Category: Louse

EDITOR’S NOTE: This is a bonus guest post from SideShowBob233 thrown together after another run-in with a bank.

After hearing about another recent incident with a similar result, I wanted to share my story and my lessons learned from having my American Express account hacked. 

I woke up to a bunch of emails from AmEx showing my password was reset, my phone number was changed and there were some gift card redemptions.  Not a pleasant thing to see, but I had to get the kids to school so I had to put it off. The emails were hours old anyway, whatever damage happened was already done.  

When I checked later, I found the scammer had managed to reset the password on one of my personal Platinum cards, (because who doesn’t have more than one $695 annual fee card lying around under a pile of rakes?) get into my login, and apparently used chat to go to town (he – and I’ll refer to the scammer as he but it could have been a she as I’m all for equal opportunity scamming) seemingly had my 3 digit code from the back of the card and possibly my security word, but I’m not sure.  Below is a redacted (to protect the innocent, or in this case the mildly guilty) chat log of the scammer’s interactions with AmEx:

2 AM local time, SideShowBob233 is snoring loudly while sleeping in a room filled with rakes:

Amex chat: Hi Bob, please select one of these options, or in a few words tell me what you need help with.

Scammer: Hi. My name is SideShowBob233 (the 233 is my IQ). I want to request my pending points to be available. I want to use them right now. I make all my payments through Autopay and all my payments are on time. I also have orange hair.  

Amex: A Customer Care Professional will be with you shortly.

Amex: Hi Bob. This is Francis [likely not the Pope – but I wasn’t 100% sure]. I see that you are chatting to accelerate pending points.

Amex: Let me go ahead and review your account and also browse the internet while I make you wait.

Amex: Kindly verify the last five digits of the card in question and then when you last had sex

Scammer: 96969 and right now

Amex: Thank you. I am checking on it.

Scammer: Let me change that last answer as I’m already done 😬

Amex: Are you referring to the 69,420 points?

Scammer: Yes

Amex: I have accelerated pending points and it has been added into your reward points balance.

Scammer: Thank you kindly now can you help me scam some more?

Scammer: Can you help update my new office or business phone number on my accounts, cell number remains the same and I also want to use some of my Platinum card rewards balance and order 1 $69 egift card.

Amex: To update the number, I will help you to update it on the account.

Amex: Please share the business phone number you wish to add on the account.

Scammer: The online option does not seem to work, When I add the gift card to cart, the page keeps on loading

Amex: I kindly ask that you consider switching to a different browser, or alternatively, you may clear the cache, cookies, and browsing history of your current browser.

Amex: After doing so, please open a new tab and log into your online account once more; this should resolve the issue.

Scammer: I am not doing all of this right now. Can you just order it or I will try later?

[Note the angryish/insistent tone – red flag]

Scammer: XXXXXXXXX (his phone number – surprisingly NOT 1-800-SCAM-MER)

Scammer: This is the new business phone number

Amex: Do you have platinum card handy ending with 96969?

Scammer: I do

Amex: Perfect. To proceed, I will need to ask you a few security questions to ensure the process is conducted accurately on your account.

Amex: To protect your account security, please answer the following question.

Scammer: Submitted

Amex: To protect your account security, please answer the following question.

Scammer: Submitted

Amex: I have added the business number to the account.

Amex: I have ordered your $69 egift card. You will receive confirmation E-mail for the same and it will be available to use in next 4-24 hours.

Now some comments: 

The scammer seemed to have had to have both the 4 digit code on the front and 3 digit code on the back of my card.  Not clear how they got it as the card rarely leaves my house and in fact is almost never used.  It was replaced recently, which is how I am guessing it was compromised – but I am not more than 69.420% convinced that’s the case.  A swiper wouldn’t get the 3 digit code on the back but I guess if there was a camera there too, it could have.  The card was used in person exactly one time, at a Saks a few weeks ago. Did not see anything on the card reader and I was there a while; our family likes to buy stuff at Saks for some reason (might be the large clown shoes they sell).  

Now SideShowBob233 you say to yourself, again out loud while streaking through your backyard again because it’s the only way to talk over the voices you’re hearing in your head, how could you have prevented this?   I have some ideas only some of which come from the voices in my head. 

First, turn on two factor authentication in your logins.  I always avoided it and complained extensively in the few cases where AmEx forced it on me (My friends, neighbors and even random hobos near Dollar General can confirm my complaining).  No longer.  Yes, it’s a PITA but it would have kept the scammer out of my login.  Second, turn on 2FA some more.  If you don’t know how to do level two 2FA, what are you even doing with your life?  I mean come on dude.  

Also change your security word periodically, I don’t know if the scammer had mine or not, but mine was a word nobody would ever guess (not, it’s not rake, not even with a 69 after it), if they did they would have had to have gotten it from Amex rep when I called in the past.  It’s not something you’d know about me either.  P2 doesn’t even know it.  

Not many people are aware of it, but the AmEx card numbering scheme is very outdated, and there are not all that many unique numbers on AmEx cards.  Losing your card and getting a replacement number gives a very predictable result, both for the new card number AND the expiration date, meaning the 4 and 3 digit codes are the only things that are really secure once your card number is compromised.  This is likely what led to the tons of Facebook $2 fraud but who knows, maybe Zuck just needed a new island.  So if a number is compromised consider losing the card 2-3 times to randomize it a little bit (both the replacement expiration date and the last digit).  

My case had a (mostly) happy ending – AmEx apparently caught the fraud and invalidated the cards before I even called.  After uploading a DNA sample, stool sample, and Clorox wiping down my scanner, my accounts were cleared and I am now free to go back into the AmEx void to be scammed again.  My scanner still isn’t speaking to me though.  

– SideShowBob233

SideShowBob233’s two factor authentication (level two) helps protect lunch.

  1. Kroger has a 4x fuel points sale on third party gift cards other than Amazon starting tomorrow and running through Monday evening.

    And with Target resale rates recently returning to 91%+, I think it’s safe to say the major brand bulk gift card reselling market has healed from its Pepper burns.
  2. Blit Rewards* cut earnings on rent payments made with a credit card to 0.5x.
  3. Bluebird and Serve will be shutting down in June 2026, which gives you *checks notes* a full year to finish abusing them, ideally with five per social security number.
  4. Citi ThankYou’s reduced value cash-out for Strata Premier cardholders won’t affect those with linked Rewards+ or Double Cash cards in their ThankYou Points accounts. To link your Premier and another card to the same ThankYou Point pool, call 800-842-6596.

    Note that linked cards can be unlinked in the future, but it does weird things to points held in your account and may inadvertently cause points expiration depending on your card portfolio. To be safe if you ever unlink, make sure every card has earned at least one point in the last 18 months.

*The company gets too much undeserved press, so (1) I’m not linking them, and (2) quoting reader Jim’s sage advice “I don’t care what  the media says about me as long as they spell my name right.”

Blit Reward’s company kitchen shopping list.

Last Friday was best known because it was National Christina Day, but something a little less overt happened Friday, hidden in the noise of the National Christina Day parades: Chase shutdown some of its biggest manufactured spend abusers in a second round of purging about a month after the first round. This round of shutdowns appears to be for:

  • Floosies that accidentally or purposefully took advantage of bonus multipliers to the tune of at least a few thousand dollars
  • Churners who found their own ways to trigger bonus categories and did so with medium to heavy volume this year
  • People with large suspicious money flows in our out of their deposit accounts

The first two groups saw only credit cards close while deposit accounts were untouched. The last group saw everything closed. There are enough questions swirling around the churnosphere that probably the subject probably deserves answers beneficial to the whole commnity:

[Q]: What happens to your points when Chase shuts you down?
[A]: They stick around for 30 days unless you’re in New York, in which case it’s 90 days. In rare cases your points vanish immediately, but this is only when Chase suspects fraud or money laundering.

[Q]: Can I get back into Chase if I was shutdown?
[A]: It very much depends on the reason, and how you were shut down. Depending on the circumstance, it’ll be one of: you’ll never see another card again, you’ll be back in after five years, you’ll be approved for cards but they’ll be shut down in a month or two, or you’ll be back in 60-90 days

[Q]: Is there anything I can do to reverse the shutdown?
[A]: There are certain types of shutdowns like bust-out risk that can be overturned by the Chase Executive office. Unfortunately, this round doesn’t seem to be related to any of those types of shutdown, so for those affected in April and May the answer is probably no

[Q]: If Chase shuts me down, can I link new transfer partners in the Ultimate Rewards portal post-shutdown?
[A]: Yes

[Q]: Will pending points post after I’m shutdown?
[A]: Yes

[Q]: Do I need to worry about another round?
[A]: Probably if you know the details of what happened to trigger bonus categories and you had significant volume; otherwise probably not

[Q]: Should I self-shutdown preemptively?
[A]: I would if you were part of the bonus category shenanigans and you haven’t been axed yet

[Q]: Do I need to worry that I’ve maxed spend on my Chase Ink Cash cards at office supply stores?
[A]: No

Good luck, and happy Monday!

Next time: The story of how boomer-era Chase Manhattan Bank helped propel National Christina Day into the worldwide spotlight.

EDITOR’S NOTE: We’ve got two special characters in the title today, let’s see what fragile internet infrastructure chokes, you know, for science.

  1. United blocks some Star Alliance redemptions from its US members, but Roame discovered that switching your location in the web site’s header to another country, like, I dunno, Zimbabwe, opens up more award inventory.
  2. Yesterday Bilt added Southwest Rapid Rewards as a transfer partner, which can be interesting given Southwest’s double-variable award redemption pricing that occasionally pushes its value up to ~1.8 cents per point. For people that don’t think in US currencies, that’s a whole 0.8 cents more than a penny worth 1.0 cents per point.

    Side note: I’m often simultaneously both “annoyed at” and “awestruck by” Bilt. Something they’ve been really good at is staying in the news every month with Rent Day, and lately they’ve been good at staying in the news weekly or more with program changes, like JAL MileageBank leakage, adding student loan redemptions for certain loans, earning a point per dollar and paying a 3% for third party credit card rent payments. The card and its benefits are decidedly average and acceptable, so don’t let its marketing machine make you think it’s better than it is.
  3. Staples reportedly has fee-free $200 Visa gift cards starting Sunday and running through the following Saturday, limit nine per transaction.

    These are Pathward gift cards.
  4. Citi is devaluing transfers for the Rewards+ and Double Cash card on July 27:

    – JetBlue TrueBlue: 10:7
    – Choice Hotels: 10:14
    – Wyndham Rewards: 10:7

    Other cards are unaffected. This coincides with the Emirates Skywards devaluation of 10:8 on the same date, which unfortunately affects all cards. (EDIT: Thanks to Led for letting me know about the Double Cash too)

Have a nice weekend friends!

Bilt’s marketing versus reality, but as a chess set.

You’ve no doubt heard that Southwest announced they’d be moving from a mediocre product offering to a bad product offering yesterday because literally every news outlet, blog, skywriter, and mommy stroller affiliate site wrote about it. I tried to ignore it here, but instead decided to write a quick summary in iambic pentameter to keep it fresh:

On fares most cheap, a fee doth now descend,
for Wanna Get Away, a basic name doth lend.

Flight credits, once free, now swiftly fade,
yet open boarding’s chaos still we’ve made.

Elites and cardholders find some gentle aid,
yet still, no first class seats or distant shores are displayed.

Midway’s woes persist, a traveler’s plight,
even Spirit offers more comfort in its Big Front Seat’s light.

Rapid Rewards points now face variable fate,
their value shifting with each flight’s demand and date.

Sorry, even I feel dirty after that one.

When non-travel sites cover travel stories:
Do they mean that (a) Southwest will charge the bag’s battery, or (b) that they expect the bag to pay?

We have a lot of strange updates to slingshot us into the weekend, just like yesterday’s SpaceX Starship was slingshotted (slungshot?, slingshat?) to orbit:

  1. The next installment of American Express versus the Floosies dropped. In the new chapter, Chapter IV: That Time Maurice Posed in Duck Face, American Express blocked most floosie merchants, preventing charges from going through. This was made especially easy because the floosie merchants all shared some common traits.

