The ramblings of an Eternal Student of Life
. . . still studying and learning how to live

Latest Rambling Thoughts:
 
Thursday, April 24, 2014
Current Affairs ... Technology ...

OK, so I just told you (Part I, above) about the PHPBB web site forum that I’ve been working on. The other “project” soaking up all of my time for the past 10 or 11 days was a damage control effort, following an unanticipated internet identity fraud incident.

Yes, it finally happened to me. I realize that internet identity fraud is rampant, but of course I never thought it would happen to me. I am a careful user of the net, I don’t give away sensitive personal and financial information casually, I keep my computer clean with with anti-virus and anti-malware scans, I’m using Windows 8.1, my passwords are pretty good . . . but sorry, it was finally my turn. Somehow, someone got onto my PayPal account and wired a fairly large sum of money to an e-mail address in Europe. At first I blamed the Heartbleed security vulnerability, as it was being exposed right about when I got hacked. But no, PayPal claims it was never vulnerable to Heartbleed.

To be honest, I may have gotten fooled into giving away my PayPal credentials during an eBay purchase. I made several eBay purchases in February and early March, all using PayPal (not many payment options these days on eBay, given that PayPal is owned by eBay). I vaguely recall something unusual happening during one of them (but I can’t remember which one it was). I.e., I seem to recall one purchase where I had to enter my PayPay account credentials twice. At the time, it all seemed to be part of the approved eBay process, which has its own variations and quirks; i.e., sometimes you make a “buy-it-now” purchase on eBay and you are directed to a confirmation page that is set up for the vendor, versus the usual generic eBay screen that transfers you to PayPal.

I may have gone over to a specific vendor page, which is not unusual in itself; but then I MIGHT have been asked on that page to enter my PayPal info. After doing so and then clicking an “enter” button, I got transferred to the usual PayPal entry page, and was asked to enter my identity and password once again. At the time it all seemed innocent — it must just be another internet communication glitch, I thought. I’m within the overall protected “eBay” zone, right? But looking back, that COULD have been a way of harvesting PayPal user information on the part of some fly-by-night eBay vendor offering rock-bottom prices.

Oh well, live and learn. Don’t think that the crooks can never out-smart you. The horse is out of the proverbial barn here; but there are other proverbial horses and proverbial barn-door openers out there, so I went thru the recommended steps after getting hacked. PayPal put me thru a procedure to change my password and security codes and had to call my home number to verify my identity. Once I got my PayPal access back, I filed a dispute with PayPal about the cash transfer (and five days later they determined that this was in fact an unauthorized transaction and restored the funds to my credit card). I next called the credit card company and they started a fraud claim and cancelled my card for replacement with a new card (had PayPal refused to recognize this as an unauthorized transaction, the credit card company was my next layer of defense; they generally have to protect you from liability when you claim that a charge is fraudulent, unless they can pro-actively prove otherwise).

Then I reviewed my log-on names and passwords, and yes, I was using the same set of credentials on too many sites, including some where my credit card is on file (i.e., the hacker that had my PayPal log-on and password should have tried some other popular e-commerce sites, as they could have ordered all sorts of expensive stuff and had it shipped to an address different than my own — or maybe just download a bunch of music albums and video movies — and then change the password to keep me from getting on to report the damage!!). So I spent several hours changing passwords (and now I have way too many passwords to remember — I now have to stop to look up the password whenever I try to buy something or check a financial account).

I also went on the federal FTC web site and filed a fraud report. I also called one of the big-three credit rating companies and went thru their automated phone call procedure to set up a 90 day fraud alert on my credit record. I then went on line for that company to review a copy of my credit record (as to make sure that no one had already started an unauthorized loan or credit card in my name). But of course, they now won’t let me see my record on-line; I had to send a letter to them with copies of various documents to prove who I am.

And last (I HOPE this will be the last big thing to do for now), I went over to the local police station to file a criminal report on this. I know darn well that the municipal PD is NOT going to crack this case, not even going to look into it. All they do is fill out a form and enter it onto the state and federal criminal databases. But I want to have a police report number as proof that I reported the incident to the criminal justice system, just in case more fraud incidents take place and the banks or e-commerce companies involved want to shift the blame (and financial liability!!) on me.

Phew!!! Oh yes, then I got my new credit card and had to make sure that all of the e-commerce sites where my old credit card was registered got updated (luckily I only have 3 such sites — I think . . . ). Lots of work, but credit card fraud is no joke, as I found out. E-commerce is one of the great innovations of the early 21st Century (really from the 1990s), as it really has improved the average middle-class life (or at least my average middle-class life). But wow, when the dark side of humanity enters into this system, things can really get mucked up very quickly, and you can lose lots of real money in a flash if you aren’t vigilant.

Or you can get locked out from it all, even though your daily life is now extremely dependent upon these computers and systems. I mean, just imagine if every bank, utility company, credit card, e-commerce site, etc. just refused to recognize you anymore . . . imagine if one day your credit cards became useless, you couldn’t use an ATM, you couldn’t log on to Amazon or the phone company site, your e-mail passwords didn’t work, the bank wouldn’t even cash your checks (assuming you still have a checkbook), your smart-phone went dead . . . sounds like something from the old Twilight Zone show!!!

◊   posted by Jim G @ 7:59 pm      
 
 


  1. Jim, Very sorry you got hacked into (is that the proper term?). The same thing happened to me several years ago with my credit card. Every time I think about it, it amazes me.

    Like you, someone got my credit card number and charged a bunch of “going to clubs” clothing, which is definitely not my style. Amazingly, I would not have caught it until I got my statement; but the card company called me and said “unusual purchases” were being made on my card. Did these belong to me? Boy, that got my attention.

    And yes, you are correct: Think of the havoc that would occur should all our virtual finances (as if I actually deal in “high finance”–our family has a joke about “high finance”, but I digress) suddenly “go dark”–or went dead, as you say.

    So it seems to me that it can’t hurt to always keep some window (correct word?) open when it comes to the “old” way of doing things. For example, I simply refuse to convert all my phones to what I call “walk around phones” or cell phones (as some people do). I always have at least one line that is a land line should anything happen when all the “virtual” lines go down. Then too, I like to keep snail mail going once in a while too. Can’t hurt, I say. One never knows. Anyway, I hope all will stay well with you and your new passwords, etc.; that nothing untoward happens again; that you will be safe in this regard from now on. MCS

    Comment by Mary S. — April 25, 2014 @ 1:31 pm

RSS feed for comments on this post.

Leave a comment:


   

FOR MORE OF MY THOUGHTS, CHECK OUT THE SIDEBAR / ARCHIVES
To blog is human, to read someone's blog, divine
NEED TO WRITE ME? eternalstudent404 (thing above the 2) gmail (thing under the >) com

www.eternalstudent.com - THE SIDEBAR - ABOUT ME - PHOTOS - RSS FEED - Atom
 
OTHER THOUGHTFUL BLOGS:
 
Church of the Churchless
Clear Mountain Zendo, Montclair
Fr. James S. Behrens, Monastery Photoblog
Of Particular Significance, Dr. Strassler's Physics Blog
My Cousin's 'Third Generation Family'
Weather Willy, NY Metro Area Weather Analysis
Spunkykitty's new Bunny Hopscotch; an indefatigable Aspie artist and now scolar!

Powered by WordPress