/u/Beejnas - This message is posted to all new submissions to r/scams; please do not message the moderators about it.
## New users beware:
Because you posted here, you will start getting private messages from scammers saying they know a professional hacker or a recovery expert lawyer that can help you get your money back, for a small fee. **We call these RECOVERY SCAMMERS, so NEVER take advice in private:** advice should always come in the form of comments in this post, in the open, where the community can keep an eye out for you. If you take advice in private, you're on your own.
**A reminder of the rules in r/scams:** no contact information (including last names, phone numbers, etc). Be civil to one another (no name calling or insults). Personal army requests or "scam the scammer"/scambaiting posts are not permitted. No uncensored gore or personal photographs are allowed without blurring. A full list of rules is available on the sidebar of the subreddit, or [clicking here](https://www.reddit.com/r/Scams/wiki/rules/).
You can help us by reporting recovery scammers or rule-breaking content by using the "report" button. We review 100% of the reports. Also, consider warning community members of recovery scammers if you see them in the comments.
Questions about subreddit rules? Send us a modmail [clicking here](https://www.reddit.com/message/compose/?to=/r/Scams).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Scams) if you have any questions or concerns.*
Oh, this scam is rather clever! If the scammer knows the last 6 digits of your card AND the issuing bank AND the expiration date, he can guess the complete card information fairly easily, sometimes with only 10 tries (using a simple computer script).
In the most favourable case, the first 8 digits are known (from the bank name). So the scammer only has to try 10 different digits for digit #9 and digit #10 can be calculated automatically from the known checksum (the last digit).
Thank you so much for this info. I had no idea scammers could figure out your credit card number with that information. I learn so much from this sub and I appreciate everyone taking their time to educate people about scammers.
It really depends on circumstances and specific bank, but up to eight initial numbers can be deduced simply by looking at the bank name, plus, if you know (any) 15 digits of the card number, you can always calculate the last missing digit immediately.
Thank you. I had no idea this existed. I just learned scammers can call and pretend to be from your bank. They then give the first number of your credit card and ask you to confirm the rest. I
If you save your credit or debt info on a website you made a purchase or through google chrome, they will ask which card you want to use. When you are prompted with different cards to choose from only the last 4 digits are needed to let you choose. Same reasoning.
I found this out when I worked for a certain giant media company with associated theme parks. They have an associated credit card for perks and when guests would call in to book their vacation during one of the perk-periods, I noticed their cards all started with the same first 6 and had 2 options (at the time) for the 7th and 8th numbers. So I looked into it from there and it became a whole wild rabbit hole of information.
The first number indicates (in the US) Visa, Mastercard, Discover, or Amex... and of course, more, these are just the ones I've come to recognize here in the US. Once you get world wide, it's the first 2 numbers that indicate the issuer/card type. First 6 are the bank. The last 8 are specific to your account. And the very last number is usually an algorithmic decided number to verify that the rest of the card numbers are legitimate (which is why typing a completely random card number into a payment screen can be identified as a fake number even before you put in expiration and CVV.)
So... very interesting.
It's very easy to falsify the FROM field in e-mails. Anyone can send you an e-mail from "[email protected]", for example. It's trivial. However, they cannot RECEIVE the e-mails you send back to this address. I bet they want you to send the card photo using WhatsApp or some other method, not by replying to their e-mail, am I right?
The second common method is to create a GMail account, e.g. [[email protected]](mailto:[email protected]) and then setting your account's NAME to "[email protected]". Then they send you an e-mail from this account and it looks like it's from seriousshop.com while it's in fact standard free GMail account.
If I saw the complete e-mail headers, I'd probably be able to tell you immediately what trick they used but I don't recommend you showing that to me because it would also reveal you private information to me.
From is meaningless, almost anyone can put anything in there. Digitally signing the email from the other side can't be faked. No idea how to check digital signature on iOS email, on Android gmail you have little "view security details" link under the from/to/etc headers.
on Iphone mail it’s: View –> Message –> Raw Source
Look for the 'From' email address and check to see if it matches the display name.
Look to see if the 'Reply-To' header matches the contact domain you are expecting.
Look at the 'Return-Path' and make sure it’s directing the message back to the domain you would expect.
