on-line identity theft

[picksbigwagon]

Okay, last friday I came to the painful realization that my credit card numbers were stolen and used for some interesting purchases. Fortunately, my credit card company denied 95% of the charges. My questions are: how did this happen, I always run my anti spy and Macaffee security stuff, updating it weekly, how did this still occur?

I have a gut feeling that the place I ordered a pin for my AR-15, located in good Ol' Lakeville MN, is where the leak came from. I ordered a $10 part from that place on Monday noon, and by 3 that afternoon, "I" purchased 600 bucks worth of women's shoes. ( wasn't denied by the way ) later in the week "I" attempted to buy farm equipment in North Carolina.

My wife put a wireless system in so she can use her work laptop, is this a possible leak?

I am technologically stupid, so what went wrong? We have ordered stuff before from home and I have always felt safe. I still think the Yahoo in Lakeville sold my number on line. I still haven't received my part from yet either, and the charge never went through from his place either.....

Anyway, if someone here has some help or ideas on what might have gone wrong let me know.....

[IFallsRon]

Although annoying, I'm glad that my card company is on the job. I bought a camera a couple months back and the purchase was denied because it was a high-ticket item. A quick call cleared up the transaction.

When giving your info, you can tell if the site is secure if the address starts with "https".

On a side note, a laptop containing employee information was stolen from the California business that does my company's payroll. It hasn't affected me yet.

[BobT]

I believe that ANYTIME you put personal information on the net you are exposing yourself to potential theft. There are some very saavy hackers out there and they are constantly finding ways to circumvent the protection you use. One must always be very careful.

Incidentally, this is just as important in other places as well. For example, how many of us are willing to provide credit card numbers over the phone for purchases? How do you know that the person on the other end is not going to use the number and expiration date to place an order for themselves as well? Once they have the information you gave, they can place a mail order or phone order in to just about anywhere, too.

Bob

[PierBridge]

Quote:

---

My wife put a wireless system in so she can use her work laptop, is this a possible leak?

I am technologically stupid, so what went wrong? We have ordered stuff before from home and I have always felt safe. I still think the Yahoo in Lakeville sold my number on line. I still haven't received my part from yet either, and the charge never went through from his place either.....

Anyway, if someone here has some help or ideas on what might have gone wrong let me know.....

---

He sound's like the culprit.

With a wireless router keep in mind that your data is being beamed through the airwaves in all directions and that if you can receive it from where you are, so can just about anyone else within that same range.

In order to protect your data from snooping or prying eyes, you should encrypt, or scramble it so that nobody else can read it. Most recent wireless equipment comes with both WEP (wired equivalent privacy) and WPA (wifi protected access) encryption schemes that you can enable, the owner's manual for your wireless router or access point should tell you how to enable and configure encryption for your device.

[Whoaru99]

Yup, there are three major items to cover in the wireless router setup.

1. Setup the encryption as mentioned.

2. Enable MAC address filtering/blocking.

3. Disable SSID broadcast.

Disabling the SSID broadcast probably stops most "drive-by" use of your network/internet connection. There are ways around this.

MAC address filtering helps keep 2nd level offenders out of your system by allowing only specific computers to access the network/internet. There are ways around this too.

Setting up the encryption pretty much seals the deal. If anyone tries to crack this (provided you've set up strong encryption) they must figure you really have some GOOD stuff to get their hands on. The newer WPA-PSK is a much stronger encryption scheme than WEP. However, unless you have a newer laptop and router, you may not have that option. WEP is much better than nothing if it's your only choice.

One more item to consider is that some routers allow you to turn down the transmit power. In addition to the above, you may be able to cut back how far the signal goes too.

[upnorth]

If you have a wireless router and you haven't turned on any kind of encryption you may as well be shouting your info out the front door.

As stated before there are things you can do.

Enabled the strongest encryption you can. WEP will do in a pinch, TKIP or AES are much better. You can turn off the SSID, but then setting things up will be much more difficult. If you are out the country and live more than 300 feet from the road you are safe without encryption unless someone drives up and parks in your driveway for a while and trys to capture packets of info

[computerboy]

If you don't have any type of security enabled on your router, it's possible that your credit card information was obtained that way. However, it's more likely that it was obtained in another manner. Hacking an unsecured wireless network is pretty easy, but it still requires a thief to be within range of your router. Either way, you’ll want to enable security on your router as others have mentioned. If you have questions, just post them here and we can help you out. The best place to start though is with the manual that came with your router. There should be an entire chapter devoted to security.

As far as how it was actually accomplished, I’m a little suspicious of this place you ordered your part from based on the information you’ve supplied thus far. With that said, I do have a couple of questions:

Was this a business or an individual?

Was this a reputable business/individual that you have ordered from in the past?

If not, how did you find out about them?

How was the order processed (online, over the phone, etc)?

Did they request anything unusual from you when you ordered such as your mother’s maiden name, date of birth, social security number, etc?

Have you been able to get a hold of them since this happened?

It’s possible that your identity has been stolen, in addition to your credit card number. Here's some good information from Federal Trade Commission on Identity Theft and what to do if you suspect you’re a victim:

http://www.consumer.gov/idtheft/

[DTro]

Another thing to remember......

For the people who haven't heard about this, it's called phishing. How appropriate.

Anyways, these criminals in some cases, mimic a website to look just like the real one and then your information goes right to them. You think you are ordering from a one company and actually you are ordering from the theives.

Like others have said, make sure the URL in the address bar is https. Remember S for security.

I really think this might have happened to you. I would be on the horn right now calling this "company". Even though the CC company refused the charges, there could still be trouble, especially if you had to register and use a password.

Another possibility but probably lower odds, like computerboy said, there really is no harm in someone accessing your network. Unless they know what they are doing. It's possible for them to install a program that remembers your keystrokes. Then it's just a matter of trial and error.

Good luck, hopefully it's an isolated incident.

[picksbigwagon]

I think dtro is sounding unfortunately more and more correct. I can't get a phone number at all to locate this guy by phone......the card has been cancelled, so who knows how bad this is going to get.........I would name the business here but I know it would get deleted....the sight looked legitimate, but maybe it was too legitimate, I will post on a couple different websites that I frequent to see if they know of or have used this company.....

there is no S in the http, at least on the home page, would I look for that on the ordering page?

why would the registering and password be so difficult? I have about 10 different passwords I use, and yes I can remember them usually.

I just rechecked their website, on the check your order status at the top of the page had an address for vncode.org, so I typed that in and it was a North vietnam newspaper website. I am pretty darn sure I was phished here. Now what do I do????????????

(ten minutes later)I found a website that has alot more information on this company like a phone number and a street address in Lakeville.......I think I will be calling them on the phone tomorrow, and if I am not satisfied, I might just make a house call.......I don't believe it was the wireless system in our house, I really doubt the antena broadcasts that far.....My wife did have some encryption enabled on the system, not sure what alphabet letters it is, but now is not the time to bother her with it......

[computerboy]

When you add an item to your shopping cart, there will be an option to "check out" or something similar. At that point it should redirect you to a secured site to either register if you're a new customer, or login if you're an existing customer. Internet Explorer will give you two visible indications that you are using a secured site:

1. There will be a little lock on the lower right hand side of the browser next to the little Internet globe.

2. The URL in the address bar will have an "s" after the http (e.g. https://www.domain.com)

It's also possible that this site is quite legitimate, and it just happened to be a coincidence that your card was used that same day. A lot of credit card numbers are stolen from discarded receipts. Some businesses still print your full name, credit card number, and expiration date on receipts. That's all a crook needs to use your credit card.

Let us know how it goes. A lot of people could learn from this experience.

[picksbigwagon]

I mocked up an order and I went to a new site that had an "S" at the end of it, everything that you said that were supposed to be there.....man, I am just stymied right now. I always rip up my receipts, just like my Dad used to do.....

This really just burns my biscuits too......I have been checking my bank check card and my other credit card, nothing has changed so maybe someone hacked their site............I will call tomorrow and find out what the hell has happened.

[computerboy]

What probably has happened in this case is the company you ordered from had their online ordering system hacked. What the hackers probably did is just redirect the "check out" button to another system that they compromised. In this case, it sounds like the probably hacked a vietnamese newspaper site. So when you were entering in your credit card information, you were actually sending it to the vietnamese newspaper site. The hackers then accessed your information from the vietnamese newspaper website and away they went. They do it that way so they can cover their tracks.

I can only assume that is what happened. It sounds like the company you were ordering from is probably legitimate, they just didn't have the appropriate security to guard against such a threat.

[picksbigwagon]

Last post for tonight, I promise, but I got two emails from this company, one saying they got the order on the 31st, and the second one was on friday saying they sent it....

I will call in the AM and post what I find out.......

[computerboy]

And the plot thickens. It's possible that the emails were spoofed in order to throw you off. You're far less likely to suspect a problem if you get an email that says 'hey, we got your order'. Who knows at this point. I guess the best thing to do is drop by there in person and find out what's going on.

Hang in there.

[countryboy9799]

I was always under the impression that credit cards were protected from fraud. I think the rules are different for debit cards though. Maybe someone can comment on this.

Scott

[HaywardBound]

countryboy, I think you are right about the fraud protection with a credit card and not a debit card.

One thing with passwords; I try use different passwords for different sites, and try to change them often. If I register for a new site, I definatly don't use the same password that I use for my bank account.

To keep track of my passwords I save them in an Exel file and store it on a memory card, not on any of my computers. (Now that I think about it, I should PW protect that file as well).

[efgh]

Debit cards can be bought in any dollar amount by anyone from Caseys chain stores to Wal Mrt. They are activated at the time of purchase. They can then be given to anyone for a gift or any other reason. all that is required is the person using the card sign the print out sheet which has the srarting amount and the balance left on the card. most of the time I.D. isn;t even asked for. For a theft with many I.D.s this would be no problem.

[delmuts]

last fall , mt son had his idenity stolen from his debit card. the big problem was it was one from a credit union, that also allowed the people to ta[ into his savings also! he was wondering where the extra charges were coming from when one popped up from england!! a morning with the credit union people, and a police detective. they had cleaned out his checking, and much of his savings account.( college money) the credit union did cover what had been stolen, but it really messes up ones finaces, and has made us much more parnoid about transactions over the net or phone. they figure his was stolen when he used his card to register on e-bay. how they did it ??? be carefull!

[Valv]

My main Debit Card is a PayPal card. Yes the hated by many PayPal online payment. I find it more economical than a merchant's account.

They have their debit card and you can use it just like any regular credit card, except you use only the funds on your account, that's it. I usually leave $ 200/$300 max on it for expenses and if somebody steals the numbers they cannot go too far. Also as soon as a charge is made I receive an email with notification. My wife gets out of work nearby and gets gas, I know it before she buckles up the seat belt to leave.

Many Credit Card or Banks have Internet Banking, where you can follow your account online, even if not in real time, but you can check everytthing the next day, I have a Cabelas card, and check it online every day, it takes 5 minutes.

It is unfortunate we have to do this, but online theft and fraud are going to be more and more of a reality than ever before, we have to learn to protect ourselves.

[MN Mike]

HMMMM..... Lakeville ha ?!?!?

Heres my story, I've had to cancel 3 credit cards because of the theft of the number online. I do probably 80 - 90 percent of my business online.

The 2nd card I had to cancel because some yeahoo bought some computer ram from a company that we did order from as well, they ordered it on friday with overnite shipping, came to about $550. Credit Card company caught the change of address and shutdown the card as soon as that happened and called me but I wasn't around but when I did get in I called the CC company and told them that was not my address and we shut it down right then and there and they issued a new card. I turned around and called the company to confirm the shipping address for the ram so that we could make sure we would have someone there to pick it up when it came in and they gave us the shipping address and the name of the person who ordered it. Turned out that it was going to a Lawn and Garden center in Lakeville, MN !!! This was a couple years ago, placed a call and asked for the guy but he wasn't there that day, never did persue it from there. He didn't get his ram either.

Last card that got stolen, was a change of address again to some apartment in Indianapolis, nothing happend from that one.

Don't remember what happened on the first one......

Credit Card companies can really make a person mad, won't give you any info about who stole it but the company where that ram came from, once we told them it was a stolen card basically gave us every detail about the order.

Chewed on the lady from the CC company for a while and she said you wouldn't believe how many ways they can get your credit card number, she said there is dozens of ways it gets taken. Most of the time it sits on a server somewhere, people subscribe to a service and can ' buy ' your info once it has been taken.

I'm sure ours got taken by doing business with someone that was not too honest but the company probably didn't have any idea they were stealing cc numbers and selling them.

I'm sure it won't be the last time this happens for me.

To be contiuned..........

Mike