Jump to content

Photo
* * * * - 1 votes

Potential Credit Card Security Issue


119 replies to this topic

#1 Jeremy

Jeremy

    Hardcore Criminal

  • Retired Staff
  • 23565 posts
  • Gender:Male
  • Location:Columbus, IN
  • Faction::Free Agent

Posted 16 January 2012 - 11:18 AM

So I get a message in my "other" messages on Facebook the other day, which means someone not on my friends list, from this guy:

https://www.facebook.com/loveforht

Don't know him from a load of coal since he lives in Vietnam of all places, but he's messaged me basically saying "Hey Jeremy, here's your home address information, please confirm". I ask what's going on and what this is in regards to, and he pulls out even MORE information. Cell phone number, debit card number except for the last two digits (XX), card expiration date, card security number. When I ask him what's going on and where he got the information, he proceeds to tell me he's trying to figure out the reason my information was published online I guess, and keeps insisting I need to check my records for transaction with an online shopping website for 4/27/2011. When I say I don't really use my debit card for shopping online much, he keeps pursuing the April thing repeatedly, expanding the date parameters.

I've called and deactivated my debit card by this point, the lady on the phone did say there might be a suspicious charge attempt for Google, since I don't use that for anything finance-related. I keep pressing the guy about who he is, and why this is any of his business. He keeps pressing for wanting to know about any shopping done in my April records, which really only include some Paypal deposits into my account, and one with Fun Publications/transformersclub.com. That one was listed as charged on the 29th in my online account records, but the actual transaction could have happened on the 27th for all I know.

He still fails to tell me what's going on, or why he's so interested, so I told him thanks for the heads up on the card security issue but that we're done as far as I'm concerned. I kind of feel like I need to report this to Facebook, the authorities, or both, but I'm not sure how to go about that at all. Figured there's a pretty big experience pool here at the Allspark, so wanted to see what people think.

I've gone ahead and contacted Fun Pub about this.

Edited by Jeremy, 16 January 2012 - 11:27 AM.

"Wise men profit more from fools than fools from wise men; for the wise men shun the mistakes of fools, but fools do not imitate the successes of the wise." - Cato the Elder

"Majority rule only works if you're also considering individual rights. Because you can't have five wolves and one sheep voting on what to have for supper." - Larry Flynt

#2 ultra magnus13

ultra magnus13

    Razzaroo

  • Citizen
  • 5776 posts
  • Faction::Free Agent

Posted 16 January 2012 - 02:04 PM

QUOTE(Jeremy @ Jan 16 2012, 03:18 PM) <{POST_SNAPBACK}>
So I get a message in my "other" messages on Facebook the other day, which means someone not on my friends list, from this guy:

https://www.facebook.com/loveforht

Don't know him from a load of coal since he lives in Vietnam of all places, but he's messaged me basically saying "Hey Jeremy, here's your home address information, please confirm". I ask what's going on and what this is in regards to, and he pulls out even MORE information. Cell phone number, debit card number except for the last two digits (XX), card expiration date, card security number. When I ask him what's going on and where he got the information, he proceeds to tell me he's trying to figure out the reason my information was published online I guess, and keeps insisting I need to check my records for transaction with an online shopping website for 4/27/2011. When I say I don't really use my debit card for shopping online much, he keeps pursuing the April thing repeatedly, expanding the date parameters.

I've called and deactivated my debit card by this point, the lady on the phone did say there might be a suspicious charge attempt for Google, since I don't use that for anything finance-related. I keep pressing the guy about who he is, and why this is any of his business. He keeps pressing for wanting to know about any shopping done in my April records, which really only include some Paypal deposits into my account, and one with Fun Publications/transformersclub.com. That one was listed as charged on the 29th in my online account records, but the actual transaction could have happened on the 27th for all I know.

He still fails to tell me what's going on, or why he's so interested, so I told him thanks for the heads up on the card security issue but that we're done as far as I'm concerned. I kind of feel like I need to report this to Facebook, the authorities, or both, but I'm not sure how to go about that at all. Figured there's a pretty big experience pool here at the Allspark, so wanted to see what people think.

I've gone ahead and contacted Fun Pub about this.


Talk to your card company's fraud department. They should handle it from there.
I finally got rid of that big white box.

#3 Benbot

Benbot
  • Supporter
  • 2976 posts
  • Gender:Male
  • Location:Dublin, OH
  • Faction::Autobot

Posted 16 January 2012 - 02:14 PM

Do you have identity theft insurance? Reading this makes me think I should get some.

#4 Jeremy

Jeremy

    Hardcore Criminal

  • Retired Staff
  • 23565 posts
  • Gender:Male
  • Location:Columbus, IN
  • Faction::Free Agent

Posted 16 January 2012 - 03:31 PM

No identity theft insurance. When I call about getting my replacement debit card, I'm going to ask them if there are any steps that they're going to take.

I'm really pretty convinced it was the Transformers Club website to blame now, because there just aren't a lot of other candidates around that time, and I think they have all my information in their system as it was presented to me by the mysterious man from Vietnam. I mainly only shop with BBTS online, and that's my credit card, not my debit card. Paypal is about all I use otherwise.
"Wise men profit more from fools than fools from wise men; for the wise men shun the mistakes of fools, but fools do not imitate the successes of the wise." - Cato the Elder

"Majority rule only works if you're also considering individual rights. Because you can't have five wolves and one sheep voting on what to have for supper." - Larry Flynt

#5 CORVUS

CORVUS

    It's always sunny in Heliopolis!

  • Supporter
  • 29000 posts
  • Gender:Male
  • Location:Philadelphia, PA
  • Faction::Autobot

Posted 16 January 2012 - 04:08 PM

When was your last transaction at the club site? That has me concerned as well.

I'm glad that thus far your bank account seems not to have taken a hit. A very odd and unnerving situation.

Transformers is a brand that really has something for everyone. We are a darn lucky fandom.


#6 BlitzwingHaz

BlitzwingHaz

    "Wooo! I'm freaking out!"

  • Citizen
  • 15653 posts
  • Gender:Male
  • Location:Scotland

Posted 16 January 2012 - 04:38 PM

The bank will be able to pull up more details on your POS transactions for those dates. I'd contact them.
Also, I believe credit cards are much better protected against fraud than debit cards when it comes to claiming back funds.

#7 Dissever

Dissever

    WHOO WHOO Spring!

  • Citizen
  • 4747 posts
  • Gender:Female
  • Location:Atlanta GA
  • Faction::Decepticon

Posted 16 January 2012 - 05:01 PM

QUOTE(Jeremy @ Jan 16 2012, 03:31 PM) <{POST_SNAPBACK}>
No identity theft insurance. When I call about getting my replacement debit card, I'm going to ask them if there are any steps that they're going to take.

I'm really pretty convinced it was the Transformers Club website to blame now, because there just aren't a lot of other candidates around that time, and I think they have all my information in their system as it was presented to me by the mysterious man from Vietnam. I mainly only shop with BBTS online, and that's my credit card, not my debit card. Paypal is about all I use otherwise.



Very well may be. I had a VERY sophisticated phishing attempt made on me the day after my registration. Had someone call up, claiming to be Bank of America's fraud department. They attempted to get information from me regarding account number. They made the mistake of asking for expiration date and the CVV. Cue skidding brakes/record needle scratch noise. I told them I had forgotten and didn't have the card with me, at which point they attempted to get information about 'other' accounts. They said that they were going to close the account and issue a replacement card.

I called Bank of America directly and discussed it with them -- the 800 number wasn't on their records anywhere for their fraud department OR for FIA card services, which issue the card. He said that vendors would often cancel blocks of cards if they believe their information has been compromised, and the credit card companies would reissue cards. So the most likely scenario was that info was intercepted, and then the folks that got a hold of the credit card info were trying to capitalize on it by CALLING the people whose info they had stolen in an attempt to get more (enough) info to be able to make actual fraudulent charges before the vendor contacted the card company. On top of that, they add a mock fraudulent charge to the list, which the target can't verify online since the actual bank has halted the account.

And guess what? THEY can pull up details of transactions too! So they come off as legit because they have info that most people wouldn't expect anyone except the card company to know. They know enough about how the vendors and credit cards interact with each other to be able to bluff their way through conversations with the victim, presenting themselves as authorities, and can 'assure' them that they will cancel the card and reissue one -- which the bank was already doing on its own!

********************************* ->?<- *********************************
I DO ART (SOMETIMES!!) Transformers and dragons, oh my! http://heatherbeast.deviantart.com
********************************* ->?<- *********************************





#8 Jeremy

Jeremy

    Hardcore Criminal

  • Retired Staff
  • 23565 posts
  • Gender:Male
  • Location:Columbus, IN
  • Faction::Free Agent

Posted 16 January 2012 - 05:21 PM

QUOTE(^0^CORVUS^o^ @ Jan 16 2012, 09:08 PM) <{POST_SNAPBACK}>
When was your last transaction at the club site? That has me concerned as well.

I'm glad that thus far your bank account seems not to have taken a hit. A very odd and unnerving situation.


I imagine it's only been Botcon registration recently, and then that transaction toward the end of April of 2011. I don't really buy other items from the club store except for renewing membership, club exclusives, and Botcon.

For what it's worth, Angie from Fun Pub emailed me back and said she's transferred the information to the appropriate parties. I hate to accuse them, but they're the most likely candidate, and we all know they might not be the most secure website out there. icon-wildride.gif
"Wise men profit more from fools than fools from wise men; for the wise men shun the mistakes of fools, but fools do not imitate the successes of the wise." - Cato the Elder

"Majority rule only works if you're also considering individual rights. Because you can't have five wolves and one sheep voting on what to have for supper." - Larry Flynt

#9 CORVUS

CORVUS

    It's always sunny in Heliopolis!

  • Supporter
  • 29000 posts
  • Gender:Male
  • Location:Philadelphia, PA
  • Faction::Autobot

Posted 16 January 2012 - 05:35 PM

Ugh, yeah.

In future, unless FunPub improves the site, I think I'll stick to purchasing VISA gift cards and such for transactions with them.

Transformers is a brand that really has something for everyone. We are a darn lucky fandom.


#10 Kalidor

Kalidor

    Get some!

  • Owner
  • 55630 posts
  • Gender:Male
  • Faction::Cannonball's Pirate Crew

Posted 16 January 2012 - 05:47 PM

Wasn't there a situation a while back where some site was showing other people's info who tried to log in there?

#11 Engledogg

Engledogg
  • Citizen
  • 1947 posts
  • Gender:Male
  • Location:Southwestern PA
  • Faction::Autobot

Posted 16 January 2012 - 05:56 PM

QUOTE
Wasn't there a situation a while back where some site was showing other people's info who tried to log in there?


Yep...if I'm not mistaken, it was the Club Store during the SDCC Alternators Nemesis Prime fiasco.

MIKE
engledogg

Edited by Engledogg, 16 January 2012 - 05:57 PM.


#12 Kalidor

Kalidor

    Get some!

  • Owner
  • 55630 posts
  • Gender:Male
  • Faction::Cannonball's Pirate Crew

Posted 16 January 2012 - 06:09 PM

That's what I thought but I didn't want to say because I wasn't sure. I remember being worried something like this could happen.

#13 Jeremy

Jeremy

    Hardcore Criminal

  • Retired Staff
  • 23565 posts
  • Gender:Male
  • Location:Columbus, IN
  • Faction::Free Agent

Posted 16 January 2012 - 09:37 PM

So I'm pretty well convinced that it's the Transformers Club website, the fact the guy had my cell phone number is kind of a dead giveaway because that's in my information on the club site at checkout. Do you guys think he was trying to get me to name a specific website for some sinister reason, like maybe finding out a good place that would be easy pickings to dig for further personal information? I specifically made sure not to give him anything, not knowing him from a load of coal, and the way he pursued getting me to give him any scrap of information from my records was a big red flag for me.

I need to renew my club membership, too. Not really dying to plug my credit card number in there, or my new debit card when I get it. :-\

Edited by Jeremy, 16 January 2012 - 09:44 PM.

"Wise men profit more from fools than fools from wise men; for the wise men shun the mistakes of fools, but fools do not imitate the successes of the wise." - Cato the Elder

"Majority rule only works if you're also considering individual rights. Because you can't have five wolves and one sheep voting on what to have for supper." - Larry Flynt

#14 Spectre

Spectre

    Full of joy.

  • Retired Staff
  • 8007 posts
  • Gender:Male
  • Location:Bay Area, CA
  • Faction::Decepticon

Posted 16 January 2012 - 10:49 PM

Hrm.



#15 Lisbon Virgo

Lisbon Virgo

    Temperamental Kuvrawk. You've been warned.

  • Supporter
  • 2892 posts
  • Gender:Male
  • Location:Star Rock Falls
  • Faction::Cannonball's Pirate Crew

Posted 17 January 2012 - 02:29 AM

If you want to renew, I'd go with Corvus' suggestion and use a prepaid card of some sort.

If it were me, I'd refuse to do any further business with the club and let them know specifically why.
3DS Friend Code: 5155 - 3611 - 9787
I was Ursa'ed on 10/22/13!

#16 Cat

Cat

    Senior Foreign Correspondent

  • News and Content
  • 9810 posts
  • Gender:Not Telling
  • Location:Australia
  • Faction::Autobot

Posted 17 January 2012 - 05:32 AM

Unless the guy was trying to extort money from you, or didn't HAVE those last two digits (unlikely, but who knows), it seems to me this guy really did you a huge favour.

Generally, malicious users don't WANT you to know they have your details. The longer you don't know, the better.

In fact, if what he told you was accurate, it's too late for you to do anything about a charge from April of last year, with most credit providers. So it's all a bit weird, and I honestly think he may have been doing you a favour.

And really, how DO you tell a stranger you know all their credit card details? It's gonna seem creepy however you say it.
MP Coin Collector. Currently wanting an Ultra Magnus coin, and happy to pay for your unwanted coin.

#17 Jeremy

Jeremy

    Hardcore Criminal

  • Retired Staff
  • 23565 posts
  • Gender:Male
  • Location:Columbus, IN
  • Faction::Free Agent

Posted 17 January 2012 - 11:10 AM

Well, the guy also refused to really give me any context for what was going on, or who he was, though I acknowledge he could have faked it and said anything he wanted. Pretty much why at the end, after he kept pursuing his desire for information on what websites I'd bought from, I said thanks for the heads up, but we're done here.
"Wise men profit more from fools than fools from wise men; for the wise men shun the mistakes of fools, but fools do not imitate the successes of the wise." - Cato the Elder

"Majority rule only works if you're also considering individual rights. Because you can't have five wolves and one sheep voting on what to have for supper." - Larry Flynt

#18 Robogeek1973

Robogeek1973
  • Retired Staff
  • 14542 posts
  • Location:Rotterdam NY

Posted 17 January 2012 - 12:03 PM

Well this is pretty scary as I just rejoined the club last month using my credit card. I've already had my info stolen once and had to deal with $1500 in charges already...I'd rather not hafta go through that garbage again. Guess I need to check my cc balance every day to keep an eye on it.

#19 Daytonus

Daytonus

    Boring

  • Retired Staff
  • 11770 posts
  • Gender:Male
  • Location:Bloomington, IN
  • Faction::Cannonball's Pirate Crew

Posted 17 January 2012 - 12:06 PM

every month, i go through and itemize everything on my credit card. I also make all purchases either on my credit card or with cash, never my debit card. It's easier to fix problems with credit than to try to get your own money back once it's withdrawn.

#20 Dake

Dake

    I can see my house from here!

  • Supporter
  • 13625 posts
  • Location:The planet that is farthest from.

Posted 17 January 2012 - 01:06 PM

Wow - this is pretty crazy. I think I joined the club in late March last year. I only remember I wanted to wait until after the cutoff for the Sideburn because I didn't want another Hot Rod mold. And then I purchased the Cheetor and Ramjet.

edit - paid with my credit card (on April 28th...) so hopefully if anything squirrelly pops up now it will be covered.

Edited by Dake, 17 January 2012 - 01:09 PM.

PApddmT.jpg
 
 



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users