off topic (why do people do this )

Just a post to rant realy … i have just had a nightmare week fist paypal problems and some nice person using my paypal to order goods from china totaling over 600.00 gbp then some kind person thought it would be great to access my email and change the password and well i got totaly locked out of it … then my site had 9 hits from an unknown ip address trying to access ftp (i guess their using a ghost ip ?)Why do people think its fun to do this i mean what do people get out of this kind of thing how is it fun ??? well i have today finaly got things sorted but sadley i have lost some good contacts as my gmail is now totaly wiped …my card had fraud protection on it so i thank god i did that … i think it was the same person doing it all so now im paranoid lol i may do a fresh clean wipe of everything on my laptop incase some key program is on it !!! why why why , im a normal guy witrh 4 kids i work hard well not this week due to all this but so the question is why do they do it ???

I couldnt tell you… Sounds as if you have had it worse then I, however I am not opposed to drawing and quartering the bastards…

not a bad idea but only 1main problem lol finding them !

About a year ago someone hacked into my Amazon.com account and ordered themselves a $1200 laptop using the credit card information that Amazon automatically saves for you. Fortunately, they were unable to change the shipping address to something different than the billing address and it was sent to my office. Amazon would not work with me and refused to cancel the delivery. They said that I had to wait for the laptop to be delivered and then “refuse delivery” and once they saw the UPS tracking saying it was headed back, then they would remove the charge from my credit card. The scary thing was that about an hour after the laptop was delivered to my office, the UPS guy came back and said that he needed to pick up the laptop and bring it to their distribution center for a will-call pickup. The crooks had called UPS impersonating me to request this service. I would have never even found out about this for a month or so (when my credit card bill showed up) if I had not randomly checked a junk hotmail account that I use for online orders, etc. and found a “Thank you for your order” email from Amazon. Lesson learned: never allow a website to save your credit card info for future orders.

oh my god thats scary they even phoned ups to change the delivery address after you had the laptop ! Thats bad so bad

I would have bought me a brown and shirt and delivered it,

I am sorry to hear about this. You should stop using that Amazon account from now on, just to make sure. Don’t save any credit card information on any website, always remove it after use; and always check your accounts (bank, paypal, etc) so if there’s anything wrong you will know it before it’s too late.

@ LincolnSnuff, You should have had it returned to the UPS distribution center and then waited for the bastard to pick it up and shot him! One less scumbag on the Earth… I hate these people who try to gain from other peoples hard work and sweat.

Some piece of garbage has been using my account. Discovered when my wife tried to pay a veterinary by card. We got a statement printed out and the SOB had been using to pay for gym membnershiop in the US amongst many other things. Just pure hassle

Another point to remember is to make sure you have a complex password - I think that was part of the problem. Now all of my passwords have letters, numbers, capitals, lowercase, and special characters - $%^&.

