Visa Card hacked...

paradisepaddy

I use the term hacked lightly as I have no idea how they got my details but to cut to the point I received an email from customerservice@ulsterbanksecure.com on the 15th as below

Dear ****,

This message confirms your Ulster Bank Secure password has changed on Tue, May 15, 2012 10:55:05(BST). Your old password is no longer valid.

If you did not change your password, please contact us immediately on 00448700104542.

.......... etc etc etc.

...... googling the contents of this email alot of other people convinced me to disregard it as spam so I did.

Yesterday (23rd), having looked at my statement I see a transaction for €118 that I did not make to punkyfish.com so called the bank straight away. I went through all the usual verifications and the very helpful guy on the phone asked if I was happy to escalate this to the police which I had no problem doing. Anyway long story short he refunded the amount
within an hour. After another call with them to find out more details and IP addresses I was told this scammer tried to buy something from the UK on HeadCamz.com for £249 and another transaction on that punkyfish on the 19th / 22nd. Luckily being end of month I hadn't got the money in the account to spend this amount so it declined.

At present i'm waiting on a new card but it leaves me baffled how they could have gotten my details. As per man on the phone they would have needed my Name, date of birth, sort code, card number and CVV number to change the secure code.

I have Macaffee on my home computer which I rarely use which so don't think it came from being hacked there. I've checked my email accounts to see if i've referenced the sort code and haven't. gone though a few months worth of transactions to see what retailers i've used especially online but can't seem to link anything to all these details.

Just curious to know has anybody had the same issue very recently and if they were able to figure out how it happened?

cheers.

seamus

Three possibilities:

1. Someone has gone through your rubbish and pulled out old statements.
2. Your details were stolen when you paid by card and your card was skimmed
3. A site that you have used in the past has been hacked and your details stolen.

The latter is the most likely explanation. A survey a couple of years ago by a security firm found that not only were a lot of companies ill-prepared to defend against a hacking attempt, but a worringly large figure (which I forget) had no way of even detecting if or when their systems had been hacked.

So in many cases your details can be stolen and the retailer knows nothing.

This can be mitigated by not allowing a retailer to store your CC details in your online account when paying. If possible, best to pay by paypal or otherwise do not allow them to store your card details on their system.

In the cases of skimming, usually this involves taking the card out of your sight. If you're paying by credit card, the chip and pin machine should be brought to you, your card should never leave your sight.

paradisepaddy

Hey Seamus,

Thanks for the reply. I think the 3rd sounds most likely. For some reason Playstation network keeps coming to mind. Most sites online I would buy from I use paypal but again can't be fully sure.

Because i've cancelled the card, i'm guessing this should put an end to their attempted spree but will change my passwords etc on ulsterbank just to make sure.