Bilt Card Hacked: I’m Not the Only Victim!

by Anthony Losanno
Cyber Crime

Advertiser & Editorial Disclosure: The Bulkhead Seat earns an affiliate commission for anyone approved through the links below. This compensation may impact how and where links appear on this site. We work to provide the best publicly available offers to our readers. We frequently update them, but this site does not include all available offers. Opinions, reviews, analyses & recommendations are the author’s alone, and have not been reviewed, endorsed, or approved by any of these entities.

Update: It appears that no personal information was actually stolen and that the scammers were able to generate the numbers randomly. Thanks to Gary Leff (View from the Wing) for pointing this out. I made some updates to reflect this information.

I saw a post from Frequent Miler yesterday discussing how multiple cardholders were reporting fraudulent charges. I wish I could say that I couldn’t relate, but I had the same experience a few weeks ago.

Bilt Rewards

I got the Bilt Mastercard® card a few months ago to earn points when I pay the rent on my winter home in Florida. It’s a great card for earning points without paying a fee (rent payment transaction fees would be assessed by every other card issuer I know). I like that it earns points that are transferrable to a host of loyalty programs and it has been seamless for paying rent.

Bilt Card Apple Pay

A few weeks ago, I got an email from Wells Fargo (see above) saying that my card had been added to Apple Pay. I didn’t add it, but within a few minutes thousands of dollars worth of purchases were made at an Apple store in Madrid. I was in Tampa at the time and quickly called the bank. Within minutes a case was opened, the charges were reversed, and a new card was sent to me about a week later (via USPS). Customer service was great and I had the card in time to pay January’s rent. I have no idea how the card was compromised, but it appears that this was done through what is known as a BIN attack where random numbers were generated and some were successful.

I’m not alone as several other users had their cards compromised. This Reddit thread discusses this happening. Bilt replied on Reddit with the following:

Hey all – quick update from Bilt. We have been made aware of a global fraud ring that has been launching what are called BIN attacks. In short, they use compromised merchants to randomly test millions of potential card numbers to see which ones work, focusing in on one card range at a time. While many of these card attempts get blocked (often invisibly to the customer), occasionally charges make it through. This has been happening across banks and we are aware that a few of Wells Fargo Bilt cardholders have experienced fraudulent charges as part of that.

Please note that you will never be liable for any fraud. Wells Fargo is reaching out to any impacted customers. And you can also contact Wells Fargo’s fraud team directly at 1-800-723-5533. They will remove any fraud charges and overnight you a new card. We put our customers’ security first and will make sure that this is resolved for you quickly. Thank you again for your patience!

Luckily, this was caught quickly by me and Bilt/Wells Fargo customer service was excellent. It’s amazing how scammers work and that this issue was able to happen by randomly testing numbers.

Anthony’s Take: I love the Bilt Mastercard® for paying rent and will continue to use it. Make sure that you pay attention to fraud alerts for this card and any credit card as there are so many scammers out there.

User Generated Content Disclosure: The Bulkhead Seat encourages constructive discussions, comments, and questions. Responses are not provided by or commissioned by any bank advertisers. These responses have not been reviewed, approved, or endorsed by the bank advertiser. It is not the responsibility of the bank advertiser to respond to comments.

Advertiser & Editorial Disclosure: The Bulkhead Seat earns an affiliate commission for anyone approved through the links above This compensation may impact how and where links appear on this site. We work to provide the best publicly available offers to our readers. We frequently update them, but this site does not include all available offers. Opinions, reviews, analyses & recommendations are the author’s alone, and have not been reviewed, endorsed, or approved by any of these entities.

3 comments

Gary Leff January 14, 2023 - 7:41 pm

Since it was a BIN attack, no information was actually stolen. They generated numbers and tested those numbers at specific merchants to see if the charge would go through (and therefore that they had a valid card number). Stealing numbers implies a data breach, but that does not appear to have happened here.

Reply
Frankfurt Airport Lufthansa
Anthony Losanno January 14, 2023 - 7:51 pm

That’s good to know. Thank you for clarifying. I made some edits.

Reply
Matthew January 16, 2023 - 12:58 am

I believe the number listed from Bilt is itself a fraud; it’s not listed on WF’s page, and my mom just got a very suspicious call from them, claiming a suspicious charge on a card she doesn’t have. Please don’t call any number except what Wells Fargo themselves list on their page. (Found this page trying to search who actually owns that number.)

Reply

Leave a Comment

Related Articles