Friends Identity stolen

Friends Identity stolen
Links: home · search · speed test · login · more ·

Links: Reply New Topic
Forums » Security » Security » Friends Identity stolen

Tim618 @ 5th Nov 08:13PM:
Friends Identity stolen

Hello

My friends online banking has been breached and her banking information stolen. There was 600 dollars of porn memberships online charged to her account. She has the email addresses that the memberships were sent to. Is there anything we can do to find the location of where its being sent, such as a residential or business address? I have told her to cancel existing accounts and open new ones, change passwords, use strong passwords, scan for virus's etc. If anyone could give advice on how to track an ip address from an email account or anything that would be appreciated. The person who got the information made 2 fake email accounts in her name (The 2 email accounts she found out about). That is where the porn memberships were sent, nothing to her current email.
Thanks for any help.
edit:She has also filed a police report and reported it to her bank.
reply

SnowyOne @ 5th Nov 08:50PM:
Re: Friends Identity stolen

This link is a good place to start the hardening of her identity.
»www.ftc.gov/bcp/edu/pubs/consume···t07.shtm
The IDThief may not be finished abusing your friends identity.
Unless the thief was extremely sloppy the email accounts will not be associated with his own IP
Trying to track down this guy via email accounts is not going to be a productive activity, that's guaranteed, unless you consider frustration productive.
reply

Tim618 @ 5th Nov 09:12PM:
Re: Friends Identity stolen

Thank you, I will pass along the link, that seems very useful. Is there anything else that can be done- at all to try to locate where this came from? Would the bank have a log of ip addresses that accessed her bank account online?
reply

SnowyOne @ 5th Nov 10:05PM:
Re: Friends Identity stolen

Trying to ID a thief via an IP is not going to work.
If you were to get access logs they would reflect the IP of the hijacked machine the thief used for his final hop.
Often an IP that geographically matches the victims IP will be chosen for the final hop to fool any IP to location auto vetting that may take place.
You'd be pointing a finger at a neighbor before ya knew it. ;)
reply

jack b @ 5th Nov 10:13PM:
Re: Friends Identity stolen

said by Tim618 :

Is there anything else that can be done- at all to try to locate where this came from? Would the bank have a log of ip addresses that accessed her bank account online?

They might be able to, but I seriously doubt it, with IP spoofing there's no telling for sure where they originated.

Another thing to check is your friend's computer itself may be compromised, that's possibly one way how they got her bank information in the first place? Check that her Anti-Virus software and firewall is working as it should and up to date.
Or, perhaps she logged in to her account on an unsecured connection or used a wireless Hot-Spot for access?
--
~Help Find a Cure for Cancer~
~Proud Member of Team Discovery ~
reply
MGD @ 5th Nov 11:56PM:
Re: Friends Identity stolen

said by Tim618 :

Thank you, I will pass along the link, that seems very useful. Is there anything else that can be done- at all to try to locate where this came from? Would the bank have a log of ip addresses that accessed her bank account online?

Yes they would, but as SnowyOne points out, that will not lead directly to the criminal. They typically access the account via a proxy, hijacked or otherwise.

How exactly was the $600 charged to her account?. Was it an ach transfer, like an online bill payment. Or was it charged to her debit/credit card?.

I suspect that she may have been the victim of a bank phishing email. There are two possiblilties, generally using her compromised bank data for $600 of porn memberships is not indicative of hard core cyber criminals, such as an infected PC compromised by a trojan etc. The exception to that would be if the Porn sites were really laundering conduits used to convert the charges into cash. If so, that would indicate that the porn websites are complicit and part of the scam.

Otherwise, using banking data for porn access purchases is more indicative of the low hanging fruit in the crime world. Most serious cyber criminals want to maximize the cash potential of such data, and utilizing it for porn memberships is about the least productive. The memberships have a short lifespan as the bank will reject the charges as soon as the victim catches them, and access will be blocked.

You should ask her if she remembers entering her banking data in response to an email, and also if she entered her DOB and SSN.

MGD
reply
SnowyOne @ 6th Nov 12:36AM:
Re: Friends Identity stolen

said by MGD :

There are two possiblilties, generally using her compromised bank data for $600 of porn memberships is not indicative of hard core cyber criminals, such as an infected PC compromised by a trojan etc. The exception to that would be if the Porn sites were really laundering conduits used to convert the charges into cash. If so, that would indicate that the porn websites are complicit and part of the scam.

There is the possibility that a porn site (or any for pay site) can be used to monetize the victim data without any complicity on the sites end. We've both seen phishers sign themselves up as affiliates to adult sites with extremely large referral based commissions. The scam is simple enough, a phisher cards a domain then signs up as many sites as will have him as an affiliate with the trigger being any sales with the carded domain as the referrer. $600 being spent by the phisher masquerading as legit click through customers can net him $400+ in 30 minutes.
I'll give even odds the $600 went to feed a sex addiction at places such as hxxp://www.livejasmin.com/allonline.php?psid=simplecom&pstour=t1&psprogram=REVS
reply
MGD @ 6th Nov 01:02AM:
Re: Friends Identity stolen

Indeed, however it is now rare for any affiliate to get access to the referral funds until the recourse time period expires. Either a high reserve is held in abeyance, and only released when the chargeback period expires. One of the highest chargeback ratios in ecommerce is for "Adult" sites, (a term the banking industry prefers to use).

A fake porn domain with a merchant account is a possibility for sure. If the OP posts the domains that charged the account, we could probably take a stab as to whether that was likely.

Burning up banking data for a sex addiction is certainly a possiblilty, especially if it is for one of those "live" entertainment sites.

EDIT ADD

That is why I suspect phishing as a possible point of compromise.

MGD
reply
SnowyOne @ 6th Nov 01:25AM:
Re: Friends Identity stolen

said by MGD :

Indeed, however it is now rare for any affiliate to get access to the referral funds until the recourse time period expires.

yeppers, that was the industries reaction which is proving to be one of the few great examples of an industry protecting the public by protecting themselves.
reply
Tim618 @ 6th Nov 08:20AM:
Re: Friends Identity stolen

Thanks for the replies. She did not say what sites the charges were made from. I agree, she seems to be victim of phishing scam. I haven't talked since last night but i will ask her about putting her info in any email or anything. She said the charges were made through her routing number, but i think the better possibility is someone having attained her login info for her bank account used her account number.
reply

Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC