Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Identity Theft Stolen!
self | 02/05/2013 | Revolting cat!

Posted on 02/05/2013 12:13:46 PM PST by Revolting cat!

Oh my, it happened again. Last time, it must have been almost 10 years ago, I had a keystroke capturing malware on the 'puter and some bastard from L.A. ordered a couple of hundred dollars of computer memory from a computer company, which then put me on its mailing list where I remain to this day receiving daily spam while never having bought anything from them. But that was all. The bank replaced the credit card, it didn't cost me a cent, and the culprit probably got away with it. The cops told me they get a couple of hundred calls a month in this town, issue report numbers that the banks require, and investigate none of them.

This time I'm clean, or at least that's what I and my anti this and anti that programs believe (but just in case I'm running full scans now), and I don't remember when was the last time I entered this credit card number online, maybe a couple of weeks ago buying from a large reputable company.

Yesterday, I got an urgent phone and e-mail message from the credit card company informing me of suspicious activity on my account and asking that I call their 800 number. I did this morning. There were three charges which I didn't make. One for $200 in the UK for "tickets" (no more detail), another $100 in a store I think is local called Restoration Hardware, and the third $1 for 'AOL FS CARD VERIFY' made today. All three made within the recent couple of days.

I bought a couple of books in the past two, three days, one from Amazon, the other from Half.com, without entering the credit card number which the companies already had on file. What happened then? What could have happened? One of the merchants/stores where I buy groceries has an insecure system? Was my Last Pass password saving program compromised? It had trouble logging in automatically today. I'm waiting for the results of the scans. In the meantime, beware.


TOPICS: Computers/Internet; Conspiracy; Miscellaneous; Weird Stuff
KEYWORDS: credit; identitytheft

1 posted on 02/05/2013 12:13:57 PM PST by Revolting cat!
[ Post Reply | Private Reply | View Replies]

To: Revolting cat!

The card stays in my wallet, by the way, on which my ass rests at all times!


2 posted on 02/05/2013 12:27:55 PM PST by Revolting cat! (Bad things are wrong! Ice cream is delicious!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Revolting cat!

It doesn’t sound like identity theft, it sounds like your card was captured. The most common place to steal credit card information is at a gas station. People push cards into pumps without even looking or thinking, and thieves know this, placing card readers OVER the existing card readers.


3 posted on 02/05/2013 12:29:08 PM PST by kingu (Everything starts with slashing the size and scope of the federal government.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Revolting cat!

IMHO...

I presume you’re using windows.

Never ever choose the option to save a password and log in automatically.

You’ve got to tighten up how you use your browser (don’t use IE) and email.

Windows provides many ways for your PC to be hacked.

Other than anti-virus, there are all those setup and configuration options in Windows and in your browser.

A lot of doors can be closed through proper selection of options.

I’ve long since abandoned Windows in favor of CentOS Linux (which is just the free version of Red Hat), so I’m not up on the details of trying to make Windows secure in even a minimal way.


4 posted on 02/05/2013 12:34:20 PM PST by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kingu

I used my credit card at a Shell station- the only time it was used in three weeks. Within 24 hours, $500 was charged to I-tunes. When they tried to make a second purchase of $1500 the next night, I got a call from the cc company. Grrr....

May whoever stole my card number spontaneously combust while enjoying stolen music.


5 posted on 02/05/2013 12:36:23 PM PST by Cowgirl of Justice
[ Post Reply | Private Reply | To 3 | View Replies]

To: Revolting cat!

I only use a debit card that’s not tied to a bank account and is good only for the amount currently stored on the card. Most times the balance is zero unless I’m going to buy something, Otherwise it’s cash only.


6 posted on 02/05/2013 12:39:08 PM PST by meatloaf (Support Senate S 1863 & House Bill 1380 to eliminate oil slavery.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Revolting cat!

A few common vectors for this type of thing:

1. Waitstaff at a restaurant copied down your card info
2. A gas pump or cash machine had a skimmer installed (a hidden device which reads the card’s info)
3. A company which you’ve purchased something from in the past exposed your card info by being hacked or having a malicious employee.


