cyber theft

[Sonic dB]

deleted

[legion]

Went through this two weeks ago.

Good luck.

[legion]

In my case credit card information was stolen. I think it was stolen through a website I've ordered from--though I'm yet to figure out which one and no one has notified me.

[Scott R]

The type of software that the security expert is describing, and most any type of theft application runs as a process. Always audit the running processes on you computer to make sure that nothing is hiding out. Each process in your task list can be verified at a number of security web sites. After a while when you see a new or different process it will jump out at you quickly.

[Scott R]

Quote:

Originally posted by Sonic dB
Yeah thanks Scott....and that would show up in Ctrl,Alt,Del processes window....correct?

Correct. I'm a seasoned IT employee and I was hit a year back myself, if it were not for the good people at Amex I would have been out a few thousand myself. The thieves always seem to out think everyone. Best wishes to you and your family in cleaning up the damage.

[Jims5543]

This happened to the guy that owns nopistons.com.

He recieved an IM from someone, he gets tons of them he is very e-popular. The IM tells him to look at a picture. He clicks on the picture, embeded was a kestroke logger.

That person got access to his wesite and took it apart while everyone watched in horror. He taunted the members of the site while he took it apart.

It sounds like you may have had something similar happen.

MI have had my ID stolen 3 times now, twice with First USA Visa, I no longer have an account with them because they are idiots. I was actually in an address changing war with a hacker. They kept changing it and ikept changing it back.

Finally I changed all my security question answers to nonsense answers and it stopped. I had no confidence in them anymore and cancelled my account with them. Idiots!

Good luck and you did the right thing alerting credit bureaus.

[Clay Perrine]

I have a separate computer running Linux that I use for all my banking and financial stuff.

Any general surfing is run on my XP desktop.

Harder to catch a keystroke logger on a linux system.

Not impossible, but only using it for money stuff keeps it secure.

[Moneyguy1]

Of course, the horse is already over the horizon, but am I the only one that (a) orders nothing over the internet (I do my research including financial background of the company in question) and (b) NEVER give out any personal data or account/SS numbers over the internet?

I trust phones more than the internet and I trust snailmail best of all for financial transactions.

I am so 1990s.......

[john70t]

+1 Moneyguy1.
I'd never bank/order online nowadays (but used to make this mistake). But the reverse is true at point of sale where I want to swipe the card myself and not have it carried away into a back room.

The information in your computer should be like a track car- where you can afford to lose it all, and everyone can see it. That's the way it's designed anyways.

One of the things that ticks me off is that everyone and their grandmother can legally ask for this information.
Want a phone, and heat, and car insurance? You have to give give the operator moms birthname, your drivers lic#, and ss#.
Who know where the info goes from there.

[Moneyguy1]

Most of these requests, according to an attorney I know can be refused. In many cases, the last 4 digits of your SS# is considered sufficient for ID purposes. Someone else may be able to chime in and verify/refute this?

[Jim727]

Quote:

Originally posted by Moneyguy1
Of course, the horse is already over the horizon, but am I the only one that (a) orders nothing over the internet (I do my research including financial background of the company in question) and (b) NEVER give out any personal data or account/SS numbers over the internet?

I trust phones more than the internet and I trust snailmail best of all for financial transactions.

I am so 1990s.......

You are definitely not the only one. I am a total luddite about this stuff, but being careful is far better than trying to recover from doing something - shall we say - convenient.

Just went through a mortgage application using a major bank that typically gives us fabulous service. When the loan guy called we did a prelim interview and I determined that I liked their rates and terms and he liked what I had to say. Then he offered to take the application over the phone. Ohhhhhhh kaaaaaaaay??? I informed him that there were two prerequisites to doing business: (1) none of my data could be maintained on a laptop or removable media of any type, and (2) he could not submit any of my info over a wireless connection or web site. Now we have a problem. Finally he agreed to meet me at a branch and conduct business over the branch's hard-wired secure network -- and he admitted that one of his co-workers just had a laptop stolen with client data aboard. I rest my case.

