Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 11-24-2012, 10:50 PM   #21
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,260
Quote:
Originally Posted by Alan View Post
Bottom line is, never go to your on-line accounts from a link within an e-mail.
Yes, and even more precaution is in order.

Don't allow automatic loading/display of emails. An html email can have links to websites, and 'bad guys' include a link that is tied to your email address. Merely allowing the email to display these links tells the bad guy that you open emails, and that they have a 'live' email address. They will send you more spam.

I'm surprised that there aren't more of these attempts that look as good as this one. It isn't that hard to make them look authentic, and the 'hit rate' would be better. I think I reported one a while back where they phished Amazon, it had links to the real amazon site, the tip off for me was that they didn't address us by name, which the real amazon emails do.

-ERD50
__________________

__________________
ERD50 is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 11-25-2012, 06:27 AM   #22
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,454
Quote:
Originally Posted by Alan View Post
Bottom line is, never go to your on-line accounts from a link within an e-mail.
+1

I get plenty of phishing emails supposedly from legit well known businesses and sometimes with which I have a relationship such as PayPal.

I usually hover over the link in the email to view the URL, and yep, it's often going somewhere else.

Some companies say they'll always use your full name in the email.
__________________

__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 11-25-2012, 10:06 AM   #23
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
How Apple and Amazon Security Flaws Led to My Epic Hacking

I was thinking of this article when I posted earlier in the thread. The latest Wired magazine has a more-detailed article.

At this time I think we are subject to problems at the client end (meaning me and you) as well as at the head end (meaning the companies we deal with).
__________________
target2019 is offline   Reply With Quote
Old 11-25-2012, 10:31 AM   #24
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,077
Quote:
Originally Posted by target2019 View Post
How Apple and Amazon Security Flaws Led to My Epic Hacking

I was thinking of this article when I posted earlier in the thread. The latest Wired magazine has a more-detailed article.

At this time I think we are subject to problems at the client end (meaning me and you) as well as at the head end (meaning the companies we deal with).
I'm still annoyed at Amazon after what they did to me earlier this year. I noticed 6 charges on my CC from Amazon, all just under $10. When I called to find out what they were I talked to a guy from their fraud department who told me that someone called Louise had created an account using my CC, and he sent me an e-mail confirming that the purchases were fraudulent and that the account had been closed. (Penfed then reversed the charges and cancelled my CC).

As I said to the guy at Amazon, how can this happen? Why would you let someone else use my CC without at least an e-mail to me to confirm that they have my permission? This was not a clever bit of fraud, or a software security hole, it was simply someone like a waitress (or waiter) copying down the details of my CC and then using it on-line.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 11-25-2012, 11:09 AM   #25
Thinks s/he gets paid by the post
 
Join Date: Nov 2009
Posts: 3,855
Quote:
Originally Posted by Corporateburnout View Post
I had to reboot my machine in safe mode with networking then installed MalwareBytes which found the viruses but then I had to install an Avast rootkit program to kill it then I had to scan again after a standard reboot.
I forgot to include that I had to reboot in Safe Mode just to be able to run System Restore, then download Malwarebytes (which was not on the system originally), then run it and Spybot S&D multiple times (including more reboots)...........UGH it took a long time to figure this out and run everything!
__________________
Retired in late 2008 at age 45. Cashed in company stock, bought a lot of shares in a big bond fund and am living nicely off its dividends. IRA, SS, and a pension await me at age 60 and later. No kids, no debts.

"I want my money working for me instead of me working for my money!"
scrabbler1 is offline   Reply With Quote
Old 11-25-2012, 11:16 AM   #26
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Quote:
Originally Posted by Alan View Post
As I said to the guy at Amazon, how can this happen? Why would you let someone else use my CC without at least an e-mail to me to confirm that they have my permission? This was not a clever bit of fraud, or a software security hole, it was simply someone like a waitress (or waiter) copying down the details of my CC and then using it on-line.
It seems to be relatively easy to do. I manage some of my mothers accounts and was able to go online with just few bits of info and access all of her accounts.

One thing I have seen some places do that helps, they will not ship to an address that is different from the CC address without confirmation.
__________________
rbmrtn is online now   Reply With Quote
Old 11-25-2012, 11:30 AM   #27
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,260
Quote:
Originally Posted by Alan View Post
As I said to the guy at Amazon, how can this happen? Why would you let someone else use my CC without at least an e-mail to me to confirm that they have my permission? This was not a clever bit of fraud, or a software security hole, it was simply someone like a waitress (or waiter) copying down the details of my CC and then using it on-line.
Now I'm curious. On one hand, would Amazon know that your CC# was tied to your email - or is that something that they are 'blind' to (for security reasons). It does work the other way round, the CC can be tied to your account. But this wasn't your account, it was a new one.

