I've received Two phones without ordering them

glyn_s

Because he placed the order, then changed the email address

even a dodgy fraudster wouldn't be so naive/stupid/idiotic/ as to order and then change email addy would he??????

RickD_2

glyn_s wrote: »

even a dodgy fraudster wouldn't be so naive/stupid/idiotic/ as to order and then change email addy would he??????

I've no idea. Thing is, the original crap that went on got stopped as I contacted Amazon about it. Only then about a month later did the phones turn up.
And the phones are crap, not something i would want to keep and i don't want to go through the hassle of selling them. If they want them back they will have to come for them, im not lifting a finger, or spending a penny. At the moment, they are just taking up space.

fernandes

Hi,

This is a really interesting thread and it shows a lot of people do know what to do in these situations, which is great. I work in an area of card payments for online Merchants that requires me to follow the patterns and behaviour of fraud very closely and I even have to deliver seminars about it (ulp!)

What everyone has said is broadly correct and certainly I would not sell the items until six months has expired. You could even place them with the police and file a lost/stolen report but this would start a new six month period wait but would give you maximum protection in the eyes of the law.

Just to give you some idea of the scale of the problem (since I also work in the areas of identity and address verification for mobile phone retailers) there are people out there who are actively trying every day to apply for up to 20-30 phone contracts using a single identity. Store to store, website to website. In this context, having a couple of phones wind up with you is not unusual, however if, as it sounds, the phones are sim-free purchases from an electrical retailer, then the intention (if not mistaken) is more confused.

On the Amazon matter, have Amazon given you any indication how your account was compromised? They are ultimately responsible for the security of your payment credentials. Have you ever completed any online form that purported to be Amazon (phishing)? Have you ever made a purchase on your Amazon account in a public location - an internet cafe or university? Rather than losing confidence in eCommerce, you should try to determine how your Amazon account was compromised to prevent the situation being repeated. There are many safe and secure online businesses out there.

In respect of the phone fraud itself, I'd make the following observations:

It is quite common for fraudsters to commit mass-fraud using identities that they have acquired and having access to your Amazon account with that detail (and possibly even a phone number, if I recall Amazon address details correctly) would be a perfect source of one such address/identity.

However, the use of these identities and addresses typically falls into one of several categories:

1. Using the address/identity to pass address verification for a credit card but shipping the goods to an alternate location.
2. Using the address/identity to pass address verification for a credit card AND shipping goods to that location to be compromised.
3. Simply using the address/identity for shipping to a location to be compromised.
4. Simply using a random identity while validating a card number for use elsewhere.

Though it is quite possible the fraudster, in copying and pasting details and committing hundreds of frauds, has got his addressing wrong, this is where I have a problem understanding the logic in this case, as each of those cases above seems (or at least I hope is) unlikely.

Reference above:

1. If we imagine that the Merchant has tried to avoid fraud by despatching to the billing address and not a requested alternate location, then if you say there is nothing on your card statements, then there would be no reason to use your address as a billing address. Unless, however, this is a new card or simply Merchant credit that has been obtained online with your identity. In this case the 'billing' address would be yours and the items have ended up with you as a precautionary measure by the Merchant. I would challenge them further for evidence of the payment method and billing address.
2. If the fraudster had intended to ship the goods to your address then if it is not a mistake (and even for a Fraudster, you might expect a little more precision in purchasing two Prada phones) there often is reason for them to believe they can compromise the goods. Since it is brazenly cavalier, this is the least common but also the most concerning as a victim. Is your mail at all accessible? Do you live a block of flats with shared access? Is it typical for parcels to be left outside anywhere that can be compromised? Has any of your mail already been compromised? Have you received all your regular bank or card statements? Have you seen any unusual increase in unsolicited mail? Is there any reason to think that your mail could be compromised?
3. See 2.
4. This is the least likely. Thousands of fraudulent credit card transactions are performed online every day simply to validate a credit card as usable and active in order to sell to criminals. However the value of such transactions is usually low and often for digital services (no tangible goods) such that the time to discovery is a lot longer than if an unwanted parcel were to land on your doorstep in a couple of days. Neither of these is true of this case, so it is almost certain this wasn't the behaviour here. Good credit cards and identities that are tested by fraudsters can be sold on to criminals for about 50 quid a pop, but if a chunk of the credit has already been used on these phones that card quickly loses its value to them. This idea is very unlikely.

