Credit Card Hacked Again...

tessel on 11/01/2020 - 07:24
Last edited 11/01/2020 - 08:23

Got a new CC a few months ago. The old one was cancelled as someone got my CC details somehow. I changed all passwords and chalked it up to possibly I did something stupid and moved on. I've had new card 2 months. Made purchases at Amazon, budget car rental and AliExpress. All up about 7 transactions in total.

I get an sms today about unauthorised purchase. I'm at a loss as to how they got my card details. Card is saved in Amazon, but obviously you can only see last 4 digits and I have other cards saved there, never had a problem. I'm left with budget car and AliExpress. All purchases done on APPs, so unlikely a key logger or Trojan somewhere.

Any ideas? My gut is saying AliExpress but I store no card details there and obviously it should be secure. That leaves budget car. I've never had any problems with CCs online before and my other cards I still use are fine. I'm sure they'll send me a new card but it's getting a tad annoying.

Device is scanned and clean. I do PayPal and other netbanking on device and accounts look fine, meaning no unauthorised transactions etc. Home WiFi/network is used for other online finance stuff and all other accounts/cards never had a problem.

Financial Credit Card

Comments

  • benny082 on 11/01/2020 - 07:45
    +3

    Mobile apps just as likely if not more so to get viruses and the such. Do a thorough clean just in case.

    • tessel on 11/01/2020 - 08:12

      Sorry, yes, ran scanner today all good.

  • John Kimble on 11/01/2020 - 07:49

    Yeah, have you done all purchases on only one device? Small possibility of device compromise.

    Otherwise, only other things I can think of are WiFi compromise or the cc issuer/plastic maker are compromised somewhere…

    • SBOB on 11/01/2020 - 08:02

      Wifi compromise? Most likely https connections so that's very unlikely

      Cc issuer compromised? That would be a global wide spread issue, so that also seems very unlikely.

      • John Kimble on 11/01/2020 - 08:06

        Agree, but just brainstorming all possibilities I can think of, seeing as the OP doesn't seem to think it is from any of the 7 transactions he's done.

  • skid on 11/01/2020 - 08:14
    +3

    Are you sure the SMS is from your CC provider?

    Did you rent from Budget rent a car online or did you walk in?

    Might be just a co-incidence too.

    • tessel on 11/01/2020 - 08:16

      I texted back did not authorise and got a an SMS saying card cancelled and they'll call today. I've had similar sms from them before. Budget was a walk in, not online. Only thing online was Amazon and AliExpress.

  • John Kimble on 11/01/2020 - 08:20
    +1

    Another long shot, do you remember if the new card number substantially different to the old one? There are some card issuers that still might issue sequentially, which increases the possibility of old school card number generation…but that doesn't explain expiry date and cvv unless they are also "brute force" guessing those.

    • tessel on 11/01/2020 - 08:26
      +1

      Not sure but I was thinking the same, brute force but how are they getting ccv etc. I'll ask CC company when I speak to them but last time they just said someone tried to use the card on eBay and just said they'll send a new one. My gut says it's AliExpress but I don't know how it's possible. No card details saved in it. Device appears to be clean.

      • John Kimble on 11/01/2020 - 08:29

        When you call them, maybe double check they sent the SMS due to transactions on the new card, not on the old already compromised card again. Unless the SMS already advises the card they are talking about the new card.

  • Corrugated Ironman on 11/01/2020 - 08:29
    +8

    Aliexpress. We had an unauthorised transaction years ago. Closed credit card and moved on. But we no longer use Aliexpress and have had no further issues. The fact that Aliexpress told us they were unable to identify the $200 plus transaction was also troubling.

    • tessel on 11/01/2020 - 08:49

      I really think it is them but you know meant to be secure etc.

  • jtc13 on 11/01/2020 - 08:56
    +11

    Have you looked closer to home as well? E.g who you live with. If in a share house who else might be sneaking around or if you have teenage kids around the house. No one wants to believe it could be someone they know but you can never be sure.

  • GangGang on 11/01/2020 - 09:30
    +3

    What phone/device are you using? What brand is it?

    My wife had issues with a Chinese branded phone purchased from tiny deal. Loaded with bloatware and looked suss. We got new cards all the time. Ever since we stopped using that device we haven't had a. Issue.

    • tessel on 11/01/2020 - 10:39
      +1

      Mi max, not rooted, standard setup/install. May be the phone but if it is why are my other accounts etc all fine. I've added other CC to PayPal etc and no issue. You could he right, as I'm clueless and looking for an answer regardless of how slim.

      • GangGang on 11/01/2020 - 10:46
        +3

        You can try eliminating the possibility. It may be difficult, once you recieve a new card, don't add it to your phone or make any purchases on your phone for a while.

        If you've already made purchases through the device, wait until it happens again and start from then.

  • waitinghopefully on 11/01/2020 - 09:52
    +1

    jtc13 voiced what I was thinking.

    Also, do you use a RFID sleeve for your credit card? Otherwise anyone with a portable scanner can pay wave your card as they walk past you (yeah I'm paranoid)

    • tessel on 11/01/2020 - 10:43

      No, no RFID. Unlikely but again, thanks, not something I thought of.

    • SBOB on 11/01/2020 - 12:06
      +3

      Otherwise anyone with a portable scanner can pay wave your card as they walk past you (yeah I'm paranoid)

      Nope, not gonna happen.

  • No Username on 11/01/2020 - 10:00
    +1

    Firstly you using an iPhone or Android Device?
    Was the unauthorised amount under $100 if so your device may have been duplicated. Which is the most common method of unauthorised access. Anyone can do this as the device only cost less than $5. After your card is duped it can be used to buy more expensive stuff through services which don't require a pin to purchase items over $100. The money can then be piped back via tactics to another account.

    • tessel on 11/01/2020 - 10:15

      Android. Amounts varied but one was $189 or something. Bank just called. As expected they are just sending me a new card. They couldn't tell me much and didn't care really.

      • Oksanna on 11/01/2020 - 11:08
        +3

        Agree with above posts related: AliExpress and dodgy Android phones. Malwarebytes or Avast! will flag pre-installed spyware that is phoning home to Middle Kingdom, and from my experience with a cheap Android tablet from Target, some spyware is baked into the Chinese Android clone operating system, and cannot be removed, only neutered. It took a whole day to render tablet safe… Easier to throw away and buy new device. Use a firewall on Android to stop rogue or dodgy apps from reporting home:- NoRoot Firewall by Grey Shirts will shut AliExpress down until you need it… Available from Google Play.

  • nubzy on 11/01/2020 - 12:01
    +1

    It happened to me just last month, impossible to pin down how it happened though. I know that Chrome keeps reminding me of password breaches for numerous websites I visit. Also I had to give out the details over the phone for the Bose deal, and a few days later the unathorised charges came in. It could be anything though :\

  • Dack Smith on 11/01/2020 - 13:23
    +4

    Be wary of Aliexpress

  • Dack Smith on 11/01/2020 - 13:25
    +3

    Not sure why people implicitly trust Aliexpress,their reputation in China isn't good but funny enough the foreigners are falling head over heels for them.

    Very strange, but I suppose as long as they are cheap, people is willing to risk all I guess….

  • Yummy on 11/01/2020 - 13:40
    +1

    Did you check your account after receiving that sms? Maybe the sms is fake.

    • tessel on 11/01/2020 - 14:11
      +2

      Yeah, it's legit. Spoke to bank today.

  • jonkvh on 12/01/2020 - 09:46
    +1

    You haven't been using free wifi hotspot anywhere? Know you mentioned your home wifi.

    • tessel on 12/01/2020 - 10:13

      Nah. Home WiFi only. Purchases all made at home.

    • SBOB on 12/01/2020 - 11:51

      What sites you putting in your cc details that aren't https?

  • bbinc on 12/01/2020 - 10:30

    Beware Telstra hotspots at phone boxes - they have made them free Oz-wide during the fires. My iPhone logged itself in to one of those yesterday and it took me a while to realise.

  • OzHunterNSW on 12/01/2020 - 11:28
    +1

    They require too much information….
    RUN RUN… they are IN YOUR HOUSE

Login or Join to leave a comment
Login Join