• Have something to say? Register Now! and be posting in minutes!

OT: Target got got (de facto Bad Cyber Stuff thread)

forty_three

It’s Raining Falafel
44,901
19,374
1,033
Joined
Apr 19, 2010
Hoopla Cash
$ 1,000.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
I am figuring out that Kroger doesn't bother enforcing the Chip Readers in their stores. Therefore, cloned cards are not found out. Check your statements for ANY Kroger Fuel transactions. Scammers have figured out that they don't bother busting cloned cards.
 

Comeds

Unreliable Narrator.
22,554
11,035
1,033
Joined
Apr 21, 2010
Location
Baltimore
Hoopla Cash
$ 754.60
Fav. Team #1
Fav. Team #2
Fav. Team #3
Here is an odd one. My wife got an email from Amazon last night about a $5 watch band she ordered not being on time. She did order the band but it was delivered on time so my wife was confused. When she scrolled down she saw a polite letter "written by her" complaining the band was late. She checked her gmail and the email was sent from her account.So someone accessed her account to send an email about a $5 watch band.

Anybody know the ruse behind this? She changed her gmail password and her Amazon passwords (and let Amazon know it was not her) but we cannot figure out the endgame.
 

forty_three

It’s Raining Falafel
44,901
19,374
1,033
Joined
Apr 19, 2010
Hoopla Cash
$ 1,000.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
Here is an odd one. My wife got an email from Amazon last night about a $5 watch band she ordered not being on time. She did order the band but it was delivered on time so my wife was confused. When she scrolled down she saw a polite letter "written by her" complaining the band was late. She checked her gmail and the email was sent from her account.So someone accessed her account to send an email about a $5 watch band.

Anybody know the ruse behind this? She changed her gmail password and her Amazon passwords (and let Amazon know it was not her) but we cannot figure out the endgame.

I could see them trying to call as an angry customer, get her account reset and then use any saved payment info to buy other items.

"I ALREADY EMAILED YOU ABOUT THIS! YOU KNOW WHAT, JUST RESET MY PASSWORD SO I CAN CANCEL THE ORDER!"

Changing passwords is good. You can check gmail security to see where people logged in from, and you can also tell it to notify you if there are any failed attempts or logins from strange computers. You can tell it to text you a code to verify you.

And if she uses that same email address/password combo anywhere, change that too.
 

sabresfaninthesouth

Lifelong Cynic
8,569
2,214
173
Joined
Sep 21, 2010
Location
Charlotte, NC
Hoopla Cash
$ 800.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
I could see them trying to call as an angry customer, get her account reset and then use any saved payment info to buy other items.

"I ALREADY EMAILED YOU ABOUT THIS! YOU KNOW WHAT, JUST RESET MY PASSWORD SO I CAN CANCEL THE ORDER!"

Changing passwords is good. You can check gmail security to see where people logged in from, and you can also tell it to notify you if there are any failed attempts or logins from strange computers. You can tell it to text you a code to verify you.

And if she uses that same email address/password combo anywhere, change that too.
Google also has an app (Android for sure, not sure of iPhone) called Authenticator which you can use in place of the text message if you're in an area with no service.
 
  • Like
Reactions: gob

Comeds

Unreliable Narrator.
22,554
11,035
1,033
Joined
Apr 21, 2010
Location
Baltimore
Hoopla Cash
$ 754.60
Fav. Team #1
Fav. Team #2
Fav. Team #3
Thanks guys, I'll see if we can check where the email came from with gmail.
 

jstewismybastardson

Lord Shitlord aka El cibernauta
60,943
17,862
1,033
Joined
Apr 20, 2010
Hoopla Cash
$ 1,000.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
Here is an odd one. My wife got an email from Amazon last night about a $5 watch band she ordered not being on time. She did order the band but it was delivered on time so my wife was confused. When she scrolled down she saw a polite letter "written by her" complaining the band was late. She checked her gmail and the email was sent from her account.So someone accessed her account to send an email about a $5 watch band.