7 posted on 02/05/2013 12:40:25 PM PST by Sparticus (Tar and feathers for the next dumb@ss Republican that uses the word bipartisanship.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cowgirl of Justice

After using my bank debit card at a local gas station chain store, my checking/savings accts were hacked but security questions foiled any withdrawls, 2x last year. Received 4+ emails from bank notifying me of repeated breaching attempts, and they quickly froze accts. No cc/debit purchases. I changed username/passwords/security questions next day. Never went back to that station chain, but alerted them of the problem.


8 posted on 02/05/2013 12:46:48 PM PST by carriage_hill (AR-10s & AR-15s are the 21st Century's Muskets. The 2nd Amendment is the First Human Right.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Revolting cat!

I had the “Tickets” charge on mine show up once, from Africa. CC co said they had seen a lot from that particular web site recently, sounded as if the site did not require security ID or address verification so bad guys just pumped a bunch of numbers through it and got lucky... several times. So, we didn’t do anything wrong or exposed ourselves in any way, they just worked hard and got lucky. We had the card killed off and reissued new ones.


9 posted on 02/05/2013 12:47:32 PM PST by BigDaddyTX (Don't Mex with Texas)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sparticus

I’ve got two candidates: a smog check auto repair shop and a small deli in the neighbourhood. I haven’t gassed the car in over a week, and the charges are from recent days.


10 posted on 02/05/2013 12:50:16 PM PST by Revolting cat! (Bad things are wrong! Ice cream is delicious!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Revolting cat!

Sounds like what happened to me. my very aware credit card company caught it before any real damage was done.

The $1.00 may have been to make sure their “copy” of your card worked.

I also had a $1.00 charge on mine for a NYC parking permit, then a charge to a lumber company and a golf company in NYC. That is when the card company flagged these as “not normal” and contacted me.

I was on Jury Duty here at the time these were done and was NOT in NYC.

I was in NYC about eight months ago but I NEVER used that particular card there.


11 posted on 02/05/2013 12:52:18 PM PST by Ruy Dias de Bivar (Click my name! See new paintings!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Revolting cat!
I bought a couple of books in the past two, three days, one from Amazon, the other from Half.com, without entering the credit card number which the companies already had on file. What happened then? What could have happened? One of the merchants/stores where I buy groceries has an insecure system? Was my Last Pass password saving program compromised? It had trouble logging in automatically today. I'm waiting for the results of the scans. In the meantime, beware.

When you purchase things online, or log into an website, you need to

a) make sure you do not have ANY other websites open but the one you are logged into. No other browsers started. And browsers today have multiple "tabs", you have have a different website in each tab. No other websites in other tabs. If you log into amazon, you're ONLY in amazon. Malicious sites can sometimes violate "the rules" and grab info from a different site that you're visiting at the same.

b) before you log in, and after you log out, clear everything in your browser history, cache, etc. Saved passwords, cookies, cache, etc. Everything clean. Close the browser.

c) Do not use the same password for any other site. If the hacker (or his automated tool) cracks one of your passwords, he will quickly try to log in to every site that he finds evidence that you have logged in to, using that same password.

d) make your passwords ridiculously "strong". That means use every type of character they allow: uppercase, lowercase, digits, special characters like @#$%. And... do not repeat any character of your password. Strong passwords are harder to break using password-cracking software. Make all your passwords at least 12 characters long, 20 if they allow it. If your password is "a" it can be cracked rather easily even if it's encrypted; strong passwords are much more time consuming to crack. Changing passwords very often is not nearly as important as making them strong.

e) Do not open an email that has an attachment unless 1) you know the person who sent it, 2) you asked them to send you something as an attachment (you're expecting the attachment) and 3) they follow all these rules as well (if someone has problems frequently or sends you all kinds of junk, best to just delete anything with attachments from them), and 4) make sure you're machine is configured to not execute any scripts upon opening files without your confirmation (never give this confirmation).

Just some basic hints...
12 posted on 02/05/2013 12:54:51 PM PST by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 1 | View Replies]

To: PieterCasparzen
Never ever choose the option to save a password and log in automatically.

Is there a way that I can cancel that option? I clicked it accidentally one bleary eyed morning.

13 posted on 02/05/2013 12:56:36 PM PST by verga (A nation divided by Zero!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Cowgirl of Justice

I avoid that by always paying cash at gas stations, restaurants and stores. Basically, I only spend cash if I’m not online.

Online, simply use a debit card linked to an account that only has how much you are willing to lose in it.


14 posted on 02/05/2013 12:58:24 PM PST by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Revolting cat!

Credit cards don’t have to leave your wallet to be compromised. There are times where thousands or millions of numbers are stolen from credit card companies directly (sometimes by internal criminals).


15 posted on 02/05/2013 1:01:11 PM PST by a fool in paradise (America 2013 - STUCK ON STUPID)
[ Post Reply | Private Reply | To 2 | View Replies]

To: meatloaf

i like that idea. thank you.


16 posted on 02/05/2013 1:03:24 PM PST by ZinGirl (kids in college....can't afford a tagline right now)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Revolting cat!

Also had a couple random charges after a gas station visit several years ago. Bastards!


17 posted on 02/05/2013 1:05:56 PM PST by petercooper
[ Post Reply | Private Reply | To 1 | View Replies]

To: Revolting cat!

Your card info could have been stolen months ago. There are literally millions of card numbers (a sizable minority with additional info) on the web for sale for a few dollars to maybe $20 each. There are so many that thieves probably will not ever get around to abusing one of yours.

If I didn’t have these stinking morals, I could be rich...


18 posted on 02/05/2013 1:11:18 PM PST by QuisCustodiet1776 (Live free or die.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: verga

In Firefox,

Edit > Preferences > Security > Passwords

Remember passwords for sites (NO)

Use a master password (NO)


19 posted on 02/05/2013 1:15:05 PM PST by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 13 | View Replies]

To: ZinGirl

Just a thought...you said there was a message from the credit card company and an email. You returned their call. Did you use an 800 number they left on your message or email, or did you go look up the credit card’s 800 number online, or on the back of your card, and call that number.

Reason, there might not have been any fraud, but fraudsters alert you to “false” credit card usage, and then get pertinent info from you when you return a call or take the call for that matter, or respond to the email. Credit card phishing is rampant via email, and these types of calls.

Make sure you actually called the credit card company back, and it was the credit card company you were speaking too. Best way to do that is to look online for their credit card phone line, or on the back of your card, and give them a call to make sure there was suspicious activity, or were scammers trying to get info from you.


20 posted on 02/05/2013 1:15:24 PM PST by memyselfandi59
[ Post Reply | Private Reply | To 16 | View Replies]

To: Revolting cat!

I’ve done some PCI compliance work. The first thing I learned was to NEVER use my debit card for purchases. If someone gets your debit card number, the money is actually taken out of your checking account. Sure, you may get it all back, but in the meantime, checks and legitimate electronic payments are bouncing and you have no money.

I only use credit cards now, and just pay them off every month. And it is more common for them to be compromised by unscrupulous waiters, etc. when you do “card present” transactions than via internet purchases.

Oh, and our B of A Visa has been compromised four times in as many years. And the only reason we know is because we get a new card in the mail and an email explaining it. My wife’s Amex was compromised once.


21 posted on 02/05/2013 1:17:07 PM PST by cuban leaf (Were doomed! Details at eleven.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sparticus
A few common vectors for this type of thing:

1. Waitstaff at a restaurant copied down your card info


That is how it happened to me. Daughter wanted to go to a restaurant at a local mall. I rarely use my card for dining, but did on this occasion. By morning the culprit had attempted over 5 thousand in purchases on my AE card. It was frozen but they did manage to clear a 1.6K charge on line. They made a mistake and purchased online with a a pickup at the Best Buy near the mall. That is how they were caught.

This was the only time the card had left my possession (out of sight) in months. AE went after the restaurant, but did not ask anything else from me, nor the local police.
22 posted on 02/05/2013 1:21:53 PM PST by PA Engineer (Liberate America from the Occupation Media.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Ruy Dias de Bivar

The $1.00 may have been to make sure their “copy” of your card worked.


