We're constantly warning you about the latest data breaches so you know what to watch out for. Especially breaches that expose critical credit card information.
Typically, criminals who steal credit card data use it to make fraudulent purchases. In most cases, after reporting the fraudulent activity, the victim is reimbursed by the credit card company. However, there is a new scam making the rounds that it's almost impossible to prove it's fraud.
How criminals are masking fraudulent purchases
What's happening now is, instead of simply making purchases with stolen credit card data, criminals have added a devious twist. The scammer uses stolen credit or debit cards to buy items like TVs, laptops and other high-end tech gadgets.
The twist is, instead of having the fraudulent purchases sent to the criminals' address, they actually have it delivered to the cardholders' address. The next day either FedEx or UPS shows up at the victims' house to pick up a package scheduled to be returned to the retail location where the item was bought. By doing this, the victim thinks that the package was sent to them in error and lets the delivery person return it.
The problem is, the return address isn't actually going to the retail location, it's to the criminals' address or P.O Box. When it's all said and done it looks like the victim made a routine purchase because the shipping address and billing address match.
By the time they realize their bank card has been charged, it's too late. When the victim reports the scam to the bank it's difficult to prove that the purchases are fraud because they actually had the items delivered to the cardholders' address.
How to stay protected from fraudulent delivery scams
With a delivery scam like this, the main thing that you need to remember is to never allow a package that you didn't order to be returned by a carrier. If you receive a package like this make sure to return it to the retail location in person so your credit card is reimbursed.
For this scam to work, the criminal needs to have the victims' banking information. Most likely they got it through a data breach. Take the following security steps to stay protected:
- Keep an eye on your bank accounts - You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when credit card data has been exposed through a data breach. If you see anything that seems strange, report it immediately.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Investigate your email address - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Beware of phishing scams - Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.