Reporting Stolen Credit Card Lists?

harlows_monkeys asks: "I just received a spam, at both home and work, both sent through trojaned Windows machines, offering to sell me a credit card database stolen from camcontacts.net. Included was a link to a sample of the database (no, I'm not providing a link!). I downloaded the sample, and it appears legit. There are 13000 numbers. I picked one of the Visa numbers, went to Visa's web site, and entered it in a form to sign up for fraud protection, and it accepted it, and identified the issuing bank. It was accepted. All indications are that this stuff is real. So, the question arises--what is the correct way to deal with this? "I called Visa, and after they spent a while figuring out what department was responsible, all they could suggest was call local law enforcement, and if I wanted to talk to Visa's security people, call back at 9am when they get in.

American Express didn't even suggest calling local law enforcement. They just suggested calling back when their security people got in in the morning.

I then called the FBI. They said to call the Secret Service and gave the number.

At the Secret Service, I ran into an answering machine that gave their office hours.

It seems to me that there should be -someone- who would be interested in a widely-sent spam that links to 13000 credit card numbers, with expiration date and customer name and zip code, so as to stop these from being fraudulently used, but it escapes me who that would be--I struck out with all my candidates.

Is it just me, or does the indifference of Visa and Amex to this shock anyone else?"

call the local news media

[ceejayoz]

That should do the trick.

Re:call the local news media

[jerde]

call the local news media

Yeah, and they'll answer their phones in the middle of the night, too...

Good grief! The poster is calling companies in the middle of the night expecting them to have crack 24-hour teams ready to deal with the information he has? Surprise! The vast majority of people work during business hours.

SO CALL THEM DURING BUSINESS HOURS! Both credit card companies offered to have you talk to their security people, so give 'em a call.

Even talking to the police, nobody is going to want to take a statement from you or have any detectives talk to you, except during the work day.

(I'm posting at 4am local time -- I know what insomnia is; that doesn't mean I expect to be able to conduct normal business right now)

- Peter

no surprise

[evilkarl]

If you were calling them outside business hours its no surprise they were unresponsive. I'm not saying that I condone their handling of it they should jump on it in an instant however if their security people are not available chances are there is no one there with the knowledge to help.

Re:no surprise

[ceejayoz]

You honestly believe Visa, MasterCard and American Express don't have security folks working around the clock?

The telephone reps probably just don't have the authority to override business hours.

Oh, use your fucking head.

[devphil]

It seems to me that there should be -someone- who would be interested in a widely-sent spam that links to 13000 credit card numbers,

Yes, and they've already told you who they are: the various security departments, who will be reporting to work at 9 in the morning.

What, you thought investigative agents hang around 24 hours a day? No, they value sleep.

Re:Oh, use your fucking head.

[Singletoned]

What, you thought investigative agents hang around 24 hours a day? No, they value sleep

Don't you have shift work in America? We have a system where one set of people go home, and another comes in to replace them. It's very useful for Fire departments, hospitals and security departments. In fact anywhere that needs to be manned 24 hours a day.

Criminals don't knock off at 5pm.

Uhm.. just a suggestion

[Lord+Bitman]

try calling at some time other than 2 am?

Re:Call the FBI ASAP

[damiangerous]

I know reading the articles is often too much to ask, but really, is reading the entire submission such a chore too?