Results 1 to 11 of 11

Thread: It can never happen to me

  1. #1
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,293

    It can never happen to me

    I was sure that I was careful enough and smart enough not to end up with a security mess on the internet.

    I am not a big user of eBay. I purchase items on eBay two or three times a year. The last time was two or three months ago. Suddenly on Sunday afternoon, I started getting a series of emails reporting bid status on a notebook computer. Later received a notice that I had placed the winning bid on that notebook.

    After reading reporting methods, I contacted their account security people and found out that someone had succeeded in accessing my account and had changed registration information and shipping info. After locking the account down and reversing transactions, I was issued a new password. Ebay once again released my account. I then entered my account info to find out this guy had left tracks all over. He had changed the registration to another name with a New York address. The shipping address had been changed to Nigeria. At this point I decided to permanently close the account. I also closed credit card accounts and arranged for new cards to be issued. That was probably overkill, but I am not taking any chances.

    How did it happen. I did system scans with all my security software. I even changed my AV software. I have used AVG for a long time. Changed to Kaspersky yesterday. Found nothing. My best guess is that this guy beat a weak 6 character password. The account was opened years ago when we didn't have the security concerns that we have today.

    So far it looks like I was able to stop this early enough to avoid credit issues.

    My recommendation is that you use a strong password for any financial account. In the future, any site that will accept it is getting a 20 character password from me.
    Linux Mint Debian Edition

  2. #2
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,638
    Amazing. Glad you got it sorted.

  3. #3
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    Wow, that is scary. Very glad no financial troubles come from it! Can Credit Card fraud happen without you knowing it? I thought the companies would call to ask about weird transactions?

    If you dont store the credit card info on ebay, are you safe?

    *runs to install biometric security on all accounts!*

    --- 0wN3D by 3gG ---

  4. #4
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,293
    Quote Originally Posted by cash_site View Post
    Wow, that is scary. Very glad no financial troubles come from it! Can Credit Card fraud happen without you knowing it? I thought the companies would call to ask about weird transactions?

    If you don't store the credit card info on ebay, are you safe?

    *runs to install biometric security on all accounts!*
    You are right. You are protected against fraudulent charges to a credit card. I was just taking pro-active action. I believed it is easier to get new cards than to try to undo fraudulent charges. The card company had no problem with the request. They would have to eat bad charges that might occur.

    I hope this is over, but you can bet that I will monitor everything closely.
    Linux Mint Debian Edition

  5. #5
    Head Honcho Administrator Reverend's Avatar
    Join Date
    Apr 2002
    Location
    England
    Posts
    14,044
    Are you sure they brute forced your password or can you remember if you ever inadvertently clicked on a link in one of the "update your account details" scam emails that are prevalent.

    The emails ask you to update your account details by clicking on a spoofed login link.

    =========== Please Read The Forum Rules ===========

  6. #6
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,622
    WOW an identity theft story that actually didnt cost you green.



  7. #7
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,293
    Quote Originally Posted by Reverend View Post
    Are you sure they brute forced your password or can you remember if you ever inadvertently clicked on a link in one of the "update your account details" scam emails that are prevalent.

    The emails ask you to update your account details by clicking on a spoofed login link.
    I have been very careful concerning spoof emails. If I did as you said, I was unconscious at the time.
    Linux Mint Debian Edition

  8. #8
    Head Honcho Administrator Reverend's Avatar
    Join Date
    Apr 2002
    Location
    England
    Posts
    14,044
    Quote Originally Posted by efc View Post
    I have been very careful concerning spoof emails. If I did as you said, I was unconscious at the time.
    OK, just wanted to check. Wasn't suggesting you were imcompetent.

    =========== Please Read The Forum Rules ===========

  9. #9
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    I've had a few of those email scam emails.. hit the delete button straight away!!

    LOL, then manually changed my password.. something so good, even i cant remember!

    --- 0wN3D by 3gG ---

  10. #10
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,293
    Quote Originally Posted by cash_site View Post
    I've had a few of those email scam emails.. hit the delete button straight away!!

    LOL, then manually changed my password.. something so good, even i cant remember!
    You don't need to remember them with this program - LINK. I even go a step beyond by keeping the Keypass data file on a flash drive. When I need a password, I plug in the drive and open the software, which has a master password. The password data base is hidden behind *****'s. With a click of the mouse the pw is temporarily copied to clipboard. cntr v copies it into the website. The clipboard clears after a specified period of time. I use 10 seconds. I then remove the flash drive. As I said earlier I use strong passwords for financial sites. After recent events, I have reset password generator from 20 to 24 characters.
    Last edited by efc; April 5th, 2007 at 15:09 PM. Reason: more info
    Linux Mint Debian Edition

  11. #11
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    Cool, a few friends use a password manager, i might have a look into it

    --- 0wN3D by 3gG ---

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •