📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Nedd some advice with regards to IP address and credit card fraud

Options
1234689

Comments

  • did we ever find out if the IP was the OP's ip or the one from the coffee shop?

    either way this thread should be a huge lesson to people out there to be careful with there wireless networks...

    if this was me, I would scan pc with decent AV and spyware software.
    change network SSID, add WPA-PSK sercurity (with mega pass code)
    request a new card... that would be the first thing actually.
    change passwords on email accounts and such.

    and then leave the rest to the banks to sort out, if you tell them its a fraudulent transaction dont they have to look into it and get it sorted? or is there some time scale on it.
  • closed
    closed Posts: 10,886 Forumite
    edited 8 January 2010 at 7:55PM
    It's nothing to do with wireless, any transaction using https and verified by visa is encrypted end to end, even if someone was sniffing an unencrypted network, the passwords/card no, expiry date wouldn't be visible
    !!
    > . !!!! ----> .
  • joeypesci
    joeypesci Posts: 673 Forumite
    Part of the Furniture 500 Posts
    closed wrote: »
    It's nothing to do with wireless, any transaction using https and verified by visa is encrypted end to end, even if someone was sniffing an unencrypted network, the passwords/card no, expiry date wouldn't be visible

    It can be to do with the wifi. Someone may have the card details and then being using the unprotected wifi (I think we were told it was unprotected earlier). This would explain why the IP address is the same as the legit purchases.

    Also, HTTPS isn't as secure as you think. Yes, it will stop the lay person sniffing the traffic but if someone knows what they are doing, they will be able to break the HTTPS with a Man In The Middle attack. And yes, you can now do Man In The Middle attack HTTPS.

    Man In The Middle attacks are simply someone gets on to your unprotected wifi. They then make it so their laptop pretends to be your router so all traffic goes through them first. They sniff all the traffic as it goes from you, to them, to the router. They then take it away and can read it all later. With it being HTTPS they have to crack it as well though.

    http://en.wikipedia.org/wiki/Man-in-the-middle_attack

    Hak5 episode 610 shows you how it's done on HTTPS

    http://www.hak5.org/episodes/episode-610

    These are safe links. They are white hat hackers (nice hackers). If I remember correctly Darren explains how to protect yourself from this attack as well.
  • stolt
    stolt Posts: 2,865 Forumite
    unfortunatley EGG will no tell me the IP address so i cant check, i did the internet check thing and got my IP address i just need the one from EGG. They said that i had to complain and that if i do that i request the IP address in my letter.
    Listen to what people say, but watch what people what people do!!
  • stolt
    stolt Posts: 2,865 Forumite
    joeypesci wrote: »
    It can be to do with the wifi. Someone may have the card details and then being using the unprotected wifi (I think we were told it was unprotected earlier). This would explain why the IP address is the same as the legit purchases.

    Also, HTTPS isn't as secure as you think. Yes, it will stop the lay person sniffing the traffic but if someone knows what they are doing, they will be able to break the HTTPS with a Man In The Middle attack. And yes, you can now do Man In The Middle attack HTTPS.

    Man In The Middle attacks are simply someone gets on to your unprotected wifi. They then make it so their laptop pretends to be your router so all traffic goes through them first. They sniff all the traffic as it goes from you, to them, to the router. They then take it away and can read it all later. With it being HTTPS they have to crack it as well though.

    http://en.wikipedia.org/wiki/Man-in-the-middle_attack

    Hak5 episode 610 shows you how it's done on HTTPS

    http://www.hak5.org/episodes/episode-610

    These are safe links. They are white hat hackers (nice hackers). If I remember correctly Darren explains how to protect yourself from this attack as well.


    thanks for the explanation and the links, although i'm completely confused now....:T
    Listen to what people say, but watch what people what people do!!
  • stolt
    stolt Posts: 2,865 Forumite
    with regards to my security settings, i have have following,

    security type; no authentication (open)
    encryption type; wep
    then password
    Listen to what people say, but watch what people what people do!!
  • espresso
    espresso Posts: 16,448 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker
    stolt wrote: »
    thanks i remember a computer guy that i use to live next to setting up my old pc in another huse and has he browsed for my network picked up abot 5 others down the road and two of them he said had no security so i could have just used there broadband for free!! and he set my security on that one but i did myself on this house.
    stolt wrote: »
    with regards to my security settings, i have have following,

    security type; no authentication (open)
    encryption type; wep
    then password

    :doh:

    You obviously have a total disregard for security and need to address this ASAP!
    :doh: Blue text on this forum usually signifies hyperlinks, so click on them!..:wall:
  • zax47
    zax47 Posts: 1,263 Forumite
    Stolt, your wireless network is UNSECURED. You need to set "security type" to WEP for the WEP stuff after that to be enabled and active.

    I'm still convinced that the coffee-shop is where you should be looking for a crook! Having your wireless network unsecured is bad, but someone still has to go to a lot of trouble to get the info from it - why would they bother unless they were taking you for thousands. It's possible, but applying some element of probability - it is really likely when there are easier ways?

    The IP address will confirm it - if you ever manage to get EGG to tell you what it is.
  • closed
    closed Posts: 10,886 Forumite
    edited 8 January 2010 at 11:08PM
    Start from the beginning, time/date/amount/trader of the dodgy transactions, including sainsbury's?

    When were you at the cafe? Have you contacted the cafe to see if anyone else has had problems?

    Have you scanned your pc for malware yet, with malwarebytes, which virus scanner are you using?

    Are you required (forced otherwise tx is declined) to use a verified by visa password for all transactions? If so, is that password used for anything else, and are the CC company claiming that the password was used in the dodgy transactions?
    !!
    > . !!!! ----> .
  • joeypesci wrote: »
    It can be to do with the wifi. Someone may have the card details and then being using the unprotected wifi (I think we were told it was unprotected earlier). This would explain why the IP address is the same as the legit purchases.

    Also, HTTPS isn't as secure as you think. Yes, it will stop the lay person sniffing the traffic but if someone knows what they are doing, they will be able to break the HTTPS with a Man In The Middle attack. And yes, you can now do Man In The Middle attack HTTPS.

    Man In The Middle attacks are simply someone gets on to your unprotected wifi. They then make it so their laptop pretends to be your router so all traffic goes through them first. They sniff all the traffic as it goes from you, to them, to the router. They then take it away and can read it all later. With it being HTTPS they have to crack it as well though.

    http://en.wikipedia.org/wiki/Man-in-the-middle_attack

    Hak5 episode 610 shows you how it's done on HTTPS

    http://www.hak5.org/episodes/episode-610

    These are safe links. They are white hat hackers (nice hackers). If I remember correctly Darren explains how to protect yourself from this attack as well.

    man in the middle attacks is the "best" way for someone to hack you, I set one in my house and was amazed at how much info i could get.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.