Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




2363 posts

Uber Geek

Subscriber

#113480 18-Jan-2013 11:11
Send private message

(not sure if I have posted in the correct section)

I was checking my personal email from work yesterday and noticed three emails from Apple
Curious, I opened the first and it stated that my name on my iTunes account had been changed as well as my credit card details. The second that I had changed my card details and the third that I had just purchased an in-app item.

The emails looked legit, but as I was using Webmail did not have the tools available to me that I would normally use to verify links. I signed into my Apple ID online, but it seems accessing iTunes things needed to be done in iTunes.

I got home, checked iTunes and checked my account
At this stage it told me I was locked out and needed to change my password. I did and then checked my account. Sure enough my stored credit card was not a card I recognised  and my last purchase was on the 17th. Checking the purchases, I had downloaded something free, then used paid for 2 in-app purchases ($125 and $65). Using Google Translate (from Chinese to English) I was able to find out that I had downloaded the free app 'Rage of Three Kingdoms'.

All of this raised alarm bells as this was not activity that I had done via my iPod or via iTunes, so I spent the next 20 minutes navigating the awful Apple Support site and managed to log a email ticket. 

I called the bank and let them know what had happened, although as the new credit card in the store was not actually mine I hadn't lost any money in this 'transaction' (only my 98 cents store credit from a gift card I loaded over a year ago)

Now I guess I wait and see what Apple come back with.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3344 posts

Uber Geek

Trusted
Vocus

  #746739 18-Jan-2013 11:16
Send private message

There was another story like this just recently.  Seems like a money laundering/credit card fraud scam.

1992 posts

Uber Geek

Lifetime subscriber

  #746740 18-Jan-2013 11:18
Send private message

Have you checked with anyone else in your household?
Have you previously disposed of or sold a computer etc without wiping your accounts and details?

Sounds like there isnt anything sinister here except for someone using your email address as the account login to change and update the details to their own details. Which crim does this and then uses their own credit card ! 
And which crim would use this method for a stolen credit card as opposed to just creating a fake account from scratch on a stolen device ! 

 
 
 
 


3344 posts

Uber Geek

Trusted
Vocus

  #746749 18-Jan-2013 11:28
Send private message

Gooseybhai: Have you checked with anyone else in your household?
Have you previously disposed of or sold a computer etc without wiping your accounts and details?

Sounds like there isnt anything sinister here except for someone using your email address as the account login to change and update the details to their own details. Which crim does this and then uses their own credit card ! 
And which crim would use this method for a stolen credit card as opposed to just creating a fake account from scratch on a stolen device ! 


Who makes $100-$200 in-app purchases? Also, it's probably easier to hack an account than create a new one, and harder to trace.

636 posts

Ultimate Geek


  #746752 18-Jan-2013 11:31
Send private message

Apple don't really help the situation with making people enter their password when using the app store on the device
That causes me to have an easier password to what I would usually have since it is a hassle having to enter it every time

They should allow you to set a pin that only works on your devices for purchasing

3344 posts

Uber Geek

Trusted
Vocus

  #746754 18-Jan-2013 11:34
Send private message

skewt: Apple don't really help the situation with making people enter their password when using the app store on the device
That causes me to have an easier password to what I would usually have since it is a hassle having to enter it every time

They should allow you to set a pin that only works on your devices for purchasing


100% agree... this is bad practice

5376 posts

Uber Geek

Trusted
Lifetime subscriber

  #746771 18-Jan-2013 11:53
Send private message

My initial thought was 'I don't understand this, who benefits from buying you two apps on someone else's credit card?' but then I figured it out.

It's another variation on credit card money laundering:

1. Develop crap app and set outrageous price for it
2. Buy stolen credit card details
3. Hack or buy hacked iTunes accounts
4. Add stolen credit cards to pwned iTunes accounts
5. Use pwned iTunes accounts to purchase crap app with stolen credit card
6. ???
7. Profit





iPad Pro 11" + iPhone XS + 2degrees 4tw!

 

These comments are my own and do not represent the opinions of 2degrees.


20984 posts

Uber Geek

Trusted
Lifetime subscriber

  #746773 18-Jan-2013 11:54
Send private message

Got an email from my 14yo daughter who has her own Apple ID but my creditcard, exactly the same issue, the creditcard details changed.

 
 
 
 


4684 posts

Uber Geek


  #746789 18-Jan-2013 12:30
Send private message

SaltyNZ: My initial thought was 'I don't understand this, who benefits from buying you two apps on someone else's credit card?' but then I figured it out.

It's another variation on credit card money laundering:

1. Develop crap app and set outrageous price for it
2. Buy stolen credit card details
3. Hack or buy hacked iTunes accounts
4. Add stolen credit cards to pwned iTunes accounts
5. Use pwned iTunes accounts to purchase crap app with stolen credit card
6. ???
7. Profit



Yeah it looks like an attempt to add a layer of laundering (Apple) between the credit card and the final recipient....

The app developer can deny all knowledge, While the hacker (likely to be in league with the developer) uses someone elses itunes account making it harder to trace them..


Apple need to start looking hard at apps with high cost in-app purchases, or apps that have a high purchase price that appear out of line with what the app does..... 

