Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

inanna

(3,547 posts)
Wed Mar 18, 2015, 08:47 PM Mar 2015

My sister-in-law was just hit with a scam

She and my brother had been on the road, traveling. Stopped at a Tim Horton's rest area along the 401 highway and made a small purchase there using her debit card. Later, she checked their bank account and saw a $50.00 purchase was made online shortly after their purchase at Tim Horton's. They knew they did not make the purchase.

They contacted the online retailer - who gave them some info, and then contacted local police and their bank (to cancel the debit card).

According to police there are cell phone apps that will allow users to "tap" the debit machine and then they can obtain the banking info of the customer before them.

My brother and SIL were lucky actually - that they caught on to this very quickly, that the police are aware of this scam, and that the online retailer involved was helpful and willing to refund the amount in question.

I've read about many scams, but not this particular one. Just thought I'd post as a caution to others.

9 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
 

SheilaT

(23,156 posts)
1. Is this something that only targets debit cards and not credit cards?
Wed Mar 18, 2015, 09:01 PM
Mar 2015

Or is using any plastic placing you at risk?

One of the things I tend to like about my debit, as compared to my credit card, is the need to input a pin number. Although it sounds like what happened to your SIL might have also grabbed the pin.

Lancero

(3,102 posts)
3. A lot of debit cards can be run as credits...
Wed Mar 18, 2015, 09:05 PM
Mar 2015

Not sure though if doing that still takes the pin, haven't tried it myself, though a debit transaction can be run as a credit instead.

inanna

(3,547 posts)
4. My sister-in-law believes
Wed Mar 18, 2015, 09:08 PM
Mar 2015

that her pin number was picked up, and that's why she chose to cancel the debit card entirely.

The bank actually wanted to wait to do that until the morning (saying they needed her signature), but she insisted it needed to happen immediately as they were on the road.

I do not know about credit cards though...

Lancero

(3,102 posts)
2. It's not actually a tap on the machine...
Wed Mar 18, 2015, 09:03 PM
Mar 2015

Rather, the machine was using a unencrypted wireless connection to transmit the card data. Someone knew this, and were running a packet sniffer/capturer to see what was in the data.

For intents and purposes, the polices description works though it's not completely correct.

The scariest part though is that this specific method isn't at all hard to do. The only real 'work' that goes into this is actually finding a unsecured wireless connection, which honestly isn't that hard at all.

 

SheilaT

(23,156 posts)
5. So, if I understand you correctly, the problem
Wed Mar 18, 2015, 09:09 PM
Mar 2015

is with the local business and their unencrypted wireless connection, which strikes me as pretty negligent on their part.

Lancero

(3,102 posts)
6. You'd be surpised at how many places don't think to secure a wireless connection...
Wed Mar 18, 2015, 09:30 PM
Mar 2015

Or how many intentionally, but unwittingly, unsecure it.

A lot of places are offering free wireless to pull in customers, it's seen as a convience that really doesn't cost much to implement, but well... Depending on how the business has their networks setup, if they improperly add in a public connection then they could easily give someone access to the entire network.

Another thing is that a lot of places don't bother updating things, which is a really bad idea. Some of the earlier wireless protection setups are very susceptable to hacking today, even by basic bruteforce attacks, so if the company hasn't bothered updating things then if someone really, really, wanted access to their wireless connection then it's possible for them to get it.

Another thing though is the dumbing down of wireless tech. A story came out on this years back, so this can also fall under the 'don't bother updating things' category.

http://www.computerworld.com/article/2471964/endpoint-security/brute-force-tools-crack-wi-fi-security-in-hours--millions-of-wireless-routers-vuln.html

inanna

(3,547 posts)
7. I'd like to thank you, Lancero
Wed Mar 18, 2015, 09:41 PM
Mar 2015

for the info you've added to this thread.

I'm no "techie" by any stretch, but you've explained things so that even I can understand.



 

SheilaT

(23,156 posts)
8. Thank you.
Wed Mar 18, 2015, 11:55 PM
Mar 2015

I'm not terribly tech savvy, and get less and less so as the years go by. I do appreciate your information.

The pathetic aspect to my lack of tech savvy is that I was using a computer long before almost anyone, and well before a lot of people were born. I went to work for an airline in 1969 that was the very second airline to have a computerized reservation system. I started in January, 1969. My first day of work we were on the old, non-computerized system, and the very next day we switched over to the computer. I acquired very good user skills for our system, but of course that was a very long time ago, long before things like the internet.

Latest Discussions»General Discussion»My sister-in-law was just...