Recently credit cards were hacked, and I had to get replacements. Today found an item charged to my name with a shipping address in North Carolina! (I'm in New York.) Is there a recommendation for software that can protect against this, and if so, what is it? (I looked at ESET, which comes highly recommended, but when I went to sign up, was given only Windows, Mac, and Android OSes to pick. Also says end of life second quarter of 2022. Is this something that can be protected by software, and if so, what software? Running Leap 15.3. --doug
On 18/11/2021 21.31, Douglas McGarrett wrote:
Recently credit cards were hacked, and I had to get replacements. Today found an item charged to my name with a shipping address in North Carolina! (I'm in New York.) Is there a recommendation for software that can protect against this, and if so, what is it? (I looked at ESET, which comes highly recommended, but when I went to sign up, was given only Windows, Mac, and Android OSes to pick. Also says end of life second quarter of 2022.
Is this something that can be protected by software, and if so, what software? Running Leap 15.3.
How do you know that the attack originated or was caused or is related to software? ESET is https://en.wikipedia.org/wiki/ESET ? Forget it. Hire an expert to look at everything you do. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 18/11/2021 21.31, Douglas McGarrett wrote:
Recently credit cards were hacked, and I had to get replacements. Today found an item charged to my name with a shipping address in North Carolina! (I'm in New York.) Is there a recommendation for software that can protect against this, and if so, what is it? (I looked at ESET, which comes highly recommended, but when I went to sign up, was given only Windows, Mac, and Android OSes to pick. Also says end of life second quarter of 2022.
Is this something that can be protected by software, and if so, what software? Running Leap 15.3.
How do you know that the attack originated or was caused or is related to software? I normally only use the credit cards on the 'net or in a restaurant. I
On 11/18/21 3:37 PM, Carlos E. R. wrote: pay cash in the local stores, and I haven't been in a restaurant for months and months. --dm
ESET is https://en.wikipedia.org/wiki/ESET ? Forget it.
Hire an expert to look at everything you do.
Hi douglas, you will never get a software who will protect you from phishing. if your credit card data where stolen, i would think you have entered your credit card data at a fake homepage. its up to you to do not click on links in emails and or check twice the correct banking account. this could never been done by a software. for banking and stores where you buy things, set a bookmark. i NEVER click at links send by me in mails, EVEN if they look like a mail from bank. for new stores search for them in internet (google), to find out if this stores you could trust. i NEVER open any attachment send by email if i am not 120% sure its somebody i know -> even there are mails around where the address is from a friend/or company i know, but they have never send this mails to me, this you could only check by your own brain. to check attachments an also links you could use https://www.virustotal.com BUT even there, last link i have checked where only recognized by one search engine "phishing" (my brain has told me this before) so i normally only check links to see how NEW the links /attachments/files are, some weeks later more search engines will detect the attachments/files/links. i have also had the situation that no engine has found anything, but weeks later they found it. -> i must be on some lists to send me always new viruses :-(((( i have had here in germany got a email with a "application for employment" (i own a small company) ALL was correct, nice personal mail with my name and some data from my company in, even the phone-number of the employee, address of that guy, all correct, only thing i have that time not asked to hire somebody. the attachment where me suspect so i have used the phone number and make a call. (but even this could be a trap charging me a high cost for the call, but it was not) there was a answering machine at the line, telling me: "if you are calling because of the email that's a fake i got a lot of calls the last couple of day's. the mail is not from me, do not open the attachment, there is a virus in, i have done a annunciation to the police because of this." you see this subject-matter is very complex. and for your computer, if you THINK you have some virus/trojan on it, YOU have to ask some professionals as carlos wrote here. even i think my skills are much better than yours, i am not sure if i would detect such things on my computer, if they are made professional. simoN Am 18.11.21 um 22:09 schrieb Douglas McGarrett:
On 11/18/21 3:37 PM, Carlos E. R. wrote:
On 18/11/2021 21.31, Douglas McGarrett wrote:
Recently credit cards were hacked, and I had to get replacements. Today found an item charged to my name with a shipping address in North Carolina! (I'm in New York.) Is there a recommendation for software that can protect against this, and if so, what is it? (I looked at ESET, which comes highly recommended, but when I went to sign up, was given only Windows, Mac, and Android OSes to pick. Also says end of life second quarter of 2022.
Is this something that can be protected by software, and if so, what software? Running Leap 15.3.
How do you know that the attack originated or was caused or is related to software? I normally only use the credit cards on the 'net or in a restaurant. I pay cash in the local stores, and I haven't been in a restaurant for months and months. --dm
ESET is https://en.wikipedia.org/wiki/ESET ? Forget it.
Hire an expert to look at everything you do.
-- B e c h e r e r GmbH Sondermaschinenbau Mauermatten Strasse 22 79183 Waldkirch Germany Tel.: (+49) (0)7681 3134 Fax: (+49) (0)7681 4378 Mail: info@becherer.de Web: www.becherer.de USt-ID-Nr.: DE 814912198 Registergericht: Freiburg HRB 701860 Geschäftsführer: Dipl.-Ing. (FH), EWE Simon H. Becherer Gerichtsstand / Sitz: Waldkirch Es gelten ausschließlich unsere allgemeinen Liefer- und Zahlungsbedingungen / Einkaufsbedingungen: www.becherer.de/AGB
And during i wrote this mail, i got a new phising mail telling me "check your account" looks like it was send from my email-server becherer.de" (but i know my server will not send such mails) the link there is "relative old", 16 hours before somebody has uploaded this link to virus total. here you could see the results: https://www.virustotal.com/gui/url/35309093f5d469575cd0161d2e614a4b4cd2407b3... simoN -- www.becherer.de
On 19/11/2021 10.37, Simon Becherer wrote: ...
and for your computer, if you THINK you have some virus/trojan on it, YOU have to ask some professionals as carlos wrote here. even i think my skills are much better than yours, i am not sure if i would detect such things on my computer, if they are made professional. I was not thinking of a profesional examining the computer, but everything in life (it is not the first time he has problems with his card). There is something Douglas does wrong. Perhaps his identity was duplicated.
Also examine network, router, etc. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 2021-11-19 04:37, Simon Becherer wrote:
if your credit card data where stolen, i would think you have entered your credit card data at a fake homepage.
I have a credit card in my wallet. I have another credit card that pays my monthly fixed payments whose details I have entered in forms on the web:- utilities, (electricity, gas, phone), subscriptions. I have a pretty good idea what that monthly deduction will be. The bank sends me a monthly list of payments against that card for my review. The card has a limit that is about twice the normal monthly charges, just in case I have a problem (such as hospitalization) with the regular payment. That low limit means that if any of the web transactions or the sites's database get hacked the impact will be limited. I have another credit car with a slightly higher total limit, but again a limit on an individual transaction, that I use for internet shopping: Wish (clothes, toys), Amazon (usually books), and eBay. If I splurge (e,g,a new camera) I'll phone the bank to tell them the specifics so as to raise the specific item limit. Oh, wait! Does you CC/bank let you set monthly credit limit and/or individual item limits? To be honest, I pay promptly so my bank keeps wanting to raise my credit limit. I can't see why I'll need a $50,000 limit on a card when my per card[1] max is never over $500. That's what you get with algorithmic banking. So, 1. Compartmentalise 2. Set limits 3. Examine reports. [1] Things like Taxes and Condo Fees are paid directly from the account, no via CC. -- “Reality is so complex, we must move away from dogma, whether it’s conspiracy theories or free-market,” -- James Glattfelder. http://jth.ch/jbg
On 11/18/21 10:09 PM, Douglas McGarrett wrote:
I normally only use the credit cards on the 'net or in a restaurant. I pay cash in the local stores, and I haven't been in a restaurant for months and months.
Restaurants and Hotels are the places where card numbers can leak especially their online booking sites. Unless you are only paying by using a chip-and-pin terminal directly, you don't really know who handles your credit card. And if you are handing your CC to a person that walks off... Using your card on random internet sites it also dodgy because each site could be compromised. Suspect sites for this would be cheap online brokers for insurance or plane tickets -- my CC was compromised when I bought some travel insurance. My recommendation, 1. use trusted payment processors like paypal.com or buy from large, reputable suppliers like Amazon or Walmart or airlines. Try to avoid giving your CC directly to unknown entities -- use paypal.com instead. Even better if your CC has 3D authentication -- online pin and 2nd factor for every transaction in addition to just a CC number. 2. use chip-and-pin terminals at stores - I don't know if US still allows usage of those obsolete magnetic stripes. Finally, don't worry. Most places around the world have regulation that caps your liability for unauthorized use and you would have 0 liability for theft like this. And, this has nothing to do with openSUSE :-> No software will prevent these things. - Adam
On 11/19/21 5:17 AM, Adam Majer wrote:
Even better if your CC has 3D authentication -- online pin and 2nd factor for every transaction in addition to just a CC number.
2. use chip-and-pin terminals at stores - I don't know if US still allows usage of those obsolete magnetic stripes.
It's worse than that. The US "allows" magnetic stripe reading if the chip can't be read at a terminal. But a PIN is not required even if the chip is used! The terminals require a signature instead, which is a joke. I usually just scribble gibberish on the signature screen, or even just an "X". No signature matching is done, the purchase always goes through. It's pure idiocy! Note that debit cards require a PIN, but those cards present other risks to the card-holder. Further discussion should be moved to the very active offtopic list. Send an email to offtopic-join@lists.opensuse.org to join. Regards, Lew
On 11/18/21 10:09 PM, Douglas McGarrett wrote:
I normally only use the credit cards on the 'net or in a restaurant. I pay cash in the local stores, and I haven't been in a restaurant for months and months.
Restaurants and Hotels are the places where card numbers can leak especially their online booking sites. Unless you are only paying by using a chip-and-pin terminal directly, you don't really know who handles your credit card. And if you are handing your CC to a person that walks off...
Using your card on random internet sites it also dodgy because each site could be compromised. Suspect sites for this would be cheap online brokers for insurance or plane tickets -- my CC was compromised when I bought some travel insurance.
My recommendation,
1. use trusted payment processors like paypal.com or buy from large, reputable suppliers like Amazon or Walmart or airlines. Try to avoid giving your CC directly to unknown entities -- use paypal.com instead.
Even better if your CC has 3D authentication -- online pin and 2nd factor for every transaction in addition to just a CC number.
2. use chip-and-pin terminals at stores - I don't know if US still allows usage of those obsolete magnetic stripes.
Finally, don't worry. Most places around the world have regulation that caps your liability for unauthorized use and you would have 0 liability for theft like this.
And, this has nothing to do with openSUSE :-> No software will prevent these things.
- Adam Thank you , Adam. I will follow your recommendations. (I have used PayPal off and on--I'm not sure sites like Amazon use it, and I never
On 11/19/21 8:17 AM, Adam Majer wrote: thought of it as a solution to the stolen number situation.) --doug
On 2021-11-18 16:09, Douglas McGarrett wrote:
I pay cash in the local stores,
How do you get the cash? I, and I presume many of us, use cards at bank teller machines. Matthew Barrett https://en.wikipedia.org/wiki/Matthew_Barrett_(banker) moved from banking in Canada https://en.wikipedia.org/wiki/Bank_of_Montreal to England https://en.wikipedia.org/wiki/Barclays Barkclays had pinioned the first technology to use converting 'plastic' to 'cash'. Barrett closed down over 170 branches in 2001, which crippled many rural communities. Sadly, there is no way to use the internet to get cash. I use plastic almost exclusively[1]. The 'almost' is that there is a threshold for the 'tap-to-pay'. That used to be $100, but was raised, sensibly, to $250 this year. But back then, yes, i hit the limit and had to swipe and enter my code. I couldn't remember what it was and my card got rejected. And FROZEN. On a Friday. So Tuesday, thank you holiday Monday, I had to find a physical bank, queue, and get the card reactivated. And a new number. No, the bank no longer has a branch in the local mall. It's bus ride, 2 changes, away. If I lived downtown, however.... But for many townships, even large town like Mississauga, Guelph https://guelph.ca/ there are no branches. So the pressure is on to change to one of the BigName monopolies, you know, the ones that have standardized services (that treat you as standardized customer) because, like the BigName cell phone companies, they have service that offers a complete coverage. But they are not cheap and they find ways to nickle-and-dime you. [1] There's a cluster of ethic stores within walking distance where I use cash for the simple reason that I can get items and services (e.g. a haircut) at prices that are about 10% to 50% of that I might pay at mainstream stores. And there is a 'no question asked' level of service. -- “Reality is so complex, we must move away from dogma, whether it’s conspiracy theories or free-market,” -- James Glattfelder. http://jth.ch/jbg
On 21/11/2021 13.30, Anton Aylward wrote:
On 2021-11-18 16:09, Douglas McGarrett wrote:
I pay cash in the local stores,
How do you get the cash? I, and I presume many of us, use cards at bank teller machines.
My father got his card duplicated at a bank teller machine (installed on the street). Then he fell ill and was hospitalized. The theft happened while he was in hospital, so there was no doubt about the fraud. They took 2 times 600€, the maximum per day of the card. I think it was around 2006. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 2021-11-18 16:09, Douglas McGarrett wrote:
I pay cash in the local stores,
How do you get the cash? As it happens, I have trouble with the teller machine, so I go to the drive-in window to get cash. I complained once, and they gave me a new card which didn't work either. Like you, I DO use the credit card for large purchases, like a TV set, or refrigerator or something, but
On 11/21/21 7:30 AM, Anton Aylward wrote: that doesn't go thru the internet. (Usually.) --dm
I, and I presume many of us, use cards at bank teller machines.
Matthew Barrett https://en.wikipedia.org/wiki/Matthew_Barrett_(banker) moved from banking in Canada https://en.wikipedia.org/wiki/Bank_of_Montreal to England https://en.wikipedia.org/wiki/Barclays Barkclays had pinioned the first technology to use converting 'plastic' to 'cash'.
