Unconfigured Ad Widget

**THT** · 09-22-2009, 5:59 AM

Are you sure your machine is clean? No keystroke logger/malware found its way onto your PC?

**halifax** · 09-22-2009, 6:04 AM

I'm using ESET Smart Security and scan weekly. It has never found anything. The NY order was placed from work which is supposed to be secured (TrendMicro, I think).

**ocabj** · 09-22-2009, 7:22 AM

It's possible that the vendor is compromised. Having a secure connection between the client and server is pointless if either is already compromised.

I had one CC with fraudulent charges recently and I've used the CC with legitimate vendors, but who were smaller outfits. It's most likely one of their servers which received the CC information was compromised.

**scott.cr** · 09-22-2009, 7:26 AM

I JUST got nailed by some CC fraudsters. It was about a week after a trip to Florida... Florida, as I understand it, is quite the hub of credit card fraud. There are two ways I can think of that my CC info was stolen.

1. Waitress at Hooter's. (She took my card away to charge it to settle the bill.)

2. Info stolen over hotel's unsecured WiFi. BUT!!! I was purchasing over a 128 bit SSL... so this seems somewhat unlikely.

They charged my CC $1,800 over its limit and the bank never even said anything!!! I went to buy gas BEFORE this all happened and the card was declined. I ended up having to call the bank for an identity check.

BTW this is an HSBC card.

**halifax** · 09-22-2009, 7:29 AM

Originally posted by THT

Are you sure your machine is clean? No keystroke logger/malware found its way onto your PC?

Just scanned my computer at work with Trend Micro, it came up with dozens of Cookies flagged as spyware. Can cookies be a problem with CC information and access by un-desirables?

**glcK23** · 09-22-2009, 8:10 AM

Yes I believe Keyloggers can be implemented in browser cookies.

I would try SuperAntiSpyware trial to detect anymore malware/spyware.

**sfwdiy** · 09-22-2009, 1:07 PM

Originally posted by halifax

For the second time my CC has been fraudulently used after placing an order online. The first time it was minutes after placing an order with Sportsman's Guide about a year ago. Last week, it was an order I placed at a NY company for an Ohaus scale. Nothing fishy about either site, both claimed "secure" online ordering. How is my CC info being stolen? At the NY site, my CC was used by someone in New Orleans only minutes after!!

WTH

BTW, I've got the email address of the person who used my card in NO but what do I do with that information? (Fradulent charge was <$100.)

It's very likely that your personal info was compromised in some much more mundane fashion. Most identity theft occurs when people steal credit card statements out of your mailbox or trash can. Also, credit card skimmers are used by restaurant employees to steal card numbers. All the waiter has to do is keep one in his apron and swipe every card he gets though the skimmer as he walks over to the register.

Here's a very small card skimmer:

Your card info is saved on a flash card in the skimmer which is dumped to a PC later.

Card skimmers are getting more and more common on ATM machines as well. They look like this:

These are custom-made to fit over the card slots on many brands of ATMs, as well as the card readers on gas station pumps.

It's also possible that it was an inside job by someone who works for the merchant or the credit card company. Both have been known to occur.

Spyware on your machines is another possibility.

The odds of a third party intercepting your credit card number over the Internet while you're making an online purchase are slim-to-none.

--B

**bigmike82** · 09-22-2009, 1:52 PM

" Yes I believe Keyloggers can be implemented in browser cookies."

No keylogger can be implemented in a cookie. You'd have to use the cookie to do an attack on the browser, and I've never heard of a cookie-based buffer overflow attack in any current browser versions.

You could potentially have a case where someone stores your CC info in a cookie, but the cookie itself isn't a keylogger.

**sfwdiy** · 09-22-2009, 1:54 PM

Originally posted by bigmike82

" Yes I believe Keyloggers can be implemented in browser cookies."

No keylogger can be implemented in a cookie. You'd have to use the cookie to do an attack on the browser, and I've never heard of a cookie-based buffer overflow attack in any current browser versions.

You could potentially have a case where someone stores your CC info in a cookie, but the cookie itself isn't a keylogger.

Yep, a cookie is just a string of text that stores preferences.

--B

**SuperSet** · 09-22-2009, 1:58 PM

This happened to one of the AR15.COM vendors (GTS) last year and it affected many people, including myself. Keep a close eye on your statements.

**Corbin Dallas** · 09-22-2009, 1:58 PM

There are MANY ways to get your information if you know HOW to get it.

Even "other" open web pages can become keystroke readers.

Best way to ensure a secure connection is to have only one browser open at a time and scan your PC often.

**berto** · 09-22-2009, 2:11 PM

I got hit over the last month. The home and work boxes are clean. I bought from a few new online vendors and suspect one of them was compromised.

The CC company took care of it but they really need to find some better help in India.

**halifax** · 09-22-2009, 2:23 PM

Originally posted by berto

I got hit over the last month. The home and work boxes are clean. I bought from a few new online vendors and suspect one of them was compromised.

The CC company took care of it but they really need to find some better help in India.

^^^This is the one I suspect happened to me

**artherd** · 09-22-2009, 3:56 PM

I know a little something about this...

CC numbers by themselves are absurdly easy to compromise. As mentioned it's usually via human error rather than machine. (ie card skimmers, leaks inside the CC companies themselves, etc.)

By comparison it is really rather difficult to snatch your CC number out of thin air when encrypted via an SSL certificate.

The real solution IMO lies in better fraud monitoring and prevention techniques.

Unconfigured Ad Widget

Online Purchases and CC Theft

Online Purchases and CC Theft

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Calguns.net Statistics

What's Going On