Posted on 02/05/2013 12:13:46 PM PST by Revolting cat!
Oh my, it happened again. Last time, it must have been almost 10 years ago, I had a keystroke capturing malware on the 'puter and some bastard from L.A. ordered a couple of hundred dollars of computer memory from a computer company, which then put me on its mailing list where I remain to this day receiving daily spam while never having bought anything from them. But that was all. The bank replaced the credit card, it didn't cost me a cent, and the culprit probably got away with it. The cops told me they get a couple of hundred calls a month in this town, issue report numbers that the banks require, and investigate none of them.
This time I'm clean, or at least that's what I and my anti this and anti that programs believe (but just in case I'm running full scans now), and I don't remember when was the last time I entered this credit card number online, maybe a couple of weeks ago buying from a large reputable company.
Yesterday, I got an urgent phone and e-mail message from the credit card company informing me of suspicious activity on my account and asking that I call their 800 number. I did this morning. There were three charges which I didn't make. One for $200 in the UK for "tickets" (no more detail), another $100 in a store I think is local called Restoration Hardware, and the third $1 for 'AOL FS CARD VERIFY' made today. All three made within the recent couple of days.
I bought a couple of books in the past two, three days, one from Amazon, the other from Half.com, without entering the credit card number which the companies already had on file. What happened then? What could have happened? One of the merchants/stores where I buy groceries has an insecure system? Was my Last Pass password saving program compromised? It had trouble logging in automatically today. I'm waiting for the results of the scans. In the meantime, beware.
I’ve done some PCI compliance work. The first thing I learned was to NEVER use my debit card for purchases. If someone gets your debit card number, the money is actually taken out of your checking account. Sure, you may get it all back, but in the meantime, checks and legitimate electronic payments are bouncing and you have no money.
I only use credit cards now, and just pay them off every month. And it is more common for them to be compromised by unscrupulous waiters, etc. when you do “card present” transactions than via internet purchases.
Oh, and our B of A Visa has been compromised four times in as many years. And the only reason we know is because we get a new card in the mail and an email explaining it. My wife’s Amex was compromised once.
The $1.00 may have been to make sure their copy of your card worked.
I use a Costo AmEx for all my gas purchases. My round trip commute is 122 miles. I get $450 back this year. :-)
1. We used the card for dinner out the Friday night before, and gave the waiter the card.
2. The cards were due to expire in February, and we never did get the new ones in the mail.
I'm betting on (2.) and someone lifted the cards from the mail.
What you describe is what I do with paypal. I have a virtually empty paypal account - until I decide to use it to buy something.
My own reco is to go buy a simple router, even if you have only a single computer at your home. Inserting a router between your computer and modem is very, very strong anti-hack stuff, assuming of course you do not compromise your security by clicking on an emailed link or something similar.
A $29.95 Netgear or D-link or any of a dozen other brands of router can be a lifesaver, and if you don’t use it be sure to disable the wireless aspect of the router, if present.
For the first time I was wrong again. The first charge happened on the day that I gassed up my global warming contributing motor vehicle (another point in favor of electric cars), so it must have been the reader at the petrol station that caught the number.
But here is a question, is the supersecret three digit number on the back of the card that you always need to make online purchases encoded electronically in it? If so, that’s dumb!
And learn to administer it, as in changing the admin password from the default to a strong password.
I had two machines hooked to my router once. Then, I hooked a printer to one of the machines. Boom ! In a few minutes - I found out about the ridiculous security holes in printer protocols and that networks can by hijacked to make secure tunnels for hacker use. The windows machine was in such bad shape I had to reinstall it.
It’s best to read up on anything you do before you do it (I’m sure everyone agrees !).
Could have been a card reader, could have been Windows. The following is very easy to install and use.
http://www.ubuntu.com/download
The following is more secure for anyone who knows how to use it (little advance study there).
Great hints, thanks. I called the number mentioned in the voice mail, AND in the e-mail. It was legit.
Then I logged in and went into a chat with some dummy from Bangalore, I suspect, with an American name of course, trying to learn more, and I actually learned less, as he couldn’t find the information given me previously by a lisping phone rep. (But he found it in the end, and then generously informed me that they are waving the late fee for me, which was another piece of nonsense as I had paid my recent bill two weeks ago and the payment shows in their records available to me!)
“Inserting a router between your computer and modem is very, very strong anti-hack stuff”
Assuming, of course, that the router has packet-sniffing capability. Not all routers are equipped/configured to do that.
That’s not ID theft.
Your card was compromised by someone you handed it to, like at a restaurant.
More and more merchants are asking for the 3 digit number on the back of your card and the only way they get that is by swiping your card into a capture machine, writing the numbers down on the front of the card or just taking the receipt. but, they would have looked at your 3 digit commonly called a “CVD”, “CVV”, etc.
Your bank will issue a new card, cover the fraud charges and all will be well.
“Card Verify” web sites exist by “verifying” millions of mostly stolen credit and debit cards every day....
son’s debit card info was compromised at a Chuck E. Cheese’s last month.
He travels all over the world as a flight attendant, but somehow the cc company recognized a problem when the number was used in tiny Tucker GA (he lives in Atlanta) for gas, and they froze his card. Couldn’t reach him, as he was in a Chile or Brazil, but he called them when it was frozen and got it straightened out.
Chuck E. Cheese. Bad food served to children by rats...
I have no idea how they got it but the credit card company was cool and took all the charges off my account and issued me a new card.
I know (or I hope) it’s not “ID theft”, it just fit the title better. That’s all I need, my precious SoSecurity number wandering alone in the cement jungle out there, to be intercepted by some illegal Kenyan on his way to the U.S. Presidency! And anyway, every tragic misadventure deserves a fitting pun, or what use would it be?!
Events such as this take away something from your confidence that you’re smarter than the rest, that you’ve learned your lesson, can’t ever happen to you, etc. It just did, buster!
I have now run three scans of the machine. All came out completely clean, unusual (suspicious?), no signs of even harmless trash spyware. Still, I want to figure out what happened. Right now I’m leaning 70:30 that it happened (that is assuming it did not happen via a mole at the credit card company, as suggested above), not through my puter, but through a live local merchant, probably a gas station. Which leads to a lesson to use separate credit cards for separate purposes.
‘
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.