My Freedom Smokes & Unauthorized Transactions

[Thrasher]

ecig venders have been hit since early 2013.
while it sucks they wont help. It isnt there fault as the vulnerability is either in your tablet or the payment authentication company they use.
you say you used pay pal, so first thing to do is check the email mfs sent you and click details. It may not work on your tablet email program, then do it on a pc.

when you check for details it will tell you the email address it should say sender: www.myfreedomsmokes.com and nothing else.

what im saying is they can fake the header. Example: You get an email from from amazon, it says log in and change your password, the email says from amazon but the details say amazon11234@zynergy.net or whatever. This would not be from amazon.

Second RIGHT NOW go to the app store and download one of the better Antivirus apps, smaseveral good ones are free and run it, way too many of those crappy free apps install malware or vulnerabilities

 

[dbrandt01]

I never had problems with MFS, I know a lot of other people that order from them. One guy has upwards of 20-30 liters of nicotine from them. Never heard of a problem. I have no unauthorized purchases and my last order was about 2 weeks ago.

Is it possible y'all bought from somewhere else? Online or in person?
I know the only time I ever have unauthorized purchases was from a pizza place I ordered from about 4 months before my MFS order. Even my software says MFS is safe.

 

[eblazemc]

Thrasher" data-source="post: 15396355" class="bbCodeBlock bbCodeBlock--expandable bbCodeBlock--quote js-expandWatch">

ecig venders have been hit since early 2013.
while it sucks they wont help. It isnt there fault as the vulnerability is either in your tablet or the payment authentication company they use.
you say you used pay pal, so first thing to do is check the email mfs sent you and click details. It may not work on your tablet email program, then do it on a pc.

when you check for details it will tell you the email address it should say sender: www.myfreedomsmokes.com and nothing else.

what im saying is they can fake the header. Example: You get an email from from amazon, it says log in and change your password, the email says from amazon but the details say amazon11234@zynergy.net or whatever. This would not be from amazon.

Second RIGHT NOW go to the app store and download one of the better Antivirus apps, smaseveral good ones are free and run it, way too many of those crappy free apps install malware or vulnerabilities

Order confirmation email came from: support@myfreedomsmokes.com

I will look into those antivirus apps for some added security- are there any recommendations for any listed through the google play store ?

 

[eblazemc]

I never had problems with MFS, I know a lot of other people that order from them. One guy has upwards of 20-30 liters of nicotine from them. Never heard of a problem. I have no unauthorized purchases and my last order was about 2 weeks ago.

Is it possible y'all bought from somewhere else? Online or in person?
I know the only time I ever have unauthorized purchases was from a pizza place I ordered from about 4 months before my MFS order. Even my software says MFS is safe.

It had been days since we last used the card and that was at the OSH KOSH childrens store for $1.50 and then a couple days prior to that my husband used it to get gas at the QT.
The oddness about the fraudulent charges was that they were made that same evening after that initial myfreedomsmokes purchase and the charges were done not that long after my order with them.

 

[eblazemc]

If nothing else then im glad to see that I may be one of the few that had this issue, at least with this company. Pay pal did mention to me when I was initially discussing with them my problem- that MFS has a D rating with the Better Business Bureau (i did later confirm that was accurate) and they suggested that might be something I should look out for.

 

[Runamok3x]

What were the amounts and time stamps of the unauthorized charges?

 

[cbrite]

I had a bad experience with fraud also. Not the same vendor, but another one that I never used afterwards. But shortly after I ordered from them, I had two unauthorized charges (spaced a week apart) on my card. The first one was $49.95 and the second $99. I went to the bank for the first one and got it denied and when the 2nd one came, the bank cancelled my card and gave me a new one. When buying online later, I saw that Google had "saved" my card number for the autofill thing and thought that might have been the real problem. Of course someone either had to know my security numbers on the back of my card or be very lucky to replicate them. I think it can be dicey to use debit/credit cards online anywhere these days. At the bank, they told me that this sort of thing happened frequently. I suspect the best (though less convenient) way to go is to buy a Mcard/Visa gift card and use that for vendors other than the big guns like Amazon who have better security in place.

 

[Jwaterski]

I don't know about MFS, never ordered there before, but you mentioned a QT gas station? All gas stations are popular for the skimmers, might contact the QT and have them check their pumps, just in case. Could save your friends and neighbors some headache....

Whoever scammed you, hope you get it sorted out, and thank you for posting. MFS or not, any of us is at risk all the time, I appreciate the warning on possible compromised companies.

 

[mosspa]

You may wanna go read this one and test your browser. Stop the azz-u-me stuff - there are a lot of reasons why this could have happened - including it being your fault based on the browser you are using. ~> http://www.e-cigarette-forum.com/fo...93-warning-freak-vulnerability-ecommerce.html

Thanks for this! I wasn't aware of that threat.

 

[mosspa]

I dont know what azz u me stuff is. However I think if individuals have problems with purchasing from a company one way or another we should be able to share our experience as to further educate the public so that they have the information to make a better informed decision when they are going to choose from who to put their trust in when they go to make a purchase and then let them decide whether they want to take that risk or not. Also companies should not get away with poor treatment of their customers, customer service has drastically gone downhill and we as consumers shouldnt just accept that as the way it is. When someone comes on here and tells of having something bad happen to them its cruel to criticize and be critical when they are just looking for help or understanding.

I've been dealing with MyFreedomSmokes since December, as my sole source for my stock e-juices and other EVOD-related supplies. I have found them to be an exceptionally responsive company, who sell fine products. Your experience with customer service there doesn't reflect any of my experiences.

 

[xint]

Ill try to be fair and answer some of these to the best of my ability.

This was my second order through the company. My first order shipped so quickly is the reason I made a repeat purchase- second order was not as prompt.

First order charged to the same card came up as My Freedom Smokes the second one came up as Cris Yelton at first while it was pending and now says My Freedom Smokes.

One of the charges was for Mcaffe intel security, video stripe, real player, gold my score and some kind of college sports thing. Other then Mcafee I dont know what these things are.

Besides the fact that check my accounts several times a day Pay Pal which is the card i used also lists the transactions and if you ask them they can give you a little more detail. Which is also the answer yes i did I contact the card company.

Yes my husband did get the name of the person he spoke with.

As far as telling you more about me and my husband personally and our habits and where we live, I have to ask why do you want to know such detailed information about us?

First off thanks for starting this thread because I just experienced this problem like 1-2 days ago.

I found this thread on Google and just made this account, so that's why my post count looks sketchy. But anyway here's my story.

Little backstory first: I was searching for some small discreet vaping batteries, and found the eGo Mini 350mAH on MFS and FastTech. For the price and shipping speed, it was better than waiting >10 days buying through FastTech.

I made my account and saw that I had to enter my CC# directly on their form since they only have one payment option. I usually never do that, but MFS looked like a legit site after some Googling so I decided not to worry about it and put in my Google Wallet card.

To answer the other guy about that browser exploit, I am using the latest Chrome desktop beta which isn't affected by that exploit.

Anyway, when I saw the first garbage transaction for that credit score site, I locked my card so everything after it was declined. But the rest of those transactions match exactly the ones you had.

Here's my transaction log from that day:

i.imgur. com/HdLHxUx.jpg

At first I assumed I had a virus, or my card was skimmed at some 7-11, but now that our same fraud transactions match up I can say something's going on with the payment processing at MFS. Which is a shame because my experience with them was excellent, the package already arrived on Thursday so they are quick to ship too. If someone from MFS reads this, I hope you guys put in some different payment methods because the credit card thing isn't working out too well for me.

If anyone else has this issue and/or bought from MFS recently, please respond.

 

[eblazemc]

I hate that someone else had that happen to them as well but at the same time im glad im not alone in this. I spoke with Alex there that fist time then just the other day I was finally contacted back by Dustin who claimed to have been trying to get in touch with us by phone but we had received no calls or voicemails.
Heres the email he finally sent in response to our problem:


I’ve been unable to reach you by phone so I thought I would shoot you an email.. I certainly understand how frustrating it can be when something like this happens.. However, I can assure you that your information was kept secure when processing your order on our website.. We use heavy encryption through only secure and trusted channels and your info is passed directly through our payment gateway to the credit card processor.. In fact, we can’t even see your full credit card number here at MFS.. We only see the last four digits, so we would not have enough info to be able to use the card.. I highly suggest speaking with your bank about any unauthorized charges and they will advise you on the proper way to handle the issue.

DUSTIN TAYLOR

DIRECTOR OF MARKETING

DUSTINT@MYFREEDOMSMOKES.COM

704-545-7175 ext. 105



.

.

From: Alex Thompson - MyFreedomSmokes [mailto:alex@myfreedomsmokes.com]
Sent: Thursday, March 5, 2015 2:34 PM
To: 'Dustin Taylor'
Subject: Customer Claiming We Stole Their Credit Card #

claim that their credit card information was stolen after using our website.

ALEX THOMPSON

RETAIL/CUSTOMER SERVICE

ALEX@MYFREEDOMSMOKES.COM

704-545-7175 ext. 111

.



.
I responded:
We havent received any calls from you.

:O There was no response or reply from that.

 

[xint]

Okay I pretty much figured out what happened then.

A hacker found a backdoor into their server recently and exploited it to feed them customer's credit card information. And I can prove it if anyone thinks otherwise.

This kind of thing can happen to any online store, except for the big players that create their own storefront. That's why I also opt for a PayPal or similar option if they have it.

There's nothing that MFS can do about the fraudulent transactions in this case, but I'll try to reach out to them so that they understand this does exist. I don't like that other vapers are going to fall victim to this.

 

[eblazemc]

I agree, we each have enough to deal with in our lives that no one needs this added burden to come upon them if it can be helped or prevented.
I think thats a gracious idea. I wish you the best of luck and hopes that it all works out and that they listen and realize their is a problem and actually take action to try to do something about it so that they can prevent their buyers from having to go through the stuggle with this problem as we ended up having to do.

 

[SuperTaz]

Hello eblazemc and welcome to the forum. Sorry to hear about your situation and thanks for informing people. We work to hard to be this poor and to have some (insert profanity of your choice) steal from us is maddening. Keep us updated would you?

 

[suckerpunchltd]

I've had nothing but good luck with MFS for close to 6 months now. I just ordered from them this past Thursday and received everything fine without any fraudulent charges or other issues.

This kind of thing can happen to any online store, except for the big players that create their own storefront. That's why I also opt for a PayPal or similar option if they have it.

This....well I've had my info compromised on Amazon, Walmart, another vaping site and the local gas pump all within the past 1.5 years. It happens. All the time. Far too often, so stating that the big players don't have it happen is absolutely wrong. Target? Their in-store point of sale systems were compromised. It happens to all firms regardless of size. If you can prove that it is a backdoor on MFS, you should absolutely contact them and not be posting here that you can prove it to anyone who cares.

I write e-commerce software for a living. I should know how this stuff works, Sr Software Engineer of near 15 years.

As long as MFS takes the initiative and makes the fixes, then it will be fine. Ones bank should reverse any unauthorized charges - and that truly is where it lies. I purchased some items not too long ago from a very reputable big box vendor and in 24 hours had 5 charges on my card. All in California. Call bank, they immediately reversed them and investigated it on their own.

That's e-commerce, that's credit cards, that's the world we live in.

 

[suckerpunchltd]

I was just thinking. this month I've noticed a lot more emails from MFS on orders than previously. They are sending more tracking updates, delivery updates and such than they used to. I am wondering if they did a software upgrade or implemented new software. That could very well be where the vulnerability came from.

 

[kartoffelfaust]

A hacker found a backdoor into their server recently and exploited it to feed them customer's credit card information. And I can prove it if anyone thinks otherwise.

Yes - do elaborate. Not that I'm arguing with you, just curious for the sake of root-cause analysis.

I noticed they're using the e-commerce platform that godaddy has recently incorporated, and also noticed that there have been vulnerabilities in it, including ones that allow attackers to redirect DNS entries to spoofed sites.

 

[nyiddle]

My husband told them what happened but seemed to get nowhere with the person who seemed to only blow him off with excuses attempting to move away any blame their way. He asked to speak to someone in charge but continued to get more excuses on why that person wont speak with him and probably wont get back in touch with him either cause he's too busy. I thought that whole short lived conversation was in extremely poor taste and showed very poor customer service.

If your car broke, would you contact the last gas station you visited?

You need to talk to your credit card company, not the last website you made purchases on.

 

[kartoffelfaust]

We use heavy encryption through only secure and trusted channels and your info is passed directly through our payment gateway to the credit card processor.. In fact, we can’t even see your full credit card number here at MFS.. We only see the last four digits, so we would not have enough info to be able to use the card.. .

Some quick research shows that:
- GoDaddy uses reasonable gateways such as Authorize.net
- GoDaddy does store credit card numbers in a manner that allows them to be read back (pre-authorization vs accepting the transaction in merchant panel)
- I was unable to discover how they store credit card numbers, if they use a hardware encryption device such as those by Ingrian (safenet).

Given the last two, regardless of what MyFreedomSmokes can see on their console, the CC data is vulnerable in-flight.