Former credit card thief spills the beans on his former profession and how he plays it safe today: Internet Scambusters #435
Inside information from a reformed credit card thief shows how
crooks get their information by harvesting email addresses and
buying stolen numbers to use on forged cards.
He told the online credit card news and information site
CreditCards.com how he did it and provides useful information
on what he himself now does to safeguard his own cards.
Fortunately for him (and us!), he got caught, changed sides to
help the Secret Service, repaid his victims and, as this
week’s report demonstrates, agreed to help others avoid
falling victim to the crime.
But first, we urge you to take a look at these top articles
from our other websites:
Simple Ways to Save Money on Insurance: If you’d like to save money on insurance – and who wouldn’t? – read these simple tips that won’t preclude you from maintaining excellent coverage.
Top 5 Myths about Aging: You are only as old as you think you are as these myths about aging will demonstrate!
Chocolate Gum: Two Great Candy Concepts Combined! Explore the world of chocolate gum for a great way to get your daily theobromine fix.
Home Remedies for Back Acne – Easy and Inexpensive: Here are three winning combinations for getting rid of back acne, just in time for warm weather.
And now for the main feature…
Credit Card Security Tips — from a Credit Card Thief!
A former credit card thief has confessed online that the
crime, which rakes in more than $500m a year in the US, is
“ridiculously easy” to commit.
Using stolen numbers that cost $10 to $50 apiece, Dan
DeFelippi manufactured genuine-looking credit cards from
blanks, programming their magnetic stripes, and used them to
buy hundreds of thousands of dollars worth of merchandise at
stores, which he then sold online.
He was part of a loose network of crooks who, according to
recent research by leading ID theft surveyors Javelin
Strategy, account for around 4.5 million credit card fraud
victims in the US alone every year.
Since being convicted in 2004, the ex-credit card thief has
spilled the beans on the murky world of credit card fraud,
even working with the US Secret Service to train agents and
expose the workings of online hackers and fraudsters.
Now a website developer in New York, he recently told his
story to the online credit card comparison and news site
Starting out as a teenage hacker, DeFelippi progressed to
selling bogus IDs at college, realizing how easy it was to
discover individuals’ personal and confidential information.
He used software that harvested email addresses from specific
age groups and locales, then bombarded them with messages
pretending to be from the likes of AOL and PayPal, saying their
credit card details had expired.
Inevitably, these phishing messages contained a link to a
bogus page asking victims to re-enter their details.
“It’s kind of scary how much information I could get,”
DeFelippi tells CreditCards.com.
But he admits it’s more difficult these days for a credit card
thief to get information this way because many card users have
wised up to this spoof.
It was simpler and quicker to buy credit card numbers from
crooks who hack computers, set up bogus online stores selling
non-existent goods at bargain prices, “skim” the numbers from
ATMs, or simply steal them at restaurants or from documents.
We covered the “art” of skimming in a recent Scambusters
report, Gas Pumps Targeted in Latest Card Skimming Scam.
To give some idea of the scale of this crime, in March this
year a British teenager was sentenced to five years behind
bars after being convicted of setting up an online forum that
bought and sold hundreds of thousands of credit card numbers.
The site even offered software and tutorials on how to steal
and use the information.
Armed with such numbers, DeFelippi says, it was a cinch for
him to produce cards. Anyone with $100 and a computer could do
it, he claims.
So, what’s his advice to the rest of us to help cut the risk
of becoming victim of a credit card thief?
Well, here at Scambusters we’re previously provided some
useful tips that are worth checking out again.
DeFelippi thinks the most important credit card security
action is to frequently check your online accounts.
Once a month just isn’t enough because, if your number was
stolen early in the billing cycle, the account could be maxed
out before you even look at it.
If you have teens-and-twenties in your household, make
particularly certain they do the same. According to the
Javelin research mentioned earlier, this is the age group
least likely to check their online accounts.
The former credit card thief says he now uses the free
services of Mint.com, which is owned by the financial software
company Intuit (producers of TurboTax, Quicken and
QuickBooks), to monitor his accounts for credit card fraud
The Mint site pulls together all your online financial
information into a single location, making it easier to review
and spot signs of credit card theft.
If you visit the site, you’ll see that Mint, which claims to
have 5 million users, stresses it can’t be used for
transactions, only monitoring, and that it uses bank-level
data security to protect your information.
We have no information, one way or the other, on the
reliability of this site.
DeFelippi also advises:
Checking your credit report at least a couple of times a
year to make sure you’re not a victim of ID theft. You can do
this for free, once a year, for each of the three credit
reporting agencies. See this Scambusters issue, Can You Really Get a Free Credit Report — Without Getting Scammed? for the
scam-proof and free way of doing this.
Do your online shopping with reputable established sites.
Otherwise, thoroughly check out companies you don’t know or
haven’t dealt with, looking for others’ comments on their
In particular, don’t be tempted to buy merchandise from an
email that came from a person or company you don’t know, no
matter how much of a bargain it seems.
Double check that any page on which you’re about to give
your card details is secure — that it has “https” at the
start of the address (the “s” is the security indicator).
Remember that when you’re online, you’re moving data backwards
and forwards. If you’re using an open wireless network, assume
it’s not secure and that you could be vulnerable to credit
Invent your own answers to the security questions many
financial sites now use. Don’t use the real information. That
way, nobody will be able to guess or research it.
(Of course, you’ll have to make sure you can remember the
answers you gave!)
Use the same ATM for all your cash withdrawals. You’ll get
to know the machine and therefore more likely will spot if
anyone has tampered with it.
Bank locations are less likely to be vulnerable than
convenience stores or clubs, he suggests.
Like us, you might be wondering how DeFelippi got caught. It
happened at a Best Buy store he visited with a friend. The
accomplice presented a phony driver’s license, bearing his
real photo, as proof of ID.
When the store manager swiped the bogus credit card, he got a
“Call For Authorization” message back from the card company,
which had become concerned about activity on the account.
Realizing something was wrong, the pair made a hasty retreat
— leaving the license with its incriminating photo behind.
It’s probably the best thing that could have happened to
DeFelippi. Realizing the error of his ways, he struck a plea
deal to pay $200,000 restitution to his victims and to do
community service, instead of going to jail.
You can read his full interview: Secrets of a former credit card thief.
He’s also done us all a big favor by agreeing to tell his
story. For once, we might say, it’s good to encounter a credit
That’s all we have for today, but we’ll be back next week with
another issue. See you then!