Hmm. Could it have been the Target exploit?
Browsing my Amex records today, total coincidence, I see a charge from 2 days ago at Staples. I don’t shop at Staples hardly ever.
Helpfully, the record includes what I bought — wha? A Nexus 7?
I file a stop payment on Amex. They won’t pay Staples. But wait… who is this dude who’s robbing me? Or…maybe it was like someone in my office or something who had asked me to expense something and I forgot…?
So I contact Staples online chat and they can actually look it up. They can’t look up from my credit card name or address for some reason. So I think I’m screwed. Obviously I don’t have the email or shipping address.
They ask my phone number and I give it. Works. So this person has my phone number. Hmm. (Easy to get online anyway?)
So we’re in — what’s the shipping address? name? email? All there. Wow. Stop the order please? Done. Report fraud please? You have to call us. (I was using online chat…I told them I didn’t want to call them.)
So this is the guy’s name (well maybe): ATIF IBRAHIM
Fake email he gave / hacked account: [email protected]
Address now this is surely close to where he operates: 3511 HOLTS CHAPEL RD , APT H
Searched a bit and found:
Abdemhameem Hisham Mr 3511 HOLTS CHAPEL RD (336)333-2377. –> parent maybe?
And, seems to be in Greensboro North Carolina
Looks like a cheapish apartment block.
Searching around a little. Let’s see if I can find this dude on Facebook.
That’s him — only one with that name in Greensboro/NC.
OK how about that “parent” name — it comes up on the WhitePages.com. Amazing how much info there is there!
The WhitePages link http://www.whitepages.com/neighbors/a6e1d696-8d5e-44ab-b219-ddac746a7272
So now we know this person, their neighbors, the phone numbers at their homes, this guy’s school, friends, pictures of their stuff/interests (not the person’s face yet). I didn’t friend this guy yet on Facebook. But…
Just emailed him from one of my email accounts. I wonder if he’ll reply. I posed as a Staples delivery assurance rep trying to get his correct address.
/// Here is the Staples chat ///
This is an automated email sent from the Staples Live Chat department. The following information is a log of your session. Please save the log for your records.
Your session ID for this chat is XYZ.
01/17/2014 08:03:06AM System: “We ask for your assistance: please do NOT send credit card information through chat. Should credit information be required for a transaction, a Staples associate will contact you for the required information”
01/17/2014 08:03:06AM System: “Welcome to Staples.com Live Chat. We will be with you shortly.”
01/17/2014 08:03:08AM System: “We appreciate you contacting us, due to high volume you may experience a longer than normal wait time.”
01/17/2014 08:03:08AM System: “You will receive a transcript of this chat via email at the conclusion of this session.”
01/17/2014 08:03:10AM System: “We appreciate you contacting us. At this time we are experiencing a high volume of orders. If you are looking for order confirmation or status; please know we are diligently processing the orders as we received them. Once your order is processed you will”
01/17/2014 08:03:11AM Session Started with Agent (Charlene R.)
01/17/2014 08:03:11AM amol sarva: ” hello I need to look up an order made with my credit card”
01/17/2014 08:03:20AM amol sarva: “hello”
01/17/2014 08:03:23AM Agent (Charlene R.): “Hello , my name is Charlene and I will be assisting you today.”
01/17/2014 08:03:41AM Agent (Charlene R.): “I will be happy to help you with this today , was this a in store or online purchase”
01/17/2014 08:03:51AM amol sarva: “Online”
01/17/2014 08:04:06AM Agent (Charlene R.): “thank you , may I have the order number please”
01/17/2014 08:04:09AM amol sarva: “Someone used my credit card and I want to check out the order details”
01/17/2014 08:04:16AM amol sarva: “So I don’t have any of the details”
01/17/2014 08:04:24AM amol sarva: “I just see it in my American Express statement online from 2 days ago”
01/17/2014 08:04:27AM amol sarva: “Jan 15, 2014”
01/17/2014 08:04:49AM amol sarva: “They might have put their name to ship to / address — I don’t know if it was fraud or just my secretary or my kids”
01/17/2014 08:04:51AM Agent (Charlene R.): “may I have your phone number please , I can see if there is any orders made under your phone number”
01/17/2014 08:04:59AM amol sarva: “Can you look it up by payment…?”