But that raises the question - what does it take to open an account? I would think they would need your billing address. That not matching the CC should be a red flag, no? But they would give their email address for this new account, so assuming they could open it, they wouldn't email you - your email is not connected with this account. Maybe they knew your address? A restaurant employee could easily Google that from your name and general location (ours comes up in publicly available property tax records). Once an account is set up, you can ship to a different address.

It's been so long since I created the Amazon account, I don't recall the steps or requirements.

Would a credit card freeze prevent this?

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 11-25-2012, 11:33 AM   #28
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,260
Quote:
Originally Posted by rbmrtn View Post
It seems to be relatively easy to do. I manage some of my mothers accounts and was able to go online with just few bits of info and access all of her accounts.

One thing I have seen some places do that helps, they will not ship to an address that is different from the CC address without confirmation.
But this is different - they didn't access his Amazon or Credit Card account - they set up a new account with his CC# (and maybe a googled address).

IIRC, the confirmation to ship to a different address is pretty minimal. And since this was 'their' account, they probably had everything they needed to confirm it.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 11-25-2012, 01:18 PM   #29
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,077
Quote:
Originally Posted by ERD50 View Post
Now I'm curious. On one hand, would Amazon know that your CC# was tied to your email - or is that something that they are 'blind' to (for security reasons). It does work the other way round, the CC can be tied to your account. But this wasn't your account, it was a new one.

But that raises the question - what does it take to open an account? I would think they would need your billing address. That not matching the CC should be a red flag, no? But they would give their email address for this new account, so assuming they could open it, they wouldn't email you - your email is not connected with this account. Maybe they knew your address? A restaurant employee could easily Google that from your name and general location (ours comes up in publicly available property tax records). Once an account is set up, you can ship to a different address.

It's been so long since I created the Amazon account, I don't recall the steps or requirements.

Would a credit card freeze prevent this?

-ERD50
Quote:
Originally Posted by ERD50 View Post
But this is different - they didn't access his Amazon or Credit Card account - they set up a new account with his CC# (and maybe a googled address).

IIRC, the confirmation to ship to a different address is pretty minimal. And since this was 'their' account, they probably had everything they needed to confirm it.

-ERD50
When I asked the fraud dept guy why they would allow someone else to use my CC on their account he said that it is very common for this to happen, but that does not explain why they do not ask for permission, or even inform me that my CC under the name "Alan xxxxxxx" is being used by someone called "Louise yyyyyyyy".

He wouldn't tell me what the purchases were for so I don't know if they physical things being shipped to an address or if they were things that did not need a shipping address such as music downloads, on-line gift cards etc.

PS

I Googled my name (which is very unusual) and found my address very easily so the account could have been set up with my billing address even it the shipping address is different
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 11-25-2012, 01:41 PM   #30
Moderator Emeritus
Bestwifeever's Avatar
 
Join Date: Sep 2007
Posts: 16,372
I wonder if this is a case where it's.much cheaper for Amazon to resolve the fraud that occurs individually in a relatively tiny number of new accounts vs the cost in time if not money of cross checking CC info to existing accounts or contacting people when ship to addresses differ. Like many people we use one CC for only online charges, so a fraudulent account using that number could not likely be set up anyway (stolen CC info would probably come from a different card) against which it could be cross checked.

What a pain, though, Alan.
__________________
“Would you like an adventure now, or would you like to have your tea first?” J.M. Barrie, Peter Pan
Bestwifeever is offline   Reply With Quote
Old 11-25-2012, 02:20 PM   #31
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Quote:
Originally Posted by Alan View Post
When I asked the fraud dept guy why they would allow someone else to use my CC on their account he said that it is very common for this to happen, but that does not explain why they do not ask for permission, or even inform me that my CC under the name "Alan xxxxxxx" is being used by someone called "Louise yyyyyyyy".
t
It's very easy to do , amazon in particular. I mentioned I was able create an account using someones info ( my mother ) without a problem. I was surprised how easy. It depends a lot on the other party and how well they verify the account. A lot places now require the 3/4 digit security code which you don't have without the physical card. Amazon doesn't, also as another mentioned for amazon it is probably easier to write off the small amounts rather than impede the ordering process.

Amazon has been highlighted before on this...

Amazon Lets Thieves Shop With Stolen Credit Card Numbers, Says Report - Business Insider
__________________
rbmrtn is online now   Reply With Quote
Old 11-25-2012, 02:22 PM   #32
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,077
Quote:
Originally Posted by Bestwifeever View Post
I wonder if this is a case where it's.much cheaper for Amazon to resolve the fraud that occurs individually in a relatively tiny number of new accounts vs the cost in time if not money of cross checking CC info to existing accounts or contacting people when ship to addresses differ. Like many people we use one CC for only online charges, so a fraudulent account using that number could not likely be set up anyway (stolen CC info would probably come from a different card) against which it could be cross checked.

