Even though you have been fished or hacked, unless it is someone local (say an ex spouse screwing with you) the people who prosecute crimes locally don't really care, they have knife wielding killers to put behind bars. If it is someone local you need to file a police report with your local police department, as this goes down the ID theft road and if something happens to a bank account you need that report for filing paperwork and getting money bank from illegal withdrawls. Reporting it to the department of justice is a good thing, they will probably take no action, but it all gets databased and reported your info adds to the "This is a real problem" report. In the end these are mostly crime rings located offshore.
Now what to actually do.
First get a clean computer, if yours is compromised then it probably needs to be formatted and have windows re-installed. While this is happening see if you can get a friends laptop for a little while (make sure it is also not compromised and use private browsing or incognito mode and Start changing your passwords. Start with your email accounts and move on to your bank accounts. I would probably stop there, as its just not worth the time to go change every password on every site you use.
Discussion on:
View:
Show:
Mr. Burls was hoping to get more people to report it, even if little can be done. An upward trend will eventually get their attention.
We have had local successful prosecution for people who've "borrowed" a customers credit card number or data to make illegal purchases; but they have to be a local infraction for the police to stay interested. In my case it was a far flung crack job on an online vendor that resulted in the theft - I can't blame the local gendarmes for not knowing what to do it such cases, and actually they probably don't even have the legal basis to go outside their jurisdiction - so I don't expect them to do anything about cases like that, other than to take a report to backup the evidence gathering process. I certainly doesn't hurt to turn in a report to local law enforcement, and in some cases even the state attorney's general might want to gather crime data on such incidents. I know our state is very pro-active in this area, but your mileage may vary in yours.
If nothing else it Establishes a Trend but sometimes it will lead to a Investigation which will result in lost funds being returned when there are sufficient people reporting the incident.
One person making a report may not lead to any action but a Million people reporting the same thing will most likely force the hand of the Authorities into doing something.
Recently in AU there have been 2 cases of the Feds investigating and coming to some sort of conclusion about this type of Fraud. The First was the people ringing up pretending to be Microsoft and telling people that their computers where infected and getting the victims to allow them to remote in and infect the systems while at the same time charging them
And the second was the Feds organizing the Arrest of 17 people in Romania over Credit Card Fraud where the crims had broken into Retailers Systems and where stealing Credit Card Details as sales where being made.
Neither of those cases would have resulted in a prosecution if there had not been a large number of people complaining. When there is a large number of people adversely affected it is more likely that the Authorities will do something as the expense is now justified where as investigation because 10 people have complained can not justify the costs of the investigation.
Col
One person making a report may not lead to any action but a Million people reporting the same thing will most likely force the hand of the Authorities into doing something.
Recently in AU there have been 2 cases of the Feds investigating and coming to some sort of conclusion about this type of Fraud. The First was the people ringing up pretending to be Microsoft and telling people that their computers where infected and getting the victims to allow them to remote in and infect the systems while at the same time charging them
And the second was the Feds organizing the Arrest of 17 people in Romania over Credit Card Fraud where the crims had broken into Retailers Systems and where stealing Credit Card Details as sales where being made.
Neither of those cases would have resulted in a prosecution if there had not been a large number of people complaining. When there is a large number of people adversely affected it is more likely that the Authorities will do something as the expense is now justified where as investigation because 10 people have complained can not justify the costs of the investigation.
Col
Much appreciated, as it solidified what Mr. Burls was saying.
Basics:
1- Don't use the same username/password for more than one account. This means don't use the same u/p for eBay and PayPal. Guaranteed both are checked.
2- Learn what constitutes a 'strong' password and if yours (multiple) don't fit that convention, change them.
3- Never 'save' passwords on login screens - even on your home computer.
4- Don't use unsecured wi-fi (sorry, Starbucks. Get a mobile hotspot).
5- Delete unsolicited e-mail .. *unopened.*
6- If you can't resist opening the message, DO NOT download any attachments, click any links, or open any files. Current phishing scams often contain redirectors/iframes to sites distributing trojans. The current distribution of trojans exploit every vulnerability it can detect.
7- If you are expecting something like a UPS shipment and you get an e-mail saying there's 'a problem,' STOP THERE. *Call* UPS and ask them to verify. The same holds true with your bank, department store, entertainment venue, Facebook, Twitter, any other social networking. Anyplace you log in can be phished - stop, don't panic, don't click/open anything .. call to verify.
If you are 'phished:'
1- Even if it's just an username/password scam, consider ALL your information compromised.
1a - start a FULL virus scan of your computer.
2- Get your credit card - turn it over - and call the 'lost/stolen' number on the back. Advise you are the victim of ID theft. Ask if there has been any activity on the card(s) and, if so, ask that they retain that information for the police report. Get a new card.
3- Call the three Credit Bureaus (Experian, Equifax, TransUnion) and place a 'fraud watch' on your account. This is for 90 days and is renewable.
4- File a police report with your local jurisdiction and make sure you get a case number. This sets the date/time of the incident to protect you from abuse of your information.
5- Notify your bank and have them put a watch on all your accounts. If the phish asked for checking account number(s), bank routing number(s), have the bank cancel those accounts and reissue them. A recommendation to consider: don't have roll-over type overdraft protection. If your first account is cleaned out and that protection is in effect, it can simply roll over to the next account(s).
6- Now comes the real 'pain in the ***' - don't forget to notify any accounts that are auto-deducted from the credit card you just canceled.
Additional:
1- Monitor your credit report. You are entitled to one free one per year .. but .. there are three bureaus. Space out your calls - every 4 months, call one of them. You'll get three reports per year. Check with your bank, too. Mine offers, for an extremely reasonable price, the option to check all three bureaus any time you want. And the report is extremely complete.
2- Don't use a debit card for remote or online purchases. While you can recover your funds on a debit card, the money is immediately gone from your account and takes longer with more hassle to recover.
There are other hints, too, but your best defense is awareness and thinking 'what if?' Be creative!
1- Don't use the same username/password for more than one account. This means don't use the same u/p for eBay and PayPal. Guaranteed both are checked.
2- Learn what constitutes a 'strong' password and if yours (multiple) don't fit that convention, change them.
3- Never 'save' passwords on login screens - even on your home computer.
4- Don't use unsecured wi-fi (sorry, Starbucks. Get a mobile hotspot).
5- Delete unsolicited e-mail .. *unopened.*
6- If you can't resist opening the message, DO NOT download any attachments, click any links, or open any files. Current phishing scams often contain redirectors/iframes to sites distributing trojans. The current distribution of trojans exploit every vulnerability it can detect.
7- If you are expecting something like a UPS shipment and you get an e-mail saying there's 'a problem,' STOP THERE. *Call* UPS and ask them to verify. The same holds true with your bank, department store, entertainment venue, Facebook, Twitter, any other social networking. Anyplace you log in can be phished - stop, don't panic, don't click/open anything .. call to verify.
If you are 'phished:'
1- Even if it's just an username/password scam, consider ALL your information compromised.
1a - start a FULL virus scan of your computer.
2- Get your credit card - turn it over - and call the 'lost/stolen' number on the back. Advise you are the victim of ID theft. Ask if there has been any activity on the card(s) and, if so, ask that they retain that information for the police report. Get a new card.
3- Call the three Credit Bureaus (Experian, Equifax, TransUnion) and place a 'fraud watch' on your account. This is for 90 days and is renewable.
4- File a police report with your local jurisdiction and make sure you get a case number. This sets the date/time of the incident to protect you from abuse of your information.
5- Notify your bank and have them put a watch on all your accounts. If the phish asked for checking account number(s), bank routing number(s), have the bank cancel those accounts and reissue them. A recommendation to consider: don't have roll-over type overdraft protection. If your first account is cleaned out and that protection is in effect, it can simply roll over to the next account(s).
6- Now comes the real 'pain in the ***' - don't forget to notify any accounts that are auto-deducted from the credit card you just canceled.
Additional:
1- Monitor your credit report. You are entitled to one free one per year .. but .. there are three bureaus. Space out your calls - every 4 months, call one of them. You'll get three reports per year. Check with your bank, too. Mine offers, for an extremely reasonable price, the option to check all three bureaus any time you want. And the report is extremely complete.
2- Don't use a debit card for remote or online purchases. While you can recover your funds on a debit card, the money is immediately gone from your account and takes longer with more hassle to recover.
There are other hints, too, but your best defense is awareness and thinking 'what if?' Be creative!
All good suggestions. Appreciate you taking the time to list them.
I, like a dummy, was using a debit card with that company. Fortunately I saw the charge for $19.20 for web hosting service and reported it to the bank within the 48 hour limit for me to get my money back. Now it was a cheap lesson, but it taught me a lot - especially how to gather information for the form over a DOJ ( or was it the FBI?)
If I hadn't copied the bank entry into a search engine, I probably would never have caught the scam; I'm sure the guy was buying three months command and control space on this nefarious site so he could run his bot net herding operation. I imagine they only needed that small window of time, because they are constantly switching between hosting services, and keep a stash of alternate sites ready to obfuscate their CAC servers from authorities.
That same vendor was bought out and has had great difficulty with their business (I wonder why?
), so now they can only take phone orders, and get the card number each time - no more auto ship from them! Oh well! I don't feel sorry for them - they should have taken care of INFOSEC so they. or more accurately, their customers, wouldn't have been hammered. I knew it was them that got compromised especially after I started using online secure cards with them, and they "conveniently" kept losing my card details. The crooks inside their organization never got another dime of my money. Too bad they are the only ones in the world that have what I need, or I would have dumped them long ago!!
You might put on the list that there is also several agencies you can report bad sites to, so they can be put on blacklists for IT security personnel. These IP and hostnames will go into a data base for host files and such all over the world, and eventually get them kicked off Google searches too. I wished I could remember who that organization was, they were very thorough and asked me pertinent questions on why I thought the web site were a bunch of crooks. they said they'd list it because of the evidence of faux addresses I pointed out.
I still owe Michael a debt of gratitude for turning me on to online secure credit cards!! Thanks Michael!
If I hadn't copied the bank entry into a search engine, I probably would never have caught the scam; I'm sure the guy was buying three months command and control space on this nefarious site so he could run his bot net herding operation. I imagine they only needed that small window of time, because they are constantly switching between hosting services, and keep a stash of alternate sites ready to obfuscate their CAC servers from authorities.
That same vendor was bought out and has had great difficulty with their business (I wonder why?
), so now they can only take phone orders, and get the card number each time - no more auto ship from them! Oh well! I don't feel sorry for them - they should have taken care of INFOSEC so they. or more accurately, their customers, wouldn't have been hammered. I knew it was them that got compromised especially after I started using online secure cards with them, and they "conveniently" kept losing my card details. The crooks inside their organization never got another dime of my money. Too bad they are the only ones in the world that have what I need, or I would have dumped them long ago!!You might put on the list that there is also several agencies you can report bad sites to, so they can be put on blacklists for IT security personnel. These IP and hostnames will go into a data base for host files and such all over the world, and eventually get them kicked off Google searches too. I wished I could remember who that organization was, they were very thorough and asked me pertinent questions on why I thought the web site were a bunch of crooks. they said they'd list it because of the evidence of faux addresses I pointed out.
I still owe Michael a debt of gratitude for turning me on to online secure credit cards!! Thanks Michael!
In Belgium there is a federal police computer crime unit. You can report (even on line) any computer or internet related crime. They also provide a step by step action plan for a number of crimes ranging from child porn over phising to ransomeware you can download and read.
http://www.polfed-fedpol.be/crim/crim_fccu_nl.php (flemish)
http://www.polfed-fedpol.be/crim/crim_fccu_fr.php (french)
Sorry, English is no official language in Belgium.
http://www.polfed-fedpol.be/crim/crim_fccu_nl.php (flemish)
http://www.polfed-fedpol.be/crim/crim_fccu_fr.php (french)
Sorry, English is no official language in Belgium.
Using Google Translate, I was able to make most of the websites out. They are informative and I appreciate you pointing them out.
Any suggestion for when you are cheated by an online seller, who takes the money but doesnt deliver the goods.
If you have collaboration and it was across state lines (US?), I would start with the FBI.
I used to buy VISA virtual cards on card444.com. Years ago they contact me if I wanted to invest in a program to earn interests beyond the money invested. I sent them US$ 3.000 via Western Union. On the first months when I asked about the interests earned so far and to reinvest, they replied.
About a year ago I asked them for the money back and they never replied again. Even if they kept the investment and gave me only my money back. Despite several emails sent, I never heard from them again.
I only have the emails exchanged in the beginning as proof. Could I also file a complain somewhere ?
Thanks.
About a year ago I asked them for the money back and they never replied again. Even if they kept the investment and gave me only my money back. Despite several emails sent, I never heard from them again.
I only have the emails exchanged in the beginning as proof. Could I also file a complain somewhere ?
Thanks.
will be ignored by the FBI local office or you could have called them. I filed my complaint with the FBI site for such things, so they could at least gather data for eventual prosecution of such criminals. I've since read on Kreb's On Security, and other sites that these data bases have actually helped them prosecute these crooks once they are caught.
I would have filed it with the DOJ also, had I been aware of this page link.
I would have filed it with the DOJ also, had I been aware of this page link.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
