ecb12
join:2004-03-11
Columbia, MO | Skype Scam I just checked my bank statement online at 2am this morning to find that I got charged $34 from skype.net(the charge is from today the 14th so it is less than 2 hours old).
While i've never even been to the website i know what it is based on reading the news here. And i've never used it or kazaa so i have no idea how they charged me. I've already called my bank and they waiting for the transaction to go from processing to posted. Is there anything else i can do? Does anyone know how this could of happened? I'm running multiple virus/spyware scans now and changing virtually every password i have so hopefully it doesn't happen again.
I'm wondering if this is a Skype thing or if it's a user who somehow got my card and skype doesn't ask for a billing addy or something.
Has this happened to anyone else?
Any suggestions on how to prevent it from happing again. |
|
 atangelNow What??Premium
join:2002-02-18
Bronx, NY
1 edit | Don't know why or how, but this was a debit from your bank/checking, not a Debit or Credit Card thing, right?
Hmmm... do you have your checking routing and account number somewhere. I doubt Skype would take banking details like that as payment, but they may (or maybe a firm pretending to be Skype?????)
If a debit or credit card thing, no one needs you card, just the numbers on it. Could be some other web site was hacked, could be just old fashioned analog thievery too....
The best way to protect yourself, besides the usual make sure it is SSL, use trustworthy sites, and keep a clean machine? Hate to say it. Be vigilant. A lot of the online banking terms (for regular non-card banking accounts and transactions) say you have up to two days to notice a problem. And with Credit Cards, the sooner you notice, the sooner you can stop the damage.
Edit: A recent discussion:
»purchasing online
--
The reason you think I'm way on the left is 'cause you're so far to the right.
Sygate Personal Firewall
Why I mistrust Zone Labs |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7
3 edits | reply to ecb12
|
|
|
|
ecb12
join:2004-03-11
Columbia, MO | reply to ecb12
yeah i know i saw those reports on ripoff.com
all my machines came up clean, and i reported the money w/in 2 hours of them charging my card
And yes it a Debit Card that acts like a credit card, it pulls from my checking account.
I've heard about special cards for online shopping does anyone know anything about these?
But it still might be the guy at Wendy's or somewhere so that still doesn't help enough. |
|
| said by ecb12:yeah i know i saw those reports on ripoff.com all my machines came up clean, and i reported the money w/in 2 hours of them charging my card And yes it a Debit Card that acts like a credit card, it pulls from my checking account. I've heard about special cards for online shopping does anyone know anything about these? But it still might be the guy at Wendy's or somewhere so that still doesn't help enough. Someone got hold of your card info, and likely enough info to get the charge validated. I have multiple friends who use Skype with me, and none have had any problems with charges. Whoever got hold of it is using it to get themselves phone credits.
--
Gators don't sweat. |
|
atangelNow What??Premium
join:2002-02-18
Bronx, NY | reply to ecb12
said by ecb12:I've heard about special cards for online shopping does anyone know anything about these? Pretty sure it is something that your card either offers or doesn't, a one-shot number that can only be used once. Discover is one, »www2.discovercard.com/deskshop/w···nt.shtml and I think AT&T Universal Card is another, but I'm sure there are more. This way, Web databases have numbers that aren't any good the second time
The catch of course, is if someone uses the "real" number, it will still work, like if they got it from while you were shopping somewhere.
--
The reason you think I'm way on the left is 'cause you're so far to the right.
Sygate Personal Firewall
Why I mistrust Zone Labs |
|
| reply to ecb12
Found two charges on my MC on the same day, for the same amount ($33.30)in Nov. I only use this card for online transactions, and do not carry it in my wallet. Someone is picking up these cc#'s from web merchant sites (all SAY they are secure - I won't deal with them otherwise, BUT...). MC is working w/ me to dispute charges - had to cancel card & have a new # issued...a small inconvenience, but otherwise worth it. |
|
atangelNow What??Premium
join:2002-02-18
Bronx, NY | said by got me too:
(all SAY they are secure - I won't deal with them otherwise, BUT...) Typically that refers to the SSL session and not how the number is stored or used on their end or how infected your machine is (e.g., a key logger) on your end.
However, with SSL, you can be reasonable sure that no-one in between will get the encrypted data.
--
The reason you think I'm way on the left is 'cause you're so far to the right.
Sygate Personal Firewall
Why I mistrust Zone Labs |
|
 BegemotikPremium
join:2004-12-16
Saint Marys, OH | reply to ecb12
Like gallowsroad above, I use Skype (for international calls) and have not been overcharged . . . yet.
The only thing troublesome for me is that the USD is very weak against the Euro, but that's not a discussion for this forum.
Regards |
|
 rogPremium
join:2002-07-03
BC | reply to ecb12
Hmmmm? Can we say identity theft. If it happened to me and I had no contact with Skype I would be getting mew bank accounts, credit cards, etc. |
|
 EGeezerGo CatsPremium
join:2002-08-04
Midwest
kudos:8 | reply to ecb12
As a preventative measure, I suggest reviewing the following - »www.ftc.gov/bcp/conline/pubs/cre···heft.htm
and calling your banks, CC companies and credit reporting agencies to have your name and information put on watch.
Small charges are sometimes a "test case" to see if the card owner notices. If the owner takes no action, more aggressive use of the identity may occur.
Oh, don't forget - »Security »How to report ID theft, fraud, drive-by installs, hijacking and malware? is excellent. (See, BBR takes care of you!)
EG
--
N-X-211 ====== N-328KF |
|
ecb12
join:2004-03-11
Columbia, MO | reply to ecb12
yeah i called my bank w/in hours of the use and it disappeared from my statement w/in 24 hours, it never made it to posted. |
|
| reply to rog
Why Skype?
I have never had fraud before and I've never used Skype or affiliates.  I had 4 charges for 32-34 with change all at the beginning of Dec 04 then they stopped. So I had to cancel my card. Why just Skype though? Is this an International type scam that is harder to trace? |
|
| Also of interest is Skype's job posting for a Fraud analyst...must be having a problem they are aware of.
»www.skype.com/company/jobs/curre···ies.html |
|
| Wife just had numerous fraudulent Skype charges in December on a Cap1 Visa during december. Card was last used in early Nov. with "Dance For Less" and "Blair House" blair.com ... security hole may be there, or it's possible a program that hijacked her browser settings, redirecting Google searches to some no-name search engine during the same time period might have been responsible. |
|
 Doctor FourMy other vehicle is a TARDISPremium
join:2000-09-05
Dallas, TX | reply to ecb12
I have to wonder if Marketscore's parasite/adware could
be responsible in part for this. There was a forum thread
a while back about it intercepting encrypted information:
»Should I worry? Marketscore can view encypted info
--
"Kayura or Badamon, whichever you are, you should know that I will never give up this battle. By the will of the Ancient, I shall succeed!" - Shuten (Anubis) from the Ronin Warriors. |
|
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | reply to ecb12
As well as web sites, any place where you presented the actual card, and the card was out of your site (such as is common at restaurants), it may have been double swipped.
Or old credit card receipts improperly disposed of in the trash.
I don't know anything about Skype, but it is likely that they are just another victim:
1. The criminals are using stolen credit card info to make phone calls.
2. The credit card holder notices the charges and promptly disputes them with the credit card company, asking for the card to be cancelled and a new card number issued.
3. Because the Skype charge was one where the credit card was not present and the cardholder signature not validated (i.e. a card absent transaction), the payment to Skype is reversed by the CC company and Skype is left holding the bag, having provided the service but with no way to get paid for doing so.
It is even possible that it is a rival or disgruntled former employee doing this.
There really isn't enough info to say.
With "card not present" transactions, the merchant assumes the risk in the event of fraud (not the CC company, not the card holder if the card holder disputes the charge in time).
Therefore it is not likely that an experienced white-collar criminal would do fraudulent "card not present" transactions on their own merchant account. It would be up to the merchant to prove the charges were legitimate and authorized.
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) |
|
| reply to Doctor Four
In our case, my wife had apparently installed something called Toprebates that hijacked her browser and created some other issues. It went on 10/15/04 and by 10/25/04 apparently it had behaved badly enough that I had downloaded some anti-spyware software to fight it. I'm not sure if I got around to actually zapping it then ... sometime during that time period she might have used the Cap 1 card that wound up with all the fraudulent Skype charges. Oops ... she had an Oct 19 purchase from Snapfish ... probably while her PC was wide open to Toprebates' snooping.
I did ultimately zap Toprebates ... but I am reconstructing time frames from the folders I find on her computer, not from any kind of detailed log ... I just remember she had something that was redirecting Google and I got rid of it. |
|
| reply to Doctor Four
A further comment: it appears that the Top Rebates software was a mere component of a larger suite of spyware/malware (I remember there being a bit more to the wife's computer problems than merely a rebate site's spyware/adware, though I don't remember exactly what all the problems were or what the steps were that I took to remove them ... I should have kept better records). I do remember the rebates offered were the initial bait, because I remember my wife telling me she was accepting an offer to join the rebate site ... probably the offer linked to a malicious third party's Pandora's box of spyware/malware including a cracked version of the apparently more-or-less innocuous Top Rebates' spyware. Anyway, there's an article covering all this called "Follow the Bouncing Malware" and a key portion of it is at this link:
»isc.sans.org/diary.php?date=2004-08-23
You can see just how much software you get when you join up with the wrong people's program.
Something in there was likely harvesting credit card numbers or (perhaps inadvertently, or through the intervention of miscreants) transmitting them unencrypted and in the clear. |
|
 grcoreChallenge Accepted
join:2003-12-06
usa
 ·Comcast
| reply to ecb12
My card was hit for two charges for $16 and change. I noticed it when I got my bill.
Called the card co, had them issue a new card and to dispute the charges. I got my new card and hopefully that will be the end of it.
I did not notice this thread till today.
Anything else I should do?
g |
|
