Is someone using my e-mail address or is it just a mistake?
February 4, 2008 10:01 AM   Subscribe

I received a registration e-mail for online credit card services that I did not submit.

The links in the e-mail are authentic (i.e. they are from the actual credit card company's domain and all the headers are authentic too), but when I called the company they said that my e-mail address wasn't in their files. The contents of the e-mail are essentially:

"We've started your online registration. Your user ID is your credit card number ending in #### and your temporary password is *****."

Iwould assume it was someone mistakenly entering my e-mail address while registering their card, except for the fact that the company doesn't have my e-mail address on file. I've already changed my password, in the event someone else is purposefully using my e-mail address.

What's going on? Is there anything I should do?
posted by nekton to Work & Money (18 answers total)
 
Check your credit report.
posted by jerseygirl at 10:08 AM on February 4, 2008


Yeah, check your credit report and make sure there isn't some identity theft going on. Is it possible that someone's e-mail address is very similar to yours, and this was the result of a type-o?
posted by katillathehun at 10:18 AM on February 4, 2008


Best answer: Do you use Gmail? I occasionally get email addressed to xxxxyyyy@gmail.com (not my real email) when my email is xxxx.yyyy@gmail.com. Sometimes it's email written to a friend and sometimes they've put the address into a website registration. Gmail actually uses the two interchangeably but for some reason occasionally someone enters their email address somewhere using the xxxxyyyy version even though they can't possibly have that actual address. You'd think people would know their own email addresses but there you go.
posted by EndsOfInvention at 10:22 AM on February 4, 2008


Response by poster: I just checked my credit report a month or so ago so I'm not entitled to a free check at the moment...I may pay to look at it.

What's confusing to me is that for me to receive the e-mail from the actual credit card company (which is the big assumption here, based on the headers), someone (either me or some other person) had to enter it into their system, and they don't have it in their system.
posted by nekton at 10:24 AM on February 4, 2008


Response by poster: The Gmail thing could be the issue. If someone entered their e-mail address as n.ekton@gmail and mine is nekton@gmail, I would still receive the e-mail but it would be in the company's system as n.ekton.
posted by nekton at 10:25 AM on February 4, 2008


Best answer: A lot of companies cannot look things up by email address, so they are probably looking for your info, but are not actually trying to look up the email address.
posted by slavlin at 10:26 AM on February 4, 2008


Could it be a spammer that is spoofing the links and they only appear to connect to the financial services company in the hope that you will put in your personal information...?
posted by zia at 10:31 AM on February 4, 2008


Best answer: and they don't have it in their system.

Sounds to me like someone entered your address for whatever reason but was required to confirm it. Since they obviously weren't able to, it's not in the company's system.
posted by katillathehun at 10:36 AM on February 4, 2008


If it's HTML-encoded, the link URLs may not be what you think they are. That's a common ploy for phishers: use an a-href to link to a spoof site, with the link text being the URL of the genuine site they're spoofing. (And in some cases they even include Javascript to make the mouse-over report show the genuine URL. The only real way to find out for sure is to read the raw text of the email and look inside the a-href.)

I would bet that this is phishing.
posted by Steven C. Den Beste at 10:37 AM on February 4, 2008


Response by poster: I did read the raw text, so it did actually come from the company.

I'll keep an eye on my credit report and hopefully it was just a mistake someone made.
posted by nekton at 10:46 AM on February 4, 2008


Yeah, I think SCDB is on to something. I strongly suggest you view the raw source of the e-mail in question. It's common for phishers to send e-mail with phishing links encoded as <a href="http://Bogus-site.com">http://Valid-site.com</a> so that it looks valid.

Or have you actually visited the website in question?
posted by adamrice at 10:48 AM on February 4, 2008


"We've started your online registration. Your user ID is your credit card number ending in #### and your temporary password is *****."


Did you go to your bank's website login page, and try logging in? Get there by typing it in the bar yourself, not by following the links in the email. Putting in your credit card number and the temporary password will either get you a successful login (and prove someone is mucking around with YOUR account in which case start with the credit report, call the company, etc) or else a failed login (which probably indicates the problem is someone put in your email by accident).
posted by poppo at 10:57 AM on February 4, 2008


Oh sorry, I appear to have assumed too much. You do have an account with the credit card company mentioned in the email? If you don't, please ignore my advice.
posted by poppo at 11:06 AM on February 4, 2008


Response by poster: It's not a card I actually have.

I just went to the real site, and tried to log in, and everything requires a credit card number (the username is not the e-mail address). My guess is that someone tried to register their card, they put in my address by mistake, I got the e-mail, but because it wasn't confirmed, it's not in their system.
posted by nekton at 11:07 AM on February 4, 2008


It's a phishing scam. STAY AWAY.
posted by Doohickie at 11:40 AM on February 4, 2008


I'm also tempted to think its a phishing scam. Do the URLs in the email point to the right server? Pay close attention to the URL and don't enter any personal data if you happen to click on them.

It's common for these types of emails to show up that open mock sites to capture personal data such as passwords or social security numbers. It's best to forward any copies of these to their respective fraud departments (usually found on the real site's contact page). Getting these from banks is one thing, but I've been seeing paypal scams with greater frequency lately. Be vigilant!
posted by samsara at 11:54 AM on February 4, 2008


It sounds like several phishing offers I've gotten. Get the phone number of the real credit card company and call them. They'll tell you if it's legit and what to do to close this account. If it's not legit, they'll force the site to close down. Go to Gethuman.com for the phone number of the card company and how to reach a human being. Good luck.
posted by clarkstonian at 1:15 PM on February 4, 2008


Response by poster: Just an update: I received a second e-mail, this time with the cardholder's name and last 4 digits. I called the company and they fixed it for me and took my e-mail address off the guy's account.
posted by nekton at 6:07 AM on February 6, 2008


« Older How is Facebook doing its queries?   |   Denmark: Prayer Day? Newer »
This thread is closed to new comments.