Was bored at work, so got a guy fired and possibly sent to prison for fraud.

“I work the night shift as a receptionist at a hotel in Norway, and most nights are spent watching Netflix/playing games.

Last summer was really slow and I also worked a lot extra, so I ran out of stuff to watch and games to play. One night I got a mail from “Scooter”. He wanted to book a room for almost 20 days. I just had to send him the price and confirmation that we had rooms available, and he would then send me his credit card info for me to pre-charge.

Normally we just delete these kinds of mail, but I was bored out of my mind, so I responded with an offer for around 2k$ for the entire stay. Also made sure to inform him that he could cancel for free up until the day of arrival.

This is probably the most common fraud attempt in the Hotel/travel industry. Unlike most businesses, we are able to charge credit/debit cards with only the card number and exp date. No need for a pin code, cvc or other auth methods.

Our software also allow us deposit money directly to local and international bank accounts by using the card number. Because of this, jerks like Scooter will try to prepay with stolen/skimmed cards, but then cancel the booking and asking us to refund the amount to a different card.

A couple of hours after sending him the offer, he responded with a Visa number and told me to charge him as soon as possible. I checked the card with our validation software, and to my big surprise it did not belong to Scooter. If validation succeeds, it will return with the card owners name 90% of the time.

Scooter was persistent.

I sent him a new mail stating that the card was declined because of insufficient funds. He quickly replied and gave me a new card to try. Guess what, this one didn’t belong to Scooter either. Wasn’t even the same person as the first card. By checking the Bin codes, (6 first digits) I found which banks had issued the cards. Not even issued in the same country…

My plan was to just call the banks and inform them of the attempted scam, but there where still several hours before I could go home, so I decided to mess with Scooter a bit more. Sent him a reply that the second card went through, and also the “reference number” for his stay at our hotel.

As expected, a couple hours later Scooter sent a mail cancelling the order and asked if we could refund the money to a different card, as he had lost his wallet and deactivated the card he paid with. This card was issued from a Polish bank.

Scotter thought he was probably in the clear.

Not sure why, but Polish bank accounts are often used by people who want to launder money from bitcoins and drugs. You can buy a legit card for around 500$ that is registered to some guy/girl in Poland from darknet.

At this point, Scooter were probably pretty happy about the 2k$ he soon would receive… I replied that it was no problem for me to transfer the $$ to a different card, as long as it was valid. How fun would it be to also cancel his “own” card, so that he had to spend 500$ for a new one? Not. Fun. Enough.

But this bored worker had other plans.

In the last mail I wrote that he could send me the card number, but that our e-mail server would go down for maintenance in a few minutes, so my boss would do it on Monday. (It was now Saturday morning, so enough time for the “charged” bank to call us and reverse the transfer) If he needed the money right away, I told him to call the Hotel before I ended my shift @ 07:00.

He called almost immediately, and I wrote down the card number and his phone number… Told him I transferred the money, and that it would be in his account by 12:00.

My shift ended, and I went home with all the info Scooter had provided. Wanted to see if I could find out who he was, and ofc this idiot had an open Facebook profile that I found using his phone number… He even listed his address and employer.

Looked a bit like the artist Scooter, but with even more messed up face and spiky hair full of gel. He lived somewhere outside of London, in an area I would describe as a British trailer park. Houses that where nice at some point, but where the owners had spent 0£ on maintenance since it was built. Trash everywhere, and broken windows that were boarded up or “fixed” by sealing holes with garbage.

And then there was a twist!

Now to the fun part. According to his FB profile, Scooter worked at a hotel! This meant that he would have access to card information from guests that booked through sites like Booking.com.

I called the manager of the hotel, and told him there where reason to believe that one of his employees where trying to commit credit card fraud, and that the cards numbers could belong to their guests. Gave him the name of the people who owned the cards Scooter tried to pay with, and to no surprise both had stayed at the hotel.

Told him it was Scooter, and the manager just exploded in anger. Not 100% sure what he said because he was screaming so loud, but I think Scooter wasn’t a normal employee. He worked there through some kind of government training program or something.

And then it was time for Scooter to really get screwed over.

After talking to the manager, I called both Visa and Mastercard international and told them about Scooters little business venture. Apparently it’s pretty easy to check if there are more cards that have been involved in fraud, where the cards also have been used at Hotel Scooter. With his Polish deposit account info, they would also be able to pin it on Scooter if he had been successful in scamming anyone, and sue him for the amount stolen.

The police also called me later to get a statement regarding the whole situation, so I know that the manager reported it to the police. Not sure what happened to Scooter, but according to his Facebook profile, he no longer works at the hotel. (Or anywhere else as far as I can see).”

Here’s what people had to say.

One person doesn’t get much done when they’re bored at work.