Surprise call

[Gary]

Got a phone call from my bank (Thursday 1st) saying my credit card had been fraudulently used  :shock: up to a dozen purchases had been made on the internet,  this came as a surprise as I'm  really careful with its use.

Apparently its pretty rife at the moment due to the chip & pin, people are caning them on the internet ! so a word of advice make regular checks on your account for any unauthorised payments.

[UBT - Timbo]

Got a phone call from my bank (Thursday 1st) saying my credit card had been fraudulently used  :shock: up to a dozen purchases had been made on the internet,  this came as a surprise as I'm  really careful with its use.

Apparently its pretty rife at the moment due to the chip & pin, people are caning them on the internet ! so a word of advice make regular checks on your account for any unauthorised payments.

It's important to note that MOST online webshops need ALL the following information to be able to process "Cardholder Not Present" transactions:

Name
Card Regstered Address, including Postcode (for Address verification check)
Card Number
Card Expiry Date
Card Issued Date or Issue Number
Card Security Number

Some online webshops are also now refusing to ship to addresses other than the Registered Card Address.

regards

Tim

[Rockinfroggi]

Got a phone call from my bank (Thursday 1st) saying my credit card had been fraudulently used  :shock: up to a dozen purchases had been made on the internet,  this came as a surprise as I'm  really careful with its use.

Apparently its pretty rife at the moment due to the chip & pin, people are caning them on the internet ! so a word of advice make regular checks on your account for any unauthorised payments.

Had the same call myself about 2 months ago, Just under £4,000 had gone out on my card within that month around 25 purchases in total.
The bank spent about 3 week investigating it (in the mean time sending me a new card) then sent me a declaration to fill out and the following month my account was credited.

What I don't understand is that around 10 of the payments were for mobile phone topups, surely they can obtain the numbers of the phones that were topped up?


Gary.

[UBT - Timbo]

Had the same call myself about 2 months ago, Just under £4,000 had gone out on my card within that month around 25 purchases in total.
The bank spent about 3 week investigating it (in the mean time sending me a new card) then sent me a declaration to fill out and the following month my account was credited.

What I don't understand is that around 10 of the payments were for mobile phone topups, surely they can obtain the numbers of the phones that were topped up?

Gary.

The mobile phone top up is simple from a cash machine, as it just needs a clone of your card plus your 4 digit pin number.

The clone just gets put into any "hole in the wall", enter the pin, and then enter a phone number.

I can't see how this can translates into "real money" though....coz the "value" is with the network, who then allow you "access" to make calls.

Unless maybe once the value is on the mobile, the scammers then immedaitely call a specific "premium rate" 0900 number that they have set up and then the "value" is on their 0900 number...!

But this is easy to trace....!

regards

Tim

[Rockinfroggi]

Had the same call myself about 2 months ago, Just under £4,000 had gone out on my card within that month around 25 purchases in total.
The bank spent about 3 week investigating it (in the mean time sending me a new card) then sent me a declaration to fill out and the following month my account was credited.

What I don't understand is that around 10 of the payments were for mobile phone topups, surely they can obtain the numbers of the phones that were topped up?

Gary.

The mobile phone top up is simple from a cash machine, as it just needs a clone of your card plus your 4 digit pin number.

The clone just gets put into any "hole in the wall", enter the pin, and then enter a phone number.

I can't see how this can translates into "real money" though....coz the "value" is with the network, who then allow you "access" to make calls.

Unless maybe once the value is on the mobile, the scammers then immedaitely call a specific "premium rate" 0900 number that they have set up and then the "value" is on their 0900 number...!

But this is easy to trace....!

regards

Tim

I can understand cards being cloned when swiped in a scanner by a dodgy shop assistant, but can they clone cards just from your details? I have never used my card for anything other than online purchases, paypal and such. I have a separate cashpoint card for drawing cash out and have never thrown a bank statement out. In fact I have every statement going back to 1978  :shock:

I even stopped checking my account online for fear of a stealthy keylogger on my system. And I've used the same retailers online for years so have not physically entered my card details online as they are logged with the retailer.

Obviously, no matter how careful you are they can get you.

Gary.

[UBT - Timbo]

I can understand cards being cloned when swiped in a scanner by a dodgy shop assistant, but can they clone cards just from your details? I have never used my card for anything other than online purchases, paypal and such.......

And there you have it....Are you sure that ALL of the online transactions you've made, have been with reputable suppliers?

Did all of your credit card vouchers have at least 4 (and prefably more) of the card number digits replaced by asterisks, when you received the invoice?

Of course, the scammers could just hit "lucky", by some form of "brute-force" system of generating card details, but I would imagine that would be easy to trace, if a card doesn't work....and they would still have to guess the 4 digit pin or 3 digit "card security number".

Mostly, I reckon this sort of fraud is carried out by either shop staff or someone close to the "point of sale", where the transaction takes place.

There's a chance that a "dodgy" online system might be the culprit, or maybe like the recent "Nationwide laptop" scare, when some personal details get out into the wild....!

regards

Tim

[Rockinfroggi]

And there you have it....Are you sure that ALL of the online transactions you've made, have been with reputable suppliers?

Did all of your credit card vouchers have at least 4 (and prefably more) of the card number digits replaced by asterisks, when you received the invoice?


regards

Tim

Yes, they are all reputable suppliers and only the last 4 digits of my card number are ever shown.
After watching something about it the other month on TV anyone can become a victim. The Police investigator on the program who deals with these cases and knows all the safety measures you should take had recently become a victim himself.


Gary.

[UBT - Timbo]

Yes, they are all reputable suppliers and only the last 4 digits of my card number are ever shown.
After watching something about it the other month on TV anyone can become a victim. The Police investigator on the program who deals with these cases and knows all the safety measures you should take had recently become a victim himself.

Gary.

Yup - there's no gaurantee you won't be a victim...!

I KNOW that one of my cards was "cloned", although I'm not exactly 100% sure which shop did it......as I got three transactions turn up in Turkey...a place I'd never been to...

But I had been to Rhodes (near to Turkey) a few months before....

More strange is that the card issuer phoned me, and then asked me for my details over the phone to "confirm" who I was and my address....

I told them "not bloomin' likely" and asked for their "verifiable" phone number and extn so I could call them back (coz if they were a scammer, they could also set up their own phone line and appear to be the card issuer, just by answering the phone in a particular way....!)

They soon figured out it had been cloned and my card was replaced.

Ever since, my card NEVER leaves my sight, when I'm paying for anything. And I make sure that I see the card going through the machine...and if the shop complains, I offer to call the police....which soon shuts them up!

It's even easier to keep an eye on things now, coz with "chip & pin", the card is in the machine which you put your number into....so more unlikely to be "cloned".

see here: http://www.cl.cam.ac.uk/research/securi ... ing/relay/

regards

Tim

[UBT - Rick Horn]

I had a near miss recently regarding my credit card.
Someone had tried to take about £300 out of my account in the Turks & Caicos islands! Fortunately I made an internet transaction myself on the same day, so Barclaycard smelled a rat and contacted me.
I`ve still no idea how these characters did it.

[Gary]

There's a chance that a "dodgy" online system might be the culprit, or maybe like the recent "Nationwide laptop" scare, when some personal details get out into the wild....!

Guess who my card was with !!

Mostly, I reckon this sort of fraud is carried out by either shop staff or someone close to the "point of sale", where the transaction takes place.

After quite a long conversation with a lady on the phone  she said people were getting jobs with stores trading online just to be able to get card details.

[UBT - Timbo]

After quite a long conversation with a lady on the phone  she said people were getting jobs with stores trading online just to be able to get card details.

Why am I not surprised.....?

After all, if you lock the barn door, why not go in via the service entrance????

And any "system" is only as good as the safeguards put in place.... Add in extra safeguards and other ways in can be found (as I'm sure Microsoft and other software firms have found out in the past....)

regards

Tim

[Gary]

Hi Tim,

Yeah, someone will always find a way to beat a system !

She also mention a new security addition, Visa verified, supposed to make it harder to commit fraud online, but will require people to register with visa ? and relies on stores signing up.

[Rockinfroggi]

Hi Tim,

Yeah, someone will always find a way to beat a system !

She also mention a new security addition, Visa verified, supposed to make it harder to commit fraud online, but will require people to register with visa ? and relies on stores signing up.

My suppliers use the Visa Verified, links to my bank when I place an order.
But saying all this, you don't even have to have a credit card to be stung, many have been victims in the past after the crims get a few personal details and apply for a card in the victims name.

[UBT - Timbo]

....She also mention a new security addition, Visa verified, supposed to make it harder to commit fraud online, but will require people to register with visa ? and relies on stores signing up.

Hi Gary,

Well, how about that...I'm actually a Barclaycard Business Merchant and I haven't been told about this "NEW" service...!

Talk about how to make you customers feel better, when even the merchants don't know anything about it...!

So, now when a customer wants to buy something, they already have to provide:

name
address
card number
card expiry date
card issue date or number (sometimes)
card security number

and now a password...!

What next...supply the National Insurance Number of your third cousin once removed  (backwards) ??

Think I'll just go back to asking for Postal Orders by post...!

regards

Tim

[UBT - Halifax-lad]

Verified by Visa is a very quick & easy tool to use, used it several times now, most banks for some reason have not advertised it as yet.

Edit: Generally the 1st time you would hear about it is when you put in your card details and the screen comes up to mention to you that a Key Word & password needs to be set

[UBT - Chris Suddick]

Another safeguard I often use when shopping online is when I type in my card details I don't type it in order. So, I might type in the 2nd block of 4 digits first, then the fourth, then click the mouse at the beginning and then do the first etc. I do this in the hope that it might make it more difficult for a keystroke logger to determine the true number.

Chris.

[Gary]

Another safeguard I often use when shopping online is when I type in my card details I don't type it in order. So, I might type in the 2nd block of 4 digits first, then the fourth, then click the mouse at the beginning and then do the first etc. I do this in the hope that it might make it more difficult for a keystroke logger to determine the true number.

Chris.

A simple but effective way of confusing any key logger programs, good idea.

[UBT - Timbo]

Another safeguard I often use when shopping online is when I type in my card details I don't type it in order. So, I might type in the 2nd block of 4 digits first, then the fourth, then click the mouse at the beginning and then do the first etc. I do this in the hope that it might make it more difficult for a keystroke logger to determine the true number.

Chris.

Hi Chris,

Except that there are only certain sequences of the first four digits for the major credit card firms i.e. 4929 is a VISA number.

So, if you place these in the 3rd batch, it becomes obvious to anyone who just looks at the number sequence, that if "4929" exists, it's likely to be at the beginning.

So, then the viewer knows that the other three sets of 4 can be in some order other than the way entered.

And by a process of elimination, say the second set of 4 wouldn't be put in it's right place, leaving only two other places for the 2nd set to go....!

So, your system WILL make life more difficult, but a keylogger can recognise the pattern and will make up the various possibilities of numbers quite quickly.

And that's assuming it doesn't even recognise any mouse/cursor movements...!

regards

Tim

[UBT - Chris Suddick]

So don't do it in blocks of 4 and/or always type in the first 4 digits correctly. I must confess I hadn't thought of that before. I shall have to be a bit more careful in future.

Chris.

[UBT - Timbo]

So don't do it in blocks of 4 and/or always type in the first 4 digits correctly. I must confess I hadn't thought of that before. I shall have to be a bit more careful in future.

Chris.

Maybe a better way, is to put your exact details in a text file and then cut and paste the details from the text file to the correct box on the webform.

Then although Ctrl-C and Ctrl-V may be "logged", the keylogger most likely won't know what's in the contents of the clipboard....

(I'm guessing this is true ! Any Windows keylogger people out there can tell me if I'm right ?   )

regards

Tim

[Gary]

How about leaving out the odd number by pressing the space bar then going back and putting in the correct number?

[Rockinfroggi]

You're pretty much right Tim, a keylogger alone would not be able to determine what was in the clip board, but a keylogger integrated with a root kit could have the facility to take sequential screen shots and depending on the spacings of the screen shots could pick up the text file when opened revealing the #. But you would have to be pretty unlucky for that to happen and then be spotted by whom ever had hacked you.

At the end of the day we could all get over paranoid which is no better than being complacent. So the best we can do is be careful and regularly run upto date Virus, maleware, keylogger and rootkit scanners and use a good firewall, not Windows lame effort.


Gary.

[Gary]

While security is a hot subject at the moment I'm taken an interest in my firewall logs, but I'm not that knowledgeable on the workings of pc's, codes etc.

can anyone shed some light on what these mean before my paranoia spirals out of control.


17:01:07 - BLOCKED Packet (Received broadcast) ICMP (8 - echo request) 82.163.31.69 <- 80.133.213.228 by "ICMP rules" (0x3FFFFF08). {0}
17:01:43 - BLOCKED Packet (Received broadcast) UNKNOWN 103 224.0.0.13:0 <- 213.130.147.54:0 by "Global receive block" (0x3FFFFF02). {0}
17:01:48 - BLOCKED Packet (Received broadcast) TCP (SYN) 82.163.31.69:445 <- 82.163.44.150:4902 by "Block NetBIOS traffic initiated by any host outside the networks above" (0x3FFFFF0A). {0}
17:02:08 - BLOCKED Packet (Received broadcast) TCP (SYN) 82.163.31.69:135 <- 82.163.44.150:3703 by "Block Incoming RPC (TCP)" (0x40000005). {0}
17:02:42 - BLOCKED Packet (Received broadcast) UNKNOWN 103 224.0.0.13:0 <- 213.130.147.54:0 by "Global receive block" (0x3FFFFF02). {0}

[UBT - Halifax-lad]

Another safeguard I often use when shopping online is when I type in my card details I don't type it in order. So, I might type in the 2nd block of 4 digits first, then the fourth, then click the mouse at the beginning and then do the first etc. I do this in the hope that it might make it more difficult for a keystroke logger to determine the true number.

Chris.

Or just use a program that encrypts all your keystrokes much simpler

[Rockinfroggi]

While security is a hot subject at the moment I'm taken an interest in my firewall logs, but I'm not that knowledgeable on the workings of pc's, codes etc.

can anyone shed some light on what these mean before my paranoia spirals out of control.


17:01:07 - BLOCKED Packet (Received broadcast) ICMP (8 - echo request) 82.163.31.69 <- 80.133.213.228 by "ICMP rules" (0x3FFFFF08). {0}
17:01:43 - BLOCKED Packet (Received broadcast) UNKNOWN 103 224.0.0.13:0 <- 213.130.147.54:0 by "Global receive block" (0x3FFFFF02). {0}
17:01:48 - BLOCKED Packet (Received broadcast) TCP (SYN) 82.163.31.69:445 <- 82.163.44.150:4902 by "Block NetBIOS traffic initiated by any host outside the networks above" (0x3FFFFF0A). {0}
17:02:08 - BLOCKED Packet (Received broadcast) TCP (SYN) 82.163.31.69:135 <- 82.163.44.150:3703 by "Block Incoming RPC (TCP)" (0x40000005). {0}
17:02:42 - BLOCKED Packet (Received broadcast) UNKNOWN 103 224.0.0.13:0 <- 213.130.147.54:0 by "Global receive block" (0x3FFFFF02). {0}

You will get that with any firewall log, depending on what you are using it should categorise attempts as High, Medium or Low or maybe Harmless or Dangerous.
Most you can ignore as being a combination of legitimate attempts or some hacker sending out random ping's or packets looking for an open port.

Any good firewall should flag up anything that you have not given authorisation to and ask if it should allow or not or better still will work in stealth mode so will not acknowledge any unauthorised ping's or packets making your PC invisible as such.

If you get too many High or dangerous flags in your logs then you could always use a route tracer or such like to show where the IP listed in the log is from, not much good at finding a good hacker as he will have gone through a number of zombie systems first but it should show you details if it is a legit company i.e Microsoft or one of your software programs checking for updates.

But for the most part ignore the logs unless you want to spend half your life checking every ping and packet.

That's my view anyway, I'm sure there will others who have a different view.

If you want to check how good your firewall is go here https://www.grc.com/x/ne.dll?bh0bkyd2 have a read and run theirs test.

Gary.

[Gary]

Cheers Gary, useful site and very reassuring....

Results

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Attempting connection to your computer. . .

Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

[UBT - Timbo]

While security is a hot subject at the moment I'm taken an interest in my firewall logs, but I'm not that knowledgeable on the workings of pc's, codes etc.

can anyone shed some light on what these mean before my paranoia spirals out of control.....

Hi Gary,

What it means is that your firewall on your router or PC is doing a good job preventing the odd malicious hacker trying to access your IP address and any computer connected to the 'net via said IP address.

Most FW's can provide a log of what's going on...most of the time, it's not a problem - all you need to do though is to regularly check (maybe every 6 months) that your frmware in your router hasn't been changed/upgraded and/or that your firewall and anti-virus/anti-spam software is up to date.

Nuff said.

regards

Tim

[Rockinfroggi]

I obviously type in invisible text.


Nuff said.


Gone.

[UBT - Timbo]

..........That's my view anyway, I'm sure there will others who have a different view.........................................

Just expressing a slightly different view....

regards

Tim