How to track down snail mail phishers?
September 7, 2010 3:09 PM   Subscribe

Has anyone received a phishing letter (snail mail) from Card Center, 5050 Kingsley Drive, Cincinnati OH 45263?

My wife got a letter today purporting to be from a bank card center in Ohio saying that there was a security problem with her account and they had been unable to reach her by phone. Now, (1) our phone had been out of order for a few weeks, and (2) she has had an ongoing problem with a card issued by a credit union in Ohio, so she initially thought it was legitimate. However, after a couple minutes on the phone she began to get suspicious, but not before she had given her name, address, and SSN. (Please spare her the lectures.) She also gave out a credit card number but that account is no longer open.

She has reported the potential phishing to the police and the US Postal Inspection Service. She has contacted the credit reporting agencies to put an initial fraud hold on her report. She has also left a message with the credit union about the potential problem--hopefully the thieves, if they are, will try to use the invalid account and get themselves caught.

I'm wondering, though, whether any of you have received such a letter. If so, post or memail me. I'd also be curious if there's any easy way to find out who currently owns the toll-free number 888-327-1664, which is the number that the (potential) phishers are using. I've used a reverse lookup service but all that told me is that the number is an AT&T number and I would need to pay $250 if I wanted to know more.
posted by brianogilvie to Law & Government (7 answers total)
 
By the way, the address itself is a legit address for Fifth/Third Bank in Cincinnati but she has never had an account with them.
posted by brianogilvie at 3:10 PM on September 7, 2010


I googled the phone # and it comes up to Old National Bank in Evansville IN. Maybe give them a call on their regular line and ask them.
posted by lee at 3:19 PM on September 7, 2010


It might help if you elaborate on what "she has had an ongoing problem with a card issued by a credit union in Ohio" means, as well as "after a couple minutes on the phone she began to get suspicious." This is either somebody trying to open an account under her name, a problem from her past which she does not immediately recognize, or straight up mail fraud.
posted by phaedon at 3:26 PM on September 7, 2010


@lee--thanks. I tried that and got the same listing, but it was on some of the myriad online directory listings, which had several numbers for Old National. It's not listed anywhere on Old National's site, as far as I can tell.
posted by brianogilvie at 3:36 PM on September 7, 2010


@phaedon: the "ongoing problem" was an unwanted card upgrade; the credit union (or more likely, its credit card provider) announced, a week before we left on a long trip, that it was upgrading her card and cancelling the old account. She asked that the new card be sent to our overseas address but it never arrived. She contacted the credit union and was told that the card was returned to them, unopened, because no one was there to sign for it, and the account was closed. It's possible that someone got the card number beforehand, but the account has been closed in good standing according to her credit report, so that doesn't appear to be the problem.

She became suspicious because the person on the other end claimed not to be able to find her account information--but she became suspicious a moment too late.

Just goes to show that phishers don't need to be smart, just lucky.

FWIW, we've been together almost all our adult lives and I don't think there's a problem from the past. The only other credit account she had in Ohio was a store account at Lazarus (now operating under the Macy's name) which was closed in good standing a number of years ago.
posted by brianogilvie at 3:58 PM on September 7, 2010


I remember the Kenwood Towne Centre Lazarus! I would call Fifth Third and ask about it, to be sure. IME with their fraud department, they were quick and helpful.
posted by vkxmai at 5:09 PM on September 7, 2010


I suspect that your "phish" was actually not. Many larger banks provide card services for smaller banks, credit unions, and other organizations which offer credit cards but are not banks. (Your local chain of gas stations that offers a credit card, for example.) (I work for one such bank, this is how I know.) They try very hard to make it non-obvious that this is the case, by registering generic URLs such as cardservices.com, and sending letters from "Card Services", etc. I suspect the card from the credit union was probably issued by one such organization. Fifth Third Processing Solutions' CMC division offers services to credit unions (http://www.ftpsllc.com/cmc/about-cmc/our-clients). Google Mapping the address listed shows that that is not just a branch address for Fifth Third bank, but is one of their primary operations centers, which would make sense from a "this is where correspondence should go" point of view.
It's likely the letter was sent as the result of some processing path that started -before- she closed the account, and that's why they couldn't find her account when she called in. I would recommend digging up one of the old credit cards or statements from her closed credit union account, and calling the number on it (you might even find it's the same number), and verifying with them that the number on the letter does belong to them, or at least that the card services for the unnamed Ohio credit union are indeed provided by Fifth Third.
posted by jferg at 7:22 PM on September 8, 2010


« Older Does anyone have any recommend...   |  Conference writing for dummies... Newer »
This thread is closed to new comments.