Thus, the bottom line in my view is that credit (either in the form of store credit or a credit card) has been obtained on your address and the purpose of your address was simply billing OR your address was deliberately used for shipping in the knowledge the goods could be successfully removed.

Please think carefully and investigate if necessary which of those could be true. That should be your priority far away and beyond the future saleability of those phones. If you don't pursue how this has happened you may have left some window of opportunity that will continue to be exploited.

In an ideal world you would be able to pass the information to date to the police and see some action but since the credit card companies foot the bill of such activity and the police are sorely underfunded in this regard, you'll be lucky to see any action taken by the police.

It is one of my eternal frustrations and if I was anal enough I would write to politicians about it. For all the awareness programmes and advertising, there is just no attempt to control or prevent these fraudsters by the UK Police, it is underfunded and impossible to report. It's no wonder that its growing.

Only last month I dealt with a case where a series of identities were being used repeatedly to spend tens of thousands across hundreds of businesses. We even had consistent location reports about where the transactions were taking place that went back over a year. We had forged identity documents for foreign nationals living in England, the lot. I went to every police force in the land including dedicated teams in London and no one was interested.


Kind Regards

Rob

p.s. I noticed someone mentioned being a victim of identity theft and having trouble now obtaining credit. That should never be the case. I have been a victim myself - I was mugged, had my paper drivers licence stolen and used the next day to open store credit and spends thousands (this is one reason why I dispute with anyone, police included, the need to actively carry your driving license). Upon reporting this, I had all costs refunded and was put in touch with CIFAS who registered me as high-risk, which means you DO NOT fail credit checks but that any request for credit is routed via them. This does take longer and prevent any automated online applications for credit but it is for your own protection for a period of years and certainly is not a reflection of having bad credit or real problems in getting it.

RickD_2

fernandes wrote: »

I would not sell the items until six months has expired.

Yeah, i figured as much. Im not that bothered about selling them, i just want to do something with them so they aren't taking up space.

fernandes wrote: »

On the Amazon matter, have Amazon given you any indication how your account was compromised?

None what so ever. I haven't used them for a long time. Infact the last time i used them was to buy a present for the missus through Amazon market place for Xmas 2006

fernandes wrote: »

Have you ever completed any online form that purported to be Amazon (phishing)?

No, nothing. I had forgotten about Amazon until i received the emails.

fernandes wrote: »

Have you ever made a purchase on your Amazon account in a public location - an internet cafe or university?

No, Never.

fernandes wrote: »

Rather than losing confidence in eCommerce, you should try to determine how your Amazon account was compromised to prevent the situation being repeated. There are many safe and secure online businesses out there.

The problem is, i have no faith in them or others. Simply because they would never let you know if they had been compromised. I had a lot of trouble with Ebay because someone put up a load of auctions in my name without compromising my account - Ebay knew about this and the guy was able to do it at will to anyone. But they never let anyone know about it

fernandes wrote: »

It is quite common for fraudsters to commit mass-fraud using identities that they have acquired and having access to your Amazon account with that detail (and possibly even a phone number, if I recall Amazon address details correctly) would be a perfect source of one such address/identity.

But what can they do with just a name and address?

fernandes wrote: »

However, the use of these identities and addresses typically falls into one of several categories:

1. Using the address/identity to pass address verification for a credit card but shipping the goods to an alternate location.
2. Using the address/identity to pass address verification for a credit card AND shipping goods to that location to be compromised.
3. Simply using the address/identity for shipping to a location to be compromised.
4. Simply using a random identity while validating a card number for use elsewhere.

I've no idea to be honest. I've had no mail compromised, nothing has been regestered against my address

fernandes wrote: »

Though it is quite possible the fraudster, in copying and pasting details and committing hundreds of frauds, has got his addressing wrong, this is where I have a problem understanding the logic in this case, as each of those cases above seems (or at least I hope is) unlikely.