That is exactly what it is. It should have been eventually followed up by a transaction for the real amount.


23 posted on 02/05/2013 1:24:20 PM PST by cuban leaf (Were doomed! Details at eleven.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: PieterCasparzen

I use a Costo AmEx for all my gas purchases. My round trip commute is 122 miles. I get $450 back this year. :-)


24 posted on 02/05/2013 1:27:08 PM PST by cuban leaf (Were doomed! Details at eleven.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: cuban leaf; Revolting cat!
I’ve done some PCI compliance work. The first thing I learned was to NEVER use my debit card for purchases. If someone gets your debit card number, the money is actually taken out of your checking account. Sure, you may get it all back, but in the meantime, checks and legitimate electronic payments are bouncing and you have no money.

I "came up with an idea for that".

There's no law against have 2 checking accounts. One at one bank, one at another.

A) Use one to pay bills with checks - do not have a debit card linked to that account, just use the checks.

B) Use the other to do online purchases with a debit card.

If the bank/account you use for online purchases is kept with little to nothing in it, you will simply need to plan your online purchases, i.e., put money into the account before you make a purchase. I find that planning purchases is better than impulse buying anyway.

IMHO, the banking industry wants their customers to all have a line of credit. They know that the odds are in their favor that people with lines of credit will wind up using them. So they continually, 24x7, "educate" and advertise everywhere that consumer credit is essential. We now have a nation where very few people have any liquid net worth that is not locked up in an account with restrictions on it for "early withdrawal". People without access to capital or who carry debt are not much better off than slaves.
25 posted on 02/05/2013 1:34:09 PM PST by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Revolting cat!
We had three bogus charges totalling $550 on our debit card two weeks ago. Fortunately, the credit card fraud unit called me before they actually hit the account. We have two suspects:

1. We used the card for dinner out the Friday night before, and gave the waiter the card.

2. The cards were due to expire in February, and we never did get the new ones in the mail.

I'm betting on (2.) and someone lifted the cards from the mail.

26 posted on 02/05/2013 1:34:52 PM PST by RightField (one of the obstreperous citizens insisting on incorrect thinking - C. Krauthamer)
[ Post Reply | Private Reply | To 1 | View Replies]

To: PieterCasparzen

What you describe is what I do with paypal. I have a virtually empty paypal account - until I decide to use it to buy something.


27 posted on 02/05/2013 1:40:42 PM PST by cuban leaf (Were doomed! Details at eleven.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Revolting cat!

My own reco is to go buy a simple router, even if you have only a single computer at your home. Inserting a router between your computer and modem is very, very strong anti-hack stuff, assuming of course you do not compromise your security by clicking on an emailed link or something similar.

A $29.95 Netgear or D-link or any of a dozen other brands of router can be a lifesaver, and if you don’t use it be sure to disable the wireless aspect of the router, if present.


28 posted on 02/05/2013 1:44:20 PM PST by Attention Surplus Disorder (This stuff we're going through now, this is nothing compared to the middle ages.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cowgirl of Justice

For the first time I was wrong again. The first charge happened on the day that I gassed up my global warming contributing motor vehicle (another point in favor of electric cars), so it must have been the reader at the petrol station that caught the number.

But here is a question, is the supersecret three digit number on the back of the card that you always need to make online purchases encoded electronically in it? If so, that’s dumb!


29 posted on 02/05/2013 1:48:45 PM PST by Revolting cat! (Bad things are wrong! Ice cream is delicious!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Attention Surplus Disorder; Revolting cat!

And learn to administer it, as in changing the admin password from the default to a strong password.

I had two machines hooked to my router once. Then, I hooked a printer to one of the machines. Boom ! In a few minutes - I found out about the ridiculous security holes in printer protocols and that networks can by hijacked to make secure tunnels for hacker use. The windows machine was in such bad shape I had to reinstall it.

It’s best to read up on anything you do before you do it (I’m sure everyone agrees !).


30 posted on 02/05/2013 1:53:27 PM PST by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Revolting cat!

