Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



602 posts

Ultimate Geek
+1 received by user: 11


Topic # 113480 18-Jan-2013 11:11 Send private message

(not sure if I have posted in the correct section)

I was checking my personal email from work yesterday and noticed three emails from Apple
Curious, I opened the first and it stated that my name on my iTunes account had been changed as well as my credit card details. The second that I had changed my card details and the third that I had just purchased an in-app item.

The emails looked legit, but as I was using Webmail did not have the tools available to me that I would normally use to verify links. I signed into my Apple ID online, but it seems accessing iTunes things needed to be done in iTunes.

I got home, checked iTunes and checked my account
At this stage it told me I was locked out and needed to change my password. I did and then checked my account. Sure enough my stored credit card was not a card I recognised  and my last purchase was on the 17th. Checking the purchases, I had downloaded something free, then used paid for 2 in-app purchases ($125 and $65). Using Google Translate (from Chinese to English) I was able to find out that I had downloaded the free app 'Rage of Three Kingdoms'.

All of this raised alarm bells as this was not activity that I had done via my iPod or via iTunes, so I spent the next 20 minutes navigating the awful Apple Support site and managed to log a email ticket. 

I called the bank and let them know what had happened, although as the new credit card in the store was not actually mine I hadn't lost any money in this 'transaction' (only my 98 cents store credit from a gift card I loaded over a year ago)

Now I guess I wait and see what Apple come back with.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Voice Engineer @ Orcon
1777 posts

Uber Geek
+1 received by user: 380

Trusted
Orcon
Subscriber

  Reply # 746739 18-Jan-2013 11:16 Send private message

There was another story like this just recently.  Seems like a money laundering/credit card fraud scam.

960 posts

Ultimate Geek
+1 received by user: 32

Subscriber

  Reply # 746740 18-Jan-2013 11:18 Send private message

Have you checked with anyone else in your household?
Have you previously disposed of or sold a computer etc without wiping your accounts and details?

Sounds like there isnt anything sinister here except for someone using your email address as the account login to change and update the details to their own details. Which crim does this and then uses their own credit card ! 
And which crim would use this method for a stolen credit card as opposed to just creating a fake account from scratch on a stolen device ! 

Voice Engineer @ Orcon
1777 posts

Uber Geek
+1 received by user: 380

Trusted
Orcon
Subscriber

  Reply # 746749 18-Jan-2013 11:28 Send private message

Gooseybhai: Have you checked with anyone else in your household?
Have you previously disposed of or sold a computer etc without wiping your accounts and details?

Sounds like there isnt anything sinister here except for someone using your email address as the account login to change and update the details to their own details. Which crim does this and then uses their own credit card ! 
And which crim would use this method for a stolen credit card as opposed to just creating a fake account from scratch on a stolen device ! 


Who makes $100-$200 in-app purchases? Also, it's probably easier to hack an account than create a new one, and harder to trace.

375 posts

Ultimate Geek
+1 received by user: 27


  Reply # 746752 18-Jan-2013 11:31 Send private message

Apple don't really help the situation with making people enter their password when using the app store on the device
That causes me to have an easier password to what I would usually have since it is a hassle having to enter it every time

They should allow you to set a pin that only works on your devices for purchasing

Voice Engineer @ Orcon
1777 posts

Uber Geek
+1 received by user: 380

Trusted
Orcon
Subscriber

  Reply # 746754 18-Jan-2013 11:34 Send private message

skewt: Apple don't really help the situation with making people enter their password when using the app store on the device
That causes me to have an easier password to what I would usually have since it is a hassle having to enter it every time

They should allow you to set a pin that only works on your devices for purchasing


100% agree... this is bad practice

2759 posts

Uber Geek
+1 received by user: 411

Trusted
Subscriber

  Reply # 746771 18-Jan-2013 11:53 2 people support this post Send private message

My initial thought was 'I don't understand this, who benefits from buying you two apps on someone else's credit card?' but then I figured it out.

It's another variation on credit card money laundering:

1. Develop crap app and set outrageous price for it
2. Buy stolen credit card details
3. Hack or buy hacked iTunes accounts
4. Add stolen credit cards to pwned iTunes accounts
5. Use pwned iTunes accounts to purchase crap app with stolen credit card
6. ???
7. Profit





iPad Air + iPhone 5S + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

2421 posts

Uber Geek
+1 received by user: 64

Trusted
Telecom NZ

  Reply # 746773 18-Jan-2013 11:54 Send private message

Got an email from my 14yo daughter who has her own Apple ID but my creditcard, exactly the same issue, the creditcard details changed.

1614 posts

Uber Geek
+1 received by user: 103


  Reply # 746789 18-Jan-2013 12:30 Send private message

SaltyNZ: My initial thought was 'I don't understand this, who benefits from buying you two apps on someone else's credit card?' but then I figured it out.

It's another variation on credit card money laundering:

1. Develop crap app and set outrageous price for it
2. Buy stolen credit card details
3. Hack or buy hacked iTunes accounts
4. Add stolen credit cards to pwned iTunes accounts
5. Use pwned iTunes accounts to purchase crap app with stolen credit card
6. ???
7. Profit



Yeah it looks like an attempt to add a layer of laundering (Apple) between the credit card and the final recipient....

The app developer can deny all knowledge, While the hacker (likely to be in league with the developer) uses someone elses itunes account making it harder to trace them..


Apple need to start looking hard at apps with high cost in-app purchases, or apps that have a high purchase price that appear out of line with what the app does..... 

Voice Engineer @ Orcon
1777 posts

Uber Geek
+1 received by user: 380

Trusted
Orcon
Subscriber

  Reply # 746791 18-Jan-2013 12:34 Send private message

It's exactly how the toll fraud rackets work, except in the country where the actual call billing occurs the practice is legal.  In this case it's probably quite legal in the country where the developer is too.  But Apple could easily kill off these developers.

852 posts

Ultimate Geek
+1 received by user: 51


  Reply # 746797 18-Jan-2013 12:40 Send private message

This is the third thread I have read here this week regarding hacked Itunes accounts, is this on the increase or is it more widely reported now?

Is it safest to remove my credit card and use prepaid itunes cards from the supermarket?

I'd rather loose $20 that the amount that could potentially be put on my credit card.

I haven't been hacked but better to be safe than sorry!




I know a little more than nothing but not much...

2421 posts

Uber Geek
+1 received by user: 64

Trusted
Telecom NZ

  Reply # 746799 18-Jan-2013 12:48 Send private message

dickytim: This is the third thread I have read here this week regarding hacked Itunes accounts, is this on the increase or is it more widely reported now?

Is it safest to remove my credit card and use prepaid itunes cards from the supermarket?

I'd rather loose $20 that the amount that could potentially be put on my credit card.

I haven't been hacked but better to be safe than sorry!


From what I gather, the Apple ID has been hacked into, but it seems odd that they do not seem to be using it, from the threads above, they have changed the creditcard.

But your suggestion to use iTunes vouchers is a good one. I have never used one, but on the Redeem screen does adding the serial add all the $ on the iTunes card to your Apple ID?  Related, if I wanted to buy on the Apple website, I assume I can add my creditcard to my Apple ID then remove it later?

2737 posts

Uber Geek
+1 received by user: 132

Trusted
Subscriber

  Reply # 746805 18-Jan-2013 12:51 Send private message

I used to work for a major domain name registrar and we used to frequently get waves of credit card fraud where overseas scammers would use stolen cards to register useless domain names (e.g. 'abcqwexyz.com'). You have to wonder why.

Sometimes scammers will make purchases like this and then request refunds to a foreign bank account. When the original credit card transaction eventually gets charged back then the retailer ends up out of pocket, having effectively now refunded the transaction twice. Fortunately I was aware of this practice and had procedures in place to prevent it.

My rep at the bank suggested that the other likely motive was to circumvent fraud detection algorithms by creating a pattern of spending on the card using small transactions before making a major purchase.



602 posts

Ultimate Geek
+1 received by user: 11


  Reply # 746808 18-Jan-2013 13:01 Send private message

Gooseybhai: Have you checked with anyone else in your household?
Have you previously disposed of or sold a computer etc without wiping your accounts and details?

Sounds like there isnt anything sinister here except for someone using your email address as the account login to change and update the details to their own details. Which crim does this and then uses their own credit card ! 
And which crim would use this method for a stolen credit card as opposed to just creating a fake account from scratch on a stolen device ! 


You sound exactly like Apple..
As I answered Apple, no to both questions.

Correct, nothing really sinister but damn annoying and now I want to know HOW.
How they managed to get into my account to change details without knowing my password (was able to use the original password while at work to try and look at things)

I do want my 98 cents back!

2421 posts

Uber Geek
+1 received by user: 64

Trusted
Telecom NZ

  Reply # 746814 18-Jan-2013 13:10 Send private message

I AGREE

How, so I can prevent this in future, or seek other safer means to conduct business at Apple, i.e. iTunes cards or add CC, buy sometning at their website, remove CC

Is Apple unique with this issue, or might it be from the users end, such as malware, keylogger, etc? (Not pointing finger OP, just seeking how)


Voice Engineer @ Orcon
1777 posts

Uber Geek
+1 received by user: 380

Trusted
Orcon
Subscriber

  Reply # 746815 18-Jan-2013 13:12 Send private message

How are you sure they didn't figure out your password?  Is it very, very strong?

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Does acupuncture work?
Created by timmmay, last reply by geekiegeek on 30-Jul-2014 13:48 (27 replies)
Pages... 2


New Mobile plans coming?
Created by nunasdream, last reply by Quibbler on 30-Jul-2014 23:10 (24 replies)
Pages... 2


2 x PS4s to give away. Geekzone members only.
Created by BigPipeNZ, last reply by rphenix on 30-Jul-2014 23:18 (66 replies)
Pages... 3 4 5


2010 Honda Jazz, Suzuki Swift - which has higher maintenance cost?
Created by joker97, last reply by joker97 on 30-Jul-2014 17:40 (65 replies)
Pages... 3 4 5


Checking UHF aerial is working
Created by OnceBitten, last reply by B1GGLZ on 28-Jul-2014 21:49 (21 replies)
Pages... 2


VF, why you lie to me?
Created by kenkeniff, last reply by MadEngineer on 30-Jul-2014 22:05 (55 replies)
Pages... 2 3 4


Hierarchy of a mistake: Gerry Brownlee
Created by joker97, last reply by DonGould on 29-Jul-2014 21:57 (93 replies)
Pages... 5 6 7


"keyless" keys - questions
Created by joker97, last reply by MadEngineer on 30-Jul-2014 22:02 (35 replies)
Pages... 2 3



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.