    My opinion: The floosies are lucky that it shook out this way and that it wasn’t worse. I bet they’ll strike back though.
  2. The AA, Alaska, Delta, Southwest, United, Airline shopping portals have limited earn on giftcards.com purchases to the first $20,000 per rolling 365 days. Emirates, JetBlue, and Virgin Atlantic have limited earn to the first $2,000 per month. The curious case of another portal remains a curious case though.

    My takeaway is that giftcards.com orders through an airline portal should only happen when the bonus is 2x+, or when there’s a cumulative spend shopping bonus.
  3. Recurring American Express statement credits for airline incidentals, $200 Dell credits, $10 telecommunications, $10 GrubHub, $50 Saks, and $20 flexible business credits stopped posting for charges after February 17. Resy 10x and 15x bonus points stopped around the same time too. Don’t stress, it’s not you, it’s them. They’ll get it fixed eventually, this happens roughly every year.

    Dunkin, Hilton, Clear, Walmart+, and Resy restaurant credits remain unaffected.
  4. Office Depot / OfficeMax stores have $15 off of $300 in Mastercard gift cards through Saturday. Buy in even multiples of $300 for a bigger overall discount. Also, finally, something normal!

    These are Pathward gift cards.

Have a nice weekend friends!

Yes the duck face is real, and no you won’t find it here.

American Express shut down the accounts for a large number of churners yesterday. If you were affected, I’m sorry, that sucks and I hope you’re back with AmEx soon. What happened exactly? Let’s start with vitals:

  • Shutdowns happened between 1 PM and 5 PM Eastern
  • Shutdowns didn’t occur simultaneously, they were spread throughout the day
  • The Apple Pay early warning system didn’t work this time
  • Shutdown emails used the reason “accounts […] not being used for the intended purpose”
  • Applying for a new card after shutdown was instantly denied with the reason “previously engaged in abuse, misuse, or gaming”

Now, let’s talk causes. I don’t work at American Express so I can’t offer definitive evidence, but we have plenty of data points that all point in the same direction. Those say:

  • PayPal games didn’t cause this
  • Employee cards didn’t cause this
  • Referrals didn’t cause this
  • Back-button didn’t cause this
  • Lots of sign-up bonuses didn’t cause this
  • Fitness club history didn’t cause this
  • The floosies were a common denominator and probably came back to bite

Notes and lessons from American Express shutdowns in general:

  • You can’t add new transfer partners once a shutdown happens*, so add partners now
    *… unless you have an AmEx business checking account
  • You can only transfer 999,999 Membership Rewards per day per transfer partner
  • AmEx doesn’t close other players at the same address for guilt by association
  • You’ve got until the end of the day to cash out your points when you’re shutdown
  • If you cash-out with gift cards, only the physical ones work post shutdown
  • AmEx won’t refund annual fees for shutdown cards on their own
  • You can accelerate pending Membership Rewards points if you make a payment, call, and get lucky
  • Don’t trust the reasons for shutdown from commenters that weren’t part of the shutdown

And finally, my advice:

  • Shutdowns probably aren’t over yet
  • If you rank high on the floosie scale and aren’t yet shutdown, consider a sneak-attack-strike-back
  • If you end up shutdown and a rep tells you they can’t help you transfer your points, HUCA
  • If you have lots of posted charges and pending points, try and get them accelerated
  • Don’t forget about the arbitration clause for pending points that haven’t posted

Good luck out there!

A small post-shutdown brew to lighten the evening.

  1. Do this now: Register for double points at Choice hotels through April 7, but the offer is only good on up to four stays because how dare Choice encourage you to stay more than 4 times?
  2. Mastercardgiftcard.com has fee-free gift Mastercard cards with promo code MCGIFT.

    You can buy up to $10,000 of these per account per rolling 24 hours. Don’t use an American Express because it won’t earn points, and make sure you have an air-tight liquidation plan because these InComm issued cards have gotten difficult.
  3. The CFPB has effectively been shut down. Expect more on this later, but for now assume that no government agency will take action on your CFPB feedback from this time forward, and explore other options when you demand satisfaction.
  4. You’ve got until February 28 to finish earning AA Loyalty Points for the current elite year, and right now PointsYeah is offering 25 miles per dollar through the AA eShopping portal in case another 2,500 miles will make the difference for you. It didn’t for the CFPB though so there’s that.

How to recognize a churner in the post-CFPB world.