Could have been a card reader, could have been Windows. The following is very easy to install and use.

http://www.ubuntu.com/download

The following is more secure for anyone who knows how to use it (little advance study there).

http://openbsd.org/


31 posted on 02/05/2013 1:57:05 PM PST by familyop (We Baby Boomers are croaking in an avalanche of rotten politics smelled around the planet.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: memyselfandi59

Great hints, thanks. I called the number mentioned in the voice mail, AND in the e-mail. It was legit.

Then I logged in and went into a chat with some dummy from Bangalore, I suspect, with an American name of course, trying to learn more, and I actually learned less, as he couldn’t find the information given me previously by a lisping phone rep. (But he found it in the end, and then generously informed me that they are waving the late fee for me, which was another piece of nonsense as I had paid my recent bill two weeks ago and the payment shows in their records available to me!)


32 posted on 02/05/2013 1:58:00 PM PST by Revolting cat! (Bad things are wrong! Ice cream is delicious!)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Attention Surplus Disorder; Revolting cat!

“Inserting a router between your computer and modem is very, very strong anti-hack stuff”

Assuming, of course, that the router has packet-sniffing capability. Not all routers are equipped/configured to do that.


33 posted on 02/05/2013 2:03:04 PM PST by spel_grammer_an_punct_polise (Learn three chords and you, too, can be a Rock Star!)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Revolting cat!

That’s not ID theft.

Your card was compromised by someone you handed it to, like at a restaurant.

More and more merchants are asking for the 3 digit number on the back of your card and the only way they get that is by swiping your card into a capture machine, writing the numbers down on the front of the card or just taking the receipt. but, they would have looked at your 3 digit commonly called a “CVD”, “CVV”, etc.

Your bank will issue a new card, cover the fraud charges and all will be well.


34 posted on 02/05/2013 2:05:19 PM PST by Vendome (Don't take life so seriously, you won't live through it anyway)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Revolting cat!

“Card Verify” web sites exist by “verifying” millions of mostly stolen credit and debit cards every day....


35 posted on 02/05/2013 2:57:00 PM PST by TheBattman (Isn't the lesser evil... still evil?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sparticus; Revolting cat!; null and void

son’s debit card info was compromised at a Chuck E. Cheese’s last month.
He travels all over the world as a flight attendant, but somehow the cc company recognized a problem when the number was used in tiny Tucker GA (he lives in Atlanta) for gas, and they froze his card. Couldn’t reach him, as he was in a Chile or Brazil, but he called them when it was frozen and got it straightened out.


36 posted on 02/05/2013 4:15:27 PM PST by Shimmer1 (No matter how cynical I get, I just can't keep up.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Shimmer1

Chuck E. Cheese. Bad food served to children by rats...


37 posted on 02/05/2013 4:46:07 PM PST by null and void (Gun confiscation enables tyranny. Don't enable tyranny.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Revolting cat!
A number of years ago my credit card # ended up with someone in Louisville KY who subsequently went on a shopping spree, spending over $7,000.............

I have no idea how they got it but the credit card company was cool and took all the charges off my account and issued me a new card.

38 posted on 02/05/2013 4:55:18 PM PST by Hot Tabasco (Jab her with a harpoon or just throw her from the train......)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Vendome

I know (or I hope) it’s not “ID theft”, it just fit the title better. That’s all I need, my precious SoSecurity number wandering alone in the cement jungle out there, to be intercepted by some illegal Kenyan on his way to the U.S. Presidency! And anyway, every tragic misadventure deserves a fitting pun, or what use would it be?!

Events such as this take away something from your confidence that you’re smarter than the rest, that you’ve learned your lesson, can’t ever happen to you, etc. It just did, buster!

I have now run three scans of the machine. All came out completely clean, unusual (suspicious?), no signs of even harmless trash spyware. Still, I want to figure out what happened. Right now I’m leaning 70:30 that it happened (that is assuming it did not happen via a mole at the credit card company, as suggested above), not through my puter, but through a live local merchant, probably a gas station. Which leads to a lesson to use separate credit cards for separate purposes.


39 posted on 02/05/2013 5:05:54 PM PST by Revolting cat! (Bad things are wrong! Ice cream is delicious!)
[ Post Reply | Private Reply | To 34 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson