Category: Scam

MEABNOTE: I’ll be going on a blogging vacation at the end of the year and there won’t be any daily posts between December 15 and December 31, at least none from me. We may have guest posts during that period, but that depends on you sending me some. On January 1(ish), we’ll celebrate with the 2025 version of Travel Hacking as Told by GIFs.

I have an upcoming FlyingBlue award flight that I need to cancel. Sometimes you can do that online, but: (1) often the option isn’t available or errors out if it is, and (2) doesn’t work if you need to pay the cancellation fee with a different card than you used to book.

I fell squarely into the second category. I had booked a reservation in May with a card I don’t have any more because churning, which means I needed to call in to cancel. I looked at a trusted list of airline customer service phone numbers. I found the FlyingBlue number, typed it into my cell phone and called.

I’ve been through FlyingBlue’s customer service center plenty of times, and immediately a few things were off about the call:

  • The FlyingBlue jingle didn’t play (maybe they changed it?)
  • There was no hold time after dialing the number for reservations (weird, but it was very early in the morning in the European Union and late in the United States so maybe that’s why?)
  • The representative’s accent was really mild, and didn’t sound french at all (maybe a non-french employee?)
  • The cancelation fee quoted was incorrect (this happens with regular FlyingBlue all the time though, it works itself out with the automated system, so on brand)
  • The representative asked which website I used to book “for security” (I’ve never been asked that)
  • The representative asked for my credit card directly (FlyingBlue transfers you to an automated system for credit card entry)

The last one really made the alarm bells ring. I asked the representative about the automated system, and he told me that he can do it directly, there’s no longer a need for the automated system. Because we all have momentary lapses of judgement and I’m certainly not immune, I read the representative my credit card information. After that, he said there would be a 10-15 minute hold while he processed the cancellation. I was now convinced that this was a scam, but I confirmed I’d wait on hold.

I logged onto my bank’s website right away and locked the card. Right after that, I hung up the phone and within 30 seconds got a call from an “Unknown Caller”. I didn’t answer, then a minute later I got another, and another minute later another came in. Then again an hour or two later and once more an hour or two after that. At least scammers have good customer service when a call disconnects?

Now that I had a moment to think and investigate, I went through my call log to double check the phone number I’d dialed. At this point it should be no surprise – I had indeed made a mistake. I’d taken the “1-800-237” from the FlyingBlue phone number and then took “2262” from the Aeroplan phone number accidentally. CI had dialed the wrong number. It’s wild, but someone had anticipated this sort of mistake and set up a phone number to field calls from people like me.

My next steps:

  • Report my credit card lost/stolen
  • Double check for pending charges on the card (there weren’t any)
  • Change my FlyingBlue password, just in case
  • Turn on “Always Require 2FA” on my FlyingBlue account which really should have already been turned on

After all that I was in a position to cancel the ticket, this time for realzies. I dialed the correct FlyingBlue number 1-800-237-2747 (hyperlinked here so you can click it instead of typoing it) and was met with the FlyingBlue jingle and a hold. I waited on hold 15 minutes before I decided to deal with it tomorrow and hung up. At least the hold confirmed that I’d dialed the correct number the second time, hooray for holds or something.

The lessons:

  • Triple check reservations phone numbers, ideally click a hyperlink from a loyalty program’s app instead of typing it in manually
  • Know how to lock your cards quickly in case you didn’t do the above
  • Be ready and willing to bail on a call, ideally much earlier than I did

Good luck out there and happy Monday!

This one could be real though.

Introduction

I like to think I’m pretty good at spotting compromised gift cards; I’ve found and destroyed upwards of 1,000 over the last decade. In fact as far as I know, I’ve only actually purchased four compromised cards prior to last week. Then last week, my compromised card count increased by an eye-popping 25% (or 2,500 basis points because it sounds even bigger) when I bought a compromised Pathward Mastercard at Kroger.

Side note: I was already suspicious of that particular gift card because the security flap was too easy to remove, but the store had very low stock, I was in a hurry, and I was heading out of the country later that day, so I threw caution into the wind very stupidly. Don’t be stupid like me, and don’t be afraid to open a gift card in store and inspect it before buying it.