What a pain, though, Alan.
Programming should be easy enough and it would cost Amazon next to nothing to have their software automatically send an e-mail every time the same credit card is set up against multiple accounts.

Even Facebook sends me an e-mail when I log in for the first time using a different PC. (sometimes I clear all cookies from one of the 3 laptops/netbooks I use).
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 11-25-2012, 02:35 PM   #33
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,077
Quote:
Originally Posted by rbmrtn View Post
It's very easy to do , amazon in particular. I mentioned I was able create an account using someones info ( my mother ) without a problem. I was surprised how easy. It depends a lot on the other party and how well they verify the account. A lot places now require the 3/4 digit security code which you don't have without the physical card. Amazon doesn't, also as another mentioned for amazon it is probably easier to write off the small amounts rather than impede the ordering process.

Amazon has been highlighted before on this...

Amazon Lets Thieves Shop With Stolen Credit Card Numbers, Says Report - Business Insider
Quote:
A lot places now require the 3/4 digit security code which you don't have without the physical card.
When you copy a card's details you also copy the extra security code, so you don't have to have possession of the physical card.

PS
Thanks for that link
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 11-25-2012, 05:56 PM   #34
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Quote:
Originally Posted by Alan View Post
When you copy a card's details you also copy the extra security code, so you don't have to have possession of the physical card.
Not sure what you mean by copy the card details. The CSC on the signature strip is no encoded on the magnetic strip.
__________________
rbmrtn is online now   Reply With Quote
Old 11-25-2012, 07:57 PM   #35
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,260
Quote:
Originally Posted by Alan View Post
Programming should be easy enough and it would cost Amazon next to nothing to have their software automatically send an e-mail every time the same credit card is set up against multiple accounts.
What I am questioning is if they can really do that? I thought that the way the security worked, they don't really 'have' your CC#. They have an encrypted version which is not un-encrypted until you log in.

If it does work that way, they couldn't just hit a database of CC#s - they would have to get in, get the key, and decrypt each account, one at a time. And they would probably need to login as you - and I don't think they can get your password either, they can only reset it. I think the actual password check is all encrypted also - again, not something you can hit with a database query.

Quote:
Originally Posted by rbmrtn View Post
Not sure what you mean by copy the card details. The CSC on the signature strip is no encoded on the magnetic strip.
I think he meant manually copy - pencil and paper, like a shifty restaurant employee might do.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 11-25-2012, 08:05 PM   #36
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Ed_The_Gypsy's Avatar
 
Join Date: Dec 2004
Location: the City of Subdued Excitement
Posts: 5,292
Quote:
Originally Posted by Alan View Post
I Googled my name (which is very unusual) and found my address very easily so the account could have been set up with my billing address even it the shipping address is different
IIRC, one can remove one's name from Google's search capability. Worth checking into?

I found that while my name is not common, there are enough of 'us' in the US and Europe to make it not easy to figure out who I am and get my address. I have no Facebook or Twitter and only appear on one website, which I may clean once I leave the profession.
__________________
my bumpersticker:
"I am not in a hurry.
I am retired.
And I don't care how big your truck is."
Ed_The_Gypsy is offline   Reply With Quote
Old 11-26-2012, 12:58 PM   #37
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,077
Quote:
Originally Posted by rbmrtn View Post
Not sure what you mean by copy the card details. The CSC on the signature strip is no encoded on the magnetic strip.
You are thinking hi-tech and I'm thinking low-tech.

You hand over your card to the waiter to pay your bill and he takes it away, returning with the CC slip for you to sign. In that time he can take out a piece of paper and write down the 3 or 4 digit code to use with the rest of your details which he either writes down or uses a card reader to quickly record your details.

In the UK, and in some restaurants in Canada, your card never leaves your possession or sight because they bring a wireless hand-held device to your table where you do the swiping or they do the swiping, and then print out the bill for you to sign.

Even on trains in the UK you can pay for your fare when the ticket collector comes by as they all carry wireless CC machines hanging from their neck.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 11-26-2012, 01:50 PM   #38
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Quote:
Originally Posted by Alan View Post
You are thinking hi-tech and I'm thinking low-tech.
Got it. I wasn't even thinking about that, I was thinking more of amazon online transactions. And in addition to someone manually copying everything, they install fake skimmers that read your card info and capture it. Remember when you just had to worry about them stealing the carbon copy paper from the imprint machine...
__________________
rbmrtn is online now   Reply With Quote
Old 11-26-2012, 02:17 PM   #39
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,077
Quote:
Originally Posted by rbmrtn View Post
Remember when you just had to worry about them stealing the carbon copy paper from the imprint machine...
Those days are long gone.

Also, the CC receipts often had your CC number printed on them so I used to mark it out with a pen leaving just the last 4 digits.
__________________

__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 02:49 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.