Unauthorized NetellerInstacash deposits >$5000!!

[GrandMaster]

Quote:

Originally Posted by winbig

I would scan for spyware/malware/trojans ASAP.

If you find anything, KEEP THE LOGS, and even take screenshots, if possible. That way you can prove to Neteller and your Bank that your computer was definitely not under your control when those deposits were made/attempted.

Afterwards, I would even suggest backing up everything you need, formatting and reinstalling everything just to make sure.


*Disclaimer* Only do it if you're comfortable with doing so

...why everyone doesn't have a firewall installed is beyond me....

I would get a live Linux CD like http://www.inside-security.de/insert_en.html or http://www.knopper.net/knoppix/index-en.html, boot the computer into Linux and save all the data. After such a major security breach the computer will have to be reformatted and everything reinstalled from scratch, but at the moment I would leave it in case there is some evidence on the computer that might be useful, for example, a trojan horse. In the meanwhile, I would use another computer if possible, or boot off a Linux CD.

Quote:

Originally Posted by indicka

This occured less than 18 hours ago. I was able to close my bank account before money was taken out of my account..(instacash is not really immediately like they say)

Yes, these transactions are totoally out of norm. I've made hundreds of InstaCash deposits...and never have I made any deposits over $75...not once...and my deposits have always been whole dollars. These unauthorized transactions were all USD with change, but when transfered to another merchant, they all turn out to be whole numbers in Euros..hmm?

I'm surprised Neteller even allowed for them to attempt 5 unsuccessful credit card deposits, one minute after another.

Indeed, at other times perfectly innocent transactions set off the alarms, my account got locked for receiving about $800 from a casino.

Quote:

Originally Posted by vinylweatherman

It will be in the other merchant's NETELLER account, and it isn't that easy to get money out of Neteller as fast as it can be put in. If Neteller were alerted early, which seems the case, they should have locked ALL accounts in this chain, including the merchant. The fact that a merchant is involved says nothing for the vetting procedures employed by Neteller when deciding if a company is really a proper business or a scam. The FBI will have a field day when they hear about the speed with which the thieves were able to remove the money from the entire system, and for a very substantial amount that could fund some serious criminal activity.

If Neteller say this was done from the user's computer, two questions? 1) was it actually switched on at the time this took place? 2) Was it connected to the internet during this time. If both these are true, this points to a trojan application executing commands from a remote computer through a port. There are some defined ports through which Windows will accept input as though coming from the user's keyboard. A trojan module has to be in place to open the port and feed the comands through, while at the same time ensuring nothing looks out of place to anyone using the PC. They could have got the initial account data from Phishing, including the MAC of the PC as well as the IP address, or they could have inserted a keylogger or screen logger through a malware application. Download any GFED casinos recently?

It certainly looks like a remote access trojan or an insecure wireless router.

Quote:

Originally Posted by vinylweatherman

A complete reinstallation is a good move, however inconvenient, and do not allow the PC near the internet till this has been done in case further information is compromised.
I would really like to see more openness from Neteller in telling us how these thieves got away with this, enough at least for us to know the vulnerabilities that we ourselves may have left open for them, and how we should close them.

It should be traceable which casino the money went to. After that it depends on the casino's co-operation.

Quote:

Originally Posted by amatrine

I had this happen from a keylogger from my neteller. Neteller held me repsonsiable for the funds. To this day I get collection calls, and refuse to pay for it, though I know they got more money from me than what was stollen in affilate payments that to this day get deposited into neteller I cant claim.( despite numerous attempts at contacting thiese affilates and telling them I cant accept neteller, another matter) They also said it was from my computer. It wasnt.

I did find a virus when I scanned the computer and removed it, and closed and changed all my accounts, ( ebay, paypal, bank cards)

Was a pain, but now I scan this thing every day. Lesson learned.
I also have a young daughter who plays games on this computer and when she does I pick up all kinds of spywayre etc, so probably how it got here in the first place.

Ama

Install Spybot Search & Destroy with resident Teatimer. It will stop a lot of spyware and other junk from installing or running on your computer. You should also create an account with restricted rights for your daughter, if you have not done so already, so that she can do less damage. Or use Linux.

[Slotster!]

If the cat wanders in sporting a new platinum and diamond encrusted collar, sipping champagne from his bowl - with a foxy female kitten hanging off each paw - I'd start asking questions...

[tennis_balls]

Quote:

Originally Posted by indicka

I looked him straight in his eye.. and not a single quiver of guilt shown.. unbreakable poker face...

behold! a one-eyed monster! a sure indication of guilt!

[amatrine]

Rule number 12 on neteller website: 12.2 It is your responsibility to keep your Account identification, secure identification, password, security questions and answers and other information specific to your Account confidential and in a safe and secure place. This includes ensuring the ongoing security of your log-in details on your personal computer device for accessing the Internet. Should another person gain access to your Account by passing all identification and security validation and verification checks, we are entitled to treat any transaction conducted by that person as valid and are not responsible under any circumstances for any loss or damage you may incur as a result.

This is what they enforced with me, and said I was liable. Never read the small print ,,, my bad...

Ama

[winbig]

I have a problem with that. What they're basically assuming is that every tom dick and harry that uses a computer and has a neteller account is a computer whiz, and knows how to secure their computer 100%.

Let's face it. With a basic windows installation, current updates, and even running microsoft's "Firewall", their computer IS NOT SAFE. Even all of the anti-spyware|adware|virus|trojan scanners will NOT pick up and fix every single threat out there. To do so, you would need to run 4-5 of these programs to catch everything.

They can take that clause and stick it up their ass.