For other data it's either face-to-face or I'll do some biz via fax, but the cover letter states my security responsibility requirements including the above.

It's really easy for financial institutions to offload all the liability to the customer in exchange for "convenience". I don't bite.

To continue the rant: I've used TurboTax for years. Since tax returns are an identity thief's dream, I'm rather nuts about how I do things. Paper returns, etc. The computer I use for tax prep is physically disconnected from the internet - something I consider important as TTax wants administrator privileges, scripting enabled, and like to do tech support via chat/im. Duh!!!!! Updates can be downloaded and manually processed (though they don't make it easy to figure out how) and I always make sure to call them and request a state CD and an update CD. TTax makes it *really* hard to find that phone number. It's 800-624-8384 for you TTax users.

Done ranting for now. Later I might rant about the background check my wife was asked to submit to (online). NFW!

[SlowToady]

In reference to Jim...

Has no one ever heard of PGP? Honestly, what the hell? I run PGPMail, encrypt any file of any extension that might be even remotely important, and for a time used PGP secured AIM. My PGP key was gigantic, like 2048 bits. Good luck cracking that...

Why, do people with SENSITIVE INFORMATION ON THEIR COPMUTERS, not encrypt it? If that guy at the bank had secured his data, it really wouldn't have mattered if someone stole it (if there was a backup) because...no one would be able to read it anyhow.

I'm going to rant, so I'll stop, but as a general rule..if you have something important, secure it.

www.PGP.com

[Flatbutt1]

does having a LinkSys router in line offer any protection if you don't open suspect emails?

[SlowToady]

Not really. But, operating under a user/group with just enough permissions to do what you need to do helps, as does running applications with the minimum permissions possible. It's a hassle, but it's worth it. Run a Stateful Packet Inspection firewall, and a good virus scanner. Turn the security zone in IE up; don't allow unsigned scripts/ActiveX controls, and turn on the pop up blocker. I run an Instrusion Detection System system on one of my boxes.

Oh yea, keep up on Service Packs and software updates.

You can actually lock down the NT series (which includes XP and 2000) really well, you just have to take the time to do it and dig around. NT has possibly the most finely granulated Access Controls outside of OpenVMS.

There are all sorts of ways for skilled (and determined) crackers to gain access to your machine, and it seems like they are always one step ahead of the rest of us.

If you do any sort of sensitive work on your computer, you owe it to yourself to secure your system. It's a hassle, but it's more of a hassle once someone gets access to your TurboTax files and credit card information.

[Sonic dB]

I deleted my initial post, for two reasons.... I want to protect
details about my life a little better from now on, and also I didnt
want this thread to revert to an 'i told you so' mode... I was
always very protective of my info, yet became a victim anyway...
the the tune of a $25,000 loss. The account is insured though
I will be getting my money back. For E-Trade to release the
money based on the info that they were given is pretty bad,
on their part.

[SlowToady]

Quote:

Originally posted by Sonic dB
I deleted my initial post, for two reasons.... I want to protect
details about my life a little better from now on, and also I didnt
want this thread to revert to an 'i told you so' mode... I was
always very protective of my info, yet became a victim anyway...
the the tune of a $25,000 loss. The account is insured though
I will be getting my money back. For E-Trade to release the
money based on the info that they were given is pretty bad,
on their part.

I hope I didn't come off with an "I told you so" attitude, because that is really NOT where I was trying to go. My post was because of my outrage that banks and other large corporations, and government agencies, don't take the small precautions to secure their date. With so many peoples personal data at risk, you'd think they'd care.

I'm glad to hear you're getting your money back. I can't imagine the headaches this has given you. I didn't see the original post, but these damn crackers are SMART and seem to somehow stay one step ahead of the rest of us. With how difficult it must be to obtain information in such a manner, you'd think they'd just get a real job.

Anyway, I hope your situation turns out for the best. Sorry for getting this post somewhat off track...