If Neteller say this was done from the user's computer, two questions? 1) was it actually switched on at the time this took place? 2) Was it connected to the internet during this time. If both these are true, this points to a trojan application executing commands from a remote computer through a port. There are some defined ports through which Windows will accept input as though coming from the user's keyboard. A trojan module has to be in place to open the port and feed the comands through, while at the same time ensuring nothing looks out of place to anyone using the PC. They could have got the initial account data from Phishing, including the MAC of the PC as well as the IP address, or they could have inserted a keylogger or screen logger through a malware application. Download any GFED casinos recently?
.
I do not know much about trojans, phishing, keyloggers and what not...I havent the faintest idea of how these things operate...however, I have learned these terms are associated with activities that mama would frown upon.
Here are more details for the Sherlocke Holmes out there. My computer was on. I usually leave it on all the time (now I'm thinking twice about that). I leave it on for work..lots of emails and eFaxes for me.
I was not logged into any casinos or Neteller when I went downstairs to eat dinner. After about 2 hours, I returned to my computer and checked my emails..this is when I noticed the shiet hit my fan.
I do believe this activity was going on at the same as I noticed it. But I'm not 100% sure. I remember seeing 4 declined credit card deposits, then after investigating opening some emails, the page refreshed with 5 declined credit card deposits.
To further investigate, I went to Neteller's site to sign in...I typed in
www.neteller.com in the address bar and received 2 sign-on pages (another window opened up on top of the first). It reminded me of when I accidentally double click on a link causing two windows to pop up with the same content. But these two windows were not the same! I didnt realize this until after a few minutes. I signed into my Neteller account with the page on top. Minutes later, that window froze, and I couldnt navigate through my account. Thats when I cursed at the screen a little and decided to sign in again...thinking it was just something insignificant..some minor snag somewhere. I was wrong. When I brought up the sign-on page that was underneath the frozen page on top, thats when I realized the picture was different. I'm talking about the picture to the left of your account number and password. I dont remember exactly what the pictures were..but I do know they were completely different. Does Neteller have more than one version of their sign-on page running at any given time frame? Should everyone see the same picture when signing in at any given time? Another thing worth mentioning, what I do recall while signing in the first time was a thin bar across the top of the page that kept on flickering.
vinylweatherman- You are dam good with your diagnostics! You sure you have nothing to do with this? After reading your thoughts of suspects, I checked my Virus Vault and found a Trojan Virus that was caught on 1/13/2007. I didn't know it was a Trojan until now. I do rememeber the software detected a 'threat.' But, just like other times, I didn't think much of it after the software 'healed' the situation. Perhaps, this was when my info was somehow accessed? For the past couple days, up until last night, my computer would freeze up and the only option I had was to reboot by turning off the machine via the Power Button. I hate turning off the computer like that...it makes me think of a person going to sleep by having a someone else smash a glass bottle on their head. In retrospect, I should have been more careful in interpreting my computer's symptoms..perhaps I couldve prevented this.....live and learn...I just always seem to learn the hard way.
There are differences in the confirmation emails I received for those unauthorized deposits compared to those emails I received in the past when making an InstaCash deposit.
Confirmation of an InstaCash deposit always came from NETELLER 'Customer Service <
[email protected]>'...this time they were from
'[email protected] <
[email protected]>'. There is usually an InstaCash transaction time stated in the email, which was always approx. 3 hours ahead of my time or gmail's time of receiving the email.
This bogus InstaCash transaction didnt even have a time stated in the body of the message! However, the emails for those unauthorized credit card deposits and transfer of funds to another merchant did have transaction times stated. The time in the body of these emails compared to the time stated in the 'Show Details' section at the top of the email (for gmail, this is the section where you can click Hide/ Show Details) did not have that 3 hour difference that I'm use to seeing. This top section is
suppose to reflect Gmail's time, time of receiving that email, or my time, but did not, as it was altered. Gmail's real time is revealed when you place curser over the date at the top right of the email...and
this time should be the same as time shown if you clicked on 'Show Details.' But these bogus emails had time differences in these two sections..(I think this is very smart on googles part, to have another check point). OK enough of this...too much time talking about time.
There are other noticeable differences. If anyone is interested, just let me know, and I'll prepare some pictures of these emails to be uploaded here.
My whole point in all this is to remind everyone to Be Super Careful with your wallet because there are always those friggin-A-holes scheming to pick your pocket. When your having fun, its easy to forget how many of these jerks are around.
