BARBELITH underground
 

Subcultural engagement for the 21st Century...
Barbelith is a new kind of community (find out more)...
You can login or register.


Underground > Conversation >

Fraud

  
 
petunia
11:38 / 21.04.07
Soooo...

Today i got an email from amazon saying "Thanks for your order, [.trampetunia]", which i found odd, cos i haven't ordered anything recently. Figuring it might be spam or phishing, i had a peek.

Seems there's an order gone through on my account for a new Playstation 2. Along with the order number etc, i notice the delivery address is:
[Mr not .trampetunia]
[x different road]
CATFORD, LONDON
[not my postcode]
United Kingdom

I live in Manchester, which is pretty far away from london (as British distances go). Hmm...

As i'd recently (like two days gone) been contacted by my bank due to fraudulent attempts to make payments using my card (The one time having no money has actually been to my advantage!), i figured this might be the same person trying to use my card again, but when i checked out the invoice address, i find:

[Miss not .trampetunia - of different surname to Mr not .trampetunia]
[Y different address]
Lewisham, London
[different postcode]
United Kingdom

So it kinda looks like somebody has got hold of someone else's card details and bough something with them, using my amazon account... for safety?

I rang amazon (happy how they make it quite obvious how to get in touch with them, also nice how they will ring you). The friendly man on the phone has a look at my account and cancels the order. I say i am worried about it being fraud. He tells me that what it's likely to be is: I've logged onto amazon at a public computer, then forgotten to log off. Mr not .trampetunia has then gone on amazon and bought the playstation, thinking he was logged into his own account.

This makes sense, and while i endevour to log off everytime i use a public computer, i probabaly forget from time to time. However, i have not logged onto my amazon account for at least two weeks and even then, it was at home. I cannot remember the last time i logged on using a public computer and it certainly isn't within the year. This means that Mr not .trampetunia would have had to use a computer that has retained my login for over a year in order to do this mistakenly.

I have emailed these concerns to amazon, but they seem like they might be a little reluctant to point the fraud finger. In the meantime, i have both of the addresses used in the transactions, along with telephone details. At the moment, i have had no confirmation from them that they are going to look into this.

So.. do i contact Miss not .trampetunia (odd to suppose that her number is valid, but after all, maybe this is some kind of weird mixup) and warn her? Or do i contact Mr not .trampetunia and tell him he has accidentally used my account? Is it dangerous to do this? Would it be fun?

Also - In what ways could Mr not .trampetunia have ended up using my account? As i say, it seems odd that he end up there accidentaly, but it seems just as odd that he would use my account to commit fraud if it isn't my card he's defrauding...

I use a wireless network at home and hear it is actually quite easy to leech data from such connections. Is this true?

Arrgh!
 
 
Spatula Clarke
12:11 / 21.04.07
You need to make sure that your wireless network isn't accessible to anybody who shouldn't have access - there's going to be the option somwhere within your router settings to set a network key, which all devices that then attempt to access your network will need to know. Other people hereabouts will have a vast amount of knowledge on this stuff, far more than me, so I'll leave it for one of them to explain (because the likelihood is that I'll make a pig's ear of it).

As far as contacting the other parties goes... I'd suggest not doing that. Just keep your eyes out for anything similar happening in future - once is an acceptable mistake, and I'd guess that the Amazon guys might contact the user who logged in with your account (I presume they have details that match the incorrect billing and delivery addresses set up against another registered user, and that this'd be why they were so sure that it's an honest mistake) to let them know that some kind of error has occured and that their order hasn't gone through.

This happening a second time, though, would make it less likely to be a genuine error. Don't know what you do about the person whose card details were being used, though - maybe contact the relevant bank or credit card company (if you noticed what kind of card had been used against the order) and inform them of the situation, leave them to contact the individual.
 
 
Red Concrete
12:45 / 21.04.07
In my experience of fraud (someone started withdrawing my money at ATMs), a police report seemed enough to ensure that my bank investigated the incident and refunded my money almost right away. Even if not, I recommend that you contact the police. There's a crime going on, right? Fraud, identity theft..
 
 
Kirin? Who the heck?
12:52 / 21.04.07
Your wireless network needs to be secured if it isn’t already — even if you feel happy being generous with your bandwidth, there’s a possibility that someone might decide to use it for dubious or illegal activities, for which you could then be liable (it’d be difficult to prove that it was someone accessing your network without permission). In your router’s setup interface (which you probably access by typing a numerical IP address into a browser, unless you have an Apple AirPort), there’ll be a screen with ‘wireless security’ settings (possibly as a subset of a screen for general wireless settings).

You need to choose one of the following settings for encryption (scrambling the data so that people who don’t have the password key cannot read them if intercepted, and cannot use the network without permission), with the first being the most preferable and the last the least:


  1. (On recent routers) WPA2 (Wi-Fi Protected Access). This might be called WPA-AES or some variation thereon. This is the most secure encryption setting possible on most consumer routers, using nice secure encryption algorithms. It might not be compatible with some older devices.

  2. (On some routers) WPA/WPA2, or alternatively WPA-TKIP/AES. This is a hybrid mode which allows the computers which support the more secure WPA2 (above) to use that, and those which don’t to use the less secure WPA (below).

  3. (On almost all routers) WPA, also called WPA-TKIP. This setting is very compatible, and provides good enough security for most people. It uses a slightly less secure algorithm than WPA2. If even this isn’t available on your router, you may be able to upgrade its software to enable it. The same goes with most wireless cards in computers — check the company’s site for driver updates.

  4. (If your router doesn’t have this, it’s probably coal-fired) WEP (Wired Equivalent Privacy). This setting is extremely compatible (this is sadly the one you have to use to connect a Nintendo DS), but not really much in the way of protection. It will certainly discourage casual bandwidth theft, but that’s about all; anyone determined to use your network/snoop on your data as it’s transferred will be able to. Use this setting only if you must. It comes in two varieties — 128/104 bit and 64/40 bit. Choose the 128/104 version if you can.

  5. None or ‘open’. Obviously, this will mean that your data fly through the air completely unscrambled and anyone can join. Not recommended if you’re feeling sane.



If with any of these you have a choice between RADIUS or PSK (Pre-Shared Key) varieties, pick the latter.

Whichever setting you use, it’s important to pick a secure key (password). All the usual password tips apply — not just one dictionary word, not easy to guess, etc. If you use WPA/WPA2, then I’d recommend using a Diceware key if you can (at least five words, preferably eight) — remember, it may seem long, but on most devices you’ll only have to enter the key once. On WEP, you’ll be limited to a certain number of characters, so pick something with a good mix of alphanumeric characters and punctuation.

To get the most secure settings possible, it’s important to have all the latest drivers and firmware for your wireless gear. Manufacturers’ sites should have what you need.

If anyone is having any trouble, feel free to PM me.
 
 
petunia
13:05 / 21.04.07
Good advice, thanks.

The network is already encrypted with WEP and we don't broadcast the network name, so people have to know what they're trying to connect to if they are going to try.

I got an email back from amazon saying:

We believe your account may have been accessed and used by a third-
party to make purchases without your permission, but it appears they
did not use your credit card to make these purchases.

Your details have been forwarded to the appropriate department for
further investigation and we will contact you again via e-mail in 1-
2 business days regarding this issue.

So i guess they will be taking care of things. Is it still worth contacting the police or shall i trust in amazon's procedures?

While it's obviously not the best idea to contact the 'fraudster', might it be worth giving the 'victim' (scarequotes just cos i don't know for definite that it's fraud...) a bell to let her know what's going on?

As amazon cancelled the order, no records remain of the card used to pay, so i don't know which bank would be contactable...
 
 
Triplets
14:37 / 21.04.07
Get the details from Amazon. Then contact the police and bank involved. Covering your arse in all areas is the best way for stuff like this.
 
 
miss wonderstarr
15:12 / 21.04.07
I don't know if I follow the complexities of this, but Lewisham is right next door to Catford, for what that's worth ~ it seems entirely possible that someone from Lewisham could have someone from Catford's bank details or card.
 
 
petunia
17:25 / 21.04.07
Oh right. Yeah, i don't have any knowledge of London geography.
That makes things a little better - it's a lot nicer if things work out in a happy way...
Still confused about the whole thing going through on my account. Ho hum.
 
 
lord henry strikes back
17:17 / 22.04.07
I think it's worth a mention to the police. If it is a genuine mistake then it won't cause a problem. If it's not then chances are that the same person will try this again with someone else's details. If the police get three or four reports from different people, all in the same situation as you, and all with the same delivery address, then they will look into it.

Of course, if this is fraud and the person committing it is getting details from across the UK (or even wider) then there's a good chance that no one police force will get enough contacts for them to act, but at least you tried.

It's a bit of an odd situation and I'm glad you didn't lose anything.
 
  
Add Your Reply