Barrett closed down over 170 branches in 2001, which crippled many rural communities. Sadly, there is no way to use the internet to get cash.
I use plastic almost exclusively[1]. The 'almost' is that there is a threshold for the 'tap-to-pay'. That used to be $100, but was raised, sensibly, to $250 this year. But back then, yes, i hit the limit and had to swipe and enter my code. I couldn't remember what it was and my card got rejected. And FROZEN. On a Friday. So Tuesday, thank you holiday Monday, I had to find a physical bank, queue, and get the card reactivated. And a new number. No, the bank no longer has a branch in the local mall. It's bus ride, 2 changes, away. If I lived downtown, however.... But for many townships, even large town like Mississauga, Guelph https://guelph.ca/ there are no branches.
So the pressure is on to change to one of the BigName monopolies, you know, the ones that have standardized services (that treat you as standardized customer) because, like the BigName cell phone companies, they have service that offers a complete coverage. But they are not cheap and they find ways to nickle-and-dime you.
[1] There's a cluster of ethic stores within walking distance where I use cash for the simple reason that I can get items and services (e.g. a haircut) at prices that are about 10% to 50% of that I might pay at mainstream stores. And there is a 'no question asked' level of service.
On 11/18/21 2:31 PM, Douglas McGarrett wrote:
Recently credit cards were hacked, and I had to get replacements. Today found an item charged to my name with a shipping address in North Carolina! (I'm in New York.) Is there a recommendation for software that can protect against this, and if so, what is it? (I looked at ESET, which comes highly recommended, but when I went to sign up, was given only Windows, Mac, and Android OSes to pick. Also says end of life second quarter of 2022.
Is this something that can be protected by software, and if so, what software? Running Leap 15.3.
I had this happen recently and it was traced back to magnetic strip readers placed in gas pumps in and around Nacogdoches. As urban centers move to chip-readers only, the thugs that do magnetic strip theft have moved to the more rural areas. Worth nailing down what what compromised (magnetic strip or chip). In your case it looks more like a breach of a seller and cards sold via TOR sites since your charges were from 100s of miles away (mine were too - cards were being used in Houston, 150 mi away) So it's hard to tell. If it was a magnetic strip theft, then it may just be a coordinated scam in your area and the bad guys take the data a couple hundred miles down the road and print new cards with your strip..... Buggers. -- David C. Rankin, J.D.,P.E.
On 21/11/2021 10.03, David C. Rankin wrote:
On 11/18/21 2:31 PM, Douglas McGarrett wrote:
Recently credit cards were hacked, and I had to get replacements. Today found
...
I had this happen recently and it was traced back to magnetic strip readers placed in gas pumps in and around Nacogdoches. As urban centers move to chip-readers only, the thugs that do magnetic strip theft have moved to the more rural areas.
Worth nailing down what what compromised (magnetic strip or chip). In your case it looks more like a breach of a seller and cards sold via TOR sites since your charges were from 100s of miles away (mine were too - cards were being used in Houston, 150 mi away) So it's hard to tell. If it was a magnetic strip theft, then it may just be a coordinated scam in your area and the bad guys take the data a couple hundred miles down the road and print new cards with your strip..... Buggers.
My two debit cards do not have any magnetic band. Amazing you still use them. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 11/21/21 1:03 AM, David C. Rankin wrote:
Is this something that can be protected by software, and if so, what software? Running Leap 15.3.
I had this happen recently and it was traced back to magnetic strip readers placed in gas pumps in and around Nacogdoches. As urban centers move to chip-readers only, the thugs that do magnetic strip theft have moved to the more rural areas.
Do they install the strip readers on the inside of the gas pumps? Or are they stuck on the outside where they'd be obvious if you knew what to look for? Regards, Lew
On 11/21/2021 11:04 AM, Lew Wolfgang wrote:
On 11/21/21 1:03 AM, David C. Rankin wrote:
Is this something that can be protected by software, and if so, what software? Running Leap 15.3.
I had this happen recently and it was traced back to magnetic strip readers placed in gas pumps in and around Nacogdoches. As urban centers move to chip-readers only, the thugs that do magnetic strip theft have moved to the more rural areas.
Do they install the strip readers on the inside of the gas pumps? Or are they stuck on the outside where they'd be obvious if you knew what to look for?
Regards, Lew
https://www.pcmag.com/how-to/how-to-spot-and-avoid-credit-card-skimmers
participants (8)
-
Adam Majer
-
Anton Aylward
-
Bill Walsh
-
Carlos E. R.
-
David C. Rankin
-
Douglas McGarrett
-
Lew Wolfgang
-
Simon Becherer