Bank Account Hacked

[JDholic]

Imagine my surprise when I received my statement today, some low life scum has taken around £140 from my account.:bang:

The only thing I can think it has been is 7dayshop. I'm very careful with what I buy online, if anything. I remember reading on here that 7dayshop had been hacked and thought "it wouldn't happen to me". I bought 2 4gb cards for cheap off there and it was not long after that the site was hacked.

So please everyone check your account, especially if you've bought from certain websites. I feel very angry and violated, the amount of things that had been attempted to be taken from my account was obscene, I'm glad the account I use for internet buying is exactly that, an internet only account.

 

[chrisgrieve]

:annoyed:

I had someone take money out of my current account to top up their mobile, dont know how they got my details but am very wary now. luckily it wasnt that much, (they done it twice, about £20 each time)

 

[Marc]

It wouldn't have been 7 Day Shop JD. Your account details are kept completely separate from the website, the hackers wouldn't have got near them. This would be the same for any reputable dealer.

 

[JDholic]

I've no idea what it is then Marc, I'll probably never know.

It'll make me very wary now about buying things online, if anything at all. I've been running through all the transactions,

They spent of my money, 60 on car parking in London. 58.30 on a travelodge, and about 40 on other random things.

They attempted to take 1900 out of my account, that failed. Then they attempted 1000. Failed also. THEN they attempted to spend about 700 on ticketmaster. :annoyed::annoyed::annoyed:

They wiped out the rest of my money by making donations to Unicef and Cancer Research. I'm completely stumped to how they got my details. Will be switching off the wireless from now on. Lesson Learned.

 

[TheWombat]

*******s------You have to be so careful.Glad to hear you keep a seperate account otherwise it could have been seriously costly.I use a prepaid Maestro card for all internet transactions and top up only the amount I wish to pay.
Pete.

 

[iansmart]

Had a similar thing happen to me before Christmas, except it was £3,500 not £140. Got it all back eventually after a bit of a fight with my bank.

 

[JDholic]

That sucks Ian, I just transfer my "walkaround" money into it, so as not to carry cash, just use the card. The problem is, that was all the money I had left until pay day.

How long did it take to get sorted out?? I suppose it depends on the bank. With a bank holiday coming up I'll not be holding my breath.

 

[JDholic]

*******s------You have to be so careful.Glad to hear you keep a seperate account otherwise it could have been seriously costly.I use a prepaid Maestro card for all internet transactions and top up only the amount I wish to pay.
Pete.

Is exactly what I'll be doing in future, good idea.

 

[Mancunian Lee]

7dayshop wont hold your details will they? I thought their banking companie held your details and they would autherise a payment everytime you allowed it. Didnt think these online places kept my bank details!!

 

[whitewash]

suzie (my other half) had her account at abbey raided, they only spent £60 (in transactions to various overseas phone card companies) and that was it (so little that she wouldnt have noticed it until she looked at her statement.

 

[JDholic]

7dayshop wont hold your details will they? I thought their banking companie held your details and they would autherise a payment everytime you allowed it. Didnt think these online places kept my bank details!!

They don't, I put 2 and 2 together and got 9. It could have been anything which has made me very wary.

 

[JDholic]

suzie (my other half) had her account at abbey raided, they only spent £60 (in transactions to various overseas phone card companies) and that was it (so little that she wouldnt have noticed it until she looked at her statement.

I wouldn't have noticed that either for about 2 months, what has really annoyed me is how blatantly they tried to do it.

 

[Steep]

Back a few months ago there was a problem with 7dayshop which has kead to them now using an external company to process sales. You said it happened shortly after the problems with them came to light so it could well have been that. That said when it happened to me I'm 99.9 percent certain it was an assistant in the local Maplins that did the deed.

 

[Ian D J]

It's happened to me. Had £450 siphoned out of my bank account two years ago by what looked like a paypal-type account.
If it wasn't the shock of having that money inexplicably taken out of my account, it was the stress of convincing the Abbey that I had nothing to do with that withdrawal.
Got the money reimbursed to me in the end . . . some six weeks later. Really was something I could've done without. :shake: Especially since that £450 was my authorised overdraft and not my own money.

 

[photon]

Abbey once phoned me asking if I'd authorized a £7K transfer to Japan. I hadn't. On another occasion I received over £4K from a Govt Dept and they didn't seem interested in finding out where it had come from and helping to rectify the error. At the beginning of the year they levied a charge of under £1 for no reason, and it took two phone calls to get it sorted.

 

[russdaz]

Happened to my brother, and had it happen on a credit card. I easily spotted it as i have seperate accounts for everything, a savings account, a direct debit bank account (to which i transfer the exact amount required each month to pay all DD) all normal spending money is left in my spending bank account. I also have 2 credit cards which one is used to buy everything in stores, then payed of at the end of the month, and one for buying anything online, a quick check online once a week quickily shows any strange transactions, and hopefully would give me some funds available if anything should happen, just have to resist the temptation to over spend just because you have the credit limit.

It took my brother 2 weeks to sort out, mine was refunded striaght away and new card recieved after 3days but we were only talking 99p, often people test out account numbers with these small amounts before trying a larger amount. Which did happen the following after closing my account, i know as the card issuer called me to ask if i attempted to use it in America of all place, erm no.

 

[JustJoe]

It might be worth using linux to do all your internet transactions, keeps you safe from the spyware side of things. I run a Ubuntu installation that installed though windows, real easy.

And of course turn off Wi-Fi when your doing stuff.

 

[Gary]

they most likely skimmed your card when you used it in a cash machine, or got the details when you took it out in public.
i doubt it was online unless you have malware of some kind.

 

[mikeward]

it happens to me quite often that money goes missing from my bank account, although it usually gets explained a few days later when something turns up in the post

think sitting at the comp with beer isnt a good idea.

 

[HCK]

I don't think that not using a technology is the solution I think that using the technology securely is the answer and people need to be made aware. Using wireless isn't dangerous as long as safeguards are put in place.

There is a lot of information about using the internet securely, putting software in place and doing a few checks before you bank on the internet may solve a few headaches in the future.

For example when using the internet do you you have a Virus scanner installed and up to date ? Do you scan for viruses regularly ? Do you have any Malware protection ? Does your router have an SPI firewall ? Do you have a software firewall installed ? Do you check for the security padlock in your web browser when going to a secure site and do you check the certificate is valid for that site ? Do you have any wireless encryption on your Wireless access point or wireless router ? Do you have MAC filtering turned on and configured ? Is your operating system security patched and up to date ? Do you use any software that may need security patches ?

Sorry for the long list of questions but I don't think a lot of internet users ask these questions before using the internet and hopefully it might help if people are made aware of what is needed for a reasonably secure surfing experience.

The internet can be a dangerous place but there steps you can take to avoid the security pitfalls.....erm after all that happy surfing

 

[Ric Type R]

I used 7day shop and £750 went walkies.:bang:

 

[MichaelPlace]

Petrol station chip and pin machines are a regular way to skim a card and get your pin - they modify the chip and pin machine and just swap it over. (not that the banks will admit the chip and pin system isn't perfect) This is the one I'm not very good at. You should pay cash at petrol stations to minimize risk - or stick to just one petrol station to fill up again to minimize exposure. I do the same commute every day and live about 500m from an Esso. It's not difficult for me, but I still don't manage it.

I've probably been lucky by not being affected yet by anything like this but I always follow some rules -

+ Try to get cash back at reputable stores such as Tesco/Morrisons/asda/Co-op - saves you running the risk of encountering an ATM with a skimming device on the front. Also saves you £1-£2 in charges if the local machine is a charging one.

+ Always shield your pin!!! amazing the number of people who don't do this - if they can't read your pin, they can't access the cash.

+ Try to buy everything from known websites (amazon/play etc) - and if I've not used them before or it's such an obscure item i need to buy from a unknown small site, try to use paypal as a method of payment.

+ CHECK INTERNET BANKING DAILY! They always start with small amounts to see if you notice. If you can stop the £60 payment - you can sure as hell have your account details changed by the time they put through the £600 or even £6k payment a few days later. Also helps that I have all my accounts with one bank - not the best financial advice but it's a lot easier just logging into one to check everything is OK.

 

[Myky D]

My missus saw an orrible documentary on cyber crime. It's a war between the police and the hackers.

They interviewed the head of the Scotland Yard Cyber Crime Unit, and asked if he had an online account or shopped online. He shook his head and said "No. None of us do. If you knew what we know ... "

My card was cloned a couple of years ago - they did £600 off me - all between two supermarkets opposite each other - £53.67, £83.43, back and forth - essentially a packet of fags and cashback. My bank were really good about it, though - they were the ones who pinged it happening, and just sent me a statement to sign saying I didn't spend the above and if I did you can cut my legs off. Then they simply reimbursed me.

I don't shop online, though the missus does a bit still.

 

[BellyBoy]

This seems to be happening more and more, with a lot of people reporting about 7dayshop. My card details were used but rejected (luckily) on a porn style site after I bought for the 1st time from 7dayshop.
It's not the details online but probably a dodgy employee who has access to the details who works at 7dayshop, (as can happen with any other company).

As has already been said, don't stop using your wireless as there are a number of security techniques to use.
Also bear in mind that to hack a wireless network, you have to be in the range of the network's wireless signal, which isn't really that far (although it is increasing with new technology, currently in the n series I think).
Keep security up to date, with good security software and anti malware software.

I am very wary of which companies I use on the internet and if you buy with a credit card, hopefully you'll be covered.

Hope everything turns out well for you

 

[arclight]

Best to only use a CC on the internet. If money gets taken it's the CC company that loses it. OK, you'll get your money back from a bank, but there is hassle involved.

 

[Blapto]

First off, I work in IT. I've worked for a credit card processing company where I set up all their current infrastructure and was responsible for all the security measures. I now work elsewhere but still concentrate on security. I've also worked with chip and pin machines and am active in the IT security community.

I use online banking, I use my credit card online.

A bit of advice, get a separate credit card for your online transactions. That way you're not inconvenienced so much and you know exactly where leaks are coming from. You also know which card to check frequently. Whatever you do, don't use a debit card that's associated with your savings account.

The reputation of a merchant is no safeguard to say that your transaction will be secure. Most information leaks are inside jobs. Accept the fact that all transactions carry a level of risk (which is accounted for in the system, there's an entire industry based around acquiring risk) and that some transactions carry a higher level of risk.

As for who gets to see your credit card details... Most transactions happen one of 2 ways:
1) You put your details into the site you're shopping on. They forward these details to their payment provider, receive a response (authorised/not authorised) and give you that response back. They should not store the details at any point. The payment provider WILL store your details.

2) You click checkout and are then forwarded to another website. You give the payment provider your card details, they give you the response. The payment provider will store your details.

Now, method 1 could be compromised. Whoever maintains the website could change it so they get a copy of your card details as well. A hacker could do the same thing.

There are tons of security measures and standards out there which I'm not really going to go into detail about.

It might be worth using linux to do all your internet transactions, keeps you safe from the spyware side of things. I run a Ubuntu installation that installed though windows, real easy.

Is this ubuntu install through wubi, or is it a virtual machine? If it's a virtual machine you're still not protected against keyloggers.

If anybody has any specific questions I'll be happy to answer them.

 

[Steep]

Re 7dayshop, they now use an external payment company, any problems with them should have stopped quite a while ago.

Some ATMs are safer than others, choose one at a 24hr store if possible, it's harder to fit a skimming device to a busy ATM at an open store, Tesco machines have good anti skimming equipment fitted.

Always check the front of the machine before using it (a wireless camera can be very small) and as others have said shield your pin.

 

[photon]

I had my CC issuer phone me about unusual spending activity in the wee small hours a couple of years ago. Card was cancelled and bumph from a gambling site arrived by snail-mail, with name and address details correct, apart from my first name. New card was issued, and it too was used online, before it had reached me. I was asked to report it to the police but didn't hear an outcome. Inside job, I presume.

 

[arclight]

That's a usefull post from Blapto.

Another way to increase security would be to get one of those "pay as you go" debit cards for your online purchases. Prior to making a purchase only put sufficient funds on the card. Ater you buy there is no money left on the card until you choose to top it up, so there is nothing to steal.

 

[arclight]

First off, I work in IT. I've worked for a credit card processing company where I set up all their current infrastructure and was responsible for all the security measures. I now work elsewhere but still concentrate on security. I've also worked with chip and pin machines and am active in the IT security community.
etc...........

If anybody has any specific questions I'll be happy to answer them.

Some banks operate a security service whereby when you transmit credit card details to a trader you get presented with a webpage from your bank that requires some password details before the transaction is authorised.
I understand that part is independent of the trader.

Is that a worthwhile addition?

Cheers

 

[Steep]

You'll find most banks doing that in the near future I think. My bank is also toying with the idea of a card reader/pin pad for the home, not sure if that will come off though, I reckon it would be a costly thing to set up.

 

[Blapto]

Some banks operate a security service whereby when you transmit credit card details to a trader you get presented with a webpage from your bank that requires some password details before the transaction is authorised.
I understand that part is independent of the trader.

Is that a worthwhile addition?

Cheers

The basic idea of this is introducing another series of checks for online transactions. These are lumped together with phone transactions under "cardholder not present".

For cardholder present we have Chip and PIN (partially broken through people skimming your PIN.)
For cardholder not present we're introducing 3DSecure and Verified by Visa. This still has flaws but will cut down on the amount of fraud from data being leaked or stolen, as the same set of data would have to come from two separate sources.

That said, until everybody is using it, it doesn't give the consumer any more protection. If your card account number, expiry date and security code are leaked then a fraudster could use your card at any number of online merchants that don't require 3DSecure or Verified by Visa. The presence of the extra measure might demonstrate that the merchant is more clued up about online processing though.

You'll find most banks doing that in the near future I think. My bank is also toying with the idea of a card reader/pin pad for the home, not sure if that will come off though, I reckon it would be a costly thing to set up.

Barclays do that already for logging in to their online banking system, portable "my first calculator" looking thing.

 

[arclight]

A pity it is not possible to specify to your CC company that all goods purchased with cardholder not present can only be sent to the cardholders home address.

 

[JDholic]

For example when using the internet do you you have a Virus scanner installed and up to date ? Do you scan for viruses regularly ? Do you have any Malware protection ? Does your router have an SPI firewall ? Do you have a software firewall installed ? Do you check for the security padlock in your web browser when going to a secure site and do you check the certificate is valid for that site ? Do you have any wireless encryption on your Wireless access point or wireless router ? Do you have MAC filtering turned on and configured ? Is your operating system security patched and up to date ? Do you use any software that may need security patches ?

Thanks to everyone for the support, unfortunately since my original post and my visit to the bank it's turned out to be more like £400 has went walkies. HCK I can answer yes to all of the questions above, I have always been security conscious when buying off the web, it has always been reputable sites such as Amazon etc. I've only ever bought from 7dayshop once, in January of this year. Fortunately the account in question is my walkabout cash account that I use for buying off the web and for switch transactions during the week, I only transfer into it what I need. Thankfully the members of my family have been very generous or I would have been struggling until payday. Thanks again everyone.

 

[liss]

Barclays do that already for logging in to their online banking system, portable "my first calculator" looking thing.

ive got one of these and although its good, its bloody annoying because ,like now when im on my laptop at someones house i can not just check my bank account.