Credit Cards Hacked

[goldensun87]

Ok so, I had 2 credit cards. The first is a secured card, and the very first card I got, through my bank. I got this card just about a year ago. About 6 months after my first card, I got a new, regular credit card. I canceled the secured card a few days ago, in order to avoid the annual fee. But before I canceled it, on my July and August statements, I noticed charges which I did not make. And right before I reported the fraud, I received a message in my Yahoo mail account, telling me about an order that was charged, from a website I never visited.

So anyway, I thought after canceling and deactivating the secured card, I was safe. But, shortly after the secured card was deactivated, a hacker obtained the info of my newer, regular card as well. This time, I found out because I received a message in my Gmail, that a $200 Amazon Gift Card was purchased with my card. When I called to report the fraud, the rep told me that a total of 3 $200 charges were made with my card, all Amazon gift cards. So now, that card had to be deactivated, and I'm waiting for my new card to arrive. That call I made was 3 days ago.

So, the reason I'm posting this here, is because I have a couple of theories as to how this happened to me. See, the Amazon fraud charges coincided with some strange occurrences on my laptop (I'm currently using my desktop). First, while I had Google Chrome open on my laptop, the browser opened my Gmail by itself in a new tab. Yesterday, I had Firefox open on my laptop with my Gmail open, and the Firefox automatically downloaded one of the Amazon Giftcards that were ordered. So, my first theory was that, my laptop caught some viruses while I was using my boss' wireless router, and this hacker was using these viruses to obtain my info. So last night, I ran a full antivirus scan on both my laptop and desktop. There were no viruses on my desktop, but there were several viruses on my laptop. On top of that, while I was asleep this morning, even though the scan was done, when I woke up, I saw that my Chrome browser was opened to my GMail, and I am 100% certain that I had not opened Chrome before or after I started the scan. Finally, just a few minutes ago, I received a call from Amazon, asking me to verify another Gift Card order which was apparently placed earlier today. I thought that hacked card was deactivated, so I'm gonna have to call Cardmember service again and inquire about that. And, my second theory is that, this hacker may have found a vulnerability in Google Chrome or Gmail.

I don't know, what do you guys think? Has anyone had experiences similar to this?

 

[Marty01]

Do you have any firewall that the hacker can get access to your computer so easily?
Another thing, don't let companies to remember your credit card info. Type the number each time you buy something.

 

[turkey3_scratch]

In this situation where your money is in risk, I would do a complete fresh install and reformat of your computer. Almost sounds like he's remotely accessing your machine.

 

[kanewolf]

A Google specific bug isn't required. The browser is just being used as a tool. I would recommend a format of that hard drive and fresh OS install.

 

[why_wolf]

are all these amazon cards getting ordered through your amazon account? Do they show up in the history there? If so, there is a chance your amazon account is compromised as well, you should change your password for it and any other online account you use.

As always if a two-step authentication is available I recommended using it.

 

[itmoba]

Ok so, I had 2 credit cards. The first is a secured card, and the very first card I got, through my bank. I got this card just about a year ago. About 6 months after my first card, I got a new, regular credit card. I canceled the secured card a few days ago, in order to avoid the annual fee. But before I canceled it, on my July and August statements, I noticed charges which I did not make. And right before I reported the fraud, I received a message in my Yahoo mail account, telling me about an order that was charged, from a website I never visited.

So anyway, I thought after canceling and deactivating the secured card, I was safe. But, shortly after the secured card was deactivated, a hacker obtained the info of my newer, regular card as well. This time, I found out because I received a message in my Gmail, that a $200 Amazon Gift Card was purchased with my card. When I called to report the fraud, the rep told me that a total of 3 $200 charges were made with my card, all Amazon gift cards. So now, that card had to be deactivated, and I'm waiting for my new card to arrive. That call I made was 3 days ago.

So, the reason I'm posting this here, is because I have a couple of theories as to how this happened to me. See, the Amazon fraud charges coincided with some strange occurrences on my laptop (I'm currently using my desktop). First, while I had Google Chrome open on my laptop, the browser opened my Gmail by itself in a new tab. Yesterday, I had Firefox open on my laptop with my Gmail open, and the Firefox automatically downloaded one of the Amazon Giftcards that were ordered. So, my first theory was that, my laptop caught some viruses while I was using my boss' wireless router, and this hacker was using these viruses to obtain my info. So last night, I ran a full antivirus scan on both my laptop and desktop. There were no viruses on my desktop, but there were several viruses on my laptop. On top of that, while I was asleep this morning, even though the scan was done, when I woke up, I saw that my Chrome browser was opened to my GMail, and I am 100% certain that I had not opened Chrome before or after I started the scan. Finally, just a few minutes ago, I received a call from Amazon, asking me to verify another Gift Card order which was apparently placed earlier today. I thought that hacked card was deactivated, so I'm gonna have to call Cardmember service again and inquire about that. And, my second theory is that, this hacker may have found a vulnerability in Google Chrome or Gmail.

I don't know, what do you guys think? Has anyone had experiences similar to this?

It's very unlikely to be some kind of new vulnerability in Google Chrome because such 0-day exploits don't lurk in the shadows very long. In most of the cases, hackers who do discover these 0-day exploits for Google Chrome are much-much more likely to cash a check endorsed by Google because the money is completely legit. Some of the exploits found are hush-hush and don't fit in the categories linked below, and major NDAs are in place to make very sure nothing gets out. Again, these types of scenarios are rare, but I know a few people who have had that "prestige" bestowed upon them.

There are, of course, people who don't take the money. Instead, they're simply content that others won't get screwed over. Such altruistic behavior is actually quite common in the open-source community -- one in which I am involved.

Then, there're the people who want fame and money; strangely enough, most of the time it's just dumb kids.

My question to you is, "are you using any remote administration software?" For example, having crap, like, GoToMyPC and TeamViewer, both of which are legitimate softwares that are frequently overlooked by AVs.


A link to Google's "happy-happy" rewards page: https/www.google.com/about/appsecurity/chrome-rewards/

 

[goldensun87]

I am currently posting with my laptop at my workplace. This is after I flushed out all viruses, and I'm working behind a VPN, but I don't know if this will protect me or not.

@Marty01: Normally, I only use the Windows Firewall, and I install and run Panda Antivirus when I need it. I do not leave the Panda software installed, because the antivirus actions and the Panda firewall significantly slow down my computer.

@turkey3_scratch: Yes, I eventually deduced that the hacker injected viruses into my computer, and was using those programs to gain partial access to my laptop. From what I've observed, he first used my Yahoo e-mail to use my old secured card, and when he could no longer do that, he used my Gmail to use my newer card with the higher limit. Unlike the Yahoo mail however, with the Gmail, he has achieved as far as remotely turning on my Chrome Browser to download the gift cards which he ordered.

@why_wolf: Yes, after the occurrence this morning, I realized that he may have hacked into my Amazon account, and I changed my password for that.

@itmoba: No, I'm not using any remote administration software. I've only heard of one called "LogMeIn", but that one requires a paid subscription.

 

[itmoba]

Okay, I'm going to outline the next steps in the procedure that you should follow:

{1} Use SMS two-way authentication for checking your email. This is free, so you might as well use it (technically, it depends on your text/data plan). Set this up on your smartphone. Change your password to something with at least 12 characters. There should be, at the very least, one upper-case letter, one lower-case letter, one number, and one special (e.g., _^%#@. Here's an example of a good one and a bad one... good: " ^eY3.wuV-p@$T4 "; bad: " this_sucks " (yes, the "eye" is used in place of "I" on purpose).

{2} Download HijackThis; this, too, is free. You should report the results so that I/we can try to determine if there's anything else hiding there.

{3} Whatever software you have installed should be written on a list (hand-written). Fold it up as you please and put this in your wallet so that you won't lose it. Any license keys should be written down. Remember, you're going to need to reinstall everything from scratch!

{4} Completely nuke all of the computers used. This means zeroing out the HDs, only keeping necessary files on a backup. Run an AV again, making sure that recursion is as deep as possible. You want to have "paranoid" mode enabled, meaning you want to scan anything and everything.You shouldn't be moving entire directories unless you're absolutely sure that nothing is there. Thereafter, you should run an AV on those files. I suggest using Avira Rescue System. There won't be any Windows OS running, so all the files will be accessed via the live-distribution. This will prevent things from shifting around.

{5} Make sure that for some of the steps in the procedure that you're not connected to a network (e.g., when you're trying to figure out which files should be in the backup).

[edit]

To answer your question, the VPN may provide an additional layer of security, but it depends on the skill of the hacker or hackers in question. If they know what they're doing, then, they may know how to use a reverse connection.

 

[Marty01]

Windows Firewall is very basic. Get something good. You need antivirus as well. Good firewalls and antivirus hardly slow down computers.
It's a must for every computer.
No wonder you got hacked so easily.

 

[goldensun87]

Okay, I'm going to outline the next steps in the procedure that you should follow:

{1} Use SMS two-way authentication for checking your email. This is free, so you might as well use it (technically, it depends on your text/data plan). Set this up on your smartphone. Change your password to something with at least 12 characters. There should be, at the very least, one upper-case letter, one lower-case letter, one number, and one special (e.g., _^%#@. Here's an example of a good one and a bad one... good: " ^eY3.wuV-p@$T4 "; bad: " this_sucks " (yes, the "eye" is used in place of "I" on purpose).

{2} Download HijackThis; this, too, is free. You should report the results so that I/we can try to determine if there's anything else hiding there.

{3} Whatever software you have installed should be written on a list (hand-written). Fold it up as you please and put this in your wallet so that you won't lose it. Any license keys should be written down. Remember, you're going to need to reinstall everything from scratch!

{4} Completely nuke all of the computers used. This means zeroing out the HDs, only keeping necessary files on a backup. Run an AV again, making sure that recursion is as deep as possible. You want to have "paranoid" mode enabled, meaning you want to scan anything and everything.You shouldn't be moving entire directories unless you're absolutely sure that nothing is there. Thereafter, you should run an AV on those files. I suggest using Avira Rescue System. There won't be any Windows OS running, so all the files will be accessed via the live-distribution. This will prevent things from shifting around.

{5} Make sure that for some of the steps in the procedure that you're not connected to a network (e.g., when you're trying to figure out which files should be in the backup).

[edit]

To answer your question, the VPN may provide an additional layer of security, but it depends on the skill of the hacker or hackers in question. If they know what they're doing, then, they may know how to use a reverse connection.

(1) I do not have a smartphone, but I will make strong passwords for accounts that contain sensitive info, and I turned on 2-step verification for my Google account.

(2) I will try out this app, open-source apps are usually good in my experience. I do have the Panda Antivirus scan report from my laptop. I will post a link to that shortly.

(3) I've done fresh re-installs before, but it is a fairly tedious process, so I will reserve this as a last resort action. I want to wait until I receive and activate my new card, and see if I get hacked again. Before I use my new credit card on any site, I will upgrade my Blur account to Premium with a prepaid gift card, so that I can start masking my new credit card.

(4) See (3)

(5) If and when I need to backup files, I will use Safe Mode.

 

[goldensun87]

Windows Firewall is very basic. Get something good. You need antivirus as well. Good firewalls and antivirus hardly slow down computers.
It's a must for every computer.
No wonder you got hacked so easily.

Oh, I know the Windows Firewall is no good. But, I've found ways to make do without a good firewall and antivirus. I got my first computer back in 2004. Back then, Firefox was still working out its kinks, so I was using Internet Explorer. My computer got swamped with loads of spyware along with some viruses, and it slowed my computer down to a crawl. It took less than a year for this to occur. That was when a CompUSA employee introduced me to Panda Antivirus. Panda may not be the highest-ranked antivirus today, but still works well enough for me. Of course, back then I was not shopping online, so no matter how much they bogged down my computer, they had no info to steal. Nowadays, only about 35-40 spyware programs accumulate on my computers, along with maybe 1-2 viruses. and even that happens over several months, maybe even 1-2 years.

With all that being said, I have learned that, it's not the quantity of malware, but the quality that matters. Since my beginning years, I've had viruses and spyware on my computers several times, but this is the first time someone managed to obtain my info. Before this, I encountered a trojan virus program that could download more viruses/trojans. I caught this by the fact that my modem activity light was flashing nonstop, even after I confirmed that I was not downloading anything. The trojans did not manage to steal any of my info before I removed them.

 

[Marty01]

I'm not sure what you're trying to say, but apparently you wouldn't be here if you found a way without firewall and antivirus in the first place.
I bet you got quality viruses. After all, that's all it matters.

It's your computer. Perhaps one day you'll understand what firewall is and how vulnerable your computer is without one.

 

[goldensun87]

Ok so, here is my Panda Antivirus scan report, and a HijackThis scan.

https/mega.nz/#!5wB3TAaB!0BZbs0YPCvy4rsERPnqvKO0P_us2E-BJG-s6IbU9UqA

So, before the fraud incident, I noticed that my boss was having virus problems with his desktop computer. I believe this is connected to my recent problems. But, is it possible for hackers to spread their viruses from an infected desktop's wireless router, to devices connected to said router?