Internet Rip-Off Follow-Up

[phoenixtexoma]

As some of you know, my computer was recently hacked with a keyboard tracker. The culprit, however, only initially managed to abscond with $11 and change from a Paypal account. Today, however, a representative from the American Express fraud unit contacted me with the news that they had just intercepted a fraud attempt of $6,800. Someone tried to buy a souped-up gocart from Emmick Cobra Racing in Rancho Cordova, CA, with my card. That's 2,000 miles from where I live in north Texas. I'm covered, thank goodness, no loss. Hooray for Amex. Anyone familiar with Emmick?

[macfly]

What is a keyboard tracker, and how did they get it in there?

[lightfighter]

i assume he means a program that records keystroke for keystroke everything you type. then you search all these yestrokes for credit card sized numbers, and the next entry is the expiration date, then the sec number.

Ive seen them installed to catch wandering spouses and employee theft, but not via the internet, but it wouldnt surprise me.

[ckcarr]

I know a woman who had a psycho boyfriend that installed that type program on her computer. When jilted, he found all her passwords, then sent out crazy emails from her account to all her friends including me. He had to be crazy, especially because he was an airline pilot with a lot to lose I'd think if convicted of a crime like that and his mental state could be called into question.

Highly unusual though via the internet, at least if there is a decent anti virus installed and kept updated. Perhaps an inside job?

[AZ-Twin]

Quote:

Originally Posted by macfly

What is a keyboard tracker, and how did they get it in there?

Usually they are called keystroke loggers, and it was most likely installed by a malicious web page or received in an email. This is a classic example of how nasty spyware is.

Here is an older paper at cert.org, but it is pretty good.


www.cert.org/archive/pdf/spyware2005.pdf


So, how do you protect yourself from this kind of an attack?

1. Keep your computer patched and up to date. This is easy if you have a windows box, make sure automatic updates is turned on.

2. Keep your anti virus program up to date, again automatic if you have one.

those two are easy, they are basically automatic. Here is where you have to get involved.

3. Be careful what you click on. Lots of things pop up asking if it is okay to do something, don't just say ok, pay attention to what you are clicking on.

4. Run a spyware scan on a regular basis. Depending on how you use your computer will determine how often you should do this. If kids use it, scan it all the time. If you visit questionable sites (don't surf porn on the same machine you bank on), scan it all the time. If you just use it to read CNN, Pelican, ADV, and other good sites, you don't need to scan it as often, but you do still need to do it every couple weeks or so. Facebook is a good place to catch somethign so I have been told, I don't go there.

5. Don't open emails from people you don't know. Don't open obvious spam. Don't click on the spam links posted here on the PPB, or on other boards. Just because you have AV software does not make you safe from spyware installed by malicious email or web pages.

As far as antispyware software goes, I like adaware by levasoft, I use the free one.

There are lots of really smart folks out there trying to steal your money with their computer, some are just working on their own, some are state sponsored by foreign countries.

Sounds like you got lucky Pheonix, but if you have not done it already, I would change all my passwords (after I scan for spyware but I think you have a guy that fix that) and notify your credit card companies, they will most likely issue you new credit cards.

Be safe all

[signit98]

Or just use a Mac...

[AZ-Twin]

Quote:

Originally Posted by signit98

Or just use a Mac...

False sense of security is what that is called. Since Macs are becoming more common it will be worth the bad guys time to begin looking for unknown vulnerabilities and developing exploits. While the platform is stronger, it still pays to be careful.

[bacn5]

okay this is weird because I visit this site frequently, but I have a very new high end PC with good virus protection and everything just went nuts when I was reading these posts. It said this site has been reported as unsafe (PP) and I received two pop-ups from this site about loans or something... Roger you should check this out.

[phoenixtexoma]

Amex cancelled the old card and is issuing me a new one. I've been using a secure service to buy stuff on the internet called Bill Me Later, and none of my bank info is vulnerable except a small checking account that's only active when I get ready to buy something requiring Paypal. Most passwords have been changed.

[Corky]

Quote:

Originally Posted by signit98

Or just use a Mac...

Works for me!

[wiggledbits]

A good way to keep these types of malware and spyware out of your pc is to setup and use an account or profile on the PC that is not an administrator/has administrative rights. One of the bigest pitfalls of windows especially for home users is that the initial profile is set to administrative level and allows anything to be install, deleted, written over, etc. If your profile is a regular user you can not install anything so the most bugs can't get in.

[Steve Carlton]

Gosh darn it. I was hoping to have a new go-kart by this time next week.

[JonyRR]

uh uh...that was supposed to be MINE! a 250 shifter kart.

drat

[throttlemeister]

Quote:

Originally Posted by AZ-Twin

False sense of security is what that is called. Since Macs are becoming more common it will be worth the bad guys time to begin looking for unknown vulnerabilities and developing exploits. While the platform is stronger, it still pays to be careful.

Actually, there are more listed security vulnerabilities for OS X than there are for Windows. There is no system that is inherently safe and neither system is designed with security as primary objective. Both depend on the common sense of their respective users, and unfortunately the one thing about common sense is that is isn't all that common.

And I use a Mac btw, before people start a mac/pc flamewar.

[CoffeeGuy]

I use a Mac.

I also keep a dedicated pair of scissors next to my modem cable. I'll just cut the cord when they strike!

[phoenixtexoma]

Just a follow-up. American Express and the California cops caught the guy who tried to buy the go-kart with my card number. He was stupid enough to show at the kart place and try to pick it up. Amex didn't give me a lot of details, just that they're prosecuting, and their fraud rep told me they don't like customers getting involved personally. I've been using Bill Me Later as much as I can.

[Steve Carlton]

Oops. Forgot to tell Bill not to pick up the kart...

[moze229]

Quote:

Originally Posted by throttlemeister

Actually, there are more listed security vulnerabilities for OS X than there are for Windows.

Are you kidding me? Where did you get this information? I'm not naive enough to think by using a Mac one is completely safe, but come on. More than Windows? Not in 100 years. Darwin may not be the most secure BSD variant, but any BSD will NEVER have the vulnerabilities Windows has. And this isn't just because Windows is easier pickings. It's mostly about security.

Quote:

There is no system that is inherently safe and neither system is designed with security as primary objective.

What? Any UNIX -based shell is designed with security put above all else. Windows is not. I take that back. Windows NT was at least a good try for Microsoft.

Quote:

Both depend on the common sense of their respective users, and unfortunately the one thing about common sense is that is isn't all that common.

This I agree with, and well stated at that.

Quote:

And I use a Mac btw, before people start a mac/pc flamewar.

You've taken a good step in keeping yourself secure, and having a more pleasurable computing experience

[moze229]

Quote:

Originally Posted by phoenixtexoma

Just a follow-up. American Express and the California cops caught the guy who tried to buy the go-kart with my card number. He was stupid enough to show at the kart place and try to pick it up. Amex didn't give me a lot of details, just that they're prosecuting, and their fraud rep told me they don't like customers getting involved personally. I've been using Bill Me Later as much as I can.

I'm sorry to hear that you had to go through this. I am glad that they caught the person involved though. At least you get that satisfaction out of it.

[phoenixtexoma]

Plus, not losing any money.