Results 1 to 21 of 21
  1. #1
    More Cheesier Than Ever Cheesehead's Avatar
    Join Date
    January 18th, 2005
    Location
    Land of The NFL Champs!
    Posts
    2,942
    Another CC Scam Pulled On Me!
    Today, of all days, we get a phone call from a firm investigating fraudulent credit card purchases. I refused to provide them any information. Instead, we called our CC fraud number and sure enough the firm was legit. We had 3 charges made on our card early last evening, all overseas. One to ccbill.com and two others to "tele2 kontant". We had the card closed down.

    I am wondering if someone was able to get into my computer via and FTP program open while I was testing an html form? So they get into my server via the form, then get into my computer via the FTP. I had several Norton anti-virus alerts yesterday as well while working on the forms. At any rate, I will be looking for a different script or update my current one before doing any more work. The page with the form is published to the server at an address that is not linked to yet, but I would guess some malicious program could find it anyway right?
    This World is Not My Home
    We're gonna go inside, we're gonna go outside, inside and outside. . . And then we're gonna go go go and we're not gonna stop til we get across that goalline! Quotes from the movie Rudy, 1993

  2. #2
    Full Member
    Join Date
    October 30th, 2007
    Location
    Toronto
    Posts
    217
    Why do you think it was someone able to get into your computer? Why not staff? Relatives? Why not someone standing behind you in a checkout line? A rigged ATM? A rigged swipe machine? A shifty waiter or bartender at the last restaurant you went to? Have you used the card for any online purchases?

    You should be looking at who had access to the card or number and when, even as far back as months.

    These attack vectors are far more likely than the scenario you're describing, I would consider them before thinking about your FTP client being trojaned or a hacked FTP server piggybacking a trojan onto your machine.

    Also, be careful of jumping to conclusions based on a seeming coincidence of you getting Norton alerts at the same time as you get these calls. There is nothing to suggest any connection.

  3. #3
    More Cheesier Than Ever Cheesehead's Avatar
    Join Date
    January 18th, 2005
    Location
    Land of The NFL Champs!
    Posts
    2,942
    Quote Originally Posted by Mr_C
    Why do you think it was someone able to get into your computer? Why not staff? Relatives? Why not someone standing behind you in a checkout line? A rigged ATM? A rigged swipe machine? A shifty waiter or bartender at the last restaurant you went to? Have you used the card for any online purchases?

    You should be looking at who had access to the card or number and when, even as far back as months.

    These attack vectors are far more likely than the scenario you're describing, I would consider them before thinking about your FTP client being trojaned or a hacked FTP server piggybacking a trojan onto your machine.

    Also, be careful of jumping to conclusions based on a seeming coincidence of you getting Norton alerts at the same time as you get these calls. There is nothing to suggest any connection.
    Yeah, there are a lot of places where the card number could get out. But frankly, I have not gotten out much lately. And it was quite the eerie coincidence that at on the day I had this happen, I also had the virus attacks, all happening while I was working on the form pages with ftp connection. Also, the purchases were overseas, suggesting this was an internet-related crime. My local gas station attendant would probably not be purchasing services in Sweden with my CC number.

    I am not jumping to conclusions here, just suspecting.
    This World is Not My Home
    We're gonna go inside, we're gonna go outside, inside and outside. . . And then we're gonna go go go and we're not gonna stop til we get across that goalline! Quotes from the movie Rudy, 1993

  4. #4
    Moderator leeann's Avatar
    Join Date
    January 18th, 2005
    Posts
    2,955
    I had the same thing happen last year with my mastercard. Luckily I have one of those protection services and they covered it all, but what a mess. Apparently the card number was swiped from a site I used it on, but MAC wouldn't tell me which one - a fact that I found VERY annoying. It was used overseas, at home depot and the items were sent overseas, and I had a bunch of UPS charges. It took awhile to resolve, but it finally all did come together.
    leeann


    Shoppers determine what has value and they like coupons. Stop manipulating who set the cookie just because you do not like coupon and promotional sites.

  5. #5
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    Stolen credit card information has become a commodity and there is a whole network of online sellers and buyers. Saw a TV documentary a while back that demonstrated this with a guy buying one credit card (number, expiry, name, address, security ID) for $25.00.

    Our biggest problem with this is the buyer who comes along and wants a quote for a large purchase or quantity purchase and wants expedited shipping. Just this week I got the credit card information for a $3k order to ship via UPS 2nd day air to Brooklyn. The credit card belonged to someone in Illinois and I pretty easily found a phone number and contacted them. The card info was indeed stolen. I played alone with the thief and let him know that his payment was received and the order shipped. Course he's been contacting me wanting me to send him tracking info which I just kind of sluffed off.

    Here's the kicker. The item he wanted to purchase was 100 Bibles!

    I got took last year for $1600 so I've gotten pretty shrewed about selling to questionable buyers...



    X

  6. #6
    Super Dawg Member Phil Kaufman aka AffiliateHound's Avatar
    Join Date
    January 22nd, 2007
    Location
    West Covina, CA
    Posts
    8,443
    Quote Originally Posted by Cheesehead
    Also, the purchases were overseas, suggesting this was an internet-related crime. My local gas station attendant would probably not be purchasing services in Sweden with my CC number.

    I am not jumping to conclusions here, just suspecting.
    That is exacty what happens, and with alarming frequency. Thieves attach their reader to a gas pump or atm, and watch with binoculars to pick up the PIN. They retrieve the card info from the reader, match the pin, and transfer the info to eastern Europe, far east, wherever, and in a few hours, you have cc charges from all over the world.

    There was a big ring broken up a few months ago doing this in Southern California, where the victims were saying the same thing: "I used my card to get gas in Riverside, and then someone bought a computer in Croatia with my card."

    Many years ago I had something similar happen to me. In the pre-cellphone days, I always used a calling card to charge payphone calls to my then office number, and one time after using my card, I got a call from the phone company that $1,000.00s of dollars in long distance calls had been charged on my card in a few hours. They told me the same thing - someone got the card number by watching the pay phone with binoculars. (didn't need a card reader for that)
    Since June 10, 2012 a vegan aarf but still writing the Hound Dawg Sports Blog
    "If you don't have time to do it right, when will you have time to do it over?" -John Wooden;
    "Raj, there’s no place for truth on the internet." -Howard Wolowitz[/SIZE]

  7. #7
    Resident Genius and Staunch Capitalist Leader's Avatar
    Join Date
    January 18th, 2005
    Location
    Florida
    Posts
    12,817
    I am wondering if someone was able to get into my computer via and FTP program open while I was testing an html form? So they get into my server via the form, then get into my computer via the FTP. I had several Norton anti-virus alerts yesterday as well while working on the forms. At any rate, I will be looking for a different script or update my current one before doing any more work. The page with the form is published to the server at an address that is not linked to yet, but I would guess some malicious program could find it anyway right?
    Could be that your computer was compromised...I've read a few reports of credit card crooks using botnets or keyloggers to collect data. If that's the case, changing your script won't help, because the problem is at your home computer.

    It's possible that your number was stolen some other way, but I wouldn't dismiss the possibility of a keylogger sneak-installation, either.
    There is no knowledge that is not power. ~Hemingway

  8. #8
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    The only card I've ever had compromised was one that I seldom used and had never used online. Considering that I make dozens of online purchases every month (and have for over 10 years), that was surprising to me. I would have expected it to have been the card I use for over 90% of all of my purchases. The compromised card was used for three very small ($10-$20) fundings for some overseas online casino.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  9. #9
    Merchant & ABW Ambassador
    Join Date
    May 31st, 2006
    Location
    Houston TX
    Posts
    4,731
    Here's my s

    -Don't use a Visa, Master DEBITcard. Most banks will make you jump through hoops. Either way, you are out of money that the scammers used while they investigate.
    -Use a Credit card if possible.
    -When online, use a VIRTUAL #. Especially if it is at a website which is unknown.

    I had my credit card compromised after using the same card for 7 yrs. Apparently, they got hold of my CC but not the CCV. Tried to use the card at BedBath beyond for $25 and they were guessing the CCV. It failed and I got a call from my Credit card co. and had to cancel my card.

  10. #10
    Full Member Tech Evangelist's Avatar
    Join Date
    March 16th, 2005
    Location
    Mesa, AZ
    Posts
    374
    CC scams are getting more creative all of the time.

    There are a couple of articles on the web about gas pumps that have had devices installed that collect credit card info. They found a couple on gas pumps in my area.

    One of the most common ways for scammers to pick up credit card numbers is in restaurants. Restaurant workers are paid to collect the information. In some cases, a waiter or waitress uses their cell phone to take snapshots of the card and the scammers are already using it before you leave the restaurant.

    I also recently read that the electronic keys used in hotels store your credit card info. If you leave the card in the room when you leave the hotel (lots of people do that), the maids take them and the information is extracted using card readers. Always either turn the card in at the front desk or take it with you and destroy it.

    I agree with Eric about debit cards. In the USA, you are legally protected against fraud for credit cards, but not for debit cards. The credit card companies and banks will usually cover you for debit card fraud, but I don't think they are legally bound to do so because all of the fraud protection laws were written before debit cards emerged. From my perspective, debit cards have always been scary and I refuse to use them.

    Cheesehead, if you were testing a live web site form that did not use SSL, you were broadcasting your credit card number all over the web in plain text. It is possible to use packet sniffers to look for series of numbers that indicate credit card numbers. The Internet does not use a point-to-point method of transmission. Information is scattered everywhere.
    There's good, fast and cheap. Pick any two.
    [url=http://www.topranksolutions.com]Phoenix SEO[/url] :: [url=http://www.tech-evangelist.com/category/affiliate-marketing/]Affiliate Marketing Tutorials[/url]

  11. #11
    More Cheesier Than Ever Cheesehead's Avatar
    Join Date
    January 18th, 2005
    Location
    Land of The NFL Champs!
    Posts
    2,942
    Quote Originally Posted by Tech Evangelist
    CC scams are getting more creative all of the time.
    Cheesehead, if you were testing a live web site form that did not use SSL, you were broadcasting your credit card number all over the web in plain text. It is possible to use packet sniffers to look for series of numbers that indicate credit card numbers. The Internet does not use a point-to-point method of transmission. Information is scattered everywhere.
    Could you provide more detail on this.

    Here is what I did:
    1. Created html page that used a formmail php script I got from http://www.tectite.com/ - I was using an old script. Since, I have updated with the new script that I believe has some additional security built in.

    2. Tested html page with form, but no CC information was entered on the form. I also had an ftp connection open to this site - is this how my info is potentially broadcast from my PC?

    What are your suggestions? Use SSL? Would shared SSL work? I have looked into this a little.
    This World is Not My Home
    We're gonna go inside, we're gonna go outside, inside and outside. . . And then we're gonna go go go and we're not gonna stop til we get across that goalline! Quotes from the movie Rudy, 1993

  12. #12
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    Quote Originally Posted by Eric Ewe
    Here's my s
    -Don't use a Visa, Master DEBITcard. Most banks will make you jump through hoops. Either way, you are out of money that the scammers used while they investigate.
    -Use a Credit card if possible.
    I don't know about other banks, but at Washington Mutual, debit card coverage is not an issue. Sandy's purse was stolen a couple years ago. Purchases were quickly made at a gas station to the tune of about $75 on her debit card. I called WAMU and had the card canceled. The amount stolen was returned to our account within two days.

    That wasn't the end of it though. We received a letter in the mail a couple weeks later asking us to authorize the address change and new card order that we'd recently submitted [which we hadn't]. Fortunately the bank sends these notices and we were able to dispute the request.

    A few months later I started getting letters and calls from a collection agency. The perp apparently used Sandy's info to get money through some online virtual check service. I had to send a copy of the police report to get them off my back.

    LESSON: If any kind of information [including credit cards] is stolen from you, file a police report!



    X

  13. #13
    CPA Network Rep Joe Lilly's Avatar
    Join Date
    April 25th, 2006
    Location
    Vegas, Baby!
    Posts
    977
    I've been hit twice in the last few months. Last time it was an "upsell" of some crap software buried in a ts and cs document for something else I gave my credit card number for.
    Joseph Lilly
    PartnerWeekly, LLC 702.407.0707 joe.lilly at partnerweekly.com
    PartnerWeekly

  14. #14
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    Quote Originally Posted by Cheesehead
    Could you provide more detail on this.

    Here is what I did:
    1. Created html page that used a formmail php script I got from http://www.tectite.com/ - I was using an old script. Since, I have updated with the new script that I believe has some additional security built in.

    2. Tested html page with form, but no CC information was entered on the form. I also had an ftp connection open to this site - is this how my info is potentially broadcast from my PC?

    What are your suggestions? Use SSL? Would shared SSL work? I have looked into this a little.
    It's very unlikely [if not impossible] that your local computer could be compromised through your FTP session to an FTP server.

    It's more likely that your card information was stolen offline [as mentioned above] unless you entered it as a result of a phishing email and/or on an unscrupulous website.



    X

  15. #15
    Full Member Tech Evangelist's Avatar
    Join Date
    March 16th, 2005
    Location
    Mesa, AZ
    Posts
    374
    I think Boomers is right. I don't think it was your FTP session. That doesn't give people an open channel to your PC.

    The reason for using SSL is to encrypt transmission of personal data so that it cannot be picked by packet sniffers or other Internet monitoring devices.

    You should never include credit card info in an e-mail or enter it on a web page that does not use SSL. If you do, it is transmitted in plain text and can be picked up by pirates monitoring the web.

    The chances of this happening are still pretty slim. Someone probably probably picked up the info in a store or a restaurant where you used your card. It could also have been picked up from an online database that was hacked.

    Have you checked your PC for spyware, such as a keystroke monitor? A lot of this type of spyware transmits data to Russia or the Ukraine where it is collected and sold.
    There's good, fast and cheap. Pick any two.
    [url=http://www.topranksolutions.com]Phoenix SEO[/url] :: [url=http://www.tech-evangelist.com/category/affiliate-marketing/]Affiliate Marketing Tutorials[/url]

  16. #16
    Merchant & ABW Ambassador
    Join Date
    May 31st, 2006
    Location
    Houston TX
    Posts
    4,731
    My friend had her bank acct wiped out via her debit card which was tied to paypal. Took her 2 weeks to get the money back. I think somebody was phising and got hold of her paypal info. Either way, I shred my debit cards and call to cancel it once i get it. If I buy something on an open network, i use a virtual CC.

  17. #17
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    Quote Originally Posted by Eric Ewe
    i use a virtual CC.
    How does a virtual CC work?



    X

  18. #18
    MasterMike HardwareGeek's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,810
    same as a regular card, but typically once you use the number you have to get a new one.

  19. #19
    Full Member Tech Evangelist's Avatar
    Join Date
    March 16th, 2005
    Location
    Mesa, AZ
    Posts
    374
    I have heard about the virtual cards. Where do I get one? Does it just use a one-time-use cc number that gets billed to your regular card?
    There's good, fast and cheap. Pick any two.
    [url=http://www.topranksolutions.com]Phoenix SEO[/url] :: [url=http://www.tech-evangelist.com/category/affiliate-marketing/]Affiliate Marketing Tutorials[/url]

  20. #20
    More Cheesier Than Ever Cheesehead's Avatar
    Join Date
    January 18th, 2005
    Location
    Land of The NFL Champs!
    Posts
    2,942
    Update: Got the same virus warning today with no forms or ftp connection. I am thinking my Norton 2008 that I just installed 3 days ago is catching threats early on. So it's anybodies guess although I still think my CC info was somehow obtained online - we just don't use the CC much otherwise.

    I have reported the incident to my bank, closed the CC account, filed a police report, and filed 90 day fraud alerts with Equifax https://www.alerts.equifax.com/ . I still need to contact the FTC (877-ID-Theft). No other fraudulent activity detected so far and I am hoping it stays that way.
    This World is Not My Home
    We're gonna go inside, we're gonna go outside, inside and outside. . . And then we're gonna go go go and we're not gonna stop til we get across that goalline! Quotes from the movie Rudy, 1993

  21. #21
    Super Dawg Member Phil Kaufman aka AffiliateHound's Avatar
    Join Date
    January 22nd, 2007
    Location
    West Covina, CA
    Posts
    8,443
    Quote Originally Posted by Tech Evangelist
    I have heard about the virtual cards. Where do I get one? Does it just use a one-time-use cc number that gets billed to your regular card?
    The way I've always seen it is that you have to register your cc account online - mine are with Bank of America and Citibank, and it is through their websites - and when you log in to the account, there is a link like "Get a Virtual Account Number", and when you click on it, you get a single-use account number. You then use it just as you would any cc account number, and the debit goes to your cc account just like any other transaction, and it looks the same to the merchant. But, it cannot be used a second time.
    Since June 10, 2012 a vegan aarf but still writing the Hound Dawg Sports Blog
    "If you don't have time to do it right, when will you have time to do it over?" -John Wooden;
    "Raj, there’s no place for truth on the internet." -Howard Wolowitz[/SIZE]

  22. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. OK Who Pulled The Plug??
    By Abigail in forum Commission Junction - CJ
    Replies: 63
    Last Post: October 2nd, 2005, 05:55 AM
  2. Heads Up If Doing RX: Vioxx Pulled from Market
    By Kellie aka Ms. B in forum Midnight Cafe'
    Replies: 2
    Last Post: October 2nd, 2004, 05:01 PM
  3. Amazon Pulled a CJ?
    By Joey in forum Amazon
    Replies: 20
    Last Post: August 19th, 2003, 06:52 AM
  4. Who Pulled The Plug
    By Abigail in forum Commission Junction - CJ
    Replies: 17
    Last Post: December 19th, 2002, 02:01 PM
  5. iGo.com is now pulled off from BeFree. Will they ever make payment?
    By Yikole in forum Commission Junction - CJ
    Replies: 6
    Last Post: September 15th, 2002, 05:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •