ID theft
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: ID theft

  1. #1

    ID theft

    Hello-

    I am helping out a victim of ID theft. Unauthorized charges were made on a credit card for a small amount. The charges were made out to a software company, according to the CC company. The CC company has changed the CC number, online password and Uname, and has considered the problem closed.

    We believe the company aquired the card number through means of a backdoor or virus. Whatever the case, we want them out of buisness.

    We have a "company name" and a toll free phone number. The company name (for a "software company") when googled for has no results for a website, or even references to them. Their phone number is unlisted on switchboard. The phone number has a scripted computer generated answering machine, possibly typed by a foreigner (bad grammer in the robotic voice) and is very vague and un professional. These lead me to believe that this place is fly by night.

    We would like to put these guys on the street, if they are how we think they are. We don't want the small amount of money back, we want them in jail. Ya'll prolly would too, it could of been a lot more money, and there could be more victims. The tone of the situation tells me that calling up the answering machine and demanding the money back would scare them off or have them close up shop.

    So, what I am looking for is this-

    Are there simple means of investigating a phone number, besides knowing someone is a phone company? Unlisted numbers?

    We believe that if they can register for Visa to process their payments, then there has to be public information somewhere about their business.

    Any other helpful ideas will work too. Thanks!

  2. #2
    Senior Member
    Join Date
    Sep 2003
    Posts
    126
    there's a good chance that what ever address is tied to that phone numbers has nothing more in it than a computer to take phone calls. The fly by night places tend to have little to no way to track them, all of the name used to set everything up are fake or names of dead people.
    They also only tend to stay in one place for short amounts of time as they want to minimize how much rent they skip out on (has to do with weather they are committing a felony or not). As for tracking an unlisted phone number well Iím not a phreak so I am not sure where to go with that one either. If you do manage to get a hold of something how you did it would make a great forensics tut.
    [Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above[/shadow]

  3. #3
    If the theives are authorized to process the credit card, then the credit card company better have legit information about the company. If not, then does that open up the company to a lawsuit from ID theft victims?

    If the credit card company accepted falsified information from a "company", then is the credit card company to blame if the ID theives are not caught?

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    126
    there are ways to make a company look liget on paper so the credit card company will cover there A$$ on that end by showing legal doc's that look liget. Could this type of thing be prevented by the credit card company whit minamal investagation? yes.
    Are they going to do that investagating? no not untill some one makes them do it.
    for ever person that reports a minor credit theft two others don't even relize it happened.

    [edit] It is usualy cheaper for them to give back the money than it would be to prevent the theft in the first place[edit/]
    [Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above[/shadow]

  5. #5
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    The first thing to do is contact the three credit agencies. Don't do anything else. Make sure no cards have been registered. Search google for "opt out credit ". This will stop preapproved offers from coming. If ID theft was infact the case your problems could be growing as you are reading this.

    Then check out this tutorial. Identity Theft

    I wrote it last year, the second one isn't as applicable to your case at hand. But incase you are intersted go here.


    If you want my opinion it sounds as if it was just some Credit Card Fraud. I hope for this case I am not wrong. As far as it goes from there, I would contact the CC folks and make sure they allow some sort of charge back coverage. If they don't tell them it was nice working with them and find a new CC and get a balance transfer. As far as the rest, I would defenitley contact some sort of law enforcment. Perhaps local police, if they are no help they might be able to tell you where to go next. Your very best bet I already mentioned. Contact the three credit bureau.

    If you need anything hit me back with a PM. I'll do anything I can to help.


    Be safe and stay free
    Your heart was talking, not your mind.
    -Tiger Shark

  6. #6
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    Soda, as dopey said, it sounds more like credit card fraud, quite different from Identity theft. Have they aquired only the CC number or other personal information as well..? If they found the information through a backdoor, would u be able to locate the infected machine and analyse the backdoor? I.E. Perhaps on how it was programmed, and to what Email the information was to be sent to? Also, if she purchased software online, did she receive the software? If it was mailed to her, do you have a return address?

    To lower the alert level here a bit: Are we sure that the company is responsible for the CC charges? Perhaps someone, not_related_to the company got her CC# somehow, and purchased the software themselves. Are all companies registered with google one way or the other? Calling VISA and explaining the sittuation to them, could help you find the right information on the business. Perhaps they're registered sa something else but DBA as the software company...sometimes that will not show. Also, keep in mind that the company might have used another payment service...I.E. When i put money into my party-poker account, it doesn't say party-poker on my CC, but ccBilling.net.

    Also, has she signed up for any cellphone services lately, or applied for anything that requires financing/credit checks?

    Hope It sheds some light onto the issue.

  7. #7
    Yeah, I guess technically it isn't "ID theft".

    I'll get a lil bit deeper into the situation. (Note: its a dude, cybrid )

    The dude is not computer literate. No online transactions have ever taken place. Dude registers for online account management w/ bank on a typical family computer. Dude finds a 10 buck charge on his bill. Dude calls, asks them to close the account and reset passwords, asks about the company, Bank says its a software company.

    So I talk to dude... I ask whos computer it was. The family likes p2p, and one of their kids is a middle school computer "enthusiast". I am predicting the weak link here is the computer, because the timing between the computer and the charge is impeccable. The box is really really far, and is used for home and buisness, so I can't take that apart w/o being disruptive.

    I think the key here is working some magic with the telephone companies and CC companys. I'll let yall know.

    Damn I wish tellys had a public whois.

  8. #8
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    . (Note: its a dude, cybrid )

    I'm sorry ....for some weird reason I thought I saw the word "she" in your post .


    Perhaps you could have him make a copy of the HDD and analyze the copy. You are interested in computer forensics are you not? *i might be thinking of someone else*. This could be a really good experience. See what happens with the calls and then we'll work on a different plan .

    GL.

    Damn I wish tellys had a public whois
    I think they do...Try ANYWHO

  9. #9
    Junior Member
    Join Date
    Aug 2003
    Posts
    1
    To answer the question in the first post. Yes, you can easily find unlisted phone numbers. If you have the physical address of the company, you can get all of the phone numbers attached to that physical address. Its in the Coles Directory. (I am assuming the software company is in the US.)

    I did a quick Google search and the only reference to Coles reverse Directory takes you to NetDetective and that's NOT what you want. Go to the library in your local business school or university and look there. You will need a physical address for the company, which should be easy to get because that company did not get a credit card swipe machine or authorization to accept credit cards without giving their merchant service a physical address. The address had to be confirmed before the service was authorized.

    If the company is in another state find the local university in the area and call the business school library and sweet talk the person who answers into looking up the phone number for the address.

    Also, check out e-Bay and other auction sites. Search completed items for that particular piece of software. The CC number may have been used to purchase a low cost item in order to build up positive feedback. Once the feedback is high enough the user then starts selling and that's where they start making money. This was done with my husband's credit card. Check out "hugovox", "gudolf" and the associated names in the feedback that have also been NARU'd on e-Bay. This group built up feedback and then started offering high end camera equipment that never arrived.

    Hope this helps. Good luck.

  10. #10
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    If he has ever used his cc or bank card at say.....a fast food joint, restraunt, to order pizza over the phone, then someone could have stolen his info. If someone stole mail out of his mail box or garbage, someone could have stolen his info. If he called customer service with other people in the room and had to give info to verify his id or made a purchase over the phone....someone could have stolen his info. If he left a receipt on the table or dropped it in the store and the company in question does not use one of the newer systems that x's out the cc#, then someone could have stolen his info.

    Credit card information is incredibly easy to steal, and usually poorly verified at physical and online establishments. While some companies are starting to require things like the cvv2 info and doing real time auth, many are still poorly set up and ill equiped to do fraud prevention.

    You might also check the brother. Kids steal their siblings/parents cards all the time and use them. Or, he may have autocomplete turned on for his web browser which can be used to get the info (by haxors and family members alike).

    It is possible that he has some bit of malware that stole his info, it is more likely they stole it via more conventional means.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides