Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
Off Topic
Just had fraudulent activity on my banking account.
jvrlopez
This all happened within the last 30 minutes or so.
I was at home watching basketball when I received an email notification on my phone from newegg.com thanking me for updating my shipping address. Immediately after, I received another email notification thanking me for my order.
I recently had an order from newegg lost in the mail, so I figured maybe they updated my address and refilled my order.
I checked the invoice just to be sure and the order was for a SSD for $525 which was something I did not order.
I immediately logged in to my newegg account, expecting to be locked out. Luckily I wasn't and immediately changed my password. I checked my recent orders and sure enough the fraudulent order was in there. I canceled it and noted the shipping address (complete with name and phone number) the other individual had entered. I also removed my stored payment information in my Newegg account.
I changed all the passwords on all my accounts that have some association with money or credit and called my bank. They canceled the card, issued a refund, sent out new cards, and I provided the name and address of the individual on the order so they could forward it to LE.
Here are a few questions I have:
The name used for the order was similar to mine (one of the names was identical). The card also used, though used before through newegg, was not stored in my newegg account. This individual didn't bother to lock me out of my account, change the email address or email notifications, or charge anything else if they were in possession of my credentials.
Also, the items I had in my shopping cart before the activity took place was still present..
Does this look like genuine malicious activity or just a possible mix up?
Either way, I should have my money back shortly and a new card within a few days.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
NovaHax
There is definitely some weirdness going on there. The chances that someone broke into your account (without having your password reset) and used card information of yours that you didn't have stored on your account seems highly unlikely (unless it is someone you know).
You should definitely contact neweggs support team and make them aware of the situation. And hopefully it was a mix-up from an order you actually did make.
**Keep in mind that if a card of yours that was not stored on the account was used...your card might be compromised too and you should contact your bank or card-provider to inform them as well**
Good luck friend. Hope it all works out.
jvrlopez
Thanks.
Now that I'm looking back at if, I feel it was a mix up rather than anything else. So I'm out of a debit card for the next couple of days, but at least the bank shipped it out overnight free of charge. Better safe than sorry, I guess.
Newegg's order confirmation mentions that shipping and billing addresses should match due to security. Canceled it within a couple of minutes and called the bank. Pretty sure the charge didn't get approved seeing as how I have my money back already and the charge had vanished.
Tried to give newegg a call but they're closed at the moment.
Xyro
It looks like genuine malicious activity to me. Also, you can get a temporary debit card from a physical branch of your bank to use until your new card arrives.
jvrlopez
I called the number on the order to yell at the guy and let him know the cops were on their way, but there was no answer or service.
Xyro
The "style" wreaks of international origins, JME. I would have traced the address & number, myself... if it traces to a VoIP line, you have your answer.
olaHalo
Glad you got it settled before any real damage was done.
It sounds like an innocent mixup to me.
He probably tried to buy something and noticed the address was wrong so he changed it.
If it was malicious he likely would have locked you out of everything.
How he got into your account is the big question.
I stopped using debit/checking cards anywhere because of security.
I have had my debit card used fraudulently and it was a pain to get my money back; took about a month.
However I had my credit card used fraudulently and it only took a single phone call to get the charge removed that day.
Both situations where at restaurants where someone decided to add a "1" in front of my tip on the gratuity line.
jvrlopez
Thanks.
Compared to the last time this kind of activity happened (2009), I made out okay. Last time I ended up losing over $3000 in debit purchases for airfare to the Middle East. Took a few days to get my money back and being overseas at the time didn't make things any easier.
Unlike last time, the recipient's address was stateside.
cruwl
Guy at work had this exact same thing happen to his newegg account last week. He ended up catching it just like you did via email notifications and canceled everything including his newegg account as well.
blargoe
Same thing happened to me recently, except it was Walmart.com and it was several iPads. I caught it, they stopped shippment, and refunded my money and disabled my account on their site.
W Stewart
Have any of you guys shopped at target recently?
http://www.techexams.net/forums/off-topic/96158-target-investagating-data-breach.html
jvrlopez
Got my new card via FedEx today.
USAA usually sends replacements via snail mail or you can choose to have it expedited via FedEx for $8. Since it wasn't anything bad or careless on my part, they sent it overnight for free.
I got the new card sometime today (don't know exactly when, I was at work) and the FedEx guy was cool enough to tuck it under my door mat.
Everything is good to go and the money that was charged from my account has been refunded, although I don't know if this was from me canceling the order really quick or because USAA said they'd refund me.
All in all, only out of my card for about 36 hours. Good real world exercise in protecting my funds in real time.
Whew!
SteveLord
How would the guy know to tuck it under the mat? Unless he normally does that. Does USAA make it obvious they are mailing a credit card? My bank (BoA) historically doesn't put their name allover the envelope.
While my wife shops at Target, she left her wallet (a $200 Kate Spade wallet gift from me last year mind you) in a shopping kart two weeks ago. So it was kind of ironic that there was this sudden breach announced. Luckily, she already has her new cards.
Anyway, as some articles have mentioned....watch out for small transactions too. Thieves are testing accounts when they do this. I had my info stolen a few years ago and the thieves used minor World of Warcraft purchases a month or so prior to the day I noticed about 6 of them all at once.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
