Skip to main content
No. of Recommendations: 2
So, on Saturday morning, got a fraud alert notification from AMEX. Called their fraud line and found the fraudulent charges were on my card (as opposed to husband's) and were for $200 for Uber and the red flag type of charges to Amazon for a couple of $2 efforts. Card duly cancelled and Abit of wondering how that happened.

So, yesterday I did a bit of grocery shopping and tried to use my bank debit card.... that too was declined. I skidaddled round to the bank.... where the teller was very helpful.... and this time it was because of $200 charge to Lyft and a couple of other efforts, all on Sunday..... and to our bank account this time.

So short term contingencies are in place (I think) but I'm wondering about the how and why.

One thing I've done differently in the previous week is to sign up for Life Lock. Thus far, I've received plenty of solicitation to buy even more of their products..... but not a whiff of an alert.

I'm sure I must've done something that's precipitated this but I can't think what. I'm sure I'm missing the obvious??
Print the post Back To Top
No. of Recommendations: 3
Are you certain you signed up with the valid LifeLock service. I get phony LifeLock offers in my spam folder quite frequently. Maybe you've been phished?

Can you login to the real LifeLock?
https://www.lifelock.com/
Print the post Back To Top
No. of Recommendations: 4
Are you certain you signed up with the valid LifeLock service. I get phony LifeLock offers in my spam folder quite frequently. Maybe you've been phished?

I would agree with Roy - it sounds like you got phished - either through signing up for a phony LifeLock offer (probable, since you say you signed up for it recently, but haven't gotten any fraud alerts) or by entering your information into some other application.

I would suggest that you call the real LifeLock (use the link that Roy gave and there's a phone number in the upper right hand corner to call with questions. Call them and see if they can help you.

AJ
Print the post Back To Top
No. of Recommendations: 0
Taken your advice.... called to check my account and tried a log in. Apparently, I did sign up for the real Lifelock...

Couldn't immediately verify the accounts they have on file for me by card number because those are the ones that I cut up and didn't have my accounts folder immediately to hand, so no real explanation as to why no alerts. But at least, I didn't sign up with a fake company.

Still seems an unusual coincidence, though.

Thanks for the link and suggestions
Print the post Back To Top
No. of Recommendations: 3
But at least, I didn't sign up with a fake company.

That part is good, but... phishing often employs "man-in-the-middle" attacks which not only simulate the website you believe you are using, but pass through your information to the bona fide site while scraping your information.

Keyloggers are another possible concern. It does see coincidental that these event followed your LifeLock registration. I would examine all the account information you provided LifeLock and check those accounts for possible fraudulent activity. It would be wise to request your credit reports and as well, institute credit freezes with the 3 (or 4) major credit reporting agencies.

Hopefully the worst is over.
Print the post Back To Top
No. of Recommendations: 0
Will do. Thanks again.

Talking to my daughter this morning and something similar happened to my son in law about a year ago. Credit card first then bank card. Caught quickly but my daughter was speculating on who of all their visitors could've snagged card nbers etc..... but I guess miscreants are a bit more wily than that nowadays
Print the post Back To Top
No. of Recommendations: 2
Another possibility is the electronic tech that allows a thief to read your card info by holding the scanner close to your pocket/purse.

http://www.fox10tv.com/story/29653812/fox10-news-investigate...

RFID protective sleeves, wallets, purses might protect against this?

Note:. This fear mongering was big a couple years ago, and the linked article is 2015.

I believe I had this done to me in June 2016, at Disney world. I now keep my CCs, passport card, etc in an RFID sleeve, in my wallet.

That a CC and a debit card were both apparently hacked at the same time, limits the method of theft?

I set my CC accounts to notify me, via text and email, any transaction over $150, and when my bill exceeds $1500.

I wish my bank had that function for what withdrawals. I do not use a debit card, nor ATM machines. My bank does use photo ID when I do some transaction in person, and uses 2-form-factor ID when I log in online.


I have an ID security company. They do NOT monitor fraudulent CC or debit card or ATM activity.
They (supposedly) do monitor attempts to establish new lines of credit.

Periodically, I'll get an email "No new activity under your name" type message.

I've had a CC hacked about 5 times... Since getting the ID protection. They've NOT notified me. The CC always caught it.

I'm trusting that when that criminal steals/ buys my identity and tries to set up a credit line under my ID, the ID protection folks will catch it... In a timely fashion. 😐

HTH
ralph
Print the post Back To Top
No. of Recommendations: 2
Ralph... you won't believe this but we've had houseguests over the past few days and this stealing info from your purse came up. My girlfriend has actually purchased a handbag that purports to insulate your credit card info from such stuff. I should confess that I first thought it was something similar to wearing a tinfoil helmet to insulate yourself from, say, vaccination info.

Seems it's hard to find a sweet spot between being too laid back seeing conspiracy everywhere and
Print the post Back To Top
No. of Recommendations: 2
RoyGeeBiv,

You wrote, phishing often employs "man-in-the-middle" attacks which not only simulate the website you believe you are using...

nit: Technically a man-in-the-middle attack is distinct from phishing.

Phishing is a type of social engineering exercise where they send you something and get you to react by clicking on links and responding to queries without doing anything to validate the content.

Man-in-the-middle (MITM) attacks are quite technical and generally occur by having someone's system act as a router that intercepts network traffic. It's not even really necessary for a MITM attack to spoof the website as what they are doing allows them to see everything sent to the website as if it wasn't encrypted.

MITM attacks mostly occur at places like restaurants and coffee shops where someone has created a public access hotspot using their laptop and you mistakenly connect to that instead of the store's hotspot (which they may or may not actually have).

MITM attacks are specifically designed to defeat secure connections like https...

There are no good ways to protect yourself against a MITM attack, except to avoid using any untrusted network.

- Joel
Print the post Back To Top
No. of Recommendations: 0
nit: Technically...

Phishing can be simply posing as a website, and collecting login information from an unsuspecting user, or acting as a conduit to the intended website, while absconding with the information posed. "Man-in-the-middle" attacks takes many forms.

Maybe this will help you...
What Is a Man-in-the-Middle Attack?
A man-in-the-middle attack is a type of cyberattack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late.

https://www.veracode.com/security/man-middle-attack
Print the post Back To Top
No. of Recommendations: 2
RoyGeeBiv,

You wrote, Maybe this will help you...

Maybe others, but not me. I've worked on wireless network and security association and encryption protocols, so I'm quite familiar with how the MITM attack vector works.

- Joel
Print the post Back To Top
No. of Recommendations: 1
Considering Lifelock has been hacked several times I would not use them myself.
Print the post Back To Top