MicrostockGroup Sponsors


Author Topic: WARNING : Credit card fraud from Latvia  (Read 9213 times)

0 Members and 1 Guest are viewing this topic.

« on: October 06, 2006, 07:11 »
0
Hi all,

After the recent image theft issue, I have been victim of another fraud.

I noticed on my september bank account statement a fake 139 USD credit card transaction originated from Latvia (LVA), on Sept. 13th, which is precisely the day I signed up at Galastock last month. Of course, I never gave any credit card info to them, but they had my paypal id (my email).

Coincidence or not ? I would advise all of you to check your recent credit card activity, just in case...
I had to file a complaint to the police dept. for fraudulent use of my credit card, then make an opposition to my credit card at my bank, which confirmed the Latvian origin of the transaction, but they didn't have any more information.

Sorry to bring bad news again, and maybe it's not related to Galastock (though these issues, both originated from Latvia, at the same time period, make me really suspicious) but I thought I had to make this public warning for everyone's sake.

Take care,
Erick



« Reply #1 on: October 06, 2006, 10:34 »
0
I'm very sorry to hear about your victimization.

One thing that people need to be aware of is that there are fake sites on the Internet that want to capture information that they can use for other purposes.

For example, if you create a user ID and password on a new website, there is a good chance that you will be using the same password that is on your PayPal account. Criminals know this and will use this to their advantage.

So if you use the same password on your PayPal account (or any other financial account) as you do on other websites, then GO IMMEDIATELY AND CREATE DIFFERENT PASSWORDS ON YOUR FINANCIAL WEBSITES.

« Reply #2 on: October 06, 2006, 10:45 »
0
One of the purposes of Paypal is that it allows you to pay someone without giving them your credit card info. Essentially the seller is not able to get your card number and charge what ever they want. I don't see how someone could have gotten your credit card from just knowing your Paypal e-mail address. Other wise you could just go to e-bay and get thousands of e-mails and steal money from their paypal accounts. I'm sorry that you got scammed.

Mark

« Reply #3 on: October 06, 2006, 14:17 »
0
I don't see how someone could have gotten your credit card from just knowing your Paypal e-mail address.

If he created an account on a microstock site, then he would have given them a user ID, a password, and an email address.

They could then take the email address and password and try to log into his paypal account.  Since many people use the same passwords across multiple accounts, they could then have broken into the account.  If the account had a credit card associated with it, they could have then used it to transfer money into a foreign account.

Using this same theory, they could then try to log into Amazon and use the same email address and password to order a large ticket item.

This same tactic works on many other websites as long as the website use an email address as a login.

« Reply #4 on: October 06, 2006, 14:48 »
0
Man, time to go change my passwords. Never really thought about websites having a password that I reuse. Pretty scary actually.

« Reply #5 on: October 06, 2006, 14:49 »
0
Thanks for your answers,

I don't see how someone could have gotten your credit card from just knowing your Paypal e-mail address.

I'm in no way sure they got it through Paypal. But Paypal do store my credit card number somewhere on their servers. So if someone manages to "hack" one of their servers, it may be possible to obtain a lot of informations. But of course, it's obviously not a child's game. I checked my paypal account online, and didn't see anything fishy there. And even if they managed to decipher my password, they couldn't see my credit card number as it's partially masked, even for me.

If he created an account on a microstock site, then he would have given them a user ID, a password, and an email address.

They could then take the email address and password and try to log into his paypal account. Since many people use the same passwords across multiple accounts, they could then have broken into the account. If the account had a credit card associated with it, they could have then used it to transfer money into a foreign account.

Yes, I know what you mean. But as a former software programmer, I'm quite aware of security problems and never use a password twice, change them regularly, and even don't use a standard "scheme" for all my passwords. And when I subscribe to a stock agency, I'm very careful not to choose login informations similar to those of my email account, or paypal account, ...

Erick

« Reply #6 on: October 06, 2006, 16:15 »
0
wow, different passwords for every site... how do you keep them all seperate.  i generally change passwords now and then, and if i am sceptical of a site I will use something totally unusual to what I usually do.. but to have a different pass for every site... I am not sure i could manage.

« Reply #7 on: October 06, 2006, 16:34 »
0
wow, different passwords for every site... how do you keep them all seperate.

I keep a spreadsheet with all of my passwords and then password protect that as well! :o

« Reply #8 on: October 06, 2006, 16:41 »
0
wow.  I used to have a paper beside the comptuer with the passwords.. but i haven't lately.  perhaps I should do that again.

« Reply #9 on: October 06, 2006, 16:45 »
0
wow, different passwords for every site... how do you keep them all seperate.
[...]
but to have a different pass for every site... I am not sure i could manage.

That's true. With several email adresses, accounts on stock sites, websites hosted on different servers, paypal, etc., it can quickly become a real hassle !
But I got used to that many years ago while working for a company dealing with highly sensitive data. We HAD to change our UNIX user passwords every month, with very strict rules for composing passwords. If you worked on different projects at the same time, you HAD to have different passwords for each project, etc... So I think I developped a kind of personal logic which helps me memorize them all.

« Reply #10 on: October 06, 2006, 16:54 »
0
I use a similar passwords for accounts that don't contain any financial data or anything that could harm me.  But for all the others I use difficult passwords managed by Password Keychain.  It will generate good passwords for you and keep track of them all.  I wouldn't manage passwords in Excel because it is to easy to break.  Excel is used by so many people that there are many hacking program for password protected Excel files.  Password Keychain is somewhat obsure and it uses heavy encryption techniques to protect your passwords.  It is quite easy to use.  The only problem I run into is if I am away from my home or work computer I can't access any of those accounts because I don't have the password memorized.  For me the increased protection is worth it.  The best part is that it is free. :)

http://www.download.com/Password-Keychain/3000-2381_4-8597943.html

http://www.nfxtech.com/products_passwordkeychain.htm

Mark

« Reply #11 on: October 06, 2006, 17:36 »
0
I am pretty sure that Paypal keeps your credit card/account number secret.  So even if they did get access to your paypal account, they only have access to that, not your bank records aswell (unless they hack Paypal but that is another whole matter).

« Reply #12 on: October 06, 2006, 19:09 »
0
I am pretty sure that Paypal keeps your credit card/account number secret. So even if they did get access to your paypal account, they only have access to that, not your bank records aswell (unless they hack Paypal but that is another whole matter).

Yes, PayPal keeps the credit card/account #s a secret, but they don't need them.  They just need to use PayPal to pay for something using those credit cards/accounts.  In other words, they just need to buy something from a website that accepts PayPal and then send it to a P.O. Box or some other address that is untrackable.

« Reply #13 on: October 06, 2006, 19:41 »
0
I'm in no way sure they got it through Paypal. But Paypal do store my credit card number somewhere on their servers. So if someone manages to "hack" one of their servers, it may be possible to obtain a lot of informations. But of course, it's obviously not a child's game. I checked my paypal account online, and didn't see anything fishy there. And even if they managed to decipher my password, they couldn't see my credit card number as it's partially masked, even for me.

Yes, I know what you mean. But as a former software programmer, I'm quite aware of security problems and never use a password twice, change them regularly, and even don't use a standard "scheme" for all my passwords. And when I subscribe to a stock agency, I'm very careful not to choose login informations similar to those of my email account, or paypal account, ...

Erick

Even though you're a former programmer, it is much more likely that you clicked on a phishing email and gave up your password, rather than someone hacking a paypal secure server.

I'd also like to point out that 95% of credit card/identity theft is still done the old fashion way. Here is how it works, someone dumpster dives or double swipes your credit card at a resterant. Then they sell the info to someone offshore. Latvia is a favorite place to sell to because they have a good banking system and lack real law inforcement.

« Reply #14 on: October 07, 2006, 02:56 »
0
You should allways use different password on each web-site. Ok, it is hard to remember each password if they are good (e.g. '"jeU3#&kdUemx786" style). But you do not need to remember them all, just use some kind of password vault programme and your password security is way better. The excel sheet sounds usable, but you need to encrypt the whole sheet with good cryptiogprahy algorithm (like AES, CAST, TRIPLE DES etc..) because the inbuilt protection of excel is very easy to crack. But here is better solution:

-Get memory stick (usb)
-Go to http://keepass.sourceforge.net/ and download KEEPASS program. (it is free and open source)
-Install it to your memory stick
-Start the programme and make new password vault and add entries into it. You can generate password just moving mouse or typing randomly to keyboard.
-Save your password vault to same folder where you installed actual programm (usb stick)

Now you have all passwords in portable secure place. The program runs any windows computer without re-installing it, just run it from usb stick. The system uses AES and TWO Fish algorithms to protect your password so do not forget your main password.

I have used this this program over two years and it work like a dream. You just need to take backup of the password vault directory in monthly basis (prevent problems if you usb stick broke down) to another media.

br, Mikko P.

« Reply #15 on: October 07, 2006, 03:08 »
0
thanks for the tips.. it sounds like a good idea.

So when you go to a site and have to type in a password, how does that work?  Does the program run in the background and pop up when you need it?

« Reply #16 on: October 08, 2006, 05:39 »
0
The program run in the background if you want (minimized on system tray), and it has somekind of auto complete feature ( I do not use it, so I don't really  know what kind it is).

You just click the site name in the passwd manager and paste the password to web page password field. I store my non-critical passwords on own computer web-browser so it can do the autocomplete. But newer use that feature to sites like paypal or similar (in case somebody breaks in my home network and take control my computer(s)). The Keepass program have other security measurements like (it cleans password data from clipboard automatically etc. )

br, Mikko P.
 


 

Related Topics

  Subject / Started by Replies Last post
0 Replies
1777 Views
Last post February 19, 2007, 14:11
by Istock News
33 Replies
16837 Views
Last post November 23, 2008, 12:07
by helix7
6 Replies
4389 Views
Last post October 24, 2009, 17:56
by lisafx
30 Replies
15000 Views
Last post December 30, 2010, 08:36
by cathyslife
9 Replies
3352 Views
Last post February 23, 2012, 03:05
by gclk

Sponsors

Mega Bundle of 5,900+ Professional Lightroom Presets

Microstock Poll Results

Sponsors