Anybody know the ruse behind this? She changed her gmail password and her Amazon passwords (and let Amazon know it was not her) but we cannot figure out the endgame.

maybe establishing a legitimate rapport/correspondence in order to exploit something bigger in the future ??? :noidea:

where my wife works they do business around the world. They had a vendor in South Korea who got in touch with them saying they had plans to change their bank account location to a bank in Hungary and offered up details to the new bank account. A month later a another email was sent saying they could now send payments to that account going forward. Both emails were sent from the South Korean contact persons legit email address. The first email kinda flew under the radar but the the circumstances drew suspicion when they went to make the changes to their ach payments upon receiving the second email. Turns out hackers were in that south korean companys email system for 6 months and on a national holiday in South Korea late last year, sent all these emails out to many of their customers
 

gob

Well-Known Member
28,849
7,597
533
Joined
Oct 6, 2016
Location
there
Hoopla Cash
$ 13,496.29
Fav. Team #1
Fav. Team #2
Fav. Team #3
I could see them trying to call as an angry customer, get her account reset and then use any saved payment info to buy other items.

"I ALREADY EMAILED YOU ABOUT THIS! YOU KNOW WHAT, JUST RESET MY PASSWORD SO I CAN CANCEL THE ORDER!"

Changing passwords is good. You can check gmail security to see where people logged in from, and you can also tell it to notify you if there are any failed attempts or logins from strange computers. You can tell it to text you a code to verify you.

And if she uses that same email address/password combo anywhere, change that too.
Tip that I do is use the same basic password backbone, and use the first letter (or two) of site to make it completely unique.
 

Comeds

Unreliable Narrator.
22,554
11,035
1,033
Joined
Apr 21, 2010
Location
Baltimore
Hoopla Cash
$ 754.60
Fav. Team #1
Fav. Team #2
Fav. Team #3
maybe establishing a legitimate rapport/correspondence in order to exploit something bigger in the future ??? :noidea:

where my wife works they do business around the world. They had a vendor in South Korea who got in touch with them saying they had plans to change their bank account location to a bank in Hungary and offered up details to the new bank account. A month later a another email was sent saying they could now send payments to that account going forward. Both emails were sent from the South Korean contact persons legit email address. The first email kinda flew under the radar but the the circumstances drew suspicion when they went to make the changes to their ach payments upon receiving the second email. Turns out hackers were in that south korean companys email system for 6 months and on a national holiday in South Korea late last year, sent all these emails out to many of their customers

That's the main part that worried me, when she her email and the fake email was in her sent folder. So somehow they got into her email.
 

forty_three

It’s Raining Falafel
44,901
19,374
1,033
Joined
Apr 19, 2010
Hoopla Cash
$ 1,000.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
That's the main part that worried me, when she her email and the fake email was in her sent folder. So somehow they got into her email.

Not widely reported, but there is a group that has obtained a massive compiled list of all the known breaches (LinkedIn, etc) and has cross-referenced all the email/password combos that are the same. Then trying those same combos everywhere else. Banks, Netflix, Gmail.

They've since moved on to blasting every email or login / password combo they have at every website with a login page. Some banks see millions of failed login attempts daily.

They are catching a lot of people by dumb luck.
 

Comeds

Unreliable Narrator.
22,554
11,035
1,033
Joined
Apr 21, 2010
Location
Baltimore
Hoopla Cash
$ 754.60
Fav. Team #1
Fav. Team #2
Fav. Team #3
Now another weird thing happened. I called my home phone to check my messages and some guy picked up. When I asked who it was he said he was me.
 

dash

Money can't buy happiness, but it can buy bacon
126,402
35,672
1,033
Joined
Apr 19, 2010
Location
City on the Edge of Forever
Hoopla Cash
$ 71.82
Fav. Team #1
Fav. Team #2
Fav. Team #3
Now another weird thing happened. I called my home phone to check my messages and some guy picked up. When I asked who it was he said he was me.

Get your ass to Mars.

tumblr_inline_nb0kf5y6tS1sy96x5.gif
 

forty_three

It’s Raining Falafel
44,901
19,374
1,033
Joined
Apr 19, 2010
Hoopla Cash
$ 1,000.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
Exclusive: FBI Seizes Control of Russian Botnet

This is a pretty big one in scale but not overall risk (yet). The owners of the botnet were building an army of compromised routers world wide and had them all sitting idle waiting to tell them to do something. The capabilities were pretty massive. And not many people would have noticed their router doing anything strange like they might on their PCs.

Controlling the head of it means the risk is essentially down to zero.

I advise everyone to reboot your home router and then change the admin password to be safe.


Now if router manufacturers would continue to provide updates to patch vulnerabilities in routers older than a year, that would be great.
 

BGDave

Grumpy Old Man
8,088
3,028
293
Joined
Jul 10, 2014
Location
The hockey wasteland
Hoopla Cash
$ 1.00
Fav. Team #1
Fav. Team #2
Fav. Team #3
Top