We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Both my Barclays debit card details stolen in a week after online transactions
chris105
Posts: 34 Forumite
Here is what happened:
I paid for a product using my Barclays debit card "1111" on desktop "A" using 2 stage verification with my Barclays app, less that 48 later I received notifications from Barclays about possible fraud. I give them a call only to find out that two fraudulent transactions were attempted, one went through which will get disputed. I had card "1111" cancelled.
I then updated my Amazon account information with my other Barclays debit card "2222" on my other desktop "B" to avoid any non payment. Less that two days later (yesterday) the same thing happened with card "2222" , fortunately all attempts were spotted and the card cancelled.
I've Kaspersky anti virus running on both desktops.
I use powerline networking on both desktops.
I've virgin media hub 3.0 router.
I've the checked the task manager on both desktops for any malicious software/keyloggers, looks ok.
I'm confused and scared to make any online transactions, any idea where my security could have been compromised ? Has anyone had any similar experience ?
Any advice is much appreciated.
Kind Regards
Chris
I paid for a product using my Barclays debit card "1111" on desktop "A" using 2 stage verification with my Barclays app, less that 48 later I received notifications from Barclays about possible fraud. I give them a call only to find out that two fraudulent transactions were attempted, one went through which will get disputed. I had card "1111" cancelled.
I then updated my Amazon account information with my other Barclays debit card "2222" on my other desktop "B" to avoid any non payment. Less that two days later (yesterday) the same thing happened with card "2222" , fortunately all attempts were spotted and the card cancelled.
I've Kaspersky anti virus running on both desktops.
I use powerline networking on both desktops.
I've virgin media hub 3.0 router.
I've the checked the task manager on both desktops for any malicious software/keyloggers, looks ok.
I'm confused and scared to make any online transactions, any idea where my security could have been compromised ? Has anyone had any similar experience ?
Any advice is much appreciated.
Kind Regards
Chris
0
Comments
-
It's unlikely to be the reason but I'd give serious consideration to removing Kaspersky from your computer at this time, given the company's very close links to the Russian government.
5 -
I never ever use my debit card for online transactions as its the best way to get your bank account cleared out.
By far the best way is to use a credit card and even better get an extra one with a low credit limit, just for on-line purchases.Never under estimate the power of stupid people in large numbers7 -
An article in The Guardian last weekend addressed "guess attacks" where the details of one card are extrapolated from details of another. In the case discussed a replacement card was used fraudulently before having been used for any legitimate purchase.
https://www.theguardian.com/money/2022/feb/26/credit-card-fraud-scammers-guess-attacks
A free Revolut account includes a single-use virtual card for online shopping. Pretty much all I use for one-off purchases.3 -
matelodave said:I never ever use my debit card for online transactions as its the best way to get your bank account cleared out.
By far the best way is to use a credit card and even better get an extra one with a low credit limit, just for on-line purchases.Further to the above, Amazon offer their own branded credit card, which earns points and eventually Amazon gift vouchers. Not a lot, but better than nothing. I have one and use it exclusively for Amazon purchases. If it gets compromised, I can cancel it with only a minor inconvenience. You can get through to the card company by phone if necessary - or at least you could when I first took the card out a year ago.
I’m a Forum Ambassador and I support the Forum Team on the In My Home MoneySaving, Energy and Techie Stuff boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com.
All views are my own and not the official line of MoneySavingExpert.
1 -
You updated your Amazon account with your new details, but, did you change your Amazon password. That may be where the breach is.Drinking Rum before 10am makes you
A PIRATE
Not an Alcoholic...!2 -
RumRat said:You updated your Amazon account with your new details, but, did you change your Amazon password. That may be where the breach is.
But the first transaction on card "1111" was not an Amazon transaction.
I'm trying to find out what is compromised, is it my pc/network, or my debit card provider Barclays or it is Kaspersky ?.
0 -
I would download and run the free version of Malwarebytes on both pc's to see what that may pick up.
I would also use a credit card for online transactions wherever possible.
1 -
You need to open the net a bit wider to find out how your card details are being leaked, it might not be your PC's or Amazon that is the cause of the leak. Might be coincidence.
Where have the cards physically been during the period of the fraudulent transactions? What retailers / cash machines have they been used in? Have the cards ever been out of your sight? Anybody else in your house or workplace had access to it?
If it is from your PC's then I'd suggest you need to be sure you haven't entered your details into a spoofed website. How did you access Amazon? Was it from a link on an email? If you used a search engine, are you sure that hasn't been tampered with?
What browser are you using, is it up to date and what addons does it have?
What is you operating system on your PC and is it fully patched up to date?
Have you run a "full scan" using your AV or just relied on the normal background scans? Try Malwarebytes like suggested above for a full scan.
Does anybody else have access to the PC's? Are they password protected? Who else knows the password?
Is you password to your Amazon account complex and unique? Did you change it after first fraud?
Have you got 2FA enabled on your Amazon account? If not, do it now.
What other online retailers have your card details stored?
2 -
It also may be useful to run a rootkit scanner, Malwarebytes.com has one
4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com1 -
Deleted_User said:You need to open the net a bit wider to find out how your card details are being leaked, it might not be your PC's or Amazon that is the cause of the leak. Might be coincidence.
...You need to open the net a bit wider to find out how your card details are being leaked, it might not be your PC's or Amazon that is the cause of the leak. Might be coincidence.
-- I agree, I'm scared to use any device on my network now.
Where have the cards physically been during the period of the fraudulent transactions? What retailers / cash machines have they been used in? Have the cards ever been out of your sight? Anybody else in your house or workplace had access to it?
-- Always with me. Physically used with only the big ones recently. But what set alarm bells was when my second card which I rarely use got compromised. This card was never used online ever since it was issued a year ago,
If it is from your PC's then I'd suggest you need to be sure you haven't entered your details into a spoofed website. How did you access Amazon? Was it from a link on an email? If you used a search engine, are you sure that hasn't been tampered with?
-- unlikely, I checked, the first payment was using flywire for university of London transaction. The link was via UoL.
-- I access Amazon by logging in the browser. not via an email link.
What browser are you using, is it up to date and what addons does it have?
-- Chrome, the extensions are from Google, Microsoft and Kaspersky.
What is you operating system on your PC and is it fully patched up to date?
-- Win10, up to date.
Have you run a "full scan" using your AV or just relied on the normal background scans? Try Malwarebytes like suggested above for a full scan.
- Yes, I did run a full scan.
Does anybody else have access to the PC's? Are they password protected? Who else knows the password?
-- Only immediate family.
Is you password to your Amazon account complex and unique? Did you change it after first fraud?
-- yes I changed it later.
Have you got 2FA enabled on your Amazon account? If not, do it now.
-- Will do, thanks,
What other online retailers have your card details stored?
-- Netflix will see if there are others.0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.6K Banking & Borrowing
- 254.5K Reduce Debt & Boost Income
- 455.5K Spending & Discounts
- 247.5K Work, Benefits & Business
- 604.3K Mortgages, Homes & Bills
- 178.5K Life & Family
- 261.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards