Someones got my credit card details

[juiceuk]

I had an automated phone call from Lloyds fraud prevention saying my credit card details had been used. I don't like confirming detail to someone or something that calls me so I called lloyds back myself. I was told that someone attempted to spend £800 at soccerpost.com. The transaction was blocked and that card canceled. I have two PC's one vista 64bit and one is XP and they both have Avast and Windows Defender running. I use Hostman and Spyware Blaster on the XP and OpenDNS set on the router. I have done scans with Avast, MBAM, SUPERAntiSpyware, Windows Defender and Spybot on the XP computer and only SUPER found anything here is the log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/23/2009 at 09:11 PM

Application Version : 4.26.1004

Core Rules Database Version : 3952
Trace Rules Database Version: 1894

Scan type       : Complete Scan
Total Scan Time : 00:19:36

Memory items scanned      : 452
Memory threats detected   : 0
Registry items scanned    : 6147
Registry threats detected : 0
File items scanned        : 24285
File threats detected     : 5

Adware.Tracking Cookie
   C:\Documents and Settings\deano\Cookies\deano@atdmt[2].txt
   C:\Documents and Settings\jackie\Cookies\jackie@atdmt[2].txt

Rogue.AntiSpyBoss-FakeThreats
   C:\WINDOWS\$HF_MIG$\KB887742\SPMSG.DLL

Trojan.Smitfraud Variant
   C:\WINDOWS\SYSTEM32\DLLCACHE\IRCLASS.DLL

NotHarmful.Sysinternals Bluescreen Screen Saver
   C:\WINDOWS\SYSTEM32\SYSINTERNALS BLUESCREEN.SCR



I sent the SPMSG.DLL and IRCLASS.DLL to Virus Total and it did not find anything wrong with them. What do you guys think are these False Positives?

Virus Total Results

SPMSG.DLL

http://www.virustotal.com/analisis/e4be20ffd86a5fda782d8e14a211d780ffb4678a88a515416c83eed24972f1f3-1245790454

IRCLASS.DLL

http://www.virustotal.com/analisis/7784ef4f0c425eb5578559102faaa99c4fba0ab2c2ff7dbe5fcc3c9e731a97a7-1245791349

So far I have done scans with Avast, MBAM and Windows Defender on the Vista 64bit and nothing has come up.

I shall do SUPER and was thinking of downloading Avira AntiVir and installing it as an on demand scanner for both PC's. I would like to know peoples ideas of additional scans I should run on both PC's. Best rootkick detector? I have only used the card a few times at only a few websites the last time at scan a month ago. Whats the chances it's nothing to do with my PC security and more to do with the online shops. I do not store passwords or card details on my PC and always run CCleaner and check that websites are secure when giving details.

[Sebby]

I would say it's much more likely that the details have been stolen from somewhere you've used the card, rather than it being a PC security issue.  Unfortunately, this is inevitable these days, and thankfully Lloyds blocked the transaction.

[Simon]

I agree with Sebby.  Have you done any online shopping anywhere new recently?

[Gary]

Could even be a store its as SEbby and Simon say, information is harvested from lots of places, even bank machines, have you used a ATM thats outside a bank recently?

[JB]

From reading the Money Saving Expert site I note there has been a spate of credit card details ripped off at some petrol stations.

[Tacitus]

I've had this happen to me and refused to go through Lloyds automated messages since they could quite easily have been a scam.  Got on to Lloyds direct to find someone had been using my card to buy postage stamps.  I believe you can get pre-paid labels which in the criminal world are as good as money.

The card was soon blocked as it was maxed out, but I use a separate card with a low limit purely for online and phone transactions so the bank didn't lose a lot. 

Like Sebby I came to the conclusion it was at the other end of the transaction where the details had been hacked.  I use the same home machine for all transactions: it's a Mac - forget the jokes - so it was much less likely, albeit not impossible it was at my end.

One of the problems is that rather than use one of the big shopping cart merchants, a lot of small businesses try to either do it themselves, or get Fred down the pub to set it up and don't really know what they're doing.  I appreciate people like Kagi, Paypal, Transaction1, Protex etc charge a premium, but by and large they know what they are doing since their reputation depends on it.   In practice they are more secure, not 100% but much better than the average mom and pop spare time operation.

Most people focus on the security of your PC but far too little attention is paid to the other end of the transaction where some small vendors are wide open.

[Simon]

Most people focus on the security of your PC but far too little attention is paid to the other end of the transaction where some small vendors are wide open.

That's very true.  I used a small clothing retailer a couple of times, and although I could never prove it was them, a short while after each transaction, my card was defrauded.

[Ray]

I've just found 2 transactions on one of my CCs that I haven't made for amounts below £10  I'm waiting for a call back from my Bank. 

[Simon]

That's a pain, Ray. 

[Ray]

That's a pain, Ray. 

It is, Simon, I've now spoken to the bank and the card has been cancelled and I am awaiting issue of a new one and the paperwork to sign disputing the 2 transactions, obviously it's someone trying it on as the amounts were only for just over £7 with some organisation I've never heard of. 

[Simon]

It's lucky you spotted them, Ray.

[Sebby]

This is a good reason to check statements online on a daily basis.

[colonelsun]

Have you, by any chance, allowed an old credit card statement to go into the bin without shredding it first?

Only last year there was a gang of guys in my village openly going through wheelie bins etc and no dustman i know can afford a £400 wrist watch.

[quandam]

juiceuk

Always, always cross shred (in preference to strip shred) all your 'personal' correspondence, be very strict with this as this is an easy way to piece together your 'profile'.

I agree with other comments, unlikely the problem arose from a PC security issue

[Tacitus]

TBH if you were a criminal which would you go for?  Someone's home PC where you might catch one, maybe two credit cards, or go for a small retailer where you stand to gather hundreds.  

OK some script kid might have a go, particularly that lad down the road trying to be a smart arse, but to the serious criminal it's no contest.  OK you can distribute malware to catch the low hanging fruit, but a hacker will always go where the effort is likely to reap the big reward.

[Noreen]

TBH if you were a criminal which would you go for?  Someone's home PC where you might catch one, maybe two credit cards, or go for a small retailer where you stand to gather hundreds.  

OK some script kid might have a go, particularly that lad down the road trying to be a smart arse, but to the serious criminal it's no contest.  OK you can distribute malware to catch the low hanging fruit, but a hacker will always go where the effort is likely to reap the big reward.

As shown here (previously posted in IDNatter) http://www.newscientist.com/article/mg20227135.700-cash-machines-hacked-to-spew-out-card-details.html

[Tacitus]

As shown here (previously posted in IDNatter) http://www.newscientist.com/article/mg20227135.700-cash-machines-hacked-to-spew-out-card-details.html

Must have missed that when it was first posted Noreen.  I'm constantly amazed at the number of things that boast high security and use Windows instead of something purpose written.  If the Banks were able to sue Microsoft for consequential loss it might make them produce a decent OS which would be to everyone's benefit.

[juiceuk]

I've done a few more scans on both PC's with a2, Eset on-line scanner and avira (installed as on demand) and still nothing. I know it's no guarantee that I'm 100% clean but that's a lot of scans with nothing other than the 2 .DLL files that SUPER showed up that look to be F/P.

@ Simon
The only places I' used my CC card that I can think of are Scan, Play.com, Shopto.net, Amazon.
Do Amazon handle the transactions for the marketplace sellers?

@ Gary
I don't use my CC card at ATM's and I've not done any purchasing at shops with it. I always forget the pin and I don't like the charge they put on cash withdrawals.

@ Colonesun & Quandam
I keep my bank and CC statements. Everything with personal details on it gets cross shredded and put in the compost bin in the garden.

In future to help rule anything out my end I think I'll do my on-line purchases and banking on my newer PC that came with Express Gate. Express Gate is a custom Linux distribution (Splashtop Linux) installed to a Flash ROM that's a part of the motherboard.

