinced that it had to be related to the review - that is only posted quickly if amazon.com recognizes your "real name" through your payment card - I did not hesitate and decided to get rid of the paperwork as soon as possible and defend my priviliged status at amazon.com. Of course, I am getting roughly 5 phishing e-mails per day but this one was special: it got me. ;-)

After opening a page that looked just like at amazon.com, I entered my credit card number to the fraudulent website, and to show how really stupid I was, I also filled out another page with the social security number. (Please don't annoy me much with the messages about the credit history. I don't intend to borrow anything and I don't care.) Incidentally, the server was located in Thailand, not China, where the page was redirected through Germany. It was very easy to find out many other details about the website one month ago.

Eventually I decided to do nothing about it - just increase the frequency of verification of my account a little bit. Last Saturday in the morning, a few hours before our trip to Connecticut (Harvard defeated Yale but we did not actually see the game), I randomly opened my online banking to see the following nine pending transactions:

  • CHECKCARD 11/18 HATTICK CARLOW [Learn more] $57.98
  • CHECKCARD 11/18 HATTICK CARLOW [Learn more] $28.01
  • CHECKCARD 11/18 HATTICK CARLOW [Learn more] $91.40
  • CHECKCARD 11/18 HATTICK CARLOW [Learn more] $28.01
  • CHECKCARD 11/18 HOLABIRD SPORTS 410-687-6400 MD [Learn more] $2,415.00
  • CHECKCARD 11/18 IMCBILL.COM UITGEEST [Learn more] $117.67
  • CHECKCARD 11/18 ORANGE FRANCE 92CHATILLON [Learn more] $1.79
  • CHECKCARD 11/18 PAYPAL *FRONTRANGEW 4029357733 NE [Learn more] $49.99
  • CHECKCARD 11/19 IMCBILL.COM UITGEEST [Learn more] $29.42

Very nice. It was immediately clear what was going on, so I went to my bank at 9 am to disable my debit card and apply for a new one. What are the payments?

First of all, the first four payments go to "Hattick Carlow". Google returns no hits whatsoever for this pair of words (is it a name or an Irish city? Hattick is usually a misspelled Hattrick) - not even without the quotation marks if the words are looked for separately. Although these four payments were made before the checking account was overdrawn, I could not imagine why VISA would confirm a payment to a non-existing subject Hattick Carlow when the debit card is disabled.

The important transaction was of course the middle one - 2415 dollars - spent in Holabird Sports. So I called the shop in Maryland - the telephone number is written in the statement. A pleasant woman picked the phone after 1 second, and explained me that the money is not gonna be charged because they realized that the name did not match (most of the fraudulent guys really don't seem to be rocket scientists) and moreover they don't sell shoes for $2415. I have probably never had such an efficient telephone conversation with an American. Great.

Two more payments - $150 in total - go to


If you Google for these two words, you will get four hits and all of them go to seventeenlive.com in the Netherlands. It is probably a very nice website. So I wrote them an e-mail and a woman replied something like: if you really had nothing to do with us, you could not have found us. :-) I patiently and politely explained her that the purpose of the letters in the online statement is exactly to allow the customers to contact their company, which is what I did. She immediately became reasonable and told me that the customer who used my debit card did not use my name either - although I explicitly gave the guys both my credit card number as well as my name - but they were probably ashamed of it or they were not ready to answer the questions what kind of name it was. ;-) So the seventeenlive.com transactions were also canceled, I was promised, although the BankOfAmerica page was showing all nine pending transactions since Saturday till Monday night.

Well, it's hard for many people to become successful criminals if they're complete morons. Boys: if you read these lines and if you planned to become successful criminals, I recommend you to change your mind and ask your parents to spank you properly (so that this part of your body becomes really bloody) because your plans can't work. It's because the content of your skull - both moral values as well as intelligence - resembles the generic content of a restroom.

