Earlier this morning, I received an email from “The CapitalOne Fraud Department”, claiming to have been trying to reach me concerning fraudulent activity on my email account.
It started with the subject “A message from Capital One’s Fraud Department”, and had the body:
Capital One–Customer Fraud Protection
We’ve been trying to reach you
Please call us at 1-800-427-9428
Jonathan Angliss ,
With your assistance, we would like to verify some recent
transactions on your account ending in ####. We want
to ensure that all charges have been authorized by you. Please
call us at 1-800-427-9428 as soon as possible.
If you’ve already contacted us and approved these charges, thank
you…there is no need to call again.
You are a valued Capital One customer and we do all we can to
protect your account at all times.
Thank you for helping us protect your account.
– Capital One(R) Customer Fraud Protection
P.S. For any general account questions, call 1-800-955-7070 or
the phone number on the back of your card.
Important Information from Capital One
This e-mail was sent to firstname.lastname@example.org and contains
information directly related to your account with us, other
services to which you have subscribed, and/or any application
you may have submitted.
Capital One and its service providers are committed to protecting
your privacy and ask you not to send sensitive account
contact information at
If you are not a Capital One customer and believe you received
this message in error, please notify us by responding to this
Copyright 2006 Capital One Services, Inc. Capital One is a
federally registered service mark. All rights reserved.
07578 070 001
Now, there are a number of phishy. The first is the lack of actual calls I have received relating to this fraud. They’ve apparently been trying to call me, yet I don’t have any records of calls, or any voice mails. The second is that they’re requesting I call them. Doing a relatively extensive search on their website, I couldn’t find any reference to the number they wanted me to call.
So instead of being stupid, and calling that number, I did what the email recommended, and called the number on the back of my card. Phishers aren’t stupid, they try to make the email look as legitimate as possible, hence the recommendations. When I got through to them, I asked for the number for the fraud department, and they confirmed it was 1-800-427-9428, and then transferred me directly.
Now, you can go to http://www.capitalone.com, and select the “Contact Us” links, and there you will be taken to a page that gives you an option to select what area. As this was related to my credit card, I selected that. A handful of phone numbers, but no number for the Fraud department, just an address.
Next step was their search. Searching for “Fraud” took me to this, but again, no phone numbers, just hints and tips on how to avoid fraud. I also tried searching for 9428, which is part of the number, but that returned nothing.
This adds to the feeling of suspicion on the email. Google also returned a handful of hits on the phone number, and only one site “confirmed” it was a CapitalOne number, but it was a user forum, so that couldn’t really be trusted. My recommendation for CapitalOne would be to add the fraud number to the website, or not send it in an email, and just ask the person to call the number on the back of the card. Or both!
EDIT: April 29th 2011: As has been brought to my attention, and I noticed this a month or so ago too, CapitalOne has finally updated their website to include the fraud number in the contacts information.