General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsMy sister-in-law was just hit with a scam
She and my brother had been on the road, traveling. Stopped at a Tim Horton's rest area along the 401 highway and made a small purchase there using her debit card. Later, she checked their bank account and saw a $50.00 purchase was made online shortly after their purchase at Tim Horton's. They knew they did not make the purchase.
They contacted the online retailer - who gave them some info, and then contacted local police and their bank (to cancel the debit card).
According to police there are cell phone apps that will allow users to "tap" the debit machine and then they can obtain the banking info of the customer before them.
My brother and SIL were lucky actually - that they caught on to this very quickly, that the police are aware of this scam, and that the online retailer involved was helpful and willing to refund the amount in question.
I've read about many scams, but not this particular one. Just thought I'd post as a caution to others.
SheilaT
(23,156 posts)Or is using any plastic placing you at risk?
One of the things I tend to like about my debit, as compared to my credit card, is the need to input a pin number. Although it sounds like what happened to your SIL might have also grabbed the pin.
Lancero
(3,102 posts)Not sure though if doing that still takes the pin, haven't tried it myself, though a debit transaction can be run as a credit instead.
inanna
(3,547 posts)that her pin number was picked up, and that's why she chose to cancel the debit card entirely.
The bank actually wanted to wait to do that until the morning (saying they needed her signature), but she insisted it needed to happen immediately as they were on the road.
I do not know about credit cards though...
Lancero
(3,102 posts)Rather, the machine was using a unencrypted wireless connection to transmit the card data. Someone knew this, and were running a packet sniffer/capturer to see what was in the data.
For intents and purposes, the polices description works though it's not completely correct.
The scariest part though is that this specific method isn't at all hard to do. The only real 'work' that goes into this is actually finding a unsecured wireless connection, which honestly isn't that hard at all.
SheilaT
(23,156 posts)is with the local business and their unencrypted wireless connection, which strikes me as pretty negligent on their part.
Lancero
(3,102 posts)Or how many intentionally, but unwittingly, unsecure it.
A lot of places are offering free wireless to pull in customers, it's seen as a convience that really doesn't cost much to implement, but well... Depending on how the business has their networks setup, if they improperly add in a public connection then they could easily give someone access to the entire network.
Another thing is that a lot of places don't bother updating things, which is a really bad idea. Some of the earlier wireless protection setups are very susceptable to hacking today, even by basic bruteforce attacks, so if the company hasn't bothered updating things then if someone really, really, wanted access to their wireless connection then it's possible for them to get it.
Another thing though is the dumbing down of wireless tech. A story came out on this years back, so this can also fall under the 'don't bother updating things' category.
http://www.computerworld.com/article/2471964/endpoint-security/brute-force-tools-crack-wi-fi-security-in-hours--millions-of-wireless-routers-vuln.html
inanna
(3,547 posts)for the info you've added to this thread.
I'm no "techie" by any stretch, but you've explained things so that even I can understand.
SheilaT
(23,156 posts)I'm not terribly tech savvy, and get less and less so as the years go by. I do appreciate your information.
The pathetic aspect to my lack of tech savvy is that I was using a computer long before almost anyone, and well before a lot of people were born. I went to work for an airline in 1969 that was the very second airline to have a computerized reservation system. I started in January, 1969. My first day of work we were on the old, non-computerized system, and the very next day we switched over to the computer. I acquired very good user skills for our system, but of course that was a very long time ago, long before things like the internet.