Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    bryanb
    Have I been hacked?
    • #1
    • 5th Oct 11, 5:00 PM
    Have I been hacked? 5th Oct 11 at 5:00 PM
    Placed an online order with a well known national company last night. All appeared OK, used a debit card and registered for verified by visa to allow the transaction to go through.
    Today I received what appeared to be a phishing email which showed the company concerned's logo. There were a few spelling mistakes and a "click here to verify your transaction with sagepay"
    I phoned the company and found that the Yahoo address that sent the email was not known to them and no order was showing on the account.
    Any guidance would be a great help, should I contact the card provider? Has my email been compromised?
    This is an open forum, anyone can post and I just did !
Page 1
  • santer
    • #2
    • 5th Oct 11, 5:04 PM
    • #2
    • 5th Oct 11, 5:04 PM
    I would contact sagepay and the card provider
  • RussJK
    • #3
    • 5th Oct 11, 5:36 PM
    • #3
    • 5th Oct 11, 5:36 PM
    So you are saying that the legitimate company has no record of the original order you made? Of course contact your card company if that's the case!

    Look at your browser history and double check the URL is correct - might be a single character out of place. Have you ordered from the company before? How did you get their number to ring them?

    Post the link, perhaps others have had the same issue.

    Most likely scenario is that the address was typed wrong and thus accessed a phishing site, but it's also possible that your computer was compromised beforehand and were redirected through DNS or HOSTs hijacking. Also possible that the website of the company itself has been hacked.

    Otherwise, usual advice of run a QUICK scan with Malwarebytes, and post a log with HijackThis (http://www.users.on.net/~russ/hjt/).
  • bryanb
    • #4
    • 5th Oct 11, 6:29 PM
    • #4
    • 5th Oct 11, 6:29 PM
    I've updated Malwarebytes and run a quick scan. No items infected. Not computer savvy enough to post a log though.
    Nothing is showing on the card account, sorry it was CC not Debit. (perhaps a bit early as yet)
    History checked and all ok there. Got the phone number from their website and paper catalogue, then used say no to 0870.
    This is an open forum, anyone can post and I just did !
  • RussJK
    • #5
    • 5th Oct 11, 6:35 PM
    • #5
    • 5th Oct 11, 6:35 PM
    Just follow the picture guide, others with less knowledge have been able to

    It'll just rule out a few things.
    http://www.users.on.net/~russ/hjt/#pictureguide

    Also do a scan with Hitmanpro, very quick:
    http://www.surfright.nl/en/hitmanpro

    The question is what site were you on when you made the order, if the real company didn't get it.
  • santer
    • #6
    • 5th Oct 11, 7:29 PM
    • #6
    • 5th Oct 11, 7:29 PM
    Nothing is showing on the card account, sorry it was CC not Debit. (perhaps a bit early as yet)
    Originally posted by bryanb
    If you check the card online, does it have pending transactions listed?

    Maybe they needed details which they intended to get if you clicked to confirm the " sagepay " transaction, though odd that they would need anything if they already knew you had used the card

    With the e-mail, you could change the password
  • bryanb
    • #7
    • 5th Oct 11, 7:37 PM
    • #7
    • 5th Oct 11, 7:37 PM
    Just follow the picture guide, others with less knowledge have been able to

    It'll just rule out a few things.
    http://www.users.on.net/~russ/hjt/#pictureguide

    Also do a scan with Hitmanpro, very quick:
    http://www.surfright.nl/en/hitmanpro

    The question is what site were you on when you made the order, if the real company didn't get it.
    Originally posted by RussJK
    Managed up to copy, but how do I paste to the forum please?
    This is an open forum, anyone can post and I just did !
  • santer
    • #8
    • 5th Oct 11, 7:39 PM
    • #8
    • 5th Oct 11, 7:39 PM
    You should just right click in the forum post and click paste
  • bryanb
    • #9
    • 5th Oct 11, 7:50 PM
    • #9
    • 5th Oct 11, 7:50 PM
    Here goes tLogfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:30:50, on 05/10/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Norton GoBack\GBPoll.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton GoBack\GBTray.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\LAPTOP\My Documents\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (file missing)
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_Pl ugin.exe -update plugin
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: McAfee Application Installer Cleanup (0072891220431347) (0072891220431347mcinstcleanup) - - (no file)
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - - (no file)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
    O23 - Service: Google Update Service (gupdate1c9c9a99bf0fc4c) (gupdate1c9c9a99bf0fc4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 11752 bytes
    hen!
    This is an open forum, anyone can post and I just did !
  • gjs6385
    If it isn't you posting on this thread then yes, you probably have been lol
  • bryanb
    If it isn't you posting on this thread then yes, you probably have been lol
    Originally posted by gazsharpe101
    You're sharp!
    This is an open forum, anyone can post and I just did !
  • RussJK
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (file missing)
    Originally posted by bryanb
    Other than the leftover traces from having Hotspot (considered adware), the log looks clean to me. Lots of bloat, but clean

    Still leaves the mystery of how your payment was redirected, if it really was. How did HitmanPro scan go btw?

    As Santer says, it seems strange that the criminals would need anything more than what was on the apparently fake transaction you made. Doesn't quite make sense really.
  • RussJK
    Could you right click on the link given in the phishy email, and select 'copy link location' or the equivalent. Then left click on my name on the side RussJK, and select 'Send a private message to RussJK'. In that private message, right click and paste the URL please.
  • gears of computers
    i have been hacked in the past and it sounds like you have been minorly hacked
  • bryanb
    Other than the leftover traces from having Hotspot (considered adware), the log looks clean to me. Lots of bloat, but clean

    Still leaves the mystery of how your payment was redirected, if it really was. How did HitmanPro scan go btw?

    As Santer says, it seems strange that the criminals would need anything more than what was on the apparently fake transaction you made. Doesn't quite make sense really.
    Originally posted by RussJK
    Thanks for your input, it really is appreciated. HitmanPro scan went ok, I think, Plenty of tracking cookies, mostly sites I recognise. A couple of pornsite ones - moi? non!
    One labelled as a Trojan (What's that?) It was a nudeman clock I had set as screensaver (Recommended by a friend)
    Not sure what you mean by bloat. I can guess, but I'd probably be wrong. How do I remove it?
    Going to monitor the card account carefully for a while though.
    This is an open forum, anyone can post and I just did !
  • RussJK
    Thanks for your input, it really is appreciated. HitmanPro scan went ok, I think, Plenty of tracking cookies, mostly sites I recognise. A couple of pornsite ones - moi? non!
    One labelled as a Trojan (What's that?) It was a nudeman clock I had set as screensaver (Recommended by a friend)
    Not sure what you mean by bloat. I can guess, but I'd probably be wrong. How do I remove it?
    Originally posted by bryanb
    It's possible to get cookies from sites you've never directly visited (including porn sites) just because of ads on pages you have

    See if you can upload the nudeman clock to www.virustotal.com. You have to click on the 'Upload' button, then navigate to the folder that contains the nudeman clock file. After you upload it, please give the link/URL to the report so we can see.

    Don't worry about the bloat so much for now - but there is a 'slow PC' thread in the stickied threads. (just unnecessary programs running, that cause slow down)
  • bryanb
    Could you right click on the link given in the phishy email, and select 'copy link location' or the equivalent. Then left click on my name on the side RussJK, and select 'Send a private message to RussJK'. In that private message, right click and paste the URL please.
    Originally posted by RussJK
    I think I've done that, not sure the PM went though.
    This is an open forum, anyone can post and I just did !
  • bryanb

    See if you can upload the nudeman clock to www.virustotal.com. You have to click on the 'Upload' button, then navigate to the folder that contains the nudeman clock file. After you upload it, please give the link/URL to the report so we can see.
    Originally posted by RussJK
    Already deleted Nudeman clock.

    Thanks for the help so far, got to go out now. BB
    This is an open forum, anyone can post and I just did !
  • bryanb
    My apologies, The card we were using was a new one in the wife's name. This morning she was checking her account when she asked - Should I have activated that card before using it?
    The Sagepay email was obviously genuine, notwithstanding poor grammmar and spelling mistake, plus a Yahoo address.
    Sorry for the waste of time, but at least I've learned a lot about security etc!
    This is an open forum, anyone can post and I just did !
  • RussJK
    Thanks for letting us know. Still, kind of strange that Sagepay would use a yahoo email to ask you to verify a transaction...
Welcome to our new Forum!

Our aim's to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

271Posts Today

848Users online

Martin's Twitter