Reference above:

1. If we imagine that the Merchant has tried to avoid fraud by despatching to the billing address and not a requested alternate location, then if you say there is nothing on your card statements, then there would be no reason to use your address as a billing address. Unless, however, this is a new card or simply Merchant credit that has been obtained online with your identity. In this case the 'billing' address would be yours and the items have ended up with you as a precautionary measure by the Merchant. I would challenge them further for evidence of the payment method and billing address.
2. If the fraudster had intended to ship the goods to your address then if it is not a mistake (and even for a Fraudster, you might expect a little more precision in purchasing two Prada phones) there often is reason for them to believe they can compromise the goods. Since it is brazenly cavalier, this is the least common but also the most concerning as a victim. Is your mail at all accessible? Do you live a block of flats with shared access? Is it typical for parcels to be left outside anywhere that can be compromised? Has any of your mail already been compromised? Have you received all your regular bank or card statements? Have you seen any unusual increase in unsolicited mail? Is there any reason to think that your mail could be compromised?
3. See 2.
4. This is the least likely. Thousands of fraudulent credit card transactions are performed online every day simply to validate a credit card as usable and active in order to sell to criminals. However the value of such transactions is usually low and often for digital services (no tangible goods) such that the time to discovery is a lot longer than if an unwanted parcel were to land on your doorstep in a couple of days. Neither of these is true of this case, so it is almost certain this wasn't the behaviour here. Good credit cards and identities that are tested by fraudsters can be sold on to criminals for about 50 quid a pop, but if a chunk of the credit has already been used on these phones that card quickly loses its value to them. This idea is very unlikely.

I Don't live in a block of flats or anything like that, just a house with a letter box.

I honestly don't understand why my address has been used at all. The card linked to the Amazon account was expired - I certainly haven't seen any charges or suspicious activity on my credit report, or increase of junk mail or any other mail for that matter. I am on the mailing prefence list though.

Do different credit agencies hold different information on you? if so, which is the best to use? I've been using annualcreditreport.co.uk for watching out for mine with a monthly subscription.

Thanks for your advice Rob

lapat

just a quick response to this

a friend of mine had something similar recentley only it was high priced watches that were being bought in his name and address with new cc's the fraudsters had managed to get and the only reason they got caught was the postie was in on the scam and he was off sick and the watches were delivered to him and he questioned it with the sending company.

aparantley they had over £100k's worth of watches from about half a dozen retailers for over 20 different addresses they only managed to get the postie though

Iom-rf

gaming_guy wrote: »

just thought i'd better say running 2 firewalls is a bad idea because they can conflict with each other and cause other problems

I've got a firewall on my router and a software firewall on my pc, no conflicts although should be safer...

To the OP, I'd send them back to wherever they came from, chances are they've been bought using other stolen details and he accidentally delivered it to your address (or perhaps he was trying to be smart and sent them to your address so you looked in on the act.........)

RickD_2

lapat wrote: »

just a quick response to this

a friend of mine had something similar recentley only it was high priced watches that were being bought in his name and address with new cc's the fraudsters had managed to get and the only reason they got caught was the postie was in on the scam and he was off sick and the watches were delivered to him and he questioned it with the sending company.

aparantley they had over £100k's worth of watches from about half a dozen retailers for over 20 different addresses they only managed to get the postie though

The postie tried to deliver these to me, but could so i got a card through the door and had to go and pick them up.

Plus, it would be a bit of a stretch for the postman to hack my Amazon account to order some phones, then try and deliver them.

To the OP, I'd send them back to wherever they came from, chances are they've been bought using other stolen details and he accidentally delivered it to your address (or perhaps he was trying to be smart and sent them to your address so you looked in on the act.........)

But the whole point of this being if i wanted to return them to send them back and pay for the return shipping to France .

gaming_guy

Iom-rf wrote: »

I've got a firewall on my router and a software firewall on my pc, no conflicts although should be safer...

i have the same setup as you, but i was talking about running 2 software firewalls