I was, and still am, gob smacked.
I am no novice when it comes to shopping online. I have been doing it for years. I am quite a tech savvy person and I have a vested interest in computers, social media and the Internet. So I know all about the dangers of shopping online. Consequently, I always take the necessary precautions to prevent data theft. Nevertheless, this did not stop some random American douche bag, from stealing my credit card information and attempting to buy… wait for it… R3 000 worth of groceries from Wal-Mart. Huh?!
Why on Earth someone would go through all of the effort to steal someone’s credit card information online, just to buy groceries with, I cannot understand. Either the recession in the states is really still quite bad or Americans, as the stereotype goes, are legitimately stupid. Nevertheless, I hope this person gets persecuted to the full extent of the law and is ripped a new one while in prison.
So how did this all happen? How the heck did this mystery person obtain my information? Well, it was obviously via the internet but not because of some insecure site.
Here is a quick rundown of events:
Friday 19th February 2010, a cousin of mine places his USB memory stick into my PC. He ensures me that his computer does not have viruses. I believe him, until Microsoft Security Essentials picks up a Trojan: Vwealer.KZ.
Microsoft Security Essentials detects the Trojan and neutralises it, the way a good antivirus is supposed to. I think nothing more of it since the problem appeared to have been solved.
I buy tickets online at the NuMetro website for Percy Jackson and the Lightning Thief (review coming soon). I have to input my credit card details to complete the purchase.
Days go buy, nothing unusual happens and I continue to use my card as I normally would. I make two further purchases during the week. One online, one offline.
Thursday 25th February 2010, I receive a call from Nedbank Credit Card Fraud division and speak to a lady known as Mbuli. She nonchalantly asks me if I am purchasing my months groceries at Wal-Mart in Miami. Yes, this is the “What the eff moment”. I politely decree that it is physically impossible for me to be doing that considering how I am in South Africa. We immediately move to blocking my card and reversing any unlawful transactions. I exclaim my thanks before putting the phone down.
After the call, I wrack my brain to determine how this could have happened. One thing pops to mind, the Trojan from my cousins USB memory stick. I Google the Trojan. My heart sinks as I deduce that it is a financial data thief with a penchant for credit card information. I still wonder ‘how’ though.
I have been using Google Chrome for a few months and figured that it may have aided in my information being stolen. I read various reports of Chrome safety, but all pre 4.0. Then I found something interesting. A user equated Chrome to being a glorified ‘data miner’. Storing everything you put into the browser. I immediately uninstalled Chrome and switched to Firefox.
My next thought was ‘What the heck did Microsoft Security Essentials’ do? It detected the Trojan and deleted it… yet my information was still stolen. Without concrete evidence, I have assumed that Microsoft Security Essentials is good, but not great and ultimately flawed. So I re-installed Norton 360 4.0 Premiere. Scanned my system, clean result.
Friday 26 February 2010, I receive an e-mail from Jaya, the person responsible for handling my ‘case’ via Nedbank. I do what I need to do and send back the required documentation. Bare in mind that our Telkom lines had been stolen and not repaired for over a week, so all of the communication was taking place via my mobile phone (thank heavens for mobile broadband, no matter how unreliable or costly). Now I await for my new card.
Right now, I am still using Chrome (I switched back), simply because of its speed, ease of use and because I could not find any articles directly pin pointing Chrome 4.0 as having any major security flaws (actually appears to be quite secure). I do not know what was the ultimate cause of my data being stolen, but I have taken various steps to prevent it from happening again. One of those steps has been to change the settings in Chrome to ensure that the browser will never store anything again, including forms and passwords. Additionally, I have signed up with LastPass, a password service which runs concurrently with your browser, so that I never have to physically type in passwords again. This apparently helps to combat ‘key logging’ spyware and makes it so that you do not need to use your browser to save passwords etc.
I would like to commend Nedbank on their stellar performance. The representatives I dealt with were courteous and extremely helpful, but the fact that they managed to stop a fraudulent activity and protect my funds is what I appreciate the most. Thank you!
I never thought something like this would ever happen to me, until it did. The entire ordeal has been one I will never forget. Make no mistake, the Internet is a dangerous place; even for seasoned users.
Final thought: be careful out there. Ensure that your browser is set properly and that you have a proper security suite on your personal computer. Prevention, as they say, is better than cure.
Until the next time “Milieunairs”!