Just discovered that paying goods online is dangerous!

[Dario]

I have used my credit cards issued in Thailand for many, many years. And mostly I use them to pay for online purchases. Sooo convenient. But yesterday, on Christmas Day had to find out that I got scammed.

At 14:22 yesterday I received an SMS saying: Online Transaction amount THB30000 on your Citi Credit Card no. 0XXX was approved.

???  I thought and I felt that adrenaline was building up in my body. I did not spend 30'000 Baht yesterday with my Citi card. I called them up and I must say the officer I was talking to was very helpful. After going over the last transactions recorded with my cc I had to find out that TWO unauthorized transactions had taken place. The first one was a charge of 23'149 Baht from a hotel booking platform. I had never made a booking where I incurred this kind of amount. Our hotel bills usually amount tom about 2-3'000 Baht at any one time. I was told I don't have to pay this amount, as Citibank has several fraud cases from that company I don't want to mention, although I should, because it is one of, if not the largest on the globe. The amount of the 30'000 I also don't have to pay as CB knows already that that was fraud.

So beware, some people can take advantage of your credit card without you knowing! Luckily, I was just there when the message about the latter charge arrived and I was alerted. Often messages arrive which I never see, or only later.

The only one time I was wrongly charged was at a restaurant in St. Augustine, FL where I was charged twice, back in 1975, an eternity ago. 

 

[Peter Denis]

Occured to me only once long ago.

Saw on my monthly paper (it was long ago) overview 2 purchases made in San Diego, where I have never been (I am a Belgian citizen). 

A call to the credit-card company had it corrected very soon.  No questions asked (not even if I had shared my credit-card details with anyone - which I hadn't of course).

[MJKT2014]

20 minutes ago, Dario said:

So beware, some people can take advantage of your credit card without you knowing!

So are you able to know who took your details to enable the fraudulent purchases? No names, but how do you think you compromised your information by online shopping?

 

I my case I have only ever experienced card fraud now some 15 years ago using my card in a computer mall in Kuala Lumphur when the shop took my card away to a card reader I couldn't see. Never had on issue by online methods so far touch wood.

[OneMoreFarang]

By now it should be obvious to everybody that information like credit card numbers are not secure.

 

And the good news is that banks and credit card companies send us messages whenever our cards are used. We just have to look at our messages and not much can go wrong.

[Dario]

7 minutes ago, OneMoreFarang said:

By now it should be obvious to everybody that information like credit card numbers are not secure.

 

And the good news is that banks and credit card companies send us messages whenever our cards are used. We just have to look at our messages and not much can go wrong.

Yes, I forgot to mention this. The messages the banks send was a good and simple invention that definitely is a great help for the card users.

[jacko45k]

9 minutes ago, Dario said:

Yes, I forgot to mention this. The messages the banks send was a good and simple invention that definitely is a great help for the card users.

It is great, although I have had instances where the SMS came through a bit late (next day) and sent me into a panic

[david555]

That's why PayPal and others exist s, and why Example Kasikorn has virtual web cards connected to your account(s) which you can limit the credit line , or even cancel them and make a new one .

All those who use for TF ,Tinder and others their real credit cards must be careless crazy...

[OneMoreFarang]

1 hour ago, jacko45k said:

It is great, although I have had instances where the SMS came through a bit late (next day) and sent me into a panic

SMS is good, bank apps are better. I use i.e. K-Plus from Kasikorn

[BritManToo]

Online purchases with BKB cards are fairly secure as I get an OTP authorisation number to enter before it gets paid. (my last one was for a purchase of 362bht)

[Bruce Aussie Chiang Mai]

11 hours ago, OneMoreFarang said:

SMS is good, bank apps are better. I use i.e. K-Plus from Kasikorn

K plus great get advised immediately. 

????❤????????

[Isaanbiker]

I buy stuff pretty often, but I'm using kaspersky when i do anything online. Then Kaspersky leads me on a safe side where spies do not have access.

 

   i never got scammed and hope it stays like that. You must be careful when checking in a hotel and the clerk is using your credit card with a scanner.

 

    That's how some people get your details and then order what they want. Use a secure browser, there must be a lot others around.

 

   I personally love kaspersky. 

 

Please have a look here: https://www.scotsman.com/read-this/new-virus-can-steal-credit-card-info-saved-in-your-browser-heres-how-to-spot-it/

 

   

[ThomasThBKK]

Not a shop that stole your Cc data, you have most likely banking malware on your computer.

 

https://www.cisomag.com/researchers-found-new-banking-malware-ginp/

 

There's tons of these out in the wild, millions are infected.

 

Basically every keylogger can steal all data  you type in, more advanced stuff can make banking transactions in the background etc - format your computer or whatever you used.

[digibum]

This happens all the time.  I’ve probably had fraudulent charges about half a dozen times in the US.  Always near where I live so it was obviously the staff where I bought something.   
 

In every single case, the credit card co reversed the charge immediately and never had a problem.   

[Dario]

20 hours ago, ThomasThBKK said:

Not a shop that stole your Cc data, you have most likely banking malware on your computer.

 

https://www.cisomag.com/researchers-found-new-banking-malware-ginp/

 

There's tons of these out in the wild, millions are infected.

 

Basically every keylogger can steal all data  you type in, more advanced stuff can make banking transactions in the background etc - format your computer or whatever you used.

 

Today again, another one of my credit cards has been compromised. I got a fraud alert for someone who wanted to do an online purchase in US$ (small amount). The card issuer sent me a fraud alert message and blocked my card. This is just unbelievable!!

Maybe I should format my computer, but I will have to save some files, maybe those files might be infected as well? Please be so kind and let me know. Thank you.

 

For about 15 years never a problem with these two cards, but then within 2 days multiple fraud attempts happened.

 

Anyway, now that both of my cards are blocked there is no way that someone could harm me, unless I have activated the new cards which I will receive to replace the ones which have been blocked by the cc issuers. How can I protect myself in the future?

 

[treetops]

Run something like Malwarebytes on your computer.

[digibum]

On 12/27/2019 at 8:30 PM, Dario said:

 

Today again, another one of my credit cards has been compromised. I got a fraud alert for someone who wanted to do an online purchase in US$ (small amount). The card issuer sent me a fraud alert message and blocked my card. This is just unbelievable!!

Maybe I should format my computer, but I will have to save some files, maybe those files might be infected as well? Please be so kind and let me know. Thank you.

 

For about 15 years never a problem with these two cards, but then within 2 days multiple fraud attempts happened.

 

Anyway, now that both of my cards are blocked there is no way that someone could harm me, unless I have activated the new cards which I will receive to replace the ones which have been blocked by the cc issuers. How can I protect myself in the future?

 

 

The problem is that, based on your posts, you don't know that much about cybersecurity so it's hard to tell you what you should do differently. 

 

For instance, are there any sort of commonalities between the two incidents?  Same site?  Do you store any of that info on your computer?  When did you last use each card? 

 

My first reaction would be:

 

Secure your new card data.  Do your credit card companies offer virtual credit card numbers (a card number to use online that is different from the physical card number)?  Can you use third party wallets (i.e. PayPal) for online transactions instead of giving your actual card info? 

 

Secure your computing platform.  Run something like Malware bytes.  Any suspicious apps/files?  Personally, I would reformat my drive, do a clean install, and run Malwarebytes on the files/data that you intend to keep.  

 

Secure your connection.  I would reset my wireless modem, change the password, change my wifi password, and look at all of my modem settings.  Turn off everything you don't absolutely need (i.e. port forwarding, UPnP, etc).  NEVER, EVER, EVER use your credit card details over public wifi.  Always use a paid VPN (don't use the free stuff) service if you absolutely need to do online banking or ecommerce when you aren't on your own or another highly trusted wifi network. 

 

Secure your passwords.  Get a password manager, LastPass, Password1, Bitwarden, etc, and NEVER, EVER, EVER, EVER use the same password twice.  Set a minimum password length of at least 20 characters on every account.  Use 25 or 30 for sensitive accounts like email (all of your notices come to your email, treat it like it was top secret), credit card websites, etc.

 

Use two-factor authentication (2FA) wherever you can.  That's the SMS password kind of stuff.  Except, SMS is a horrible 2FA platform (email, authentication app, push messages, etc), but if that's all that's offered, it's better than not having it.  Every bank account should have 2FA.  Your email should have 2FA.     

 

Last point . . . if you don't know how to do any of the above, google it.  It's way beyond the scope of a forum to fully educate you on all of the above issues.  I'm just trying to give you someplace to start. 

 

Secure your card, secure your computer, secure your internet connection, and secure your passwords/authentication.   

[Dario]

Hi everyone,

there is a sequel to this happening. My cc online account was closed during the days Citibank issued and sent me a new card. That latter has happened and the card was activated about 45 minutes ago. So, i was able to look again at my cc account online. I nearly got a heart attack. The same fraudster made another 20 (twenty) more charges, totaling around 250,000 Baht!  The fraudster is identified on my account as "FACEBK ADS fb.me/ads IE". I contacted CB and was told that they will reverse all charges and hunt for the perpetrator(s).

So beware! Yes, I will subscribe to malwarebytes, like someone suggested me.

[steven100]

4 minutes ago, Dario said:

Hi everyone,

there is a sequel to this happening. My cc online account was closed during the days Citibank issued and sent me a new card. That latter has happened and the card was activated about 45 minutes ago. So, i was able to look again at my cc account online. I nearly got a heart attack. The same fraudster made another 20 (twenty) more charges, totaling around 250,000 Baht!  The fraudster is identified on my account as "FACEBK ADS fb.me/ads IE". I contacted CB and was told that they will reverse all charges and hunt for the perpetrator(s).

So beware! Yes, I will subscribe to malwarebytes, like someone suggested me.

I'm curious as to how exactly they ' the fraudster '  hacked or stole from your account ...

don't they need to know your online username and password .... 

it wasn't cash tranfers I assume  ?  did they buy stuff using your card  ??

was it while you were online  ?

at your home computer or in a internet cafe ?

was it from keylogging ?  no keylogging security on the PC  ?

Thanks ..

[from the home of CC]

On 12/27/2019 at 8:30 PM, Dario said:

 

Today again, another one of my credit cards has been compromised. I got a fraud alert for someone who wanted to do an online purchase in US$ (small amount). The card issuer sent me a fraud alert message and blocked my card. This is just unbelievable!!

Maybe I should format my computer, but I will have to save some files, maybe those files might be infected as well? Please be so kind and let me know. Thank you.

 

For about 15 years never a problem with these two cards, but then within 2 days multiple fraud attempts happened.

 

Anyway, now that both of my cards are blocked there is no way that someone could harm me, unless I have activated the new cards which I will receive to replace the ones which have been blocked by the cc issuers. How can I protect myself in the future?

 

I think the mods should put you into quarantine, you obviously have a rampant infection ☣️ 

[Dario]

8 minutes ago, steven100 said:

I'm curious as to how exactly they ' the fraudster '  hacked or stole from your account ...

don't they need to know your online username and password .... 

it wasn't cash tranfers I assume  ?  did they buy stuff using your card  ??

was it while you were online  ?

at your home computer or in a internet cafe ?

was it from keylogging ?  no keylogging security on the PC  ?

Thanks ..

Sorry, what is keylogging? No, the fraudsters bought online, apparently got all my cc details from my own computers/external hard disk/notebook, As simple as that, apparently also got my CCV number on the backside of my card. 

[Dario]

3 minutes ago, from the home of CC said:

I think the mods should put you into quarantine, you obviously have a rampant infection ☣️ 

I just ran malwarebytes. so if I was, I should be no longer infected.

[from the home of CC]

47 minutes ago, Dario said:

I just ran malwarebytes. so if I was, I should be no longer infected.

lol just joking with ya. The only time it ever happened to me is when I made a credit card donation to a large charitable organization back home and they were hacked, two weeks later the bills started to roll in from across the country. Looked like they enjoyed themselves lol.. 

