Brazen credit card thieves steal account information from consumers by posing as trusted vendors online and in person, according to reports from both the United States and Australia. Security researchers have long known about "phishing" operations that spoof the identities of well-known companies, such as banks and online subscription services. However, a new twist on phishing uses fake delivery personnel who swipe the credit cards of unsuspecting victims in person, at their offices.
Investigators in the coastal Australian town of Lennox Head still search for clues in a skimming caper run by a fake company called "The Christmas Club." According to a report in the Northern Star, the fraud ring set up a realistic website for a holiday gift basket company. Then, investigators claim, the ring called local business owners, encouraging them to review details of special gift deliveries they may receive during the holiday season.
A courier with a gift basket in hand arrived at one victim's location, claiming that the victim need only pay a $4.50 delivery fee. Having seen the website, the victim's wife handed over their Citibank MasterCard. The courier swiped the victim's card through what appeared to be a mobile point of sale terminal. Days later, the victim learned about a $1,000 cash advance made with a cloned card at an ATM about seven miles away.
While this kind of in-person phishing remains rare, security researchers continue to track the more prevalent online scams that convince consumers to hand over account details. Internet service provider OpenDNS released findings from PhishTank, its community resource for tracking and reporting phishing incidents. According to December 2011 data, criminals have focused their attention on impersonating airline credit card issuers and frequent flier programs. Deloitte's UK division studied the increase in travel related fraud in 2009, citing the ease of reselling airline award vouchers as a potential lure for fraud rings.