The Compromise

I opened the card in the parking lot, found a few clues that the card had been compromised:

  • The package was held together with super-glue
  • The CVV gummy was balled up
  • Removing the CVV gummy showed a scratched off code
  • The front of the card had four numbers scratched off

I know it may sound difficult to figure out that the card was compromised with nothing but those four clues, but luckily I did! So great.

When you have a compromised card, it’s a race against time to get it frozen and fixed before the card scammers are able to realize that the card was purchased and active, which is why it’s important to open and inspect cards as quickly as possible.

The Fix

I dialed the toll free number on the back of the card in my car at the Kroger parking lot, and I got stuck in Pathward’s automated call system. The system was repeatedly asking for a card number, and then hanging up on me after three failed attempts. I obviously failed every attempt because I didn’t have a full card number or CVV. Entering all 0s, 1s, or random numbers didn’t get me past the call tree, and neither did acting dumb and not entering anything either.

After a few frustrating minutes, I realized that another non-compromised Pathward Mastercard would have a valid number, so I got one of those and used its information, which got me through the automated system to talk to a human. The human was able to freeze the funds on the compromised card and issue a replacement by mail after looking it up using information on the barcode and about how it was loaded.

The Lesson

Gift card companies do their best to avoid talking to humans, and that means when a scammer scratches numbers off of cards, you may not be able to talk to a human when every minute counts. So, the point of this article:

On your phone, keep a list of gift card numbers, CVVs, and expiration dates for old, drained cards for every issuer and card type that you typically buy. Then, if you encounter a stubborn robot phone system, you’ll have quick information ready to get through to a human.

Happy Thursday!

Next up: Following the clues to decipher restaurant hidden messages.

NOTE: I’ll be going on a blogging vacation between December 18 and 31, during which there may or may not be any posts. But, we’ll ring in the new year on January 1, 2024 with the 2023 version of Travel Hacking as Told by GIFs though, so no need to be up in arms. What’s this “may”, you ask? I’m soliciting for guest posts and I’ll use those during the regularly scheduled newsletter. They should be non-sponsored, non-promotional, non-political, and at least travel hacking or churning adjacent. Please reach out to me if you’re interested, it’ll be the third easiest gig you’ve ever gotten!

In person manufactured spend has multiple potential points of failure, but the most silently insidious is buying a Visa, Mastercard, or third party gift card and discovering that it’s been tampered with after you’ve bought it. Time isn’t on your said when that happens because it gives the scammer more opportunity to drain the card before you’re able to act.

Most tampering scams require the scammers to check cards at least daily to see if they’ve been activated, so you’ve got an expectation value of a few hours time between when you buy the card and the moment that a scammer discovers it’s been activated. That means a stack of gift cards on your desk waiting to be liquidated has an increasing likelihood of issues, and a decreased expected net value over time.

The obvious takeaway? Open and inspect cards you buy immediately and liquidate as soon as possible (whether or not you’ve been scammed, but obviously especially if you’ve been scammed.)

Stay safe out there!

The rule also applies to this, err desert, the longer you wait between eating and the food exiting your system, the higher the risk to your digestive health.

  1. There’s a new offer for turning your American Express Platinum and Business Platinum Clear credits into a $75 Uber voucher. In the past you’ve only needed a new email address to get these to work even if you already have Clear, and I assume this time is no different.
  2. Meijer has a promotion for $50 off of $500 in many third party gift card purchases. This is the less lucrative version of this offer versus a straight discount, but still generally very lucrative. Notable exclusions are Apple and Amazon, and worthwhile inclusions are BestBuy and Home Depot. (Thanks to GC Galore)
  3. There are multiple reports in the MEAB slack and elsewhere that Mastercards from MyPrepaidCenter have been fraudulently drained since late last week, likely from a site-hack based on the data-points and given that the site was offline for much of yesterday. If you have any of those cards, I’d suggest you drain them as soon as possible, or at minimum double check the balances. If you have cards that were compromised you should be able to dispute the charges and get your original balance back, but it’ll probably be a slog.
  4. Check your email for a targeted offer from Discover bank for $100 or $150 bonus for brining either $10,000 or $15,000 in deposits into the bank by the end of September, and maintaining an average balance of at least that much through the end of November. The terms and conditions are here. (Thanks to 5 via MEAB slack)

A scammer liquidating a gift card.