Skip to comments.Identity Theft Stolen!
Posted on 02/05/2013 12:13:46 PM PST by Revolting cat!
Oh my, it happened again. Last time, it must have been almost 10 years ago, I had a keystroke capturing malware on the 'puter and some bastard from L.A. ordered a couple of hundred dollars of computer memory from a computer company, which then put me on its mailing list where I remain to this day receiving daily spam while never having bought anything from them. But that was all. The bank replaced the credit card, it didn't cost me a cent, and the culprit probably got away with it. The cops told me they get a couple of hundred calls a month in this town, issue report numbers that the banks require, and investigate none of them.
This time I'm clean, or at least that's what I and my anti this and anti that programs believe (but just in case I'm running full scans now), and I don't remember when was the last time I entered this credit card number online, maybe a couple of weeks ago buying from a large reputable company.
Yesterday, I got an urgent phone and e-mail message from the credit card company informing me of suspicious activity on my account and asking that I call their 800 number. I did this morning. There were three charges which I didn't make. One for $200 in the UK for "tickets" (no more detail), another $100 in a store I think is local called Restoration Hardware, and the third $1 for 'AOL FS CARD VERIFY' made today. All three made within the recent couple of days.
I bought a couple of books in the past two, three days, one from Amazon, the other from Half.com, without entering the credit card number which the companies already had on file. What happened then? What could have happened? One of the merchants/stores where I buy groceries has an insecure system? Was my Last Pass password saving program compromised? It had trouble logging in automatically today. I'm waiting for the results of the scans. In the meantime, beware.
The card stays in my wallet, by the way, on which my ass rests at all times!
It doesn’t sound like identity theft, it sounds like your card was captured. The most common place to steal credit card information is at a gas station. People push cards into pumps without even looking or thinking, and thieves know this, placing card readers OVER the existing card readers.
I presume you’re using windows.
Never ever choose the option to save a password and log in automatically.
You’ve got to tighten up how you use your browser (don’t use IE) and email.
Windows provides many ways for your PC to be hacked.
Other than anti-virus, there are all those setup and configuration options in Windows and in your browser.
A lot of doors can be closed through proper selection of options.
I’ve long since abandoned Windows in favor of CentOS Linux (which is just the free version of Red Hat), so I’m not up on the details of trying to make Windows secure in even a minimal way.
I used my credit card at a Shell station- the only time it was used in three weeks. Within 24 hours, $500 was charged to I-tunes. When they tried to make a second purchase of $1500 the next night, I got a call from the cc company. Grrr....
May whoever stole my card number spontaneously combust while enjoying stolen music.
I only use a debit card that’s not tied to a bank account and is good only for the amount currently stored on the card. Most times the balance is zero unless I’m going to buy something, Otherwise it’s cash only.
A few common vectors for this type of thing:
1. Waitstaff at a restaurant copied down your card info
2. A gas pump or cash machine had a skimmer installed (a hidden device which reads the card’s info)
3. A company which you’ve purchased something from in the past exposed your card info by being hacked or having a malicious employee.
After using my bank debit card at a local gas station chain store, my checking/savings accts were hacked but security questions foiled any withdrawls, 2x last year. Received 4+ emails from bank notifying me of repeated breaching attempts, and they quickly froze accts. No cc/debit purchases. I changed username/passwords/security questions next day. Never went back to that station chain, but alerted them of the problem.
I had the “Tickets” charge on mine show up once, from Africa. CC co said they had seen a lot from that particular web site recently, sounded as if the site did not require security ID or address verification so bad guys just pumped a bunch of numbers through it and got lucky... several times. So, we didn’t do anything wrong or exposed ourselves in any way, they just worked hard and got lucky. We had the card killed off and reissued new ones.
I’ve got two candidates: a smog check auto repair shop and a small deli in the neighbourhood. I haven’t gassed the car in over a week, and the charges are from recent days.
Sounds like what happened to me. my very aware credit card company caught it before any real damage was done.
The $1.00 may have been to make sure their “copy” of your card worked.
I also had a $1.00 charge on mine for a NYC parking permit, then a charge to a lumber company and a golf company in NYC. That is when the card company flagged these as “not normal” and contacted me.
I was on Jury Duty here at the time these were done and was NOT in NYC.
I was in NYC about eight months ago but I NEVER used that particular card there.
Is there a way that I can cancel that option? I clicked it accidentally one bleary eyed morning.
I avoid that by always paying cash at gas stations, restaurants and stores. Basically, I only spend cash if I’m not online.
Online, simply use a debit card linked to an account that only has how much you are willing to lose in it.
Credit cards don’t have to leave your wallet to be compromised. There are times where thousands or millions of numbers are stolen from credit card companies directly (sometimes by internal criminals).
i like that idea. thank you.
Also had a couple random charges after a gas station visit several years ago. Bastards!
Your card info could have been stolen months ago. There are literally millions of card numbers (a sizable minority with additional info) on the web for sale for a few dollars to maybe $20 each. There are so many that thieves probably will not ever get around to abusing one of yours.
If I didn’t have these stinking morals, I could be rich...
Edit > Preferences > Security > Passwords
Remember passwords for sites (NO)
Use a master password (NO)
Just a thought...you said there was a message from the credit card company and an email. You returned their call. Did you use an 800 number they left on your message or email, or did you go look up the credit card’s 800 number online, or on the back of your card, and call that number.
Reason, there might not have been any fraud, but fraudsters alert you to “false” credit card usage, and then get pertinent info from you when you return a call or take the call for that matter, or respond to the email. Credit card phishing is rampant via email, and these types of calls.
Make sure you actually called the credit card company back, and it was the credit card company you were speaking too. Best way to do that is to look online for their credit card phone line, or on the back of your card, and give them a call to make sure there was suspicious activity, or were scammers trying to get info from you.
I’ve done some PCI compliance work. The first thing I learned was to NEVER use my debit card for purchases. If someone gets your debit card number, the money is actually taken out of your checking account. Sure, you may get it all back, but in the meantime, checks and legitimate electronic payments are bouncing and you have no money.
I only use credit cards now, and just pay them off every month. And it is more common for them to be compromised by unscrupulous waiters, etc. when you do “card present” transactions than via internet purchases.
Oh, and our B of A Visa has been compromised four times in as many years. And the only reason we know is because we get a new card in the mail and an email explaining it. My wife’s Amex was compromised once.
The $1.00 may have been to make sure their copy of your card worked.
I use a Costo AmEx for all my gas purchases. My round trip commute is 122 miles. I get $450 back this year. :-)
1. We used the card for dinner out the Friday night before, and gave the waiter the card.
2. The cards were due to expire in February, and we never did get the new ones in the mail.
I'm betting on (2.) and someone lifted the cards from the mail.
What you describe is what I do with paypal. I have a virtually empty paypal account - until I decide to use it to buy something.
My own reco is to go buy a simple router, even if you have only a single computer at your home. Inserting a router between your computer and modem is very, very strong anti-hack stuff, assuming of course you do not compromise your security by clicking on an emailed link or something similar.
A $29.95 Netgear or D-link or any of a dozen other brands of router can be a lifesaver, and if you don’t use it be sure to disable the wireless aspect of the router, if present.
For the first time I was wrong again. The first charge happened on the day that I gassed up my global warming contributing motor vehicle (another point in favor of electric cars), so it must have been the reader at the petrol station that caught the number.
But here is a question, is the supersecret three digit number on the back of the card that you always need to make online purchases encoded electronically in it? If so, that’s dumb!
And learn to administer it, as in changing the admin password from the default to a strong password.
I had two machines hooked to my router once. Then, I hooked a printer to one of the machines. Boom ! In a few minutes - I found out about the ridiculous security holes in printer protocols and that networks can by hijacked to make secure tunnels for hacker use. The windows machine was in such bad shape I had to reinstall it.
It’s best to read up on anything you do before you do it (I’m sure everyone agrees !).
Could have been a card reader, could have been Windows. The following is very easy to install and use.
The following is more secure for anyone who knows how to use it (little advance study there).
Great hints, thanks. I called the number mentioned in the voice mail, AND in the e-mail. It was legit.
Then I logged in and went into a chat with some dummy from Bangalore, I suspect, with an American name of course, trying to learn more, and I actually learned less, as he couldn’t find the information given me previously by a lisping phone rep. (But he found it in the end, and then generously informed me that they are waving the late fee for me, which was another piece of nonsense as I had paid my recent bill two weeks ago and the payment shows in their records available to me!)
“Inserting a router between your computer and modem is very, very strong anti-hack stuff”
Assuming, of course, that the router has packet-sniffing capability. Not all routers are equipped/configured to do that.
That’s not ID theft.
Your card was compromised by someone you handed it to, like at a restaurant.
More and more merchants are asking for the 3 digit number on the back of your card and the only way they get that is by swiping your card into a capture machine, writing the numbers down on the front of the card or just taking the receipt. but, they would have looked at your 3 digit commonly called a “CVD”, “CVV”, etc.
Your bank will issue a new card, cover the fraud charges and all will be well.
“Card Verify” web sites exist by “verifying” millions of mostly stolen credit and debit cards every day....
son’s debit card info was compromised at a Chuck E. Cheese’s last month.
He travels all over the world as a flight attendant, but somehow the cc company recognized a problem when the number was used in tiny Tucker GA (he lives in Atlanta) for gas, and they froze his card. Couldn’t reach him, as he was in a Chile or Brazil, but he called them when it was frozen and got it straightened out.
Chuck E. Cheese. Bad food served to children by rats...
I have no idea how they got it but the credit card company was cool and took all the charges off my account and issued me a new card.
I know (or I hope) it’s not “ID theft”, it just fit the title better. That’s all I need, my precious SoSecurity number wandering alone in the cement jungle out there, to be intercepted by some illegal Kenyan on his way to the U.S. Presidency! And anyway, every tragic misadventure deserves a fitting pun, or what use would it be?!
Events such as this take away something from your confidence that you’re smarter than the rest, that you’ve learned your lesson, can’t ever happen to you, etc. It just did, buster!
I have now run three scans of the machine. All came out completely clean, unusual (suspicious?), no signs of even harmless trash spyware. Still, I want to figure out what happened. Right now I’m leaning 70:30 that it happened (that is assuming it did not happen via a mole at the credit card company, as suggested above), not through my puter, but through a live local merchant, probably a gas station. Which leads to a lesson to use separate credit cards for separate purposes.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.