Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 11992 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stolen credit card info

Shields60

Hi, I'm new to this forum.

I am on a MACBook PRO running Mtn Lion 10.8.5 and Sophos 8.0.20C

Yesterday I was on what is known to be a reputable website to sign up for classes at the upcoming Tucson gem & Mineral show (jewelrytools.com).  I selected classes and followed through to pay for them by entering my credit card information.  My transaction was denied at first but I noticed I had entered the wrong expiration year.  I corrected it and tried again.  Still denied.  I quick call to my credit union revealed that they red flagged it and stopped my card.  They saw no other transactions or attempts at this point.  I assured them it was me and they freed my card up for use.  A few minutes later I tried again to complete the transaction but it was denied again.  Then I noticed my computer was froze.  Beach ball spinning away.  Sophos showed it was downloading updates.  It continued for several minutes, in the mean time I couldn't open up any other page or move anywhere.  I did a hard shut down.  Went back to the site again to try and complete the transaction and was denied again.  I called my credit union to discover that in that small time frame of approximately 20-30 minutes after my card had been freed up again, there were numerous transactions attempted at numerous businesses/websites for amounts from $1.52 to thousands of dollars.  Some were approved before the card got shut down for the second time.  The interesting part of this is that many of the attempts tried to use the incorrect expiration date, the one I had entered in the first place to complete my transaction at jewelrytools.com.  

I ran a full scan on Sophos, it revealed nothing out of order.  I've been leery of updating to Mavericks.  I also learned today in this forum that Version 9 is out for Sophos so I will update today.  My question is how did this happen?  Where is the hole?  Is there some protection on my system that is lacking?  How do I protect myself from this happening again?   I appreciate any help here.

:1014977


This thread was automatically locked due to age.
  • 0

    Thing you should do/can do:

    1. Update to version 9 and force an IDE (signature file) update immediately afterwards. Make sure the product is fully up to date.
    2. Run a full scan of the computer to ensure no local malware is present.
    3. Check your browser's internet history and see if you (or your browser) went to any site that wasn't strictly jewelrytools.com - maybe something similar.
    4. Consider how you got to the site. Did you click a link from an email or enter it manually yourself. Entering manually is safer (e.g., if you get a banking email with a link, then best practice is not to use it and open a tab and type the address in yourself)

    You may have ended up at what is called a phishing site (looks and feels like the real site but it's a front for harvesting keystrokes of personal details and credit information).  In all fairness it may not have been the jewelrytools, it could have been from a previous site visited where you used your card.

    How good are you at spotting a phishing attempt? The phishing quiz below (non Sophos related) is worth running through.

    http://www.opendns.com/phishing-quiz/

    I just ran through the test and...

    Screen Shot 2013-12-11 at 21.58.53.png

    :1014995
  • 0

    Thanks for the info ruckus.  I've upgraded to version 9 and forced all updates.  Ran the scan and it found no threats.  

    I took the phishing test and got 13 out of 14.  I would say YAY! good score, but it's the one you miss that gets you, darn it!

    ruckus wrote:

     ..... In all fairness it may not have been the jewelrytools, it could have been from a previous site visited where you used your card.

    I really think it all happened while I was entering my financial information through (what I thought was) the jewelrytools.com website.  The reason I say this is because many of the attempted purchases were using the wrong expiration date, that same incorrect year that I first entered.  Also, if it was a redirect to a phishing page mock up, how is it that my bank's card log shows all of my attempts to make the purchase too?  If I were entering my information into a bogus site meant purely for collecting information how would card have been run trying to make a purchase at jewelrytools.com?  This is why I'm worried that there's something or some way that someone logged my keystrokes while I was attempting to make a legitimate purchase at a legitimate site, yet the scan shows nothing.    

    And here's another thing...

    I looked into my history yesterday and found one suspicious looking entry.  I didn't capture a screen shot then, but today when I look at that same history for the day this happened, my history is different.  Here's the shot from today:

    history.jpg

    All things I looked at on jewelry tools.com show that website in the start of the url, yet the last entry (Debora Mauser) shows something about a redirect.  The difference between today and yesterday's history is that yesterday that same url (mailjet.com/redirect) wasn't showing up under Debora Mauser.  It was further up in the Kate Richbourg line.  

    I am so bewildered.

    :smileysad:

    :1015009
  • 0

    I think it's worth contacting the jewelrytools and explaining what has happened to them.  They may be aware of a problem with their website that would help explain it.

    :1015011
  • 0

    Also, another thought.  Is there any significance to the fact that I was using a free public wifi network at this time this happened?  Just trying to think of all possible reasons why this happened so I can avoid it happening again.

    Thanks!

    :1015045
  • 0

    Did the free wifi have security enabled?  Nothing, WEP, WPA2?

    If it wasn't WPA2 then there's a hole.

    :1015065
  • 0

    No password was required to join this free pblic wifi network.  :smileyembarrassed:

    :1015067