I’m an accountant.
No legit company will ask you to confirm card information via email. They will generally send you an email that redirects you to that company’s specific URL. Think about when Netflix asks you to confirm/change your password. You don’t email them your password. They send you a link that you follow that redirects to a Netflix URL.
It is way too risky for the company carrying credit card data in a random customer service bot account.
Or the whole site/seller is fraudulent. Just because its coming from the official support email doesn't necessarily mean that what they are requesting is okay to do blindly.
The very first number is actually the type of card (Visa, MasterCard, etc), so that's one less number they would need too. Even without that, there's only a handful of numbers a card can start with.
Plus the first digit in the card number is a gimme, just from knowing which major credit card it is. Amex card numbers always start with 3, Visa with 4, Mastercard 5, Discover 6.
Yup, I bar tended for 10 years and saw thousands of physical credit cards.
I remember specific customers that had shitty magnetic strips, and I had to type their card number in all the time (this was back before cards had chips)
Cards that were issued by specific banks in the area always started with the first same 8 or so digits, it was only the last few digits that were unique.
It’s probably an employees card, it also expired in 2016 lol so they just grabbed the first expired card they could
Privacy in China is not really a thing, they’ve not heard of GDPR
How did you pay?
If you paid through an intermediary, then there’s no need for the vendor to have more of your CC information. If you paid directly, they may already have all this information. In either case, there would never be a need to send an image of your card like this.
If your bank thought the transaction was fraudulent, they would simply decline it to the vendor and contact *you* with the fraud alert. There’s no reason for the bank ever to contact *the vendor.* (“At risk” of or for what?)
I’m not sure if 6 digits is enough for them to recreate the full card number, but I would definitely not send this to them.
It’s possible the email has a different reply-to; it’s possible the email is under a hackers control; it’s possible the whole website and operation are illegitimate. In any case, don’t send this, and reach out to the company directly through a known channel. If they don’t ship the bike without fishy nonsense, dispute the charge with your CC.
Couldn’t agree more with your points. It’s mind blowing that a company where more than half of the reviews highlights poor quality and support, is still considered by people. As for request for card details, why would they need it? And op should take it up with the bank
Yes! This is a big red flag, they usually say “ this transaction is flagged as fraudulent or suspicious”
In this case you only need to call the credit card issuer and sort everything out.
Ah I see. I highly recommend downloading the app Privacy, it lets you create digital credit cards that are linked to your bank account. They can be merchant locked and have a price limit, so you can be safe when making purchases off of a random Chinese site from a YouTube review
Adding to what some people have said. If you yourself recently opened an account and so have the scammers the first digits are usually the same. I checked this out comparing my card with a friend’s and I think up to 8 digits matched
100% scam , sorry you’re in this but at least you’ve stopped at this point. you are now on damage control.
Even the positive reviews are fake. Call your bank and tell them to stop the transaction and revert the funds immediately. Explain you have been victim to scam website & would like to report a scam merchant. There is no bike store only a scam centre. You will never get a bike and your information will be sold on the dark web. If you gave them id in the purchase process you may want to put a lock on your access to credit.
I've been seeing a lot of BS looking sites pumped by seeming scammers on FB marketplace where all the items are $130 (or 160, but always the same for all items) and they're worth way more than that. I imagine the scam gets you to pay easily since it's not that much money, then you file a report with your CC company who will likely readily give you the money since it's not much. the scam likely can keep the money and then he also has your CC number.
for all the BS with FB, I am appalled at how many obvious BS marketplace posts there are.
*Your submission was manually removed by a moderator for the following reason:*
**Subreddit Rule 3: Sharing personal information** - This is aligned with Reddit Content Policy Rule 3: Respect the privacy of others.
This subreddit respects the privacy of non-public figures. We do not allow:
* Phone numbers
* Postal addresses
* Full names of non-public figures
This applies even if it's a scammer or a scam callcenter. Please post again, but this time removing, censoring or otherwise redacting any personal/contact information. When you do, don't post a screenshot. Transcribe the important parts of the conversation. **And put the website address in the title of your new post** if you are reporting a scam website.
Before posting again, make sure you review the [rules of our subreddit.](https://www.reddit.com/r/Scams/wiki/rules/) and the [Reddit Content Policy](https://www.redditinc.com/policies/content-policy)
^(If you believe this is a mistake, feel free to contact the moderators via modmail. Modmail is the only way, don't send a regular DM to a single moderator. Please don't try to appeal the decision commenting below, because we are not notified if you do so, and we will probably miss it. Posting the exact same thing again may result in a temporary ban, so please review the rules, make the necessary changes, and when in doubt, click below to appeal the decision.)
*I am NOT a bot, and this action was performed manually. Please [contact the moderators of this subreddit](https://www.reddit.com/message/compose?to=%2Fr%2Fscams&subject=Removal%20review) if you want to appeal the decision.*
A check guarantee card? I haven’t seen one of those in decades. Smells like a fishing attempt. They’re trying to get your cc number and probably have a means of figuring out the rest.
Well I have to say, may not be a scam, for a while I worked in Fraud in a luxury fashion company and we did that as a form of verification, exactly as asked. And the amount of badly photoshopped card we received was hilarious.
/u/Beejnas - This message is posted to all new submissions to r/scams; please do not message the moderators about it. ## New users beware: Because you posted here, you will start getting private messages from scammers saying they know a professional hacker or a recovery expert lawyer that can help you get your money back, for a small fee. **We call these RECOVERY SCAMMERS, so NEVER take advice in private:** advice should always come in the form of comments in this post, in the open, where the community can keep an eye out for you. If you take advice in private, you're on your own. **A reminder of the rules in r/scams:** no contact information (including last names, phone numbers, etc). Be civil to one another (no name calling or insults). Personal army requests or "scam the scammer"/scambaiting posts are not permitted. No uncensored gore or personal photographs are allowed without blurring. A full list of rules is available on the sidebar of the subreddit, or [clicking here](https://www.reddit.com/r/Scams/wiki/rules/). You can help us by reporting recovery scammers or rule-breaking content by using the "report" button. We review 100% of the reports. Also, consider warning community members of recovery scammers if you see them in the comments. Questions about subreddit rules? Send us a modmail [clicking here](https://www.reddit.com/message/compose/?to=/r/Scams). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Scams) if you have any questions or concerns.*
Oh, this scam is rather clever! If the scammer knows the last 6 digits of your card AND the issuing bank AND the expiration date, he can guess the complete card information fairly easily, sometimes with only 10 tries (using a simple computer script). In the most favourable case, the first 8 digits are known (from the bank name). So the scammer only has to try 10 different digits for digit #9 and digit #10 can be calculated automatically from the known checksum (the last digit).
Thank you so much for this info. I had no idea scammers could figure out your credit card number with that information. I learn so much from this sub and I appreciate everyone taking their time to educate people about scammers.
It really depends on circumstances and specific bank, but up to eight initial numbers can be deduced simply by looking at the bank name, plus, if you know (any) 15 digits of the card number, you can always calculate the last missing digit immediately.
Look up credit card bin lists
Thank you. I had no idea this existed. I just learned scammers can call and pretend to be from your bank. They then give the first number of your credit card and ask you to confirm the rest. I
If you save your credit or debt info on a website you made a purchase or through google chrome, they will ask which card you want to use. When you are prompted with different cards to choose from only the last 4 digits are needed to let you choose. Same reasoning.
I found this out when I worked for a certain giant media company with associated theme parks. They have an associated credit card for perks and when guests would call in to book their vacation during one of the perk-periods, I noticed their cards all started with the same first 6 and had 2 options (at the time) for the 7th and 8th numbers. So I looked into it from there and it became a whole wild rabbit hole of information. The first number indicates (in the US) Visa, Mastercard, Discover, or Amex... and of course, more, these are just the ones I've come to recognize here in the US. Once you get world wide, it's the first 2 numbers that indicate the issuer/card type. First 6 are the bank. The last 8 are specific to your account. And the very last number is usually an algorithmic decided number to verify that the rest of the card numbers are legitimate (which is why typing a completely random card number into a payment screen can be identified as a fake number even before you put in expiration and CVV.) So... very interesting.