[Thomas J]

There are hundreds of ways for credit card numbers to be stolen and not just online.  If you use public wi-fi your phone is vulnerable. If you use your credit card at a restaurant, bar, or hotel. you have no way of knowing if the person you handed the card to swiped it in a reader to capture the card information.  There was one instance where a group of thieves installed a fake ATM in a convenience store.  The people would insert their card and enter their pin.  The reader captured all of it. 

[baansgr]

I joined Netflix, as soon as agreed to pay through my AIS phone bill....low and behold, someone trys to hack the account and change the password...had to be someone from AIS using my phone number as login.

[MJKT2014]

1 hour ago, Dario said:

I just ran malwarebytes. so if I was, I should be no longer infected.

Well did you read the output from Malwarebytes, it should tell you what is wrong or if all is clear, no "if I was" about it.

[steven100]

1 hour ago, Dario said:

Sorry, what is keylogging? No, the fraudsters bought online, apparently got all my cc details from my own computers/external hard disk/notebook, As simple as that, apparently also got my CCV number on the backside of my card. 

hmmm ....  sounds like they got all your details from a particular site that you entered and paid for goods by your card.  The fact that they got your cvv is very concerning, as it is suppose to be automatically encrypted on every website ... or so I thought ....  sorry to hear what happened ...  do you have virus and protection on your PC ... i use 360 Total security along with Win10 and i presume that is enough.

The IT and computer group would like to know on this topic so maybe the mods can move it over to computer IT forum also.

[Dario]

41 minutes ago, steven100 said:

hmmm ....  sounds like they got all your details from a particular site that you entered and paid for goods by your card.  The fact that they got your cvv is very concerning, as it is suppose to be automatically encrypted on every website ... or so I thought ....  sorry to hear what happened ...  do you have virus and protection on your PC ... i use 360 Total security along with Win10 and i presume that is enough.

The IT and computer group would like to know on this topic so maybe the mods can move it over to computer IT forum also.

I only assume that they got my ccv, because that one is always required to make a purchase. I only use the W10 virus protection, I thought that this is enough, apparently not. I will look at 360 Total, is it payware? What bothers me is when I run malwarebytes, it might find 8-10 threats  and I run it again 30 minutes later it finds again threats. Strange.

[steven100]

6 minutes ago, Dario said:

I only assume that they got my ccv, because that one is always required to make a purchase. I only use the W10 virus protection, I thought that this is enough, apparently not. I will look at 360 Total, is it payware? What bothers me is when I run malwarebytes, it might find 8-10 threats  and I run it again 30 minutes later it finds again threats. Strange.

360 total security is free, just google and download it.  Keyloggers is when someone outside your wifi or network can access what keys are being pressed or used as passwords etc ...

Again, i'm really surprised they got your cvv number and details. I am glad you won't loose any money over it. Just goes to show one has to be extremely careful. 

[steven100]

mods .... can we move this to IT also  ....  might be useful in explaining how it was done.

[KhaoYai]

Does anyone know the actual stance regarding Thai banks and fraud?  In the UK, as long as you have not disclosed your PIN, in the majority of cases the bank will refund any losses incurred through fraudulent transactions. Even then, I believe that if a PIN is obtained through the use of hidden cameras on ATM's or trick card machines, the bank will still refund.

 

I recently had my UK account cleaned out by fraudsters who had got hold of all my card details - apart from my PIN. The bank notified me that they were suspicious of some account activity by SMS and I contacted them to find that quite a number of fraudulent transactions had taken place prior to the SMS alert. Nevertheless, the bank refunded all my cash within 30 minutes. As an aside, the fraudster wasn't all that bright - he/she used my card to pay for their car insurance ????.

 

I've heard that Thai banks don't refund in the same way but I'm unsure whether that's just negativity or what actually happens.

 

For now I protect myself by having 2 Kasikorn accounts - I use one to top up the other through online banking and limit the amount available in the account that I use for card purchases. That way, I can only lose what's in the 'card' account.  I have to do this because although Kasikorn notify me of all transactions by SMS, I can't receive these most of the time when I'm in the UK as I have no mobile signal at my UK home.