There is also a $2 payment to "Orange France 92Chatillon" which may be in France, but I don't care much. Finally, you see $49.99 for "paypal frontrangew*". After a short investigation, I am convinced that the $49.99 payment is the annual fee for discounts in a tool warehouse in Colorado but these guys have not responded to my e-mail. This item had the highest risk of being posted as it became increasingly clear.

At any rate, some people become completely mad when a slightly unexpected $10 fee appears in their statements. For me, this $2800 story has so far been a non-event. With all the security features, zero liability, free overdraft protection, online banking, phone numbers to disable the debit card - I just feel that these phishing guys and their friends - whatever is the structure of their organized international crime - are not my serious competitors.

Do you have a theory how this system works? How do the people - apparently people at many different places - get the credit card numbers from the phishing website administrators? Do they have to pay for it? Do they have to pay just for the opportunity to become unsuccessful criminals? I just can't understand this stuff. The "webmaster" can't be complete idiots - but it would be hard to say the same thing about the guys who get the debit card numbers afterwards.


So how does the situation with the fraudulent payments look like on Tuesday? As expected, Hattick Carlow has disappeared completely, much like the $2415 shoes (my theory is actually that Hattick Carlow made the four "tests" and when everything worked, he tried to buy shoes for $2400.) The seventeenlive.com payments have been posted (four of them) but I also received a refund (except for 10 cents or so which I will give them for their constructive approach). Orange France has been posted and it became

  • CHECKCARD 1119 FTM SMS WEB CHATILLON $1.79 (plus another $0.05)

which is slightly more informative. Frustratingly enough, the FrontRangeW(arehouse?) $49.99 has been posted and I have initiated the complaint to get this money back, together with $1.84 for "Chatillon".

OK, so is it a disaster when such a thing happens? No!

Actually I feel much better when simpletons like these ones are trying to steal my money because it is rather likely that they will lose, especially because all the corporations that I like and trust stand on my side. When I face government bureaucracy or something like that, my feelings are much more dim and less optimistic. ;-) When you tell me that I should only give my data to the people whom I trust, let me emphasize that I was forced to give my data to so many people whom I don't trust that the phishing guys are just another addition to this gallery.

Well, this was a story why I like VISA payment cards more than the U.S. VISA, for example. :-)

Wednesday - update

Well, eventually "Hattick Carlow" ($205) was also posted. However, it was renamed to "Hattrick Gibraltar". It was much easier (although not trivial) to find "Hattrick Gibraltar", and it turned out to be the company whose website is at hattrick.org, not hattrick.com = hattrick.co.uk, even though Gibraltar is a British territory. A virtual soccer game. The director whose contact I eventually received from some other folks at the Victoria House, 26 Main Street, Gibraltar, is a very nice person. I guess that you don't have to pay much taxes there if any. I am thus not afraid that the company will go bankrupt because of the refund for me. :-)

We had some interesting philosophical debates about the poor countries - such as Africa or at least Yugoslavia - who may have made some shoppings. It is likely that a player at hattrick will lose a team he cares about - just because of the detail that he is connected to the international crime. Poor guy. :-)

Thursday update: Johan, the CEO of Hattrick, informed me that "Sir Johnsson Baccardi" :-) - apparently based in Romania - has used my old card to "buy" a set of nice green T-shirts and one blue baby T-shirt - but he did not offer a delivery address. However, he did buy 2 x 200 SMS credits.

On Wednesday, I also received the new card from Bank of America to replace my previous gold check card. What material is good enough to replace gold? Right. It is a platinum check card. ;-) Besides the total protection, it also has "price protection". When I buy something using the card and see an advertisement of the same product in press that seems cheaper - up to 60 days after the purchase, they will reimburse me up to $250. It is unlikely I will ever use it, but at any rate, it looks amazing. On the other hand, Bank Of America charged me twice $19 of overdraft fees which should obviously never happen with my type of account, and they promised me a rebate (after Thanksgiving).

Add to del.icio.us Digg this Add to reddit

snail feedback (0) :

(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-1828728-1', 'auto'); ga('send', 'pageview');