Why do they do it ? For the money and the kicks. Most scammers are really young On passwords: Use complex passwords. Easiest way is to use derived acronym. Think of a phrase, take each letter , then mangle it up. Example: I am never going to get robbed again , ever. -> Iangtgrae. Next, capitalize: IaNgTgraE. then mangle %IaNgTgraE*03 Never use the same password in two places. Also change your backup/security questions to something non-obvious (don’t use your birth date , ssn , relative’s names etc.) On browsing: Do not use Internet Explorer , it’s full of security holes. Personally i recommend using Firefox with NoScript and AdBlock addons installed. Why AdBlock ? Flash content especially , but not only , is risky. Adobe’s flash player has had a series of security issues and criminals have been known to insert malicious content into ad campaigns. Websites rent space for banners to companies that rent it further on. Criminal buys space , places malicious content into banner … done. Also webpages look better without ads :). Edit: Noscript prevents javascript/flash content from running on non-trusted pages. Helps prevent XSS exploits (more on this in one of my next posts). Software: Keep your software up to date. This includes your browser , your operating system and various components such as Adobe’s flash player , check for updates from time to time. Also keep your antivirus up to date. Emails and attachments: Attachments are dangerous regardless if they are or seem to be something else than executables. There have been exploits for word documents, pdf’s , jpeg 2000 images , .ani (icons) , anything you can think of. If you don’t trust the source , don’t save it/open it. Try to keep work , shopping and personal email addresses separate. Also take extra care to secure your email addresses as most websites offer password reset services that rely on your email address. Physical security: You can keep everything up to date , check for malware and whatnot but keep in mind , anything that isn’t physically secured is not secure at all. Leaving your laptop on the desk at work for example is a no-no. Before throwing out old hardware , wipe media such as hard drives , cds , floppies (if they still exist) and flash drives. If not needed just destroy them with a sledgehammer.For hard drive/flash drives: deleting files is not enough , fill it up with garbage at the end to make sure the data is gone. Banks , online payments: Basically watch this: Video on Secure sites. Please be patient and watch it fully , understanding how HTTPS (secure web pages) work will help you a great deal. It’s only 11 minutes long. If possible ask your bank for a secure/rsa token for your online account. A token is a little device you input your pin into and it gives you a temporary password you can use only _then_. The principle is that you have two factors in authenticating. Something you know(pin) and something you have (token). Using your credit card/debit card in real life: Never let the waiter at the restaurant leave your sight with your card. It takes all of 2 seconds to completely copy the data off the magnetic stripe and clone your card. Be careful so that nobody sees you inputting your pin, watch out for surveillance cameras as well , crooks work in teams you know. If possible , place a little piece of black tape over the security code on the back of your card. That code (CVV) is used to verify online transactions. A teller might with good memory or a camera somewhere nearby not need to clone your card if he can read the Name , expiry date , card number and cvv off of your card. You can’t mask first few all the time , but at least keep your cvv safe. Atms: Check for small cameras and skimmers attached to the atm. There are numerous cases of cameras hidden as flyer holders on atm’s used to record your pin. Skimmers are devices that are attached in front of the atm’s card receptacle used to copy data off your card. Don’t stick your card in if something looks suspicious. Crooks have been known to work hand in hand with ATM factories to produce fake plastic masks that fit in perfectly with the atm and hold skimmers. Crooks have also been known to install entire fake ATM’s in public places , so don’t use one you’re not familiar with if you are not forced to do otherwise. Also i repeat , hide your pin , place your other hand over your typing hand or something. Another type of ATM scam is when they insert a small piece of metal into the slot , blocking your card in there. By the time you go in the bank to ask for your card back someone has retrieved it. Your atm should print out “Card withheld” when it does that , so be careful. Remember , the working principle behind credit cards is: “Here , take my wallet , keep as much as you want then give it back”. Not only that , but they can keep taking money after they’ve given your “wallet” back. Identity theft: Try to keep information about you from leaking out. Don’t post financial or any sort of personally identifiable information online. Shred bills and papers with your data on them before throwing them out , or burn them. Identity thieves do dumpster dive. Wirless cards and ID’s / Passports: If you have a contactless credit card , bus card , passport , etc. Try to keep them in a shielded wallet (just line it with tin foil :)) . Yes they can be read , and no it’s not all that hard.Security on mifare cards is broken. (Passports are mifare , bus cards in most places are mifare ) HID or standard 125 khz RFID cards , like the ones used for door access have no encryption , they can be cloned quickly with a device , or by reading the 10/13 char number printed on them. While this isn’t relevant to this discussion , it’s useful to know if you work in a place that uses them and have a habit of wearing it like a badge around your neck. Your phone: Keep bluetooth off if you don’t absolutely need it. Under some circumstances (some phones , etc) it is possible that someone might copy all your contacts , appointments , notes , etc. They might even call an overtaxed phone line and bill you in the process. Wireless networks: If you have a wirless netowork at home/work/school: Please use encryption. WPA2-PSK is the safest at the moment , change you’re wirless network’s name (the SSID) to something unique (not “Default” or “RouterName”) and use network keys longer than 23 characters. Use AES encryption standard. TKIP isn’t so bright. Next best options are WPA-psk with aes and tkip. WEP is pointless, so are mac filters. Hope i haven’t missed anything major but these basic rules should keep you safe in most cases. (not all though).

wow thats fantastic reading and info thanks very much for taking the time to post that for all to use ! Great stuff i learned a lot from that

Also about your gmail account , write to google for a bit of support , in most cases they can help you out, they keep backups and logs to confirm you are the rightful owner. (logging in daily from florida for a year and once from leaves no doubt about who the owner is. Even if there’s no such big difference , they can tell ISP’s apart and such.
If you think it’s someone close and feel like money’s burning in your pocket , subpoena google for data , then the guy’s isp , then drag him off to civil and penal court.

thanks buddy , i have no idea who it could be thats the problem its not my password now and i wont use it again but it was not an easy one it was Ftsareginal how the hell did they get that lol ?