It should be "User should take every possible action to keep their computer safe. If a user is found to KNOWINGLY keep their computer vulnerable to attackers, they will be held responsible.

[indicka]

Quote:

Originally Posted by GrandMaster

I would get a live Linux CD like http://www.inside-security.de/insert_en.html or http://www.knopper.net/knoppix/index-en.html, boot the computer into Linux and save all the data. After such a major security breach the computer will have to be reformatted and everything reinstalled from scratch, but at the moment I would leave it in case there is some evidence on the computer that might be useful, for example, a trojan horse. In the meanwhile, I would use another computer if possible, or boot off a Linux CD.

I seriously need the The Computer Manual for Beginners, the Idiots Guide...I get overwhelmed when thinking about all this stuff that I honesty know nothing about. I'm still more comfortable with paper and pen, rotary phones, etc..my environment is changing at exponentially rate while I'm walking backwards...
For now, this only computer I have to work with...going to have to make do...
Like always, I'm going to close my eyes and hope for the best (probably how I got into this situation to begin with)

Quote:

Originally Posted by GrandMaster

It certainly looks like a remote access trojan or an insecure wireless router.

Yes, I am infected with Trojan Virus..its sitting in the Virus Vault since 1/13/2007. And according to the AntiVirus software, it can't be 'healed.' At first, I thought it was 'healed,' but thats not the case.

Is it better to keep the virus in the Virus Vault...or 'remove' it completely? Any suggestions for the biggest PC idiot? Sorry if my questions dont really make sense.

Quote:

Originally Posted by GrandMaster

Install Spybot Search & Destroy with resident Teatimer. It will stop a lot of spyware and other junk from installing or running on your computer. You should also create an account with restricted rights for your daughter, if you have not done so already, so that she can do less damage. Or use Linux

Yes, I have Spybot and will run that program shortly.

I've no daughter to create an account for..I think that was another person with that problem..
However, I will create a separate account for my cat..this way he could surf and search for pussy without bugging me.

[indicka]

Quote:

Originally Posted by Slotster!

If the cat wanders in sporting a new platinum and diamond encrusted collar, sipping champagne from his bowl - with a foxy female kitten hanging off each paw - I'd start asking questions...

Quote:

Originally Posted by tennis_balls

behold! a one-eyed monster! a sure indication of guilt!

!! You guys are friggin hilarious..!!

[winbig]

What you need to do is format. Forget about the virus vault.

If you wanted to speed things up, you can boot directly from the XP CD, and when it asks you where you want to install XP, go through the process of deleting the partition that's there and create a new one. This will effectively remove everything from the drive. It tells you how to do so when you're at that screen.

As it was suggested before, I would keep that computer off the net for the time being. A little overkill, but whatever works for you.

And never forget: MAKE BACKUPS!

[amatrine]

Rotary phome, rofl. Ya know , I do not even own a cell phone. I still have the mentallity that when Im off doing something, thats my time. They can call me or I will call them when Im home

Ama

[vinylweatherman]

Quote:

Originally Posted by amatrine

Rule number 12 on neteller website: 12.2 It is your responsibility to keep your Account identification, secure identification, password, security questions and answers and other information specific to your Account confidential and in a safe and secure place. This includes ensuring the ongoing security of your log-in details on your personal computer device for accessing the Internet. Should another person gain access to your Account by passing all identification and security validation and verification checks, we are entitled to treat any transaction conducted by that person as valid and are not responsible under any circumstances for any loss or damage you may incur as a result.

This is what they enforced with me, and said I was liable. Never read the small print ,,, my bad...

Ama

Ah, but it seems it is Neteller that has suffered the loss, not you, so they should not be pursuing you for more money on top of what you have already lost.
This is a joke considering how bug prone their own fund transfer processes are. if the details are compromised from Neteller, rather than the user's PC, this clause does not count. If challenged in the UK courts, it could be struck out as unfair as it places an impossibly one-sided burden on the consumer, who is considered to be a "user" of a product (as opposed to a tech savvy industry designer). To win such a case, you would have to show that you followed advice on how to keep the information secure, and since you mention finding a trojan in a "virus vault", it seems you are taking steps to secure your PC from attack.
Current threats are so sophisticated that even the Pentagon is not secure, so how can Neteller expect all users PC's to be 100% secure. They would be better off providing users with account management tools that would enable them to create their own security trips based on what they know as their activity.
If a user never uses other currencies, for example, they could set a trip that instantly locks the account is a transaction in another currency is attempted. Seems that at present thieves can just keep trying again and again, because Neteller assume it must be the proper user, even though the attempted transactions are so out of character that they are constantly failing.
There is an increasing mistrust of online financial services, BECAUSE of the very technical nature of many of these frauds, and the need for a university degree to even understand what has been done to you, let alone stop it happening again. It is amazing what one can learn about computers if determined, it was even more true in the early days (Eighties), but hacks then involved computer games, and getting the computer to do things it should not really be capable off. The internet has changed this, there is big money available, and in some cases it is easily stolen or scammed from the original owners.
By far, the majority of banking information in the hands of criminals is stolen directly from the banks' own customer service centres, where vast quantities of data are available in one place. Once this security has been compromised, data can be stolen at will till enough gets out that customers complain. There is no guarantee that some data is not stolen from Neteller HQ or service centre, where details of the customer's usual access IP and PC are stored (I know, my Neteller was locked by a security trip when I logged on through Tiscali instead of NTL from a new PC based at my Mum's house) Spoofing the proper IP, or hijacking the PC via Trojan gets past this particular trip, and it seems this is the only safeguard in this case, as nothing else tripped.