We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Nedd some advice with regards to IP address and credit card fraud
Comments
-
did we ever find out if the IP was the OP's ip or the one from the coffee shop?
either way this thread should be a huge lesson to people out there to be careful with there wireless networks...
if this was me, I would scan pc with decent AV and spyware software.
change network SSID, add WPA-PSK sercurity (with mega pass code)
request a new card... that would be the first thing actually.
change passwords on email accounts and such.
and then leave the rest to the banks to sort out, if you tell them its a fraudulent transaction dont they have to look into it and get it sorted? or is there some time scale on it.0 -
It's nothing to do with wireless, any transaction using https and verified by visa is encrypted end to end, even if someone was sniffing an unencrypted network, the passwords/card no, expiry date wouldn't be visible!!
> . !!!! ----> .0 -
It's nothing to do with wireless, any transaction using https and verified by visa is encrypted end to end, even if someone was sniffing an unencrypted network, the passwords/card no, expiry date wouldn't be visible
It can be to do with the wifi. Someone may have the card details and then being using the unprotected wifi (I think we were told it was unprotected earlier). This would explain why the IP address is the same as the legit purchases.
Also, HTTPS isn't as secure as you think. Yes, it will stop the lay person sniffing the traffic but if someone knows what they are doing, they will be able to break the HTTPS with a Man In The Middle attack. And yes, you can now do Man In The Middle attack HTTPS.
Man In The Middle attacks are simply someone gets on to your unprotected wifi. They then make it so their laptop pretends to be your router so all traffic goes through them first. They sniff all the traffic as it goes from you, to them, to the router. They then take it away and can read it all later. With it being HTTPS they have to crack it as well though.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
Hak5 episode 610 shows you how it's done on HTTPS
http://www.hak5.org/episodes/episode-610
These are safe links. They are white hat hackers (nice hackers). If I remember correctly Darren explains how to protect yourself from this attack as well.0 -
unfortunatley EGG will no tell me the IP address so i cant check, i did the internet check thing and got my IP address i just need the one from EGG. They said that i had to complain and that if i do that i request the IP address in my letter.Listen to what people say, but watch what people what people do!!0
-
It can be to do with the wifi. Someone may have the card details and then being using the unprotected wifi (I think we were told it was unprotected earlier). This would explain why the IP address is the same as the legit purchases.
Also, HTTPS isn't as secure as you think. Yes, it will stop the lay person sniffing the traffic but if someone knows what they are doing, they will be able to break the HTTPS with a Man In The Middle attack. And yes, you can now do Man In The Middle attack HTTPS.
Man In The Middle attacks are simply someone gets on to your unprotected wifi. They then make it so their laptop pretends to be your router so all traffic goes through them first. They sniff all the traffic as it goes from you, to them, to the router. They then take it away and can read it all later. With it being HTTPS they have to crack it as well though.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
Hak5 episode 610 shows you how it's done on HTTPS
http://www.hak5.org/episodes/episode-610
These are safe links. They are white hat hackers (nice hackers). If I remember correctly Darren explains how to protect yourself from this attack as well.
thanks for the explanation and the links, although i'm completely confused now....:TListen to what people say, but watch what people what people do!!0 -
with regards to my security settings, i have have following,
security type; no authentication (open)
encryption type; wep
then passwordListen to what people say, but watch what people what people do!!0 -
thanks i remember a computer guy that i use to live next to setting up my old pc in another huse and has he browsed for my network picked up abot 5 others down the road and two of them he said had no security so i could have just used there broadband for free!! and he set my security on that one but i did myself on this house.with regards to my security settings, i have have following,
security type; no authentication (open)
encryption type; wep
then password
:doh:
You obviously have a total disregard for security and need to address this ASAP!:doh: Blue text on this forum usually signifies hyperlinks, so click on them!..:wall:0 -
Stolt, your wireless network is UNSECURED. You need to set "security type" to WEP for the WEP stuff after that to be enabled and active.
I'm still convinced that the coffee-shop is where you should be looking for a crook! Having your wireless network unsecured is bad, but someone still has to go to a lot of trouble to get the info from it - why would they bother unless they were taking you for thousands. It's possible, but applying some element of probability - it is really likely when there are easier ways?
The IP address will confirm it - if you ever manage to get EGG to tell you what it is.0 -
Start from the beginning, time/date/amount/trader of the dodgy transactions, including sainsbury's?
When were you at the cafe? Have you contacted the cafe to see if anyone else has had problems?
Have you scanned your pc for malware yet, with malwarebytes, which virus scanner are you using?
Are you required (forced otherwise tx is declined) to use a verified by visa password for all transactions? If so, is that password used for anything else, and are the CC company claiming that the password was used in the dodgy transactions?!!
> . !!!! ----> .0 -
It can be to do with the wifi. Someone may have the card details and then being using the unprotected wifi (I think we were told it was unprotected earlier). This would explain why the IP address is the same as the legit purchases.
Also, HTTPS isn't as secure as you think. Yes, it will stop the lay person sniffing the traffic but if someone knows what they are doing, they will be able to break the HTTPS with a Man In The Middle attack. And yes, you can now do Man In The Middle attack HTTPS.
Man In The Middle attacks are simply someone gets on to your unprotected wifi. They then make it so their laptop pretends to be your router so all traffic goes through them first. They sniff all the traffic as it goes from you, to them, to the router. They then take it away and can read it all later. With it being HTTPS they have to crack it as well though.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
Hak5 episode 610 shows you how it's done on HTTPS
http://www.hak5.org/episodes/episode-610
These are safe links. They are white hat hackers (nice hackers). If I remember correctly Darren explains how to protect yourself from this attack as well.
man in the middle attacks is the "best" way for someone to hack you, I set one in my house and was amazed at how much info i could get.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.4K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.8K Spending & Discounts
- 244.4K Work, Benefits & Business
- 599.6K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards