Someones got my credit card details

[juiceuk]

I had an automated phone call from Lloyds fraud prevention saying my credit card details had been used. I don't like confirming detail to someone or something that calls me so I called lloyds back myself. I was told that someone attempted to spend £800 at soccerpost.com. The transaction was blocked and that card canceled. I have two PC's one vista 64bit and one is XP and they both have Avast and Windows Defender running. I use Hostman and Spyware Blaster on the XP and OpenDNS set on the router. I have done scans with Avast, MBAM, SUPERAntiSpyware, Windows Defender and Spybot on the XP computer and only SUPER found anything here is the log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/23/2009 at 09:11 PM

Application Version : 4.26.1004

Core Rules Database Version : 3952
Trace Rules Database Version: 1894

Scan type       : Complete Scan
Total Scan Time : 00:19:36

Memory items scanned      : 452
Memory threats detected   : 0
Registry items scanned    : 6147
Registry threats detected : 0
File items scanned        : 24285
File threats detected     : 5

Adware.Tracking Cookie
   C:\Documents and Settings\deano\Cookies\deano@atdmt[2].txt
   C:\Documents and Settings\jackie\Cookies\jackie@atdmt[2].txt

Rogue.AntiSpyBoss-FakeThreats
   C:\WINDOWS\$HF_MIG$\KB887742\SPMSG.DLL

Trojan.Smitfraud Variant
   C:\WINDOWS\SYSTEM32\DLLCACHE\IRCLASS.DLL

NotHarmful.Sysinternals Bluescreen Screen Saver
   C:\WINDOWS\SYSTEM32\SYSINTERNALS BLUESCREEN.SCR



I sent the SPMSG.DLL and IRCLASS.DLL to Virus Total and it did not find anything wrong with them. What do you guys think are these False Positives?

Virus Total Results

SPMSG.DLL

http://www.virustotal.com/analisis/e4be20ffd86a5fda782d8e14a211d780ffb4678a88a515416c83eed24972f1f3-1245790454

IRCLASS.DLL

http://www.virustotal.com/analisis/7784ef4f0c425eb5578559102faaa99c4fba0ab2c2ff7dbe5fcc3c9e731a97a7-1245791349

So far I have done scans with Avast, MBAM and Windows Defender on the Vista 64bit and nothing has come up.

I shall do SUPER and was thinking of downloading Avira AntiVir and installing it as an on demand scanner for both PC's. I would like to know peoples ideas of additional scans I should run on both PC's. Best rootkick detector? I have only used the card a few times at only a few websites the last time at scan a month ago. Whats the chances it's nothing to do with my PC security and more to do with the online shops. I do not store passwords or card details on my PC and always run CCleaner and check that websites are secure when giving details.

[Sebby]

I would say it's much more likely that the details have been stolen from somewhere you've used the card, rather than it being a PC security issue.  Unfortunately, this is inevitable these days, and thankfully Lloyds blocked the transaction.

[Simon]

I agree with Sebby.  Have you done any online shopping anywhere new recently?

[Gary]

Could even be a store its as SEbby and Simon say, information is harvested from lots of places, even bank machines, have you used a ATM thats outside a bank recently?

[JB]

From reading the Money Saving Expert site I note there has been a spate of credit card details ripped off at some petrol stations.

[Tacitus]

I've had this happen to me and refused to go through Lloyds automated messages since they could quite easily have been a scam.  Got on to Lloyds direct to find someone had been using my card to buy postage stamps.  I believe you can get pre-paid labels which in the criminal world are as good as money.

The card was soon blocked as it was maxed out, but I use a separate card with a low limit purely for online and phone transactions so the bank didn't lose a lot. 

Like Sebby I came to the conclusion it was at the other end of the transaction where the details had been hacked.  I use the same home machine for all transactions: it's a Mac - forget the jokes - so it was much less likely, albeit not impossible it was at my end.

One of the problems is that rather than use one of the big shopping cart merchants, a lot of small businesses try to either do it themselves, or get Fred down the pub to set it up and don't really know what they're doing.  I appreciate people like Kagi, Paypal, Transaction1, Protex etc charge a premium, but by and large they know what they are doing since their reputation depends on it.   In practice they are more secure, not 100% but much better than the average mom and pop spare time operation.

Most people focus on the security of your PC but far too little attention is paid to the other end of the transaction where some small vendors are wide open.

[Simon]

Most people focus on the security of your PC but far too little attention is paid to the other end of the transaction where some small vendors are wide open.

That's very true.  I used a small clothing retailer a couple of times, and although I could never prove it was them, a short while after each transaction, my card was defrauded.

[Ray]

I've just found 2 transactions on one of my CCs that I haven't made for amounts below £10  I'm waiting for a call back from my Bank. 

[Simon]

That's a pain, Ray. 

[Ray]

That's a pain, Ray. 

It is, Simon, I've now spoken to the bank and the card has been cancelled and I am awaiting issue of a new one and the paperwork to sign disputing the 2 transactions, obviously it's someone trying it on as the amounts were only for just over £7 with some organisation I've never heard of. 

[Simon]

It's lucky you spotted them, Ray.

[Sebby]

This is a good reason to check statements online on a daily basis.

[colonelsun]

Have you, by any chance, allowed an old credit card statement to go into the bin without shredding it first?

Only last year there was a gang of guys in my village openly going through wheelie bins etc and no dustman i know can afford a £400 wrist watch.

[quandam]

juiceuk

Always, always cross shred (in preference to strip shred) all your 'personal' correspondence, be very strict with this as this is an easy way to piece together your 'profile'.

I agree with other comments, unlikely the problem arose from a PC security issue

[Tacitus]

TBH if you were a criminal which would you go for?  Someone's home PC where you might catch one, maybe two credit cards, or go for a small retailer where you stand to gather hundreds.  

OK some script kid might have a go, particularly that lad down the road trying to be a smart arse, but to the serious criminal it's no contest.  OK you can distribute malware to catch the low hanging fruit, but a hacker will always go where the effort is likely to reap the big reward.

[Noreen]

TBH if you were a criminal which would you go for?  Someone's home PC where you might catch one, maybe two credit cards, or go for a small retailer where you stand to gather hundreds.  

OK some script kid might have a go, particularly that lad down the road trying to be a smart arse, but to the serious criminal it's no contest.  OK you can distribute malware to catch the low hanging fruit, but a hacker will always go where the effort is likely to reap the big reward.

As shown here (previously posted in IDNatter) http://www.newscientist.com/article/mg20227135.700-cash-machines-hacked-to-spew-out-card-details.html

[Tacitus]

As shown here (previously posted in IDNatter) http://www.newscientist.com/article/mg20227135.700-cash-machines-hacked-to-spew-out-card-details.html

Must have missed that when it was first posted Noreen.  I'm constantly amazed at the number of things that boast high security and use Windows instead of something purpose written.  If the Banks were able to sue Microsoft for consequential loss it might make them produce a decent OS which would be to everyone's benefit.

[juiceuk]

I've done a few more scans on both PC's with a2, Eset on-line scanner and avira (installed as on demand) and still nothing. I know it's no guarantee that I'm 100% clean but that's a lot of scans with nothing other than the 2 .DLL files that SUPER showed up that look to be F/P.

@ Simon
The only places I' used my CC card that I can think of are Scan, Play.com, Shopto.net, Amazon.
Do Amazon handle the transactions for the marketplace sellers?

@ Gary
I don't use my CC card at ATM's and I've not done any purchasing at shops with it. I always forget the pin and I don't like the charge they put on cash withdrawals.

@ Colonesun & Quandam
I keep my bank and CC statements. Everything with personal details on it gets cross shredded and put in the compost bin in the garden.

In future to help rule anything out my end I think I'll do my on-line purchases and banking on my newer PC that came with Express Gate. Express Gate is a custom Linux distribution (Splashtop Linux) installed to a Flash ROM that's a part of the motherboard.

[Gary]

I've done a few more scans on both PC's with a2, Eset on-line scanner and avira (installed as on demand) and still nothing. I know it's no guarantee that I'm 100% clean but that's a lot of scans with nothing other than the 2 .DLL files that SUPER showed up that look to be F/P.

@ Simon
The only places I' used my CC card that I can think of are Scan, Play.com, Shopto.net, Amazon.
Do Amazon handle the transactions for the marketplace sellers?

@ Gary
I don't use my CC card at ATM's and I've not done any purchasing at shops with it. I always forget the pin and I don't like the charge they put on cash withdrawals.

@ Colonesun & Quandam
I keep my bank and CC statements. Everything with personal details on it gets cross shredded and put in the compost bin in the garden.

In future to help rule anything out my end I think I'll do my on-line purchases and banking on my newer PC that came with Express Gate. Express Gate is a custom Linux distribution (Splashtop Linux) installed to a Flash ROM that's a part of the motherboard.

Amazon handle all transactions, I'm a market place seller, and its all done out of my hands. I would say it may be any one of the three, all you need is a greedy employee and that's it hundreds of credit card details harvested. I use one card online and use a sandbox when doing online shopping.

[colonelsun]

This is probably way out there and not relevant but then i remembered something that happened a few years ago. A postman in our area was arrested when his landlady complained to the police about another matter. Inside the guy's flat were hundreds of bin bags with letters, birthday cards and new credit cards inside them. As a postman he knew that birthday cards may contain money and he knew that new credit cards lost in the post weren't always a priority for the banks. Anyway, this guy was the most stupidest thief ever because he kept all the cash and only made a few purchases with the credit cards.

Still, it got me thinking because my mother was mugged nearly 2 weeks ago, my credit card information was among the things taken and a few days ago i received my replacement credit cards. The envelope looked half open at the back and the gum was warm and sticky. It did make me think of all sorts, quite rightly these days, but i later dismissed the idea.

[Gary]

This is probably way out there and not relevant but then i remembered something that happened a few years ago. A postman in our area was arrested when his landlady complained to the police about another matter. Inside the guy's flat were hundreds of bin bags with letters, birthday cards and new credit cards inside them. As a postman he knew that birthday cards may contain money and he knew that new credit cards lost in the post weren't always a priority for the banks. Anyway, this guy was the most stupidest thief ever because he kept all the cash and only made a few purchases with the credit cards.

Still, it got me thinking because my mother was mugged nearly 2 weeks ago, my credit card information was among the things taken and a few days ago i received my replacement credit cards. The envelope looked half open at the back and the gum was warm and sticky. It did make me think of all sorts, quite rightly these days, but i later dismissed the idea.

I have had a few that look openish it does make you wonder

[colonelsun]

I have had a few that look openish it does make you wonder

One of my first jobs during Summer break was as a postman and i soon realised why the letters looked like they'd been opened. The main reason is 40 or 50 people could have handled that one letter before you've even set eyes on it. And people handle envelopes in different ways, at the corners, in the middle. People also treat envelopes in different ways...then there's the way they are stacked before being incased in an elastic band, then the elastic bands will be removed at the next stop for sorting again. And it goes on.

I can assure you though that they do still play football with the parcels. So if you're thinking of sending any cut glass through the post.......LOL

[Sebby]

...Don't use Royal Mail.

[sobranie]

just had a call from mbna fraud dept, my cards have been compromised 
2 entries (1 for £1 to yahoo and another for £1 to an unknown company) The low amounts set the alarm bells ringing at mbna who watched my account and were not particularly surprised to see 2 attempted card payments (1 for £1900) and (1 for close on £4000) . Account cancelled by mbna who will send me new cards in a weeks time.
Moral .... watch out for any extremely low amounts on your card that haven't been authorised & ring your card company immediately if you see this pattern of activity.
jftr, this is the second time around this has happened. The only use of the cards has been on the internet & I suspect a secondary supplier linked to Amazon but I have no proof I'm afraid.

[colonelsun]

Sorry if i seem dozy but do you mean that an Amazon seller might be responsible? If so i had no idea they got anywhere near your cc details, that's shocking.

[Simon]

So, you had two cards compromised at once, Rick?  That's going some!   

Sorry if i seem dozy but do you mean that an Amazon seller might be responsible? If so i had no idea they got anywhere near your cc details, that's shocking.

I don't think they do.  As far as I am aware, all payments go through Amazon, and if it turns out that market place sellers do have access to card details, it will certainly change the way I shop at Amazon.

[Sebby]

That's my understanding as well, Simon.

[colonelsun]

Thanks Sebby & Simon, i was on the verge of closing my Amazon account, i'll hold off for now though.

Have to admit i'm still a bit confused about the Amazon link.

[sobranie]

I have no proof that the compromising situ was via amazon because mbna fraud dept will not divulge enough info.
BUT ......  perusing purchases around the time of the fraud there was only one instance apparent and that was to a subsidary of amazon.
However, I totally lack proof of the errant transaction as mbna will not furnish details now or in the future.
I wish it to be known that I am in no way allocating blame to any organisation at this juncture.
mbna have also cancelled my log in on their site too!
NB: 2 cards were compromised in that my missus and I have the same card no. with mbna.

[Simon]

I do think it's annoying that the card companies won't divulge information relating to a fraud.

[Sebby]

That would be against the fraudsters' human rights.

[Gary]

So, you had two cards compromised at once, Rick?  That's going some!   

I don't think they do.  As far as I am aware, all payments go through Amazon, and if it turns out that market place sellers do have access to card details, it will certainly change the way I shop at Amazon.

I sell on Amazon, all payments go though amazon so they take their cut etc. Then now also are implementation that a seller only gets paid when the goods are dispatched. I as a market place seller do NOT get to handle the transaction, subsidiaries of Amazon have to follow the Amazon rules and you can file a claim though the  A to Z Amazon guarantee claim. which is as follows.

You can file an Amazon.co.uk A-to-z Guarantee claim if you purchased physical goods from a seller or merchant selling on the Amazon.co.uk website (including the Amazon.co.uk Marketplace platform). See "Exclusions from coverage" below for a list of items that are not covered by the A-to-z Guarantee.

One of the three conditions below must also apply:

   1. You made payment to the seller through the Amazon.co.uk website, but the seller failed to deliver the item by 3 calendar days past the maximum estimated delivery date for an order or 30 days from the order date, whichever is sooner; or
   2. You received the item, but the item was defective, damaged, or not the item depicted in the seller's description; or
   3. You have returned the item to the seller per an agreement between the buyer and seller and the seller has not provided the agreed refund to the buyer after receiving the item.

You must first contact the seller through Your Account before filing a claim. From the order details, click "Problem with this order?" and "Contact your Seller." Please allow three business days to give your seller a chance to address the issue. You can submit a Guarantee claim if the seller does not respond or if the issue is not addressed to your satisfaction.

I have sold several thousand pounds worth of goods now, and not at any time do I handle anyone's card details or even see them as a marketplace seller.

[Simon]

Thanks Gary, that's good to know.

[colonelsun]

Is there any possibility Amazon redirected you to a dummy/bogus webpage?

[andyp]

The same thing happened to me a few months back when Barclaycard asked me about a purchase of over £1000 pounds for Business services. The card was blocked and I could not understand how this happened as I use Roboform. Each password is a 16 character random generated password and the Master password a 43 bit random character password and that to encryted with a password. The only purchase I had made was a day before through Amamzon, so I thought the problem was probably at Amazon so I immediately changed the password. Where ever possible I try and use Paypal but it is still a constant worry which it should not be.

[sobranie]

Is there any possibility Amazon redirected you to a dummy/bogus webpage?

Unlikely. The goods ordered via Amazon arrived OK.
Have spent the weekend changing passwords etc and double checking whether a key logger is at work somewhere.
A friend advised me that if someone compromised your CC they may not bother attempting useage for a month or so. New can of worms in that the prob could have come from any source over an extended period.
Interesting point now, attempted to remove card details from Paypal but site refused to do it because of current activities. Have mailed them and advised that my card details with them are null and void and will be rejected by my cc company. No reply so far!!
This is one unholy mess (again). Suffice to say that mbna are ahead of the game and have cancelled the cards together with dubious transactions.
If only mbna would release details of the fraud I'd know who I'm batting against but absolutely no chance I guess!

[Simon]

It may not be one specific retailer.  I was told, when my card was last done, that the fraudsters have machines which try random card numbers and expiry dates, until one "clicks", which are the small amounts you find on your statements prior to the bigger amounts going out.  It could be just bad luck.

[colonelsun]

It's all very worrying....i really hope you haven't lost the trust issue with online shopping....though i can see a lot of people would.

Just a thought but have you tried Googling your problem? There just might be a whole lot of people with similar problems and vented their anger on a forum.

[Baz]

just found recently that my wifes debit card has had 3 suspicious transactions each of £30 for what looks like mobile phone top ups. Google threw up similar ones with same wording as was on her statements. Its in the police and fraud department hands now according to bank and new card now issued.This has happened to us a few times now and it annoys me that I never seem to find out where it comes from. Im guessing its from an online transaction but you just never know.I would like to find out and would just strop using the place and warn others too.Surely the banks/police must know how it originates.How do you find out where they got your details from.

This got me thinking about everyones online usage, how do you buy and with what.do you have a separate account just for this.

I was thinking of doing this and keeping all purchases separate.What do you think

[Rik]

I keep one card for online transactions, Baz, everything else is done on others. If an online transaction shows on the 'face to face' cards or vice versa it's easy to resolve.

[colonelsun]

From day one i never distrusted online shopping but in the beginning i always shopped with the well known high street names or brands i'd heard of......which might be shocking to new businesses setting up online. Today i always do a search on Google for the company, if it's new to me, i do my best to establish the shop actually exists, i especially look out for negative reviews and there has been several companies i've refused to shop with. My bottom line is that i'm trusting complete strangers with my credit card details and if their web page is confusing, dodges issues, is slow emailing back, and a Google search throws up a load of complaints....then they don't get my business.

Over the years i've discovered some online gems, i've also saved lots of money, there's more chance of someone stealing your details in a shop than there is someone doing the same in a reputable, secure online store. And the billions we Brits spend online seem to suggest we want this new service.

[Rik]

I'd be lost without it for so many items, Dave.

[Simon]

I used to have a card with a low limit specifically for online purchases, but now I just use my regular card.  I am careful where I buy from, and tend to stick to the same retailers.  I don't particularly worry about my card being defrauded.  If it happens, it happens.  All it means to me is the inconvenience of having to cancel the card and wait for a new one, especially if I have pending orders.  The banks cover for fraud, so I know I won't be out of pocket.

[Sebby]

I think very much the same way, Simon.

[Baz]

great advice thanks.If you have had fraud on your card did you ever find out how and where it was got at, thats what bothers me the most.Looking at statements from this account there were some transactions BEFORE the dodgy ones that make me wonder about where/who got the details, as you mention we also try to stick with good companies online but when sometimes you find a new one,you use them and then this happens, it puts so much doubt in your mind about them.

is it possible to find out the cause of it or do the banks or investigators not say

[Gary]

great advice thanks.If you have had fraud on your card did you ever find out how and where it was got at, thats what bothers me the most.Looking at statements from this account there were some transactions BEFORE the dodgy ones that make me wonder about where/who got the details, as you mention we also try to stick with good companies online but when sometimes you find a new one,you use them and then this happens, it puts so much doubt in your mind about them.

is it possible to find out the cause of it or do the banks or investigators not say

We have had cards used I think three times without our consent, each time we were never told how and by whom, I narrowed it down to a list of subjects, but you never know, the credit card companies never divulge that information sadly, well they never had to us and I had over £1000 taken out on my American Express.

[Simon]

Yes, it would be really useful if the CC company divulged where the breach came from, but I guess there's all sorts of litigation issues around that.

[colonelsun]

If your cards are compromised or stolen please know that Barclaycard are a joke when it's time to report the loss. I spent 5 minutes with phone menus only to be told that i was in the wrong area, when i finally got to the stage of reporting the loss of my details....i was in India, apparently, and had to spell out every letter of every word, that took a further 25 minutes. I couldn't understand a word being said and the whole experience was upsetting as i had no idea of knowing if i had been understood.

With my Halifax card it took literally 4 minutes, i spoke to someone born in the UK and they were very helpful.

Ironically i'm suing Barclaycard for a mis-sold insurance and they're even slower regarding that.

[Rik]

I found Barclaycard useless too, Dave, until I got the phone number of a UK-based unit. ATM, I'm finding Capital One good.

[Simon]

No complaints about the Halifax from me either. 

[colonelsun]

I found Barclaycard useless too, Dave, until I got the phone number of a UK-based unit. ATM, I'm finding Capital One good.

I will definitely ditch Barclaycard once they've paid up for the mis-selling thing. I would gladly ditch all my cards, if i could, but i can't live without them now.

[colonelsun]

No complaints about the Halifax from me either. 

And the female telephone operators have the sexiest voices. Like they've been on 60 cigs a day for life. The Barclaycard rabble all sound foreign and sound like they gargle with razor blades!

[Sebby]

I've just switched my current account to the Halifax Reward and am pretty happy with the service.

[colonelsun]

I've just switched my current account to the Halifax Reward and am pretty happy with the service.

I've actually never switched accounts before, is it easy to do?

[Rik]

With many banks, yes. They will 'pick up' all of your DDs from your current bank, just leaving you to move the incoming payments yourself.

[Simon]

I've actually never switched accounts before, is it easy to do?

You can do it online, Dave, but I haven't, as I didn't like the idea of the charges structure.  Look carefully before you leap.

[Sebby]

With many banks, yes. They will 'pick up' all of your DDs from your current bank, just leaving you to move the incoming payments yourself.

Correct, though I've found it's quicker to do it yourself - otherwise new bank writes to old bank to request a list of DDs, new bank sends them to you asking which you'd like to move over, you send back to new bank, they then write to each company.

Simply open your new account, call the companies and change/change online direct debits, and once that's done (no more than a couple of weeks) close your old account.

[Baz]

good news .....just got a refund into my wifes account for the £90 that was spent when her card was mis-used.

Fraud refund is how it was named on the statement. So well done Natwest or the fraud department for that, just over a week since reported 

[Rik]

That's good, Baz. 

[Baz]

it gives you a bit faith in the system Rik yeah 

ok its not as much as some people have lost we were lucky really, but its still happening too much isnt it.

[Rik]

Way too much, Baz.