[Gary]

I've done a few more scans on both PC's with a2, Eset on-line scanner and avira (installed as on demand) and still nothing. I know it's no guarantee that I'm 100% clean but that's a lot of scans with nothing other than the 2 .DLL files that SUPER showed up that look to be F/P.

@ Simon
The only places I' used my CC card that I can think of are Scan, Play.com, Shopto.net, Amazon.
Do Amazon handle the transactions for the marketplace sellers?

@ Gary
I don't use my CC card at ATM's and I've not done any purchasing at shops with it. I always forget the pin and I don't like the charge they put on cash withdrawals.

@ Colonesun & Quandam
I keep my bank and CC statements. Everything with personal details on it gets cross shredded and put in the compost bin in the garden.

In future to help rule anything out my end I think I'll do my on-line purchases and banking on my newer PC that came with Express Gate. Express Gate is a custom Linux distribution (Splashtop Linux) installed to a Flash ROM that's a part of the motherboard.

Amazon handle all transactions, I'm a market place seller, and its all done out of my hands. I would say it may be any one of the three, all you need is a greedy employee and that's it hundreds of credit card details harvested. I use one card online and use a sandbox when doing online shopping.

[colonelsun]

This is probably way out there and not relevant but then i remembered something that happened a few years ago. A postman in our area was arrested when his landlady complained to the police about another matter. Inside the guy's flat were hundreds of bin bags with letters, birthday cards and new credit cards inside them. As a postman he knew that birthday cards may contain money and he knew that new credit cards lost in the post weren't always a priority for the banks. Anyway, this guy was the most stupidest thief ever because he kept all the cash and only made a few purchases with the credit cards.

Still, it got me thinking because my mother was mugged nearly 2 weeks ago, my credit card information was among the things taken and a few days ago i received my replacement credit cards. The envelope looked half open at the back and the gum was warm and sticky. It did make me think of all sorts, quite rightly these days, but i later dismissed the idea.

[Gary]

This is probably way out there and not relevant but then i remembered something that happened a few years ago. A postman in our area was arrested when his landlady complained to the police about another matter. Inside the guy's flat were hundreds of bin bags with letters, birthday cards and new credit cards inside them. As a postman he knew that birthday cards may contain money and he knew that new credit cards lost in the post weren't always a priority for the banks. Anyway, this guy was the most stupidest thief ever because he kept all the cash and only made a few purchases with the credit cards.

Still, it got me thinking because my mother was mugged nearly 2 weeks ago, my credit card information was among the things taken and a few days ago i received my replacement credit cards. The envelope looked half open at the back and the gum was warm and sticky. It did make me think of all sorts, quite rightly these days, but i later dismissed the idea.

I have had a few that look openish it does make you wonder

[colonelsun]

I have had a few that look openish it does make you wonder

One of my first jobs during Summer break was as a postman and i soon realised why the letters looked like they'd been opened. The main reason is 40 or 50 people could have handled that one letter before you've even set eyes on it. And people handle envelopes in different ways, at the corners, in the middle. People also treat envelopes in different ways...then there's the way they are stacked before being incased in an elastic band, then the elastic bands will be removed at the next stop for sorting again. And it goes on.

I can assure you though that they do still play football with the parcels. So if you're thinking of sending any cut glass through the post.......LOL

[Sebby]

...Don't use Royal Mail.

[sobranie]

just had a call from mbna fraud dept, my cards have been compromised 
2 entries (1 for £1 to yahoo and another for £1 to an unknown company) The low amounts set the alarm bells ringing at mbna who watched my account and were not particularly surprised to see 2 attempted card payments (1 for £1900) and (1 for close on £4000) . Account cancelled by mbna who will send me new cards in a weeks time.
Moral .... watch out for any extremely low amounts on your card that haven't been authorised & ring your card company immediately if you see this pattern of activity.
jftr, this is the second time around this has happened. The only use of the cards has been on the internet & I suspect a secondary supplier linked to Amazon but I have no proof I'm afraid.

[colonelsun]

Sorry if i seem dozy but do you mean that an Amazon seller might be responsible? If so i had no idea they got anywhere near your cc details, that's shocking.