3344 posts

Uber Geek

Trusted
Vocus

  #746791 18-Jan-2013 12:34
Send private message

It's exactly how the toll fraud rackets work, except in the country where the actual call billing occurs the practice is legal.  In this case it's probably quite legal in the country where the developer is too.  But Apple could easily kill off these developers.

2514 posts

Uber Geek
Inactive user


  #746797 18-Jan-2013 12:40
Send private message

This is the third thread I have read here this week regarding hacked Itunes accounts, is this on the increase or is it more widely reported now?

Is it safest to remove my credit card and use prepaid itunes cards from the supermarket?

I'd rather loose $20 that the amount that could potentially be put on my credit card.

I haven't been hacked but better to be safe than sorry!

20984 posts

Uber Geek

Trusted
Lifetime subscriber

  #746799 18-Jan-2013 12:48
Send private message

dickytim: This is the third thread I have read here this week regarding hacked Itunes accounts, is this on the increase or is it more widely reported now?

Is it safest to remove my credit card and use prepaid itunes cards from the supermarket?

I'd rather loose $20 that the amount that could potentially be put on my credit card.

I haven't been hacked but better to be safe than sorry!


From what I gather, the Apple ID has been hacked into, but it seems odd that they do not seem to be using it, from the threads above, they have changed the creditcard.

But your suggestion to use iTunes vouchers is a good one. I have never used one, but on the Redeem screen does adding the serial add all the $ on the iTunes card to your Apple ID?  Related, if I wanted to buy on the Apple website, I assume I can add my creditcard to my Apple ID then remove it later?

4663 posts

Uber Geek

Trusted
Subscriber

  #746805 18-Jan-2013 12:51
Send private message

I used to work for a major domain name registrar and we used to frequently get waves of credit card fraud where overseas scammers would use stolen cards to register useless domain names (e.g. 'abcqwexyz.com'). You have to wonder why.

Sometimes scammers will make purchases like this and then request refunds to a foreign bank account. When the original credit card transaction eventually gets charged back then the retailer ends up out of pocket, having effectively now refunded the transaction twice. Fortunately I was aware of this practice and had procedures in place to prevent it.

My rep at the bank suggested that the other likely motive was to circumvent fraud detection algorithms by creating a pattern of spending on the card using small transactions before making a major purchase.



2363 posts

Uber Geek

Subscriber

  #746808 18-Jan-2013 13:01
Send private message

Gooseybhai: Have you checked with anyone else in your household?
Have you previously disposed of or sold a computer etc without wiping your accounts and details?

Sounds like there isnt anything sinister here except for someone using your email address as the account login to change and update the details to their own details. Which crim does this and then uses their own credit card ! 
And which crim would use this method for a stolen credit card as opposed to just creating a fake account from scratch on a stolen device ! 


You sound exactly like Apple..
As I answered Apple, no to both questions.

Correct, nothing really sinister but damn annoying and now I want to know HOW.
How they managed to get into my account to change details without knowing my password (was able to use the original password while at work to try and look at things)

I do want my 98 cents back!

20984 posts

Uber Geek

Trusted
Lifetime subscriber

  #746814 18-Jan-2013 13:10
Send private message

I AGREE

How, so I can prevent this in future, or seek other safer means to conduct business at Apple, i.e. iTunes cards or add CC, buy sometning at their website, remove CC

Is Apple unique with this issue, or might it be from the users end, such as malware, keylogger, etc? (Not pointing finger OP, just seeking how)


3344 posts

Uber Geek

Trusted
Vocus

  #746815 18-Jan-2013 13:12
Send private message

How are you sure they didn't figure out your password?  Is it very, very strong?

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Soul Machines joins forces with the World Health Organization
Posted 13-Jul-2020 18:00


Chorus completes the build and commissioning of two new core Ethernet switches
Posted 8-Jul-2020 09:48


National Institute for Health Innovation develops treatment app for gambling
Posted 6-Jul-2020 16:25


Nokia 2.3 to be available in New Zealand
Posted 6-Jul-2020 12:30


Menulog change colours as parent company merges with Dutch food delivery service
Posted 2-Jul-2020 07:53


Techweek2020 goes digital to make it easier for Kiwis to connect and learn
Posted 2-Jul-2020 07:48


Catalyst Cloud launches new Solutions Hub to support their kiwi Partners and Customers
Posted 2-Jul-2020 07:44


Microsoft to help New Zealand job seekers acquire new digital skills needed for the COVID-19 economy
Posted 2-Jul-2020 07:41


Hewlett Packard Enterprise introduces new HPE GreenLake cloud services
Posted 24-Jun-2020 08:07


New cloud data protection services from Hewlett Packard Enterprise
Posted 24-Jun-2020 07:58


Hewlett Packard Enterprise unveils HPE Ezmeral, new software portfolio and brand
Posted 24-Jun-2020 07:10


Apple reveals new developer technologies to foster the next generation of apps
Posted 23-Jun-2020 15:30


Poly introduces solutions for Microsoft Teams Rooms
Posted 23-Jun-2020 15:14


Lenovo launches new ThinkPad P Series mobile workstations
Posted 23-Jun-2020 09:17


Lenovo brings Linux certification to ThinkPad and ThinkStation Workstation portfolio
Posted 23-Jun-2020 08:56



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.