I've been hacked!

rosarycharlie · Oct 20, 2014

I've recently found out that an unauthorized purchase was made using my credit card.

I have already presented evidence to my bank showing that it wasn't me who authorized it for them to return the charge, but they said it would take 45 to 180 days! This is such a hassle. Do you have any tips or software you use to prevent hacking? Thanks!

poikkeus · Oct 20, 2014

With this kind of thing, you'll want to reduce your risk, so that potential thieves will look elsewhere than your account.

1. Use different passwords on each account, and make them as random and unpredictable as possible.
2. Change your passwords regularly.

Since the purchase was make on your credit card, change the password on the relevant card. If you can't change the password, request a new card.

chamm · Oct 20, 2014

Unfortunately, there is no easy answer to this. I've worked in IT for a while, but the problem with "security software" is that is provides a false sense of security. Since I generally have a good idea what constitutes a security threat, then I know what to look for. I don't even have anti-virus software running on my PC. (I do have the basic Microsoft Security Essentials, just to give a little bit of protection.)

I'm certainly not saying that you need to have a fundamental understanding of the entire Internet, but in general, your PC probably wasn't "hacked." You were probably either tricked into entering your password or credit card information somewhere you shouldn't have, or you have a keylogger installed on your PC. Microsoft Security Essentials (installed by default on Windows 8, available for free on Windows 7) will protect you from most keyloggers. As far as where to put your personal information, know what to look for on a website. Most browsers do a decent job of protecting you from fake websites. For example, if you visit a website called "https://login.onlinebanking.chase.vauehgkawj.com" then you aren't really on chase.com, you're on vauehgkawj.com, which probably lives on a hacked server somewhere. Even though it looks like Chase's website, it isn't. Always look at the part right before the .com (.net, .org, etc.) to see where you really are. I own the domain chamm.net, so I could make a website "https://secure.login.paypal.chamm.net," and if you visited that site, you would be going to my server. I could then steal your username and password, redirect you to PayPal's actual website, and you'd be none the wiser.

Those bits of advice will help you, but the most important thing is to not install some piece of software on your PC and think you're protected. If someone manages to get some bad software onto your PC, the very first thing it's going to do is disable any sort of software protection you have.

Best of luck to you! In my experience, the banks usually have it resolved quicker than they say they are going to. Unless you have a major loss, you probably won't be waiting 180 days.

ZeroGravity · Oct 20, 2014

I keep one card with a relatively low dollar limit for online transactions. That way I am never exposed to too much of a liability.

Aaronc36334 · Oct 20, 2014

Get a new credit card with guaranteed fraud protection. IMHO it's ridiculous they're not protecting you by the end of THIS statement

MontyBurns · Oct 20, 2014

Call the credit card company and tell them. I have had this happen, it took no time to fix.

Toothpick · Oct 20, 2014

45-180 days?
To reverse the charge?

That seems a bit nuts. I think your bank may be the one hacking you.

nuclearblast · Oct 20, 2014

Something similar happened to me recently, and the bank took care of it in less than 48 hours, and it was all done via email as I'm not even in the same country where the bank is based, and I didn't feel like spending a fortune to call them on the phone.

AABCDS · Oct 20, 2014

It shouldn't take that long. This isn't 1990.

thematthatter · Oct 20, 2014

Google credit card skimmers. You could have your card stolen by just buying a tank of gas or getting a dinner

chamm · Oct 20, 2014

thematthatter said:
Google credit card skimmers. You could have your card stolen by just buying a tank of gas or getting a dinner

In theory, yes. However, that hack has kinda run its course. Companies that maintain the ATMs are on the lookout for skimmers, as opposed to a few years ago when they were mostly unaware. Also, banks have active countermeasures agains such things.

Not saying it doesn't still happen, but it has peaked and is well on the decline, which means the news media will only be reporting it as "the next big thing you should be afraid of" for the next two or three years.

As a general rule, by the time you see some "new hacking technique" reported on by non-geek media, it has already run its course.

Argonaut · Oct 20, 2014

I had an alert from apple that my iTunes account had been compromised and that I needed to change my password. It had an official looking iTunes home page and of course, asked me to login. I was lucky that I tried the other buttons along the top border, none of them did anything so I called apple. They had me forward the email to them and after a few minutes told me it was a new scammer and to delete the email. Had I entered my password, who knows what might have gotten charged? Anyway, just sharing how sneaky some of these bastids can be. I had a hotel charge show up in Pennsylvania during the same time I was traveling to Washington state, it got resolved easy enough, but I still have no idea how it happened.

mretzloff · Oct 20, 2014

Argonaut said:
I had an alert from apple that my iTunes account had been compromised and that I needed to change my password. It had an official looking iTunes home page and of course, asked me to login. I was lucky that I tried the other buttons along the top border, none of them did anything so I called apple. They had me forward the email to them and after a few minutes told me it was a new scammer and to delete the email. Had I entered my password, who knows what might have gotten charged? Anyway, just sharing how sneaky some of these bastids can be. I had a hotel charge show up in Pennsylvania during the same time I was traveling to Washington state, it got resolved easy enough, but I still have no idea how it happened.

Good thinking. Never log into any website from a link in an email. I regularly get fake PayPal emails. If your account with Apple, PayPal, etc. has a problem, go directly to that website and log in. It will notify you there.

acesn8s · Oct 21, 2014

I get those fake Paypal emails too, even though I don't have a paypal account.

Is it definitely a hack, or could your info been stolen in one of the retail store data breaches?

docholliday77 · Oct 21, 2014

Is this an actual credit card or your bank (debit) card? If credit, I agree that it shouldn't take so long to reverse the charge, but even if it does take that long - that's their problem. Don't pay it.

If it is your bank card and you are waiting for them to put money back into your account, that stinks, but isn't surprising. I never use my bank card on the internet, only credit cards. I've also got my credit card set to send me a text message on my phone for any charges over $20, so I can keep track of it in real time.

Good luck!

BSAGuy · Oct 21, 2014

Bummer. Hope you get it straightened out soon.

rosarycharlie · Oct 22, 2014

chamm said:
Unfortunately, there is no easy answer to this. I've worked in IT for a while, but the problem with "security software" is that is provides a false sense of security. Since I generally have a good idea what constitutes a security threat, then I know what to look for. I don't even have anti-virus software running on my PC. (I do have the basic Microsoft Security Essentials, just to give a little bit of protection.)

I'm certainly not saying that you need to have a fundamental understanding of the entire Internet, but in general, your PC probably wasn't "hacked." You were probably either tricked into entering your password or credit card information somewhere you shouldn't have, or you have a keylogger installed on your PC. Microsoft Security Essentials (installed by default on Windows 8, available for free on Windows 7) will protect you from most keyloggers. As far as where to put your personal information, know what to look for on a website. Most browsers do a decent job of protecting you from fake websites. For example, if you visit a website called "https://login.onlinebanking.chase.vauehgkawj.com" then you aren't really on chase.com, you're on vauehgkawj.com, which probably lives on a hacked server somewhere. Even though it looks like Chase's website, it isn't. Always look at the part right before the .com (.net, .org, etc.) to see where you really are. I own the domain chamm.net, so I could make a website "https://secure.login.paypal.chamm.net," and if you visited that site, you would be going to my server. I could then steal your username and password, redirect you to PayPal's actual website, and you'd be none the wiser.

Those bits of advice will help you, but the most important thing is to not install some piece of software on your PC and think you're protected. If someone manages to get some bad software onto your PC, the very first thing it's going to do is disable any sort of software protection you have.

Best of luck to you! In my experience, the banks usually have it resolved quicker than they say they are going to. Unless you have a major loss, you probably won't be waiting 180 days.

That's some really good information. Thank you. Now I'm kind skeptical of doing anything and I found https://squidproxies.com/shared-proxies do you think using something like that site would be beneficial to help me keep myself protected or no? I'm not a big online shopper, I mean I have done some but only on occasion.

rosarycharlie · Oct 22, 2014

docholliday77 said:
Is this an actual credit card or your bank (debit) card? If credit, I agree that it shouldn't take so long to reverse the charge, but even if it does take that long - that's their problem. Don't pay it.

If it is your bank card and you are waiting for them to put money back into your account, that stinks, but isn't surprising. I never use my bank card on the internet, only credit cards. I've also got my credit card set to send me a text message on my phone for any charges over $20, so I can keep track of it in real time.

Good luck!

It was my credit card through my bank

rosarycharlie · Oct 22, 2014

acesn8s said:
I get those fake Paypal emails too, even though I don't have a paypal account.

Is it definitely a hack, or could your info been stolen in one of the retail store data breaches?

That's crazy! But it's a good thing you can easily know they are fake since you don't even have a Paypal.

chamm · Oct 24, 2014

rosarycharlie said:
That's some really good information. Thank you. Now I'm kind skeptical of doing anything and I found https://squidproxies.com/shared-proxies do you think using something like that site would be beneficial to help me keep myself protected or no? I'm not a big online shopper, I mean I have done some but only on occasion.

Eh... proxies are of mixed value. If they are managed well, they can offer some heavy-duty protection. On the other hand, I'm not familiar with the particular proxy service you linked. Upon first looking at them, it would appear that they specialize in providing anonymity, not really protection. If they do offer protection, I would guess that they do it using free, open-source tools that are available many places. I personally built my firewall for almost zero cost using pfSense, and using the SNORT engine built into it, I probably get the same or better protection than what's offered by any proxy service.

It depends on your ambition. Setting up a pfSense box is not an easy task that anyone can do without any experience. If you have an interest in IT, it would be a great way to learn about the Internet, networking, etc. If you want to take the red pill, then take an old PC, set up a firewall, learn a little about networking, proxy servers and content filtering, and by that time, you would already have the knowledge to protect yourself from 99% of the hacks/viruses/malware out there. On the other hand, if you want to take the blue pill, upgrade (or buy a new PC) with Windows 8.1, or buy a Mac.

None of these steps will guarantee that you're protected. The Internet is an arms race between the bad guys and the good guys, so even with the best tools, you can still get nuked.

One other little piece of advice. I hope that nobody takes offense to this statement, but it represents the single best piece of advice that I could give anyone in regards to keeping your computer clean: STAY OFF OF PORN SITES.

O

Think of the Internet like a big city. There are lots of cool places to visit. Some educational. Lots of stores. In general, it's reasonably safe. Now imagine the place where the adult book stores are located. And the per-hour hotel rooms. And the guy playing three-card-Monte on the sidewalk. Would you want to walk around that neighborhood without shoes?

Search

I've been hacked!

rosarycharlie

poikkeus

chamm

ZeroGravity

Aaronc36334

MontyBurns

Toothpick

Needs milk and a bidet!

nuclearblast

AABCDS

thematthatter

chamm

Argonaut

mretzloff

acesn8s

docholliday77

BSAGuy

rosarycharlie

rosarycharlie

rosarycharlie

chamm

Similar threads