Earlier this morning, I received an email from “The CapitalOne Fraud Department”, claiming to have been trying to reach me concerning fraudulent activity on my email account.
It started with the subject “A message from Capital One’s Fraud Department”, and had the body:
Capital One–Customer Fraud Protection http://email.capitalone.com/T9RT03B4D356207A38AE47DB54E840
- Resolve http://email.capitalone.com/T9RT03B4D336D07A38AE47DB54E840
We’ve been trying to reach you Please call us at 1-800-427-9428 =======================================
Jonathan Angliss ,
With your assistance, we would like to verify some recent transactions on your account ending in ####. We want to ensure that all charges have been authorized by you. Please call us at 1-800-427-9428 as soon as possible.
If you’ve already contacted us and approved these charges, thank you…there is no need to call again.
You are a valued Capital One customer and we do all we can to protect your account at all times.
Thank you for helping us protect your account.
– Capital One(R) Customer Fraud Protection P.S. For any general account questions, call 1-800-955-7070 or the phone number on the back of your card.
Important Information from Capital One
This e-mail was sent to email@example.com and contains information directly related to your account with us, other services to which you have subscribed, and/or any application you may have submitted.
Copyright 2006 Capital One Services, Inc. Capital One is a federally registered service mark. All rights reserved.
07578 070 001
Now, there are a number of phishy. The first is the lack of actual calls I have received relating to this fraud. They’ve apparently been trying to call me, yet I don’t have any records of calls, or any voice mails. The second is that they’re requesting I call them. Doing a relatively extensive search on their website, I couldn’t find any reference to the number they wanted me to call.
So instead of being stupid, and calling that number, I did what the email recommended, and called the number on the back of my card. Phishers aren’t stupid, they try to make the email look as legitimate as possible, hence the recommendations. When I got through to them, I asked for the number for the fraud department, and they confirmed it was 1-800-427-9428, and then transferred me directly.
Now, you can go to http://www.capitalone.com, and select the “Contact Us” links, and there you will be taken to a page that gives you an option to select what area. As this was related to my credit card, I selected that. A handful of phone numbers, but no number for the Fraud department, just an address.
Next step was their search. Searching for “Fraud” took me to this, but again, no phone numbers, just hints and tips on how to avoid fraud. I also tried searching for 9428, which is part of the number, but that returned nothing.
This adds to the feeling of suspicion on the email. Google also returned a handful of hits on the phone number, and only one site “confirmed” it was a CapitalOne number, but it was a user forum, so that couldn’t really be trusted. My recommendation for CapitalOne would be to add the fraud number to the website, or not send it in an email, and just ask the person to call the number on the back of the card. Or both!
EDIT: April 29th 2011: As has been brought to my attention, and I noticed this a month or so ago too, CapitalOne has finally updated their website to include the fraud number in the contacts information.