Ever have a credit card number stolen???
- Thread starter stratslinger
- Start date
Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:
- Status
knotquiteawake
Well-Known Member
Looking at the end user machine is not the answer for most of us. My system is clean and my card was compromised. I also work in IT so I run a very tight ship with my system, I think malware on the client computer is the wrong tree to bark up here.
Seems more likely its either the webhost or the processor. I wonder if AHS is hosted locally with their own in house server or if they have some kind of rackspace dealeo somewhere.
Seems more likely its either the webhost or the processor. I wonder if AHS is hosted locally with their own in house server or if they have some kind of rackspace dealeo somewhere.
DrawTap88
Well-Known Member
Not necessarily... Check this out.
http://www.scrippsnews.com/node/59494
I'm guessing that AHS has a hosted web-site offsite somewhere, on a non-dedicated web server. If a banner ad had a malicious script on it, it could have loaded something into your computer easily. Not only do we have AHS in common here, we also have this site. I know, other "experts" are working on this, but this was an idea that I didn't read anywhere on the 29 d@mn pages.
Hermit
fuddle
Not hard to find out. Dig or whois will give you the answer. You hit it on your third to last word.
Another interesting article on what I mentioned about DNS poisoning above:
http://www.businesswire.com/news/ho...ic-Emerges-World’s-Largest-Payment-Processors
http://www.businesswire.com/news/ho...ic-Emerges-World’s-Largest-Payment-Processors
DrawTap88
Well-Known Member
Had 3 come up after running the Maleware Bytes software.
c:\users\my name\local settings\application data\85574.exe
c:\users\my name\local settings\85574.exe
c:\users\my name\temporary internet files\Content IE5\77WP02L\index[1].exe
c:\users\my name\local settings\application data\85574.exe
c:\users\my name\local settings\85574.exe
c:\users\my name\temporary internet files\Content IE5\77WP02L\index[1].exe
ColoradoJon
Member
I place all of my online orders from my Mac. Although not totally immune to malware/spyware and DNS hacks, the system is pretty darned clean. I'm certain my CC numbers were obtained upstream.
CJ
CJ
DaBiggin
Active Member
I placed my order with my android smart phone and am running security software.
gio
Well-Known Member
This happened to me too!
I made my first ever purchase from Austin Homebrew on Saturday 2/5. On Monday I got a call from my credit card company saying that they suspected fraud as there was a $1000 charge in the UK and a $40 charge at a pizza hut also in the UK (I've never been to the UK). They closed my account. Does Austin Homebrew know about this??
I made my first ever purchase from Austin Homebrew on Saturday 2/5. On Monday I got a call from my credit card company saying that they suspected fraud as there was a $1000 charge in the UK and a $40 charge at a pizza hut also in the UK (I've never been to the UK). They closed my account. Does Austin Homebrew know about this??
GodsStepBrother
Well-Known Member
- Joined
- Apr 22, 2009
- Messages
- 1,261
- Reaction score
- 30
I just had my bank call me as well they froze my account. I purchased from AHB on 02/01/11, lucky for me I am a broke philosophy student so they tried to charge stuff that got denied!
hahahahahahaha! bastards! I told my bank to let them keep trying on my broke a** acount that way they can find these punks.
I will continue to trickle my little bit of money to AHB!
hahahahahahaha! bastards! I told my bank to let them keep trying on my broke a** acount that way they can find these punks.
I will continue to trickle my little bit of money to AHB!
knotquiteawake
Well-Known Member
the other common denominator.....
http://www.homebrewtalk.com
Didn't the bb software just recently get upgraded?
http://www.homebrewtalk.com
Didn't the bb software just recently get upgraded?
knotquiteawake
Well-Known Member
That talk about banner ad site hijacking got me thinking about it as well. So then the card could have been taken from any other online transaction as well.
If it was something to do with HBT, though, wouldn't we be hearing from dozen of people who shopped at Northern Brewer or MoreBeer (or non-homebrew shops) and had their cards stolen? I mean, AHS is pretty popular around here, but they don't have an exclusive on HBT members' spending.
sudsmcgee
Well-Known Member
Not necessarily... Check this out.
http://www.scrippsnews.com/node/59494
I'm guessing that AHS has a hosted web-site offsite somewhere, on a non-dedicated web server. If a banner ad had a malicious script on it, it could have loaded something into your computer easily. Not only do we have AHS in common here, we also have this site. I know, other "experts" are working on this, but this was an idea that I didn't read anywhere on the 29 d@mn pages.
Ummmm...
https://www.homebrewtalk.com/f19/ever-have-credit-card-number-stolen-223663/index7.html#post2631122
certaut
Well-Known Member
its not AHB it's MS winders
http://news.cnet.com/8301-27080_3-10436083-245.html
http://www.pcmag.com/article2/0,2817,2358157,00.asp
but your best bet is to use paypal,, or if you want to use a card, open a separate account with a debit card and use it for online purchases only. fund the account with only what you plan to spend
we recently did a program for a financial institution where their account holders were given a usb key with a operating system (Linux) and a web browser that would only connect to their bank account. you would reboot with the key and you would be in a virus-Trojan proof environment. that was certificate and password authenticated
their account theft for those accounts dropped to "0"
http://news.cnet.com/8301-27080_3-10436083-245.html
http://www.pcmag.com/article2/0,2817,2358157,00.asp
but your best bet is to use paypal,, or if you want to use a card, open a separate account with a debit card and use it for online purchases only. fund the account with only what you plan to spend
we recently did a program for a financial institution where their account holders were given a usb key with a operating system (Linux) and a web browser that would only connect to their bank account. you would reboot with the key and you would be in a virus-Trojan proof environment. that was certificate and password authenticated
their account theft for those accounts dropped to "0"
knotquiteawake
Well-Known Member
No IE in my household.
gritmaster
Well-Known Member
- Joined
- Feb 28, 2008
- Messages
- 69
- Reaction score
- 1
Ralelen
Well-Known Member
No IE in my household.
Im studying for my LSATs tomorrow, please no distractions
MikeG
Well-Known Member
snevey said:OK, my suggestions are null.
My coworker who's cc was compromised does not visit hbt.
DaBiggin
Active Member
Did you even read those articles? Those 2 articles are over a year old. Not to mention that I placed my order via my android smart phone.
Bithead
Well-Known Member
+1 what gritmaster said. One can buy CC numbers online. Also can buy kits to make malicious software, cheap and easy. This incident and many similar to it are more common than you might think.
Ack... I just placed a small order with AHS for the first time yesterday morning. Not a big deal though... I admittedly used a Visa debit but that account has like $2 right now. I'm just wondering if it'd be prudent to request a new card so I don't get hit down the road. I'm not going to NOT shop at AHS because of this, but I'm in Canada, so I don't expect to be shopping with them very much anyways (beyond some stuff I had difficulty finding here.) I placed my order on my Nexus One (android phone)... we'll see if a probe charge shows up, I guess.
AHS is very lucky though that the "hobbyists" their business supports are more like addicts. Many other businesses could be ruined by even a fraction of the suspicion generated in these threads.
AHS is very lucky though that the "hobbyists" their business supports are more like addicts. Many other businesses could be ruined by even a fraction of the suspicion generated in these threads.
You know, if something malicious was on a banner, it could be on other web pages too... And if it was written in something universal, like a java script, that would run across platforms, i.e. Firefox, IE, Mac, Android, etc.
ChshreCat
Well-Known Member
There's plenty of folks getting hit with this that aren't paid members, so I can't see it as coming from HBT.
DaBiggin
Active Member
True enough. I just think that we should not speculate. Also I never click on any banner ads, etc. The card I used is one I use for common purchases locally, such as gas station and ABC store. Both brick and mortar. The only online purchase on this card was with AHS.
on a brewing board, a connection with a homebrew store is not necessarily anything relevant. same with walmart, the largest retailer in the world. typically these things are stolen in local ways, through using a private ATM machine that someone's attached a card reader to (youd never notice anything out of the ordinary), it can also happen on some older card transaction machines when the reciept printed out does not X out all the card numbers... this is VERY common with small mom and pop store, hairdressers, nail salons, garden shops, florists, etc. who dont have advanced POS systems...
i use my cards alot, mostly instead of cash. i find my numbers get swiped probably once every 18 months or so. two things that help. work with good banks with good protection... my banks give me the benefit of the doubt and refund me the stolen money immediately pending the investigation, if they are able to get the money back from the merchants (which they are very motivated to do) they'll send me a note telling me when they will take back the advance they gave me and when the merchant money will be refunded back to my account. i also have email notification of any charges on my debit made by either phone or internet (ie. not in person).. i always catch the charges this way because i get the email on iphone promptly and i know whether ive purchased anything in the last 15min or not.
its not the end of the world. just a cost of doing business with plastic.
i use my cards alot, mostly instead of cash. i find my numbers get swiped probably once every 18 months or so. two things that help. work with good banks with good protection... my banks give me the benefit of the doubt and refund me the stolen money immediately pending the investigation, if they are able to get the money back from the merchants (which they are very motivated to do) they'll send me a note telling me when they will take back the advance they gave me and when the merchant money will be refunded back to my account. i also have email notification of any charges on my debit made by either phone or internet (ie. not in person).. i always catch the charges this way because i get the email on iphone promptly and i know whether ive purchased anything in the last 15min or not.
its not the end of the world. just a cost of doing business with plastic.
DaBiggin
Active Member
Are you inferring that we all had our cards compromised by the very same local vendors? I doubt that all these people were in my town.
i posted before i saw the post by forrest, if they have confirmed then that's that. but i am saying that local transactions are more likely to be compromised than online. and there are thousands of card compromised every day, tens of thousands probably.
im just sayin, it happens. be aware it can happen, take reasonable precautions and roll with the flow. if you want you can change your account number every year if you want, get a new card and start "fresh"
i tend to end up doing that anyway because when i read about a million cards being stolen from XYZ national store, its usually one i stop at so i get a new card, then once in awhile ill see a transaction thats not mine, or see a $1 transaction out of the blue. those are warnings, call the bank , stop the card, get a new one issued.
im just saying, this happens alot, every day, all over. its not a rare occurrence.
im just sayin, it happens. be aware it can happen, take reasonable precautions and roll with the flow. if you want you can change your account number every year if you want, get a new card and start "fresh"
i tend to end up doing that anyway because when i read about a million cards being stolen from XYZ national store, its usually one i stop at so i get a new card, then once in awhile ill see a transaction thats not mine, or see a $1 transaction out of the blue. those are warnings, call the bank , stop the card, get a new one issued.
im just saying, this happens alot, every day, all over. its not a rare occurrence.
ColoradoJon
Member
I can certainly say that my CC number was not taken locally. I do not use credit at gas stations, grocery stores, etc. I only use my card for online purchasing and even that is uncommon. I've made three purchases from AHS this year: 1/8, 1/16, and 2/5. There was also a purchase from Kegconnection on 1/31, and one from Amazon on 2/5. The fraudulent charges on my card were done on 2/7.
I use a Mac as well which isn't as vulnerable to scripting attacks (but not impervious, so I won't rule that out).
I've done online shopping for the last 10 years without any incident or fraudulent charges on any of my credit cards. I knew it would happen some day. I just happened to get a brew kit for Christmas (thanks wife) and have had a 'need' to expand on the hobby
CJ
I use a Mac as well which isn't as vulnerable to scripting attacks (but not impervious, so I won't rule that out).
I've done online shopping for the last 10 years without any incident or fraudulent charges on any of my credit cards. I knew it would happen some day. I just happened to get a brew kit for Christmas (thanks wife) and have had a 'need' to expand on the hobby
CJ
riverfrontbrewer
Well-Known Member
So for you computer techies out there, could their PC have been compromised when our CC #'s were stored on it for 1-1.5 weeks?
Moby
I need more gadgets....
Simply....yes.
eriktlupus
Well-Known Member
i actually got dinged on feb 1. i wonder how far back forrest hold cc#'s? i haven't bought anything from him in like 2 yrs. my only other transactions online lately with the card went through paypal. 500$ from some clothing company in china was the trigger for stoppage......unfortunately my issuer didn't contact me had to stop in my cu to find out why i couldn't use the card to find the fraud. (it didn't show on my online account because the charges hadn't gone through but had been authorized)
I just got a call, my card was compromised, with fraudulent charges on 2/10 exceeding $1000, only 250 of which the credit card company approved... and I did order from AHS fairly recently.
The only other retailers I did business with recently on that card were amazon, the payment processor for BeerSmith, and Chipotle, and I saw the card swiped at Chipotle.
I really wasn't thrilled, no I was disappointed, with my experience with AHS, and this would really be the cherry on top....
Pablo
The only other retailers I did business with recently on that card were amazon, the payment processor for BeerSmith, and Chipotle, and I saw the card swiped at Chipotle.
I really wasn't thrilled, no I was disappointed, with my experience with AHS, and this would really be the cherry on top....
Pablo
It looks like my card has also been charged. I have two charges from OpenZone London. Seems to be a wi-fi company from England. The two charges are for less than $10 each.
I also ordered from AHS on Jan. 10. I will curtail ordering from them.
Thanks for originally posting this. I would not have thought to check.
Prost.
I also ordered from AHS on Jan. 10. I will curtail ordering from them.
Thanks for originally posting this. I would not have thought to check.
Prost.
- Status
