Monday, November 23, 2015

Cunning payment card fraud, or just a random glitch?

I have a strange tale to tell. I am sharing it here because I honestly don't know if it represents a simple computer glitch on the part of a bank or payment processor, or it it represents a breakthrough in payment card fraud. I have intentionally kept the dates and amounts approximate rather than exact, and am not doxxing the other party in this event, but otherwise what follows is a reasonably detailed sequence of events.

In early September, a charge I did not recognize appeared on my Chase credit card. I figured my card number had been taken in the latest Point of Sale card breach, so called Chase to report the fraudulent use. I expected they would identify it as fraud, close my account, and issue me a new card, as has happened 3 or 4 times in the past few years.

As I have written before, this type of fraud doesn't really bother me much - it's a bit annoying, but I've taken a few steps to limit any real consequences to me. This guide to financial fraud prevention explains what I do, and what I recommend my readers do too. By purchasing with credit cards and never debit cards, setting up transaction alerts by email or text message, and keeping a fraud alert on my credit report, I ensure that any card fraud is the bank's problem and not my problem.

Today's tale begins with an aforementioned transaction alert.

Tuesday, November 17, 2015

Schlotzsky's: Funny name, serious sandwich, poor privacy

I had a hankering 4 @Schlotzskys. Then I remembered the loyalty app demands too many perms. Guess I'll have to settle 4 a lesser sandwich...

When I began writing this post, I did not know how it would end. My hope was it would become a story of a privacy issue acknowledged and a restaurant modifying its customer loyalty app to respect its customers' privacy. Thus far, 5 months after initially reporting this, the Schlotzsky's "Lotz4Me" mobile loyalty app remains an egregious invasion of privacy beyond any loyalty app I have seen in the past.

Those not from the Texas may not recognize the name Schlotzsky's. For that matter, you might not even know how to pronounce the name. That's OK. The chain that originated in downtown Austin makes a fantastic hot sandwich on fresh sourdough buns. Since the first restaurant opened in 1971, the chain has grown to some 350 locations - mostly in the southern and southwestern US (well over half are in Texas).


They are great at making food.

They are not so good at choosing digital products.

Wednesday, November 11, 2015

Free Disney World Tickets? Nah, it's another Facebook scam (Part 2)



Some of this article appeared on this blog a few weeks ago; it has been updated with more examples, as well as some investigation into the possible motivations for such scams.

Disney is giving away hundreds of tickets to Disneyland and Walt Disney World! All you have to do is like a page on Facebook and share it with your friends!

Or not.

My friends and family know I am in the cyber security field, so often ask me questions or send suspicious things my way for my opinion. And occasionally, they send things my way not realizing they've been hooked by a scam. The week before Halloween a friend shared what appeared to be a drawing for Disney theme park tickets. At the time I grabbed a few screen captures and pointed out a few things that led me to believe it was a scam, but left it at that.

In the time since then, I've seen about a half dozen similar scams and figured perhaps it's time for a more thorough discussion of what is going on, as well as possible motivations for the scammers.