The fraud associated with purchasing ecig related stuff is getting ridiculous

[Ma'am]

Been reading about this for a little while, and hoping and praying that it didn't happen to me but guess what..........I got hit!!!!

My son in law is one of the top IT guys with a bank and keeps my puter on the safe side always, so I'm inclined to believe it was compromised through a vendors site too.

The charges are to Frogster America, Squareenix, Skype, and Apple I tunes. They were all done in one day this week.

Spent the afternoon at my bank filling out a fraud claim totalling several hundred dollars.

Only ordered from one vendor in the last few weeks that take a credit card, the other vendor uses paypal.

This just stinks big time!!!!

 

[VPDownunder]

Yep, until the vendor is identified I'm only using a couple of US vendors that I know are 100% fine like notcigs.com, I'm using eastmall for everything else as they accept paypal

 

[DaveP]

I think its card fraud 'in general' - I used my card everywhere (including brick n mortar shops) - so Im certainly not sure where or how it got compromised. Now though I have a special credit card, through my bank, which works like a gift card - you put cash on it to buy things so there is only ever a limited amount of funds on it. It doesn't overflow from your bank, isnt linked to your others accounts (except in name) nor can it go overdrawn.

I think that's a great idea. In fact, I just may do that and NOT use my real credit card online anymore. Thanks for the tip. I've used those cards when my company issued them for travel expenses. I just cut them and tossed them when the trip was over and the money was gone.

 

[5cardstud]

I also think that that a vendor's site was hacked. I've ordered from quite a few suppliers since March, and don't believe that any of them intentionally used my card info.

I do find it strange that this just happened to me about a month ago since I've placed many orders between February and then. I'm all for getting together and trying to figure out if there if we've all used the same supplier, company, etc. I certainly don't want to name company names directly on the forum (could create panic). But... if we can try to narrow this down, then someone could contact the vendors in question. Who knows - perhaps it's just one or two and they have no idea that someone has been hacking their site.

I'm really surprised the vendors aren't getting involved in this more than they have, If I was a vendor I would have my site checked and then inform the buyers and show them some kind of proof from a security firm or something.

 

[vaporgalinfla]

Been reading about this for a little while, and hoping and praying that it didn't happen to me but guess what..........I got hit!!!!

My son in law is one of the top IT guys with a bank and keeps my puter on the safe side always, so I'm inclined to believe it was compromised through a vendors site too.

The charges are to Frogster America, Squareenix, Skype, and Apple I tunes. They were all done in one day this week.

Spent the afternoon at my bank filling out a fraud claim totalling several hundred dollars.

Only ordered from one vendor in the last few weeks that take a credit card, the other vendor uses paypal.

This just stinks big time!!!!

Tammy - I'm sorry that this happened to you too! When it happened to me about a month ago, the total was only $49.00. Fortunately, I was able to handle everything on the phone and my bank emailed me the fraud claim form.

You mentioned that you had only ordered from one vendor for the few weeks prior. I had ordered from a few. However, I'm not even sure if it was one of those sites. I was thinking it could even be from a vendor that I placed an order from even earlier. Who knows...

 

[vaporgalinfla]

Keep emailing those reports. If i get enough i may be able to determine a pattern.

Thanks

Elendil - I'll email you this weekend. I need to review my bank account and see exactly who I purchased from prior to when my card was compromised.

 

[cozzicon]

First of all, I am a Director of IT, so security is in my job description.
I take my security at home even more serious than work.
I reload my laptops very, very often and run Vipre AV along with a hardware firewall here. I also have on one of my machines a network traffic monitor so I get an alert if traffic spikes or if one of my machines 'call home' without my knowlege. If I do anything that would be considered 'suspect' online, I always use a Virtual Machine that I wipe after. (yes, some would say I am too careful, I say just careful enough). I buy a TON of stuff online. Have never had an issue before starting to buy e-cig stuff.
I had a card compromised, and was lucky as I pretty much monitor my email accounts constantly and caught the purchase. It was a $600+ unlocked iPhone from buy.com.
I was able to cancel the card. I have used my new card on many, many purchases since and have not had an issue.
I do believe that someone has a backdoor on someone(vendor)'s database. Not only was my CC number compromised, my security code and login information was also compromised.
Now I have alerts on all purchases (via text and email) and have a dedicated very low limit card I use for all my e-cig purchases.
Just be very, very careful.

You my brother, are correct.

It's also worthy to note that this whole problem could be solved if database admins would encrypt the database entries.

After deploying about 30 e-commerce systems, that encryption has always saved my .... The sad thing is that a customer has no way of knowing whether the admin has done this.

 

[DaveP]

I have only ordered from a couple of Ecig vendors and have not had a problem yet. As I mentioned previously, you can go to your credit card's web site and most will allow you to set up rules for use and have an email set up so that any purchase over a certain amount causes the system to email you and advise you that the card has been used. That happens for all transactions over $1 on my account. I have email set up on my Droid that checks for new emails every 15 minutes. Every time I use my card, I get an email when it hits the system. This will give you a heads up if you didn't make a credit purchase. It's always good if you can go online, get the details, and call your credit card provider ASAP.

 

[vaporgalinfla]

I have only ordered from a couple of Ecig vendors and have not had a problem yet. As I mentioned previously, you can go to your credit card's web site and most will allow you to set up rules for use and have an email set up so that any purchase over a certain amount causes the system to email you and advise you that the card has been used. That happens for all transactions over $1 on my account. I have email set up on my Droid that checks for new emails every 15 minutes. Every time I use my card, I get an email when it hits the system. This will give you a heads up if you didn't make a credit purchase. It's always good if you can go online, get the details, and call your credit card provider ASAP.

DaveP - You are fortunate! There have been at least five threads in the past couple of months about this topic.

I've bought from quite a few vendors since I started vaping (late Feb/early March). As noted in other posts, my bank cancelled my card right away. I kept the bank account open, but also opened another account that I'm using strictly for ecig purchases. I keep no money in it at all. When I make a purchase, I transfer the exact amount into the new account. So far, this is working well. It also helps that I check my bank accounts frequently!

I'm not concerned about losing money. My bank credited the fraudulent charge within 48 hours (I called on a Saturday). My bank also told me that they if this happens again, I will not be responsible for the charge(s). My concern is that at least one of the registered suppliers on ECF has a site that's being hacked. It's a huge hassle to cancel cards, file a fraud activity claim, and then wait for a new card.

 

[Chelseafn]

Well I got hit today! Checked my account and saw a charge for AL Technologies. My credit union found out it was in Cali. Did a google search and came up with some company. Anyway I posted about it. I did email the vendors I delt with about what happened. I dont think it was either. I think somewhere between me sending payment and paypal accepting payment is when it happened. now before you say anything about PP. This is what happened according to my CU. Payment was made to PP in Cali. Then 9 minutes later someone charged my card to wherever Al Technologies is located in Cali? So it seems to me it was paypal. You be the judge. I ran both my virus program and malware program and both came up with zero.

 

[tranced]

It's a small pain in the ... but I've always gone to my bank and got a prepaid visa gift card in the amount I plan on spending. My bank doesn't charge a fee for this like the green dots do so it only costs me time. I can register the card within 2 hours of buying it, use it and not worry about getting scammed/phished/frauded/or fondled due to poor security. Whatever spare money is left on the card gets used up when I've collected a few of them by using self-checkout at the grocery store. I can avoid the hassle of mucking up my credit card or my debit card, having to explain to the wife why there is a problem or even admit to the amount I've spent on ecigs.

Hell, I might need to start buying prepaids to pay my bar tabs too. Keep her guessing

 

[crashtestjeep]

Email sent. Only have bought from 3 vendors in the past 3 months, most recently just in the past few weeks. The charge was from Blizzard E, a gaming site. The bank said it's fraud and is looking into it, in the mean time I'm out $197 until this is resolved.

Analog Free since July '09

Blizzard was one of the places mine got used when it was stolen....please PM me w/vendors you uised-Id like to look into this a lil more, thanks

 

[Dkrom68]

Keep sending emails to Elendil at this email address as he is compiling the data to see if there is a pattern to all the fraud elendil@e-cigarette-forum.com Dont PM him as he wont respond, only to emails he will and this could very well be the way to determine which vendor has been compromised

 

[Bovinia]

Blizzard was one of the places mine got used when it was stolen....please PM me w/vendors you uised-Id like to look into this a lil more, thanks

Blizzard is World of Warcraft and I also saw someone else mention a fraudulent Frogster America transaction. Frogster would be Runes of Magic. Any of you being hit play those or other online MMOs? I get phishing emails that (to an unwary eye) claim account issues and ask you to click a link in the email to *verify* your account details. The links look official but will direct you to a hack site to steal your info and/or install a backdoor keystroke hack. EBay is another popular phishing scam target.

Just a thought

 

[Ourei]

The stores you are buying from may unknowingly have viruses/trojans on their computer that sends info to other sites. They could be victims of fraud as well. Just some food for thought. Also, if a site offers payment via PayPal, that's the way to go.

Happy vaping!

 

[st0nedpenguin]

Again, Paypal isn't bulletproof either, and as I gather they're not too keen on their service being used for e-cig purchases, so could quite likely decide to deny you any assistance.

Also it's worth considering that anybody harvesting all this card info could quite likely be sitting on it for a lengthy period of time so as to not arouse suspicion immediately after obtaining your info, it's not common for these people to wait months before actually using stolen info, making it harder to pin down exactly where and when it was stolen.

 

[Ma'am]

My card was the one that had the charges to Frogster America. I had no idea what it was and googled it, there I saw it was an online gaming site. It was hit with charges to Squareenix too, it is also something to do with online gaming.

I do not go to, nor do I play any online games.......never have. There were Skype charges and I've never Skyped either.

I've only used this card for ecig supplies, have done no other shopping with this card.

 

[harpo]

Mine too, was compromised just last month.
It was also used to purchase world of warcraft gmaing stuff in washington state and ca.....
I got refunded so no biggie but it was not only a hassle, but a lil scarey not knowing at first how it would all turn out. My bank notified me as soon as the third "funny transaction" happned by email and got a vall that next morning. Sucks but I now have more faith in my bank that they really DO look after me while I sleep at night

Mine was just compromised and used at the same places.

 

[CaptJay]

A long time before I ever started vaping (or knew about PV) my card was used to buy Euro train tickets in France - and it was determined that the breach came from an Internet flower company that I had bought something from WEEKS before. That particular company's server (they used a hosting site) had been hacked/got a trojan and they weren't the only company affected.
That's why I'm not comfortable blaming suppliers or vendors - the breach may not be from them, it could be their hosting company or it could be some place else entirely.

 

[st0nedpenguin]

If your cards are being used to purchase MMO accounts I'd really suggest looking into the possibility of you having been keylogged at some point recently, MMO gold farming is a huge business right now and if your card has been used to buy MMO accounts it's probably so they can farm gold. The account theft popular with these people tends to go hand in hand with credit card fraud.

You can get hit by a keylogger simply by viewing a site without adequate browser protection too, gone are the days of needing to download and run suspicious fies.