| Spam flooding to hide something even more sinister I came home and got on the computer, to find my inbox filled with spam. I mean really filled. There were tens of thousands of nonsensical emails there. Hidden among them was a couple of emails from Bill Me Later notifying me that a change was made to my mailing address. I did some more digging, and found two emails from Apple regarding orders that I had supposedly placed with them. At first, I thought they were scams, but after taking a closer look, they seemed to be the real deal.
The first thing I did was call Bill Me Later, who confirmed that there were two pending orders from Apple on my account, so obviously the two sets of emails were related. According to them, someone had called in earlier and had the address changed, after correctly giving them my date of birth and the last four digits of my SSN. They closed my account, and the part that really sucks is that I can never use BML again, since those two pieces of info are what they go by, and they've been compromised.
The second thing I did was call Apple to notify them of the fraudulent order. Unfortunately for them, it looks like they already shipped. One was a Macbook Pro, and the other was an iPad. It was supposedly being sent by me at an address that I am not familiar with, to someone I've never heard of at that same address. It turns out that I have an Apple account from when I bought my iPod several years ago, but I forgot I had it. I logged into it to make sure nothing had been changed there, and nothing had. Then to make sure, I changed my password.
Next, I called Comcast to see if there was anything they could do to stop my inbox from being flooded. They said they'd "open a ticket and send it to their security department" or something like that. Sometime after that, the flood slowed to a trickle, and eventually stopped completely, so I'm not sure if they were able to do something, or if it was just a coincidence. Then I spent a couple of hours cleaning the mess out of my inbox.
I logged into my bank account to make sure there were no unauthorized charges on my credit card, and there were none. I'm quite paranoid about that, because my card has already been compromised twice. Then I filed a fraud alert with the three credit reporting companies.
Anything else I should do? |
|
 SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:6
 ·RoadRunner Cable
 ·Clearwire Wireless
| That you were able to spot the billmelater emails is remarkable.
As far as I can see the fraud activity is centered on your billmelater acct.
Aside from closing the billmelater account I'm not sure there is much else to do. You've checked your banking accts for fraudulent activity - I suppose it would be prudent to say keep a close eye on it's activity although it is not connected with this event in any way shape or form. You've filed a fraud alert with the big 3 which is a good move.
Be aware that billmelater has a fraud reporting form located here
»www.billmelater.com/Docs/disputeform.pdf
note:"Please use this form if you are disputing a charge to your account. We must have your dispute in writing. This will enable us to begin researching and resolving it for you immediately.
Personal observations:
How do I change my User ID, Password or Secret Question and Answer?
To change your Password or secret question and answer, login and select "Manage Account > Change Password or Change Security Question". To change your User ID, you must call Customer Care at 1-866-528-3733 (7 days a week, 9am - 11pm EST).
"And Bill Me Later has been designed with other features to help protect against unauthorized use of your account. Your identity is validated with top-of-mind information such as date of birth and the last four digits of your Social Security Number. This means you never need to enter an account number to purchase, which could be lost or stolen."
A birthdate & last 4 of SSN is not a secure method of validating who you are with anything related to finances.
Supplying a birthdate & last 4 of SSN might be easy & convenient but let's not confuse convenience with security.
Their 2 separate things that are usually in conflict with each other.
I'm assuming the actor didn't get a password reset from billmelater customer services, just changed the address which means your online billmelater account had been compromised.
That would be the ideal situation from a security view.
*If* access to the online account was assisted by customer service intervention the site needs to re-evaluate itself from the ground up.
Anyway, good thing the email account associated with the billmelater account hadn't been compromised - that along with you actually catching the billmelater emails is what saved the day, great catch on the emails. 
|
|
garys_2kPremium
join:2004-05-07
Farmington, MI
1 edit | reply to TheWickerMan
I'd also let the cops in Fullerton GA know that a fraudulent shipment is due to arrive at that mail drop.
Edit to fix the state from CA to GA... |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | I agree, the delivery name and address is guaranteed to be a package reshipping mule. Based on that modus operandi and the contents, there is a better than 90% chance those items will be reshipped to Russia or former CIS the same day they arrive.
Though you are not responsible for the charges, I would make some effort to see that the cyber criminals do not benefit from this fraud transaction. Inclucding tracking down contact info for the recipient and alerting them, publish delivery specs if necessary. Sometimes the drop can be a commercial reshipping service. In either event, there will be a rush to get the products out of the country ASAP.
MGD |
|
garys_2kPremium
join:2004-05-07
Farmington, MI | It looks like a residential address. |
|
MGDPremium,MVM
join:2002-07-31
kudos:9
1 edit | said by garys_2k:It looks like a residential address.
Thanks, just noticed that:
La Tanya Fuller
7119 Green Valley Ln.,
Riverdale, GA 30274-3207
678-964-1004 = cell Metro PCS Conyers, Georgia
Looks like someone may have already intervened, probably Apple once notified of the billmelater reversal. Of course the recipient could have also notified to hold at terminal, and be instructed re-label for immediate same day export shipping.
Ref:»www.fedex.com/Tracking?cntry_cod···=english
Held at terminal could be an intervention, or part of the plan.
MGD |
|
garys_2kPremium
join:2004-05-07
Farmington, MI Reviews:
 ·callwithus
·Callcentric
| Well, if holding and redirecting it at the terminal is part of the plan, than Ms. Fuller may not be a mule. I'd figured her to be one of those people who fell for the "make money at home receiving packages" scams but with the hold that may not be the case. Perhaps her address was a purely random pick and the criminals never meant it to be delivered there. |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to garys_2k
said by garys_2k:It looks like a residential address.
Suspicious that Google only points to the dead end part of the street: »goo.gl/VhyZU I then checked the Clayton county, Ga property records. There is no 7119 Green Valley Ln., The last house on the left view is 7115. Therefore the plan all along was to hold the package at Fedex.
Maybe the criminals will try to get Fedex to export it directly. If my data is correct certainly no one can show with a valid ID for that address. Watch the package transactions, I also reduce my eastern Europe export to 65%. The rest of the mo is identical, however, packages are usualyy sent to the real addresses of mules.
The significance of this deviation is unknown, and could mean a different scenario. The mail bombing of the victim's account and sometimes even their telephone number is a hallmark of the original mo. There are even Russian providers who offer the mail bombing and phone number lock up as a service. They are advertised in the same underground forums as the Zeus and Black Hole Exploit kits.
MGD |
|
|
|
garys_2kPremium
join:2004-05-07
Farmington, MI Reviews:
·callwithus
·Callcentric
| Ah, then no doubt "Ms. Fuller" will call FedEx and have them redirect the package with stolen credit card information.
Props to the OP for digging the important emails out of the spam pile -- I doubt I would've had the patience to do so.
Good catch, too, on the address. I noticed the Google Earth "near miss" to the empty lot but didn't think anything about it. All part of the plan, I suppose, but maybe not a key part. They could even use a real address from out of the phone book, the actual owner would never be the wiser unless an investigator came to the door. |
|
MGDPremium,MVM
join:2002-07-31
kudos:9
2 edits | reply to garys_2k
said by garys_2k:Well, if holding and redirecting it at the terminal is part of the plan, than Ms. Fuller may not be a mule. I'd figured her to be one of those people who fell for the "make money at home receiving packages" scams but with the hold that may not be the case. Perhaps her address was a purely random pick and the criminals never meant it to be delivered there.
.
Yes all possibilities should remain open. Something strange is now happening with the package status, note the recent update:
MGD
EDIT = corrected image
Edit2= last update may indicate that the delivey address has now been changed. |
|
| said by MGD:[snip]
Yes all possibilities should remain open. Something strange is now happening with the package status, note the recent update:
[snip]
Edit2= last update may indicate that the delivey address has now been changed.
hmmm....
3:19 - On fedex truck for delivery
5:11 - Delivery Exception - Incorrect Address
»www.fedex.com/Tracking?cntry_cod···=english |
|
garys_2kPremium
join:2004-05-07
Farmington, MI Reviews:
·callwithus
·Callcentric
| reply to MGD
I'm not sure what this means...
Maybe they "correct" (overseas) address has been called in.
Edit:
JALevinworth beat me to it... |
|
| said by garys_2k:I'm not sure what this means...
Maybe the "correct" (overseas) address has been called in.
I was just wondering that too.
said by garys_2k:Edit: JALevinworth beat me to it...
Pictures are nicer though.
-Jim |
|
Reviews:
 ·SONIC.NET
 ·AT&T U-Verse
·Comcast
| In my experience it means they tried to deliver it, but the address doesn't exist. It looks like someone requested that it be held, but someone screwed up and put it on the truck anyway.
I've had something similar happen, only it was me not being home and having asked them to hold it so I could pick it up. It got put on the truck, which didn't get back to the facility until after the lobby closed. I was *FURIOUS* because I would be out of town for the next week, at which point it would be returned to sender. A couple irate phone calls to the customer service line later, I got a call from the facility night manager offering to let me in to pick up my package. The stories that guy told me about delivery screwups...
Unfortunately, since you're not the sender, there's literally nil you can do to affect that package, short of physically intervening, and even then, those trucks look like they hurt when they hit you. |
|
SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:6 Reviews:
·RoadRunner Cable
·Clearwire Wireless
| reply to JALevinworth
The help gif shows this info. |
|
| reply to TheWickerMan
Change your bank account to a new account number. Nothing has been drawn from your account yet, but it could happen in the future when you're not watching as closely. |
|
garys_2kPremium
join:2004-05-07
Farmington, MI Reviews:
·callwithus
·Callcentric
| reply to TheWickerMan
Ripe for the picking... |
Thoughts: The criminals saw that this was being watched and decided to drop it; someone screwed up and never called in the new destination address; someone really will be dumb enough to come and get it.
This would be a good time for the police to go over, pick it up and take down the information. I doubt they'd have time for that, though. |
|
| reply to garys_2k
The scammers don't usually re-direct packages from Fed-Ex because they would have to pay the extra shipping. Instead they e-mail the mule in the U.S. a used pre-paid USPS Shipping Label (and yes, USPS and FedEx and UPS don't cancel out the shipping numbers and the label can be used again for the same trip.
The unwitting mule receives stolen property purchased online with a stolen credit card, and then ships it overseas with a counterfeit prepaid shipping label sent by the scammer. It almost happened to me until I figured out what what going on, since the last thing an orphanage in Africa needs is a laptop computer and 5 channel surround sound system.
The hardest part was getting the stores to send me prepaid shipping labels so I could return all their stolen stuff instead of shipping it to Nigeria. And nobody cares. The local police said they couldn't do anything because they don't know that a crime was committed. Credit card companies didn't care when I called and gave them the stolen credit card numbers used to purchase the stuff, and the Secret Service never follows up when you report it. |
|
| reply to garys_2k
I wonder if this has something to do with it:
said by »www.fedex.com/Dropoff/LocationEn···ip=30354 :
Services:
Express(Hold at location), Ground, Package supplies available, Dangerous goods, FedEx Return System, Location accepts cash, Saturday service Saturday Hold at location for Express only
-Jim
2012-08-02 10:04:45 |
|
 pcdebbRIP dadkinsPremium
join:2000-12-03
Brandon, FL
kudos:5
·RoadRunner Cable
| reply to TheWickerMan
now it has been deemed undeliverable. I would hope that Apple intervened by this point
--
| map your city | |
|
