Check your credit card or debit card statement ASAP

Jump to latest Follow Reply
Status
Not open for further replies.
Sort by date Sort by reaction score
DaveP

DaveP

PV Master & Musician
ECF Veteran
May 22, 2010
16,733
42,641
Central GA
Then there's the card fraud type who generate valid numbers and pins using a computer program and try them with small purchases until one is accepted. Then, they hit it over and over until it's cut off. That's what BOA's fraud department told me.

Those who hit the major big box stores and steal numbers know that they have valid cards that will be good for a short period until the bank computers start popping up reports of unusual patterns on a card. Then, it gets cut off.

There should be a better way to shop electronically. Paypal may be just that, except they don't do ecigs.
 
K

Krashman Von Stinkputin

Super Member
ECF Veteran
Dec 31, 2013
447
871
Missouri
DaveP said:
Then there's the card fraud type who generate valid numbers and pins using a computer program and try them with small purchases until one is accepted. Then, they hit it over and over until it's cut off. That's what BOA's fraud department told me.

Those who hit the major big box stores and steal numbers know that they have valid cards that will be good for a short period until the bank computers start popping up reports of unusual patterns on a card. Then, it gets cut off.

There should be a better way to shop electronically. Paypal may be just that, except they don't do ecigs.
Click to expand...

Sorry to hear you got "Target-ed". The hackers' infiltration in that case was through their HVAC system network they were able to then access the POS data system which was not isolated.

So they essentially "came in through the ductwork"
 
Last edited:
DaveP

DaveP

PV Master & Musician
ECF Veteran
May 22, 2010
16,733
42,641
Central GA
Krashman Von Stinkputin said:
Sorry to hear you got "Target-ed". The hackers' infiltration in that case was through their HVAC system network they were able to then access the POS data system which was not isolated.

So they essentially "came in through the ductwork"
Click to expand...

I lost nothing through the Target break-in, but apparently my card was in the list of those stolen, so the bank notified me and Fed Ex'ed a new one overnight.

It's interesting that they came in through the HVAC system. It's even more interesting that the point of sale system wasn't behind it's own secure firewall. HVAC systems are commonly controlled these days from a remote site, but it looks like they had a helter skelter system that didn't deter entry to outsiders. That's sloppy network architecture unless the hackers had already pilfered a file containing all the security codes fore access. I also heard that it was done wirelessly from outside the building that time or another time. Too many companies have visible SSID's and are broadcasting network names to anyone with a wireless device.
 
listerr

listerr

Full Member
Mar 6, 2014
41
19
Cleveland, OH, USA
Sorry, kimmisc. I just saw your post and responded to your private message. PM me back with 3 vendors you suspect and we can compare them with the ones I use. It's interesting that you got hit by 2 of the same fraud vendor "sites". Please beware, however. My bank suspects that the fraudster sets up a monthly subscription and then changes the vendor name for each charge. So, it's unlikely that your repeated use of the ecig company is causing each charge. It likely happened only once and the fraudster just uses your info to set up a monthly subscription.
 
K

Krashman Von Stinkputin

Super Member
ECF Veteran
Dec 31, 2013
447
871
Missouri
DaveP said:
I lost nothing through the Target break-in, but apparently my card was in the list of those stolen, so the bank notified me and Fed Ex'ed a new one overnight.

It's interesting that they came in through the HVAC system. It's even more interesting that the point of sale system wasn't behind it's own secure firewall. HVAC systems are commonly controlled these days from a remote site, but it looks like they had a helter skelter system that didn't deter entry to outsiders. That's sloppy network architecture unless the hackers had already pilfered a file containing all the security codes fore access. I also heard that it was done wirelessly from outside the building that time or another time. Too many companies have visible SSID's and are broadcasting network names to anyone with a wireless device.
Click to expand...

Yup, flat network architecture with no Defense in Depth.
If you're interested in seeing what "we're" up against check out:
Norse - IPViking Live
 
kimmisc

kimmisc

Full Member
Dec 25, 2012
28
6
South Carolina
listerr said:
Sorry, kimmisc. I just saw your post and responded to your private message. PM me back with 3 vendors you suspect and we can compare them with the ones I use. It's interesting that you got hit by 2 of the same fraud vendor "sites". Please beware, however. My bank suspects that the fraudster sets up a monthly subscription and then changes the vendor name for each charge. So, it's unlikely that your repeated use of the ecig company is causing each charge. It likely happened only once and the fraudster just uses your info to set up a monthly subscription.
Click to expand...

The reason I say it is someone's site I buy from regularly is because I've gotten a new debit card number each time it happened, so the new information is being obtained each time.
 
listerr

listerr

Full Member
Mar 6, 2014
41
19
Cleveland, OH, USA
kimmisc said:
The reason I say it is someone's site I buy from regularly is because I've gotten a new debit card number each time it happened, so the new information is being obtained each time.
Click to expand...

Yikes! Okay, I didn't realize it's happened to you with more than one card number. Definitely try to narrow down the suspected company, then avoid!
 
Amy87

Amy87

Super Member
ECF Veteran
Verified Member
Jul 28, 2013
324
588
IN, USA
I recently had to get a new debit card, my bank was awesome and caught the bogus charge and didn't let it go through, but they called me about it and once I verified it was fraudulent they cancelled my card & sent a new one. They said the charge was $49.95, and I don't remember the company, but it was initial, like NIEP or something like that, and when I googled it, it was a place in the UK, and there were tons of links about fraudulent charges from it.

This happened a day after I ordered from an ecig vendor out of Florida that I had never used before. I've had that card for 15 years and never been hacked until that purchase. I can't say for sure that's how they got my card number, but I won't be ordering from the again. I will probably start using prepaid cards as well just to be safe.
 
SueandCootie

SueandCootie

Super Member
ECF Veteran
Verified Member
May 31, 2009
569
835
south central Mass
I don't know about this latest round of accounts getting hit, but the original one was not unique to the ecig community...folks on amazon were talking about it also, and some folks who had cards they'd NEVER used on line were seeing it. I'm betting some kind of general payment processer that handles both retail and web businesses is to blame, or a computer somewhere just running random numbers for hits...not much else that makes sense.
 
Status
Not open for further replies.

Similar threads

ibndevilish
  • Locked
Compromised Credit card
Replies
25
Views
2K
General Vaping Discussion
ibndevilish
ibndevilish
TCO76
  • Locked
Check your cc or online bank statement ASAP
Replies
11
Views
2K
Halo
geckokitty
G
Jimmyhat
  • Locked
Stolen Credit/Debit card info
Replies
41
Views
4K
General Vaping Discussion
Racehorse
Racehorse
Mookie
  • Locked
Credit Card Fraud
Replies
84
Views
8K
General Vaping Discussion
Rick_H
R
lulu836
  • Locked
Credit Card Fraud
Replies
82
Views
14K
General Vaping Discussion
DaveP
DaveP

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Top Bottom
Jump to latest Follow Reply
Jump to latest Follow Reply
Forums
Products
Vaping.com
Star Suppliers
Blogs
Menu