No problem man , i like helping out. Well these days it’s rare to see a brute-force attack , or even a dictionary based attack against your account because there are countermeasures to that , so there’s only two or three likely options: 1) Someone installed a key logger on your machine. Could’ve been someone you know or not. Viruses these days are meant to steal data and money. 2) XSS attacks. Visiting a specially crafted website while you have your mail account open can lead to an attacker taking over your “session”. That’s why it’s not advisable to click random links you don’t know are safe. (Firefox + noscript and adblck help here , Flash content is a major risk factor for XSS exploits). If you want to be safe for this kind of thing , install a separate browser just for email. Say use google’s chrome for your gmail account , and firefox for everything else. Should keep everything nice and separated :). 3) Shoulder surfing ! Servers are more secure than end users , so they’ll always aim there. Breaking a server while not impossible , is difficult. Especially with guys like the ones working at google. On subject two: Always “sign out” of your account when you’re done reading/sending mail. It clears permissions on the server side such that if the attacker hasn’t done anything to change your password yet , he won’t be able as the session he stole won’t be valid anymore. Needless to say don’t login on computers you don’t trust. I check my e-mail from my mobile phone when I’m out and about as i can’t afford a laptop. (Please excuse typos , syntax errors and such , been awake for more than 35 hours :slight_smile: )

interesting i always have my gmail logged in all day ! I login as soon as im up and its active for about 14 hours a day ! Time to change the way i use the net thanks again buddy

No worries :). At the very bottom of the gmail page there’s something along the lines of: Last account activity: hour , ip , Details. Click details It will show you what ip’s your account has been accesed from. There’s also a button “sign out all other sessions”. Click that to make sure you haven’t left your account logged in anywhere else. Note the ip’s down before you click it. Then go to http://www.ripe.net On the right side there’s a search box. Ripe database search. Copy paste the ip’s into there and see if the company they belong to are your ISP, if not you know who to contact to start legal action :). Also i recommend watching “The Real Hustle” A british show about scams and such , real knowledge treasure: http://www.youtube.com/user/tvrealhustle?blend=1&ob=4

wow jack you know a hell of a lot whats your job ? Pc programer ? Internet design ? I-t ? Interplol ? Lol im of to my bed but thanks very much im sure all will agree priceless info posted by jack

Just about right :). I’m a programmer/server&network administrator so yah … I’m planning on getting into the security consulting business. Feel free to ask for advice , i like sharing.

Jack’s review is excellent. The only thing I want to reinforce is that these theft rings, no longer teenie-weenies, are big business now. They have large financial resources and almost any ad, seemingly from a legitimate source, is suspect. An example: ‘Google sponsored link’ only means they have money to pay. Their operations are very sophisticated, programming to highly sophisticated pseudo legitimate programs overlying ip redirection and key-logging. Most registry cleaners, and online security offers are sources. Most of the time, you’ve given the program permission just by clicking on it. If you get a pop-up, _ don’t click on it at all _. That second click, even on a ‘no, thanks’ or ‘close,’ really, anywhere on the frame, allows it to send a security acceptance to your security system. Rather, end it at the system level, for Windows XP/Vista, with a cntrl-shift-esc to taskmgr. For Windows 7, just type taskmgr into the system search for it, highlight the pop-up and End Task. Consider blocking the url. Malwarebytes is good, ZoneAlarm from Checkpoint in Israel, and Agnitum in Britain, are the two I trust, but no matter what security program you have, if you want to know the ‘Acai Berry study results,’ you are asking for trouble.