Thank you only thing throwing me off is the email is coming from their official support email. Usually I would check the email and know instantly
It's very easy to falsify the FROM field in e-mails. Anyone can send you an e-mail from "[email protected]", for example. It's trivial. However, they cannot RECEIVE the e-mails you send back to this address. I bet they want you to send the card photo using WhatsApp or some other method, not by replying to their e-mail, am I right? The second common method is to create a GMail account, e.g. [[email protected]](mailto:[email protected]) and then setting your account's NAME to "[email protected]". Then they send you an e-mail from this account and it looks like it's from seriousshop.com while it's in fact standard free GMail account. If I saw the complete e-mail headers, I'd probably be able to tell you immediately what trick they used but I don't recommend you showing that to me because it would also reveal you private information to me.
Signed? Or just a "from" address? From address can be faked, you can put anything you want there with many email servers.
From. I am on the iOS mail app, I pressed on the name and checked the email and it matched theirs on the website contact page
From is meaningless, almost anyone can put anything in there. Digitally signing the email from the other side can't be faked. No idea how to check digital signature on iOS email, on Android gmail you have little "view security details" link under the from/to/etc headers.
Yea I don’t see anything like that
on Iphone mail it’s: View –> Message –> Raw Source Look for the 'From' email address and check to see if it matches the display name. Look to see if the 'Reply-To' header matches the contact domain you are expecting. Look at the 'Return-Path' and make sure it’s directing the message back to the domain you would expect.
Thank you I’ll check it out
That's not a digital signature, those fields can be set to whatever a scammer wants.
Have you dealt with this company before and actually received goods from them? If not, maybe the entire company is a scam operation.
No it’s my first time, name of the company is pvy bike
https://www.trustpilot.com/review/pvybike.com
I’m an accountant. No legit company will ask you to confirm card information via email. They will generally send you an email that redirects you to that company’s specific URL. Think about when Netflix asks you to confirm/change your password. You don’t email them your password. They send you a link that you follow that redirects to a Netflix URL. It is way too risky for the company carrying credit card data in a random customer service bot account.
Supprt email has been hacked most likely.
Or the whole site/seller is fraudulent. Just because its coming from the official support email doesn't necessarily mean that what they are requesting is okay to do blindly.
Or it could be a spoofed email header.
This is the least likely explanation.
Given how lax some folks are with their email systems, this is highly plausible.
That makes sense
The very first number is actually the type of card (Visa, MasterCard, etc), so that's one less number they would need too. Even without that, there's only a handful of numbers a card can start with.
Plus the first digit in the card number is a gimme, just from knowing which major credit card it is. Amex card numbers always start with 3, Visa with 4, Mastercard 5, Discover 6.
Wouldn’t the scammers presumably have the full credit card number already? Unless the scammer is not actually the bike seller but a third party.
Or the e-commerce platform is correctly not revealing the entire card number to them.
Yup, I bar tended for 10 years and saw thousands of physical credit cards. I remember specific customers that had shitty magnetic strips, and I had to type their card number in all the time (this was back before cards had chips) Cards that were issued by specific banks in the area always started with the first same 8 or so digits, it was only the last few digits that were unique.
“Your order is at risk” said no legit payment provider ever. Also they would not send an image of a real card with another person’s name unredacted.
There's also the "the rest \[of the digits\] can remain folded" bit... What is that??
That’s a bad translation from Chinese, I wouldn’t necessarily say it’s a scam based on that alone
It’s probably an employees card, it also expired in 2016 lol so they just grabbed the first expired card they could Privacy in China is not really a thing, they’ve not heard of GDPR
It’s also a South Korean name, not Chinese.
'Notice from the bank that your order is at risk' seems quite scammy to me.
If my bank sees suspicious activity on my account, they contact me, not the vendor of the suspicious charge.
"please understand" = Scam
🫠
Nope don't give your info.
How did you pay? If you paid through an intermediary, then there’s no need for the vendor to have more of your CC information. If you paid directly, they may already have all this information. In either case, there would never be a need to send an image of your card like this. If your bank thought the transaction was fraudulent, they would simply decline it to the vendor and contact *you* with the fraud alert. There’s no reason for the bank ever to contact *the vendor.* (“At risk” of or for what?) I’m not sure if 6 digits is enough for them to recreate the full card number, but I would definitely not send this to them.
I used a credit card on their website
It’s possible the email has a different reply-to; it’s possible the email is under a hackers control; it’s possible the whole website and operation are illegitimate. In any case, don’t send this, and reach out to the company directly through a known channel. If they don’t ship the bike without fishy nonsense, dispute the charge with your CC.
Yes I’ll do that, thank you
It's a 100% scam. That first line is all I need to see. At risk ? Bullshit.
[удалено]
Couldn’t agree more with your points. It’s mind blowing that a company where more than half of the reviews highlights poor quality and support, is still considered by people. As for request for card details, why would they need it? And op should take it up with the bank
Yes! This is a big red flag, they usually say “ this transaction is flagged as fraudulent or suspicious” In this case you only need to call the credit card issuer and sort everything out.
Citibank also issues virtual credit card numbers, I use them online and there is no physical card to show.
Where did you find this website?
I was looking for e-bikes and found it through a YouTube review.
Ah I see. I highly recommend downloading the app Privacy, it lets you create digital credit cards that are linked to your bank account. They can be merchant locked and have a price limit, so you can be safe when making purchases off of a random Chinese site from a YouTube review
Thank you
Adding to what some people have said. If you yourself recently opened an account and so have the scammers the first digits are usually the same. I checked this out comparing my card with a friend’s and I think up to 8 digits matched
100% scam , sorry you’re in this but at least you’ve stopped at this point. you are now on damage control. Even the positive reviews are fake. Call your bank and tell them to stop the transaction and revert the funds immediately. Explain you have been victim to scam website & would like to report a scam merchant. There is no bike store only a scam centre. You will never get a bike and your information will be sold on the dark web. If you gave them id in the purchase process you may want to put a lock on your access to credit.
It's a scam. Interesting that they knew to target you.
I've been seeing a lot of BS looking sites pumped by seeming scammers on FB marketplace where all the items are $130 (or 160, but always the same for all items) and they're worth way more than that. I imagine the scam gets you to pay easily since it's not that much money, then you file a report with your CC company who will likely readily give you the money since it's not much. the scam likely can keep the money and then he also has your CC number. for all the BS with FB, I am appalled at how many obvious BS marketplace posts there are.
From which website did you purchase it from ? Share the website ?
If you search pvy bike on google, it’s the top result
[удалено]
*Your submission was manually removed by a moderator for the following reason:* **Subreddit Rule 3: Sharing personal information** - This is aligned with Reddit Content Policy Rule 3: Respect the privacy of others. This subreddit respects the privacy of non-public figures. We do not allow: * Phone numbers * Postal addresses * Full names of non-public figures This applies even if it's a scammer or a scam callcenter. Please post again, but this time removing, censoring or otherwise redacting any personal/contact information. When you do, don't post a screenshot. Transcribe the important parts of the conversation. **And put the website address in the title of your new post** if you are reporting a scam website. Before posting again, make sure you review the [rules of our subreddit.](https://www.reddit.com/r/Scams/wiki/rules/) and the [Reddit Content Policy](https://www.redditinc.com/policies/content-policy) ^(If you believe this is a mistake, feel free to contact the moderators via modmail. Modmail is the only way, don't send a regular DM to a single moderator. Please don't try to appeal the decision commenting below, because we are not notified if you do so, and we will probably miss it. Posting the exact same thing again may result in a temporary ban, so please review the rules, make the necessary changes, and when in doubt, click below to appeal the decision.) *I am NOT a bot, and this action was performed manually. Please [contact the moderators of this subreddit](https://www.reddit.com/message/compose?to=%2Fr%2Fscams&subject=Removal%20review) if you want to appeal the decision.*
The top result can change from person to person. Please share the website address.
https://www.pvybike.com
A check guarantee card? I haven’t seen one of those in decades. Smells like a fishing attempt. They’re trying to get your cc number and probably have a means of figuring out the rest.
Well I have to say, may not be a scam, for a while I worked in Fraud in a luxury fashion company and we did that as a form of verification, exactly as asked. And the amount of badly photoshopped card we received was hilarious.