2 Credit Card Compromised in 2 Days

ComputerPC on 16/09/2020 - 19:11
Last edited 17/09/2020 - 01:31 by 1 other user

My wife and I have 2 separate CommBank account. Got an alert from CommBanks app that we have spent money on Deliveroo while we never had an account with them.

We already cancel the card and dispute the transaction but not too sure why it is happen in 2 days and pretty much same time in a row and makes us concerned where is that come from. If you are in the same situation, what are you going to do?

Note: I don't think Deliveroo have any issue here as we never had account with them, so that why not mentioned in the title.

Related Stores

Commonwealth Bank

• 

  whooah1979 on 16/09/2020 - 19:33

  +3

  Reformat your pc/laptop.

  • 

    ComputerPC on 16/09/2020 - 19:43

    That is not a bad idea. Do you think of any way to find the source of that ? We are using 2 different laptop/desktop and not sharing our network with anyone else.

  • AustriaBargain on 16/09/2020 - 20:41 Comment score below threshold.
    • 

      ComputerPC on 16/09/2020 - 20:42

      +1

      my wife actually using a mac book

      • 

        AustriaBargain on 16/09/2020 - 20:47

        Did she enable the option that lets you install unsigned apps?

    • 

      DiLs on 16/09/2020 - 20:52

      -1

      people think Mac cant be hacked etc.

      • 

        AustriaBargain on 16/09/2020 - 21:01

        It wouldn't surprise me the average Mac owner was hacked less often than OP. I'm sure I'm going to be told a million reasons why that doesn't count or whatever, but the fact is using a Mac makes you less vulnerable to "hacks" than the average Windows laptop owner.

        • 

          Mechz on 16/09/2020 - 21:12

          @AustriaBargain: lol, macs are very popular which makes them a massive target.

          • 

            AustriaBargain on 16/09/2020 - 21:25

            @Mechz: And billionaires are rich which makes them massive targets. But they have bodyguards. Am I claiming bodyguards stop you from being robbed or kidnapped? No, but it lowers your odds by a lot if you're already rich.

        • 

          DiLs on 16/09/2020 - 21:14

          @AustriaBargain: what is the evidence? data? research?

        • 

          No Username on 16/09/2020 - 21:25

          +1

          @AustriaBargain: You do have a point. macOS isn't un hackable but Mac overall is pretty secure by design. Safari is the only browser I've seen that will ask for your fingerprint or password to view a non SSL verified site. Compared to windows and linux there are far less downloadable exploits and attack vectors.

  • 

    jmi on 16/09/2020 - 21:16

    People often think that it is the computer that is at fault. It doesn't have to be. It could be due to a variety of reasons. eg. card skimmed at a shop/restaurant. It doesn't take a lot of effort for any dishonest waiter to take your credit card to the counter, record the cc number and CVV code behind the register.

    During a time where a lot of businesses are suffering and people getting laid off, I am not surprised that cc fraud crime escalates. Just stay vigilant and checking your statements/bank account often is the best defence.

    • 

      AustriaBargain on 16/09/2020 - 22:11

      I suppose it is possible that a corner shop that both OP and his SO go to is doing this.

      • 

        ComputerPC on 16/09/2020 - 23:55

        small chance I could see that happens. As when we go out pretty much we use another cards for payment.

• 

  No Username on 16/09/2020 - 19:42

  +1

  • Download this > https://www.malwarebytes.com/
  • Download this > https://www.bleepingcomputer.com/download/adwcleaner/
  • Download this > https://www.bleepingcomputer.com/download/rkill/

  Change your Wi-Fi Password, Disable UPnP, Check Ports and Disable WPS

  If you have a Pi-Hole make sure it is configured correctly and is not affected by CVE-2020-11108

  • 

    ComputerPC on 16/09/2020 - 19:46

    Interesting that I am using pihole. Can you elaborate on that please? What that exploit can do, I am reading but not understand that

    • 

      No Username on 16/09/2020 - 19:50

      Allows a hacker to use an authenticated account on your computer to gain remote code execution and allows them to get root access. Once they have root access they can pretty much do anything they want on your network. Just make sure you're on Pi-Hole v5.0.

      • 

        ComputerPC on 16/09/2020 - 20:18

        That rings a bell as I do have 2 pihole nodes. One updated to 5.0 and one has turned off for a while until I recently turn on to play with some other stuff.
        Myself personally very careful in bank transaction and use paypal with 2 factors most of the time. I barely use my card anywhere unless I have to. I have turn all that pihole off for now and will isolate them to find the source.
        Still have bunch of smart light/xiaomi stuff/smart home that I have. Just really want to find the cause

        • 

          No Username on 16/09/2020 - 20:30

          +1

          @ComputerPC: Don't want to scare you but cheap smart home devices can also act as a gateway. But the chances of these are low as hackers won't have time for it and rather just use a bot and move on. Example of vulnerable devices are the cheap $15 smart power-plugs, Wireless CCTV, RF Blaster and Cheap Smart Bulbs. Most run an exploitable Busy box environment and don't receive firmware updates to address the issue.

      • 

        ComputerPC on 16/09/2020 - 20:26

        Just check pihole, both on 5.0 :/

        • 

          No Username on 16/09/2020 - 20:44

          +3

          @ComputerPC: I sent you a PM if you want remote help via Team Viewer.

• 

  azndraon on 16/09/2020 - 21:49

  +1

  Change passwords/pins

• 

  JimB on 16/09/2020 - 23:09

  Do you have a teenager who likes takeaway food?

  • 

    ComputerPC on 16/09/2020 - 23:14

    only 2 of us

• 

  ComputerPC on 16/09/2020 - 23:50

  +2

  Thank you for all your suggestion. I am not surprise to see my wife card detail got leak from some random 3rd party website as everyday she spent at least 1 hour surfing the net and shopping.
  However, what shock me is that my card got the same issue as well. Not an usual online shopper (1-3 times since my card active) and using Paypal as my main payment method that makes me wonder what could be the reason.

  The fact that the card got used around same time ~7PM + deliveroo.com.au + 2 days in a row that point me to some sort of same behaviour from same person/tool (hacker ?). It possible vulnerabilities inside our home network as it is the only common thing with me and my wife. Thanks @No Username for pointing me to some direction to investigate. For now, I have turn off home devices as much as I could (smart homes/pi holes/unused servers).
  What worries me next is my home loan in an offset account, which in different bank and I do not ask for any card for that bank account but might still have to double check more often just in case.

  For the human factor, the chance that others seen both mine and my wife cards info is pretty slim as we never go out together without me paying (but from another card in the shared bank account). She can pay with her card when buying stuff outside of course, but my detail never involved in that.

• 

  brad1-8tsi on 17/09/2020 - 11:01

  +1

  I've had 4 CC changes in 12 months due to unauthorised payments. It is driving me nuts trying to work out which of the "secure" regular transactions is the problem.

  I now try and pay everything with PayPal as an extra layer of security.

• 

  jedimaster on 17/09/2020 - 17:09

  Memorize the CVV number separately or save it on phone securely and remove/cross it out at the back of the card.
  CCTVs sometimes at restaurants or other establishments could be used by support staff to see card numbers and other details. cameras are pretty detailed these days.