Internet fraud

Anyone been the victim of internet fraud?

I checked my account today to find that £250.00 had been paid from my account over the internet to a man’s suit shop. I am positive that even I can’t accidentally spend that much without noticing it. Not on men’s suits anyway.

I’ve contacted the bank to cancel my card and their fraud squad are going to contact me in the morning.

I ordered a book on an internet site and shortly afterwards got a very odd email stating that they had been unable to place the order. I clicked on the link to the shop in the email (fatal error I think). The next day the money was gone. Two days later they took £5.50 (£5.50???) when I was in Amsterdam with no internet access.

Damn it, i’ve always enjoyed shopping on the internet.

Cathy

I was ripped off on Ebay, but that’s more common.

noooo! not ebay!

Unijesse, don’t spam in threads where people are looking for help or sympathy. It isn’t cool.

I had a cheap eBay auction not show up and the seller simply disappeared and a bunch more people started complaining. They had a huge rating, so maybe they died or something? I dunno. Was weird to happen all of a sudden after a very long, positive run.

My sister had someone take 2000$ from her bank account. Luckily she got it back. Another friend of mine had a few charges to his credit card, for something like 1000$. It was used in Sweden. I try to use cash as much as possible, but even that’s not too safe anymore, what with the counterfeiters. It sucks.

I won an ebay auction and when I went to leave feedback I discovered the account was no longer in use. I got what I ordered though so that was all good. It made me kinda wonder about ebay for a while, but i’ve had enough ebay transactions go well that I’m not too worried about it anymore.

That’s too bad that you got ripped off cathwood hope things work out.

Make sure to never click on links in emails. That’s a danger maneuver.

As for internet fraud on us, we’ve always been very careful. When we bought my new Torker DX on ebay, the guy emailed a month after we payed (money order in mail) and said “you never sent the money!” We proceded to scan the money order receipt and send the photo via email and got a reply to the effect of “Oh gee, will you look at that? It just showed up in my mail this morning. What a coincidence…”

Sure buddy.

but did you get the dx?

and also, ebay says they will never ask for any bank info through email, so if you get one asking for any info be carefull!

I had an internet fraud charged to my Visa, far exceeding the limit.

This was about 4 years back, when internet fraud was known, but certainly not as popular.

It cost $15,000 (which Visa immediately covered)

It was a wooly mammoth tusk shipped to indonesia!

Things to look for when spending money online:

  • When you get to the payment page, that is, where you start putting in credit card information or similar, check to see that it’s a secure connection. That means there is an “https://” in your address bar, or the little padlock on your browser is closed. Those are not guarantees of no fraud, but they show a secure connection is being used.

  • Then check the URL in the address bar. Are you still on the site you’re supposed to be on? Many online merchants switch you to a separate site for the payment process, and this is the payment-handling company. But beware of pure IP addresses (https://107.456.987.02/ or similar).

  • Also be aware of spoof-sites. If you’re supposed to be at www.amazon.com, make sure you’re not at www.amazon.books.com. In the case of that example, you are at the “amazon” subdomain of “books.com.” The thing before the “.com” is the actual domain of the site. Amazon can have any number of their own subdomains, such as www.sale.amazon.com or www.usedbooks.amazon.com, as long as it ends with “amazon” before the .com.

  • Even then, the URL can be spoofed. Your browser (and computer) can be fooled by a false DNS. Without going into detail, it’s a file that’s worked its way onto your computer that re-directs legitemate URLs to “other” addresses. So your browser may say www.amazon.com, but it may actually be pointing to http://127.692.345.67/sucker/.

  • Consumer Reports also recommends noticing spelling and grammar on any commercial web sites. If they expect you to give your credit card info, you should expect them to have only very minimal spelling and grammar problems in the worst case.

  • Also make sure any vendor you buy from online provides a company name, street address and phone number(s) somewhere on their site.

When in doubt, stick with vendors you know. Two of my favorites are Amazon and Buy.com, and I’ve bought lots of stuff on eBay. For eBay, generally you’re very safe with a seller that has a good track record. If you don’t check it’s not somebody else’s fault1

thank you, that was very helpful to all

I like the bank redirects and credit union redirects. The ones which indicate that they are redirecting to an html site are benign. Those with an extension other than .html may be dangerous executables. One of them actually came up with a small indicator that you needed to install the Chinese character set. On these sites which need for you to update your info or your account will be closed (remember, you don’t have an account at this institution) they want input. They want everything about your credit card. I have been Geoerge Bush before on these sites as well as using names which, in English, would be pornographic at best. Then the trick is to make up a credit card number that the running program believes might be valid. Those that start with 4444 seem to be accepted. They want the code from the back of the card. Anything will do here. Then they want your pin. You have to remember what you make up here so I just use something like 1111 or 1234. On the next page they want you to re-enter your pin. Then you are redirected to the legimate site. I only hope they try to use some of the names and cc numbers I have given them.

well this isn’t internet fruad but my grandma had her visa stolen and the people who stole it bought $2500 worth of alchahol at different places through out toronto before she was able to cancell it. unfortunatly she never got the money back.:frowning: some people are such jerks

i hope they drank themselves to death. and i hope they knew they were going to die before they passed out in the public bathroom. i hate theives.

So far ( crossed fingers) no problems. A couple of things with credit cards, which the CCCo sorted ( and in one case spotted themselves), but no internet problems. I always use Paypal to pay, which makes me feel safer.

I think in these modern times internet shopping is more or less a necessity at times, certainly a convenience, and I am sure that with care and knowledge it can be safe. Trouble is that there will always be newbies, and many of the newbies will be oldies, and will thus often be easier to dupe.

Nao

A nice idea, one I had also thought of, but I would rather not let them know my address really exists. And I really can’t be bothered giving them my time either. Often, by the time you get one of these, especially those “from a major bank” the site has been closed down anyway following complaints.

Nao

I’m no newbie and I do all the things that John Foss suggested. I’m a careful user and I’ve never had any problems before.

However I did click on the email link, which if it is internet fraud has to be how it happened. I don’t know how though.

I’m beginning to suspect that it might have been a mistake. We have found out which shop it was used at, the address and name of the person the 10 shirts that were bought were sent to. Apparantly some were returned. That seems such odd behaviour for someone ripping me off.

Except the card was used on the 10th, when I was out of the country and had no access to the internet. The shop involved in the second transaction actually returned the money to my account and refused to continue with the transaction. The bank says that some savy shops will do this if they smell something dodgy going on.

Cathy

This isn’t true. HTML pages can be just as dangerous as any non-HTM/HTML extension that you see on the web.

With a very basic understanding of how web servers work, you can have all HTML pages parsed for any sort of code that you’d like and treated as any other type of page that you see on the web.

What I tell people is to never open mail from people that you don’t know. Beyond that, when you receive attachments, never open them from people that you don’t know and if you do know the recipient but aren’t expecting the attachment, send them an email asking if it’s safe before opening it.

Most mail-based viruses (e.g., mass-mailing worms) will use an infected machine’s contact list to spoof the “from” field in emails - which means you can get messages from someone you know - even though it’s the virus doing it, not your friend.

As an IT professional, you’d be amazed at how much trouble this very basic advice can save you and your friendly IT gal/guy.

Sorry, I had no intention of seeming to apply the newbie label to you, just using it as a generalisation.
This may not be an internet fraud, but just a simple fraud problem, or indeed some sort of error. Consider also that he might also have been using the shirt return as a means of simply getting hold of some cash!

Never under or overestimate the intelligence of a criminal. Some are very clever. Others not so. One guy in Stockport tried to rob a building society. The cashier said she was busy and would he mind taking a seat and waiting. He was still there when the cops arrived! Manchester Evening News Story.

I used a visa card, one I had not used for over a year to purchase some petrol. Later that week I had a phone call from my CCCo. to tell me they were observing “unusual” activity on my card. An attempt had been made to purchase car spares with the card, “card not present, it is in my other pants”. The car spares firm reported the incident and, because I had only used the card once in a year, I was able to say not only where it was used, but which sales person dealt with the sale. A guy was charged with an offence.

Mail order, and I assume internet order companies, are supposed to check the delivery address matches the card number, and if not raise a flag. Anyone in a position to have written down your card details, name, number, expiry and check code, could try to use your card on line or by phone. Using the criminal’s own address is a bit stupid ( if this was indeed a fraud and not some sort of error). Many fraudsters use an empty house as an address, and either break in, or just happen to be in the garden when the delivery arrives. If they know the address of the card owner, they could even be gardening in your front garden whilst you are at work!

I look forward to this “random” number generator idea for mail order card use. Excellent idea. I use the same system for some high security computer access, and have a mini key fob that generates a new 6 digit number every 2 minutes, which I enter as I log in. But also I cannot see why credit cards do not carry a photograph as well as chip and pin. Law of diminishing returns I guess.

The other incident I had was where a petrol station visa entry appeared twice, once on each of two consecutive statements. I phoned the CCCo to complain, mentioned I wished to query an entry, and their reply was “is it the £20.31 entry?” It was, but if they already knew, why did they not do something about it? I had not even mentioned a duplicate entry as being the problem. Very odd.

Also and obviously: run firewall, anti-virus, and something like Ad-Aware.

Remember as well: using someone else’s computer is like using someone else’s toothbrush. You have no idea what might be lurking in it. Don’t use it for anything sensitive, or for anything that requires you to enter your passwords. Keyloggers can capture everything that you type in, and transmit it to a remote computer. Equally be carfeful who you allow to use your own machine.

Nao