Mar 4, 2020
9,306
9,864
VetteCoins
216,617
Car
Little red 2020 C8
Province
ON
So, it appears a site I had been to many years ago was hacked and never told anyone.
They got that email address and password.
It is one of many passwords I use. I have about 100 sites that have usernames and passwords.
I don't use the same one on all sites, but it appears I used this one a few too many times.
The one I used on here was also discovered in a compromise (houzz . com).
I found this site to be helpful in checking all my passwords.
Anyway, I also normally do not leave my credit card info on sites except ones I use a lot like Amazon.
Well, I thought I could trust Walmart and I likely can, but I can't trust myself. I got too lazy.
So some script kitty discovered my email and password for Walmart and ordered a couch worth about $250.00.
I got an email Early Sunday morning 3:20 am from Walmart thanking me for my order.
I compared it with others I'd received from Walmart and the links were very short and unidentifiable so I thought it was a phishing scam and ignored it.
Later on Sunday I noticed the visa entry and immediately called Visa to cancel my card and report the fraud.
I also called Walmart late Sunday night and told them of the fraud and to cancel the order.
They said they did, but I got another email from Walmart telling me "Your order is on the move, Brandon"!!
So I looked up the address that Canpar is delivering it to and it doesn't exist! Weird! Who will receive the couch???
Is someone at Canpar the fraudster?

Anyway, my passwords have now all been checked and changed. It has taken me about a day to get them all changed and checked.
I feel like an idiot because I know better. I was a computer security officer for many years. I got complacent.
So, I tell all this just to advise. Don't be an idiot like me. While I do store my passwords in an encrypted password program I got lazy and used too many, too many times! I'll also never store a credit card on any site if I don't have to. This guy stumbled upon the one site that happened to have it.

Phew.....
 
Online shopping can be a bonus or a bust. Too many websites can/do store the payment information, even though you only shopped as a guest, and they "promised" they wouldn't. Even sites like Amazon can fall prey to hackers, or theft of data by staff. Our beloved federal government recently being among them. Social media sites are probably the most hacked.
It's a crap shoot these days. I've been exploited twice in the last 5 years, and it was hard to tell exactly when/where. Theories only.
One card was used to purchase a Dexcom diabetes monitor in BC, and another paid for plane tickets and merchandise in Abu Dabi, Qatar, and Australia. The 2nd one was the hardest to recover from. The card company didn't believe me, and their reinstatement process was onerous at best. It's the sites that require you input your CVV/CSC numbers that cause the downstream problems. If someone gets and uses them, the purchases look legit, and that's a hard one to explain.
It was a few years ago, but the first card was probably physically skimmed at a public parking lot, on a well know London Ontario University Medical Campus, to pay for parking there. My best guess on the second card abuse may have been physically skimmed somewhere in the USA, at a Pay At The Pump gas pump, or other POS machine. I usually look for both, signs of tampering, but I'm no expert on what gas pumps or parking meters that accept credit cards should normally look like.
 
Last edited:
  • Like
Reactions: Murray20c8

It's a risk mitigation strategy never should be treated as 100% prevention.

Yes some are hacked (namely lastpass) but usually passwords are not leaked (or not leaked in a usable manner i.e. they are stolen encrypted) not to mention they do reach out to you to give us the deets (or should) after an attack. Your attack vector is still significantly lower than finding out after someone's bough their next vacay on your card.
 
It's a risk mitigation strategy never should be treated as 100% prevention.

Yes some are hacked (namely lastpass) but usually passwords are not leaked (or not leaked in a usable manner i.e. they are stolen encrypted) not to mention they do reach out to you to give us the deets (or should) after an attack. Your attack vector is still significantly lower than finding out after someone's bough their next vacay on your card.
Thanks, but I'll take a pass on password managers. Just another false sense of security, usually for a price.
They can't protect you from online shopping theft/misuse of credentials, which is usually the point of failure.
Once the info has been handed over to the 3rd party online, you have no control over where it ends up, or how it's used, so you could say we should all stop shopping online, but we all know that isn't going to happen.
 
I would think some of you will be familiar with this but for those that aren’t there is a site called “ Have I been been pwned “ where you can enter your various e-Mail addresses and check if they have appeared in any data breaches. 100% legitimate. Highly recommended. I would also personally recommend encrypted e-Mail clients such as Proton Mail . Developed by the scientists at CERN. These are the people who designed and built the Large Hadron Collider. Uses 256 bit AES encryption. Military grade. And of course a paid not free VPN . As well as a good password generator/manager . Bitdefender have an excellent one . If you really want to lock things down get a hardware firewall such as Sonic Wall and perhaps install PFSense and configure it, although that one could be tricky for most.
 
  • Informative
Reactions: Murray20c8
So, it appears a site I had been to many years ago was hacked and never told anyone.
They got that email address and password.
It is one of many passwords I use. I have about 100 sites that have usernames and passwords.
I don't use the same one on all sites, but it appears I used this one a few too many times.
The one I used on here was also discovered in a compromise (houzz . com).
I found this site to be helpful in checking all my passwords.
Anyway, I also normally do not leave my credit card info on sites except ones I use a lot like Amazon.
Well, I thought I could trust Walmart and I likely can, but I can't trust myself. I got too lazy.
So some script kitty discovered my email and password for Walmart and ordered a couch worth about $250.00.
I got an email Early Sunday morning 3:20 am from Walmart thanking me for my order.
I compared it with others I'd received from Walmart and the links were very short and unidentifiable so I thought it was a phishing scam and ignored it.
Later on Sunday I noticed the visa entry and immediately called Visa to cancel my card and report the fraud.
I also called Walmart late Sunday night and told them of the fraud and to cancel the order.
They said they did, but I got another email from Walmart telling me "Your order is on the move, Brandon"!!
So I looked up the address that Canpar is delivering it to and it doesn't exist! Weird! Who will receive the couch???
Is someone at Canpar the fraudster?

Anyway, my passwords have now all been checked and changed. It has taken me about a day to get them all changed and checked.
I feel like an idiot because I know better. I was a computer security officer for many years. I got complacent.
So, I tell all this just to advise. Don't be an idiot like me. While I do store my passwords in an encrypted password program I got lazy and used too many, too many times! I'll also never store a credit card on any site if I don't have to. This guy stumbled upon the one site that happened to have it.

Phew.. is t

So, it appears a site I had been to many years ago was hacked and never told anyone.
They got that email address and password.
It is one of many passwords I use. I have about 100 sites that have usernames and passwords.
I don't use the same one on all sites, but it appears I used this one a few too many times.
The one I used on here was also discovered in a compromise (houzz . com).
I found this site to be helpful in checking all my passwords.
Anyway, I also normally do not leave my credit card info on sites except ones I use a lot like Amazon.
Well, I thought I could trust Walmart and I likely can, but I can't trust myself. I got too lazy.
So some script kitty discovered my email and password for Walmart and ordered a couch worth about $250.00.
I got an email Early Sunday morning 3:20 am from Walmart thanking me for my order.
I compared it with others I'd received from Walmart and the links were very short and unidentifiable so I thought it was a phishing scam and ignored it.
Later on Sunday I noticed the visa entry and immediately called Visa to cancel my card and report the fraud.
I also called Walmart late Sunday night and told them of the fraud and to cancel the order.
They said they did, but I got another email from Walmart telling me "Your order is on the move, Brandon"!!
So I looked up the address that Canpar is delivering it to and it doesn't exist! Weird! Who will receive the couch???
Is someone at Canpar the fraudster?

Anyway, my passwords have now all been checked and changed. It has taken me about a day to get them all changed and checked.
I feel like an idiot because I know better. I was a computer security officer for many years. I got complacent.
So, I tell all this just to advise. Don't be an idiot like me. While I do store my passwords in an encrypted password program I got lazy and used too many, too many times! I'll also never store a credit card on any site if I don't have to. This guy stumbled upon the one site that happened to have it.

Phew.....
The scammer is ”trying-out” your card credentials with the Walmart order. If it works, he/she will then try to use it for their own use, such as at an ATM, etc. The Walmart transaction protects the scammer from arrest, etc. Cancel Your cards. Cheers!
 
Kudo's to Walmart! After a few phone calls they decided to eat the cost of the couch.
I mean it was my fault, but I did call them the same day the order went in.
"Brandon" made the order at 3:20 am and I called then around 9 pm that day.
Walmart's policy is that the order can only be cancelled "within the first 30 minutes of it being placed."
I complained because I was asleep and there was no way I could cancel the order.
Perhaps they found my argument valid, but either way they removed the charge from my credit card.

I'd still like to know why and how Canpar could deliver the couch to an address that doesn't exist!

Brandon Hewitt
65 Mitchell st
Latchford, ON
P0J 1N0
 
Old Thread: Hello . There have been no replies in this thread for at least 100 days.
Content in this thread may no longer be relevant.
Perhaps it would be better to start a new thread instead.

Similar threads

Users who are viewing this thread