Folks - I wanted to see if I could tap into the tech wisdom here.

Somehow someone was able yesterday to gain online access to my credit card account, and changed the email and address. Then they tried to make a large ($4K) online purchase, which the cc company refused. I found out today when the cc company sent me an email notice of the changed email address. I called them, the account is shut down, and the account information corrected back.

My question: I figure that this means they somehow had my login information, and the only place that exists, so far as I know, is on my computer and the computers of the credit card company. So, I'm thinking one of us was hacked. Is there some way to figure out if it was my system?

I have a router, and run Avast antivirus. Since this all came up earlier today, I've run a malwarebytes scan, found nothing, a Avast virus scan, nothing, and had Avast run a network check which says that none of my devices are visible from the internet.

I'm in the process of changing other financial passwords, but so far haven't found any other problems, including with another account (CD's) I have with the credit card company.

I'm a bit rattled, and would appreciate all thoughts on how this might have happened, or what else I should be doing now.

Ken

What number did you use to call them? The one from the email or the back of your card?

my credit card has been compromised before. They called me to verify a suspicious purchase, then I called them back using the number on the card. i gave no information over the phone. The card was stopped, a new card issued.

I immediately tried to use my card at the gas station a couple of blocks away to verify it was stopped.

Or do you ever log into your account from anywhere besides home on that computer?
Does your computer require a password at log in?

It may be one of the companies with whom you have done business.

Many financial accounts have been hacked. Though how your password was found could be another matter.

Some malware can install a key tracker program.

I am not up on things nefarious in the world of computers.

The first question anyone usually asks about my computer when there is a problem is, "have you installed anything new or upgraded anything recently?"

jtk

If you have ever typed your CC number into the computer to purchase something, the number is out there. Most email passwords are easy to figure out, and if you've ever been spoofed and entered the email/password into a spoofed website, they have that, too.

Stealing info is not as complicated as many make it out to be. It's quite possible your system is not compromised.

Folks - I wanted to see if I could tap into the tech wisdom here.

Somehow someone was able yesterday to gain online access to my credit card account, and changed the email and address. Then they tried to make a large ($4K) online purchase, which the cc company refused. I found out today when the cc company sent me an email notice of the changed email address. I called them, the account is shut down, and the account information corrected back.

My question: I figure that this means they somehow had my login information, and the only place that exists, so far as I know, is on my computer and the computers of the credit card company. So, I'm thinking one of us was hacked. Is there some way to figure out if it was my system?

I have a router, and run Avast antivirus. Since this all came up earlier today, I've run a malwarebytes scan, found nothing, a Avast virus scan, nothing, and had Avast run a network check which says that none of my devices are visible from the internet.

I'm in the process of changing other financial passwords, but so far haven't found any other problems, including with another account (CD's) I have with the credit card company.

I'm a bit rattled, and would appreciate all thoughts on how this might have happened, or what else I should be doing now.

Ken

a couple of thoughts...as was mentioned any online purchase puts the CC number into cyberspace. hackers target companies often because they are lax on security so numbers get stolen. if you suspect some malware or akey logger on your computer then I would format the hard d rive and reinstall windows. These programs are very good at avoiding detection. For online purchases using your CC then consider running ubuntu in its "live version" only for these transactions. When you connect to a secure server it should show https. Is it possible you logged into a spoofed site? did you install anything that came as an attachment in an email?

i discovered one day that 3 charges to the iTunes store were made on my CC for about $320 total. I had to sign and return by mail an affidavit that it was not me who made these purchases. my guess is that a local gas station attendant cloned my CC when I was paying for gas as these purchases appeared almost right after. Fraud is rampant in the CC business and companies are quite aware of it.

It would not have surprised me if my credit card number alone was stolen, since it is "out there" on all my online transactions. What scares me is that they were somehow able to log into my credit card account online. Unless they have some sort of backdoor access, that means they got my username and password somehow. What's worrying is a) what information about me were they able to get with access to my credit card account information (SS#, date of birth?) and b) how did they get my username and password?

I do not have a smartphone, and do not use my username/password anywhere except my home computer. There is no chance of any problem from inside my home, it's just me and immediate family. I'm very careful about spoofing, never click on emails, always access the credit card website from my bookmarks. No new software, and I'm careful with the few programs I download to get them from a reputable site like cnet. Our wireless network is password protected, and anyhow we live in a rural area and I don't think the signal reaches anywhere near the street or neighbors (barely makes it to my bedroom).

So, I still can't come up with anything other than some sort of password stealing malware (browser based?) on my system or Discover themselves being hacked. I use Chrome as my browser, if that gives anyone any ideas. After this came up yesterday, I cleared all the browser data, (although I never have it save important passwords)

Other thoughts? Other anti-malware to run?

Thanks -

Ken

Do you use strong passwords? Way too many people use stuff like ABC123, Password! or names of dogs, spouses or children, which any self-respecting bot can crack in no time. Or use the same password on multiple sites with varying levels of security. My compromise has been to use LastPass as a password manager. I'm hosed if they are ever hacked, however in the meantime every account I have has a different, very strong password (things that look like "S*Du2xVHV%t5^#e5R!") that can be changed regularly, and I only need to remember one to get into the system.

It's possible that the bank or issuer was hacked. I had that happen with a debit card and if the thief hadn't been greedy - tried to withdraw way more than the daily max - I'd not have known about it for some time. That crack never made any news that I saw so just because you didn't read about a hack doesn't mean it didn't happen.

I've done sort of what Chuck recommends except I created an entirely separate 'computer' (actually a bootable partition with O.S. and apps) used only for secure transactions. It's not bullet proof but there is no one magical piece of software that ensures security, it's a layered process. Not using that 'computer' to do email, social media, general web surfing, not installing flash or java seem like a reasonable step. Sure a financial institution's web site could be booby trapped to download malware on users' machines but I hope institutions responsible for serious transactions harden and more closely monitor their sites than do facebook, twitter, TMZ and the like. Using an 'non-standard' operating system is another layer. Today most malware needs Windows services/Flash/Java to do their dirty work. Not all but most. Could that change? Sure, but it hasn't yet that I'm aware.

A common scam is to send out mass emails purportedly from a well known credit card issuer, saying they your password was changed and/or they have denied a purchase. Then they say, if you have not changed please call xxx-xxx-xxxx or click on the following security link.
When you do, they will ask you to verify your account and go through some whatever and say everything is all better. That is why I asked which number you used.

Never call a number on an email. Never click on an emailed link.
Never give out any information over the phone unless YOU initiated the call through the number on the back of the card.

If they stopped a card, verify it.

I'm betting someone stole your info from an online transaction or could be a local purchase. I just had this happen to me last weekend. Someone made a $4500 purchase with my cc at Home Depot in Humble, Texas. I haven't been to Texas in a couple years. I called Visa and had the card cancelled. Visa is sending me a new card and affidavit to sign denying the purchase. One of those things you hear of all the time but don't think about it happening to you. The electronic information age is kind of scary for us old folks.

Do you use wireless at home? If so how robust is your wireless security? Lots of good questions and info here.

Typically when you go to buy something online they want you to set up an account. You need to give them your email, a password and then you use your credit card to buy something. If that site gets hacked or isn't fully legit, and you used the same password as your CC account then you just gave a hacker all the information they needed to access your CC account.

It is safe to assume that ANYTHING which you put on the internet can quickly become part of the public domain. Between hackers on your end, keystroke trackers, and hackers on their end, nothing is secure. I think we have seen that pretty well documented with Home Depot, Target and Blue Cross--where they got the whole shooting match: Name, address, SS#, CC# and other personal history.

The problem with the new i-pay from Apple has been not with the link between your phone and the cashier, but with folks uploading your stolen CC info into their phone and spending away.

We all put the info out there. You just shouldn't be surprised when it gets compromised, and you must be prepared to act quickly to shut things down when it gets, inevitably, stolen.

It's part of life, 2015 style.

So, I still can't come up with anything other than some sort of password stealing malware (browser based?) on my system or Discover themselves being hacked. I use Chrome as my browser, if that gives anyone any ideas. After this came up yesterday, I cleared all the browser data, (although I never have it save important passwords)

Other thoughts? Other anti-malware to run?

Thanks -

Ken

Those would be my guesses, too. One more to add is that you used someone else's computer to access your E-Mail and THAT computer was already compromised.

Any malware worth its weight will attempt to enumerate any saved passwords and transmit that to a server somewhere, before you even realize you're infected.

That is why I tell people to never save passwords. When an E-Mail app or browser asks if you want to save a password, answer "nope."

Typically when you go to buy something online they want you to set up an account. You need to give them your email, a password and then you use your credit card to buy something. If that site gets hacked or isn't fully legit, and you used the same password as your CC account then you just gave a hacker all the information they needed to access your CC account.

This is where I was headed. People don't realize they hand out all of the info needed... there's a reason it's suggested you use multiple accounts for different things.

This is where I was headed. People don't realize they hand out all of the info needed... there's a reason it's suggested you use multiple accounts for different things.

But websites aren't typically saving the password, they've saving a hashed representation of the password. You can't get the password from what they're keeping in their database.

Thanks for the ideas folks.

So far as I am aware, this site's password was not saved in my browser. I do not let the browser save passwords for important sites, for this exact reason.

And, this password wasn't used anywhere else. It wasn't a terribly strong one, though, just a name and 3 digits. You can be sure all my new passwords are much stronger.

How is bot able to figure out a password? Are they somehow able to get the number of digits and just keep trying combinations? I'd think most login software would lock you out after a few attempts.

Ken

But websites aren't typically saving the password, they've saving a hashed representation of the password. You can't get the password from what they're keeping in their database.

If the website is following proper procedure... but how many high-profile sites have we seen that don't? Of course, just when I need them, names of sites escape me at the moment... but wasn't Tumblr one, or Instagram, etc. There was a pay site in the last year or so, but that one escapes me, too... something about passwords being stored in unencrypted form.

Nutshell, plenty of sites don't follow the rules when it comes to your ID safety.

If the website is following proper procedure... but how many high-profile sites have we seen that don't? Of course, just when I need them, names of sites escape me at the moment... but wasn't Tumblr one, or Instagram, etc. There was a pay site in the last year or so, but that one escapes me, too... something about passwords being stored in unencrypted form.

Nutshell, plenty of sites don't follow the rules when it comes to your ID safety.

Right, that is why I said "typically." I just did some googling and I can't find any major sites, or even sites I recognize on any lists of offenders for storing passwords in clear text.

I'm sorry to hear about your problem. I have been hit by 2 breaches at the CC companies (Target and HD) in the last few years though no bogus charges ever showed on my statement.

Phil T. is the one to listen to about this because he has quite a bit more expertise and knowledge about the subject than I ever will.

There are quite a few options but here are a few that come to my mind:

1)You could have logged into a bogus CC web site providing all of your info
2) Same CC and password used at multiple places as well as with CC website
3) CC breach
4) Data skimmed off your computer via "Autocompete forms" stored "for your convenience" or the convenience of criminals (to remove in IE go to to the following tabs Tools-->Delete Browsing History-->Forms Data or something similar depending on your version of IE. I check to remove all sources of data (cookies, history,etc) regularly and delete all history after every online transaction. This one might be likely since it seems they intercepted email notifications as well (unless your CC company has the wrong email address on file or it didn't reach your email in a timely fashion).

...

Make sure you have a unique password for each site. A friend also used to give a different middle initial for each online transaction that was the first letter of the company (So he was Joe W Smith for Woodcraft purchases and Joe R Smith for Rockler purchases). That way he could figure out where the data originated if there was a breach.

Watch this for about 2 minutes. Then you'll understand the magnitude of it all.

http://map.ipviking.com

If you visit a hotel, restaurant, or business with free wifi and you log into their service and then go to e-mail or purchase something, the server they use has your log-in information. Another business sent a notification that my credit information was compromised yesterday. It's all to common these days with the military, VA, Home Depot, the list seems endless.

Watch this for about 2 minutes. Then you'll understand the magnitude of it all.

http://map.ipviking.com

For clarification, Norse is a manufacturer of net-safety products. From that site:

Every second, Norse collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries. The attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors.
Note the mention of honeypots. There is no indication of what those honeypots consist of, and they could be as simple as a stock SQL server with no security patches or a website that says "hack me". As such, it should be noted the "attacks" they show on that page are illustrative only and unlikely indicative of what's happening on the "real net" (<nudge> It's much, much worse!). Think of it as a tiny simulation of what's really happening, but don't view it as actual threats.

If you visit a hotel, restaurant, or business with free wifi and you log into their service and then go to e-mail or purchase something, the server they use has your log-in information.

Not really, most of the sensitive stuff is transmitted securely.

Note the mention of honeypots. There is no indication of what those honeypots consist of,

That's what got Winnie the Poo in trouble....

Clearly we aren't doing enough to attack China.

Norse is trying to find out WHO is attacking so they can add that info to their database. I agree with Dan that is just a sample of the "real net" and the reality is much worse.

My own business Watchguard "firewall" gets a hit from a new attacker every minute or so on each of the three internet connections. The types of hits looks very much like those shown in Norse's representation.

I'm about ready to kill the T-1 and only keep the 2 FIOS connections so I set up a honeypot on the T-1 around the first of the year to see if that made it more of a target. I setup Server 2003 running IIS and SQL 2005. I let the traffic go through the Watchguard so I could see it but without any restrictions. It didn't seem to attract any more hits but it was destroyed pretty quickly. After the third time deleting and reinstalling the VMware VM, I came to the conclusion that it wasn't attracting any more hits than the protected connections.

I'm aware that Norse is their own little corner of the internet, but it's pretty amazing statistics they show, as far as the number of blocked attacks, etc.

Like Dan and Greg have said, this is just one company, imagine what the entire system is dealing with. It's mind blowing.