01/17/2014 08:05:04AM amol sarva: “I doubt my phone number is under there”
01/17/2014 08:05:11AM amol sarva: “it would be my name on the credit card and billing address etc.”
01/17/2014 08:05:27AM amol sarva: “My phone is XYZ-XYZ-XYZ or XYZ-XYZ-XYZ”
01/17/2014 08:06:05AM Agent (Charlene R.): “I can not on chat , for security reasons we do not want you to give us your card number on chat . However if you call 1-800-333-3330 , they can enter your credit card number into our system and see if it has been used”
01/17/2014 08:06:40AM Agent (Charlene R.): “you phone number did bring up a order that was jan.15 for 229.00”
01/17/2014 08:07:02AM amol sarva: “Aha!”
01/17/2014 08:07:04AM amol sarva: “OK!”
01/17/2014 08:07:11AM amol sarva: “Which number?”
01/17/2014 08:07:19AM amol sarva: “XYZ or XYZ?”
01/17/2014 08:07:24AM Agent (Charlene R.): “it was for a goggle nexus 7”
01/17/2014 08:07:26AM amol sarva: “Can you give me the shipping address given please?”
01/17/2014 08:07:41AM Agent (Charlene R.): “sure it was 3511 HOLTS CHAPEL RD , APT H”
01/17/2014 08:08:01AM Agent (Charlene R.): “amex ending in XYZ”
01/17/2014 08:08:03AM amol sarva: “what shipping name?”
01/17/2014 08:08:23AM amol sarva: “to Amol Sarva?”
01/17/2014 08:08:26AM amol sarva: “Or to something else?”
01/17/2014 08:08:28AM Agent (Charlene R.): “ATIF IBRAHIM”
01/17/2014 08:08:36AM amol sarva: “Well that’s not me”
01/17/2014 08:08:39AM Agent (Charlene R.): “bill to : AMOL SARVA”
01/17/2014 08:08:43AM amol sarva: “Can you still cancel the order?”
01/17/2014 08:08:55AM amol sarva: “Any email address?”
01/17/2014 08:09:43AM Agent (Charlene R.): “yes , it was [email protected]”
01/17/2014 08:10:22AM amol sarva: “OK well cancel it please”
01/17/2014 08:10:28AM amol sarva: “And you should open a fraud inquiry”
01/17/2014 08:10:34AM amol sarva: “That guy is a crook!”
01/17/2014 08:10:41AM amol sarva: “I am going to report it to American Express fraud also”
01/17/2014 08:11:27AM Agent (Charlene R.): “I can not cancel this , however where this is a fraud order now , please contact 1-800-333-3330 they can automatically cancel this order for you and issue this for fraud inquiry”
01/17/2014 08:12:15AM amol sarva: “Can you cancel this?”
01/17/2014 08:12:23AM amol sarva: “Don’t make me call them!”
01/17/2014 08:12:33AM amol sarva: “I’m going to cancel payment with Amex”
01/17/2014 08:12:37AM amol sarva: “Staples will not get paid”
01/17/2014 08:12:52AM amol sarva: “You need to put a stop on the order to avoid losing your money for Staples by shipping to this guy”
01/17/2014 08:13:04AM amol sarva: “Why on earth would I make another call after spending 15 minutes here?”
01/17/2014 08:13:07AM Agent (Charlene R.): “I can issue a stop delivery now for you”
01/17/2014 08:13:24AM amol sarva: “Yes please!”
01/17/2014 08:14:03AM Agent (Charlene R.): “a stop delivery has been issue for you”
01/17/2014 08:15:46AM amol sarva: “Great thanks”
01/17/2014 08:15:49AM amol sarva: “I will raise the fraud issue with Amex”
01/17/2014 08:15:58AM amol sarva: “You guys should definitely raise this as fraud on your end and report it”
01/17/2014 08:16:09AM Agent (Charlene R.): “yes , it has been reported”
01/17/2014 08:16:15AM Session Ended
If you require further assistance, please reply to this email.