Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1841 posts

Uber Geek
+1 received by user: 144


Topic # 113480 18-Jan-2013 11:11
Send private message

(not sure if I have posted in the correct section)

I was checking my personal email from work yesterday and noticed three emails from Apple
Curious, I opened the first and it stated that my name on my iTunes account had been changed as well as my credit card details. The second that I had changed my card details and the third that I had just purchased an in-app item.

The emails looked legit, but as I was using Webmail did not have the tools available to me that I would normally use to verify links. I signed into my Apple ID online, but it seems accessing iTunes things needed to be done in iTunes.

I got home, checked iTunes and checked my account
At this stage it told me I was locked out and needed to change my password. I did and then checked my account. Sure enough my stored credit card was not a card I recognised  and my last purchase was on the 17th. Checking the purchases, I had downloaded something free, then used paid for 2 in-app purchases ($125 and $65). Using Google Translate (from Chinese to English) I was able to find out that I had downloaded the free app 'Rage of Three Kingdoms'.

All of this raised alarm bells as this was not activity that I had done via my iPod or via iTunes, so I spent the next 20 minutes navigating the awful Apple Support site and managed to log a email ticket. 

I called the bank and let them know what had happened, although as the new credit card in the store was not actually mine I hadn't lost any money in this 'transaction' (only my 98 cents store credit from a gift card I loaded over a year ago)

Now I guess I wait and see what Apple come back with.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 746739 18-Jan-2013 11:16
Send private message

There was another story like this just recently.  Seems like a money laundering/credit card fraud scam.

1389 posts

Uber Geek
+1 received by user: 101

Subscriber

  Reply # 746740 18-Jan-2013 11:18
Send private message

Have you checked with anyone else in your household?
Have you previously disposed of or sold a computer etc without wiping your accounts and details?

Sounds like there isnt anything sinister here except for someone using your email address as the account login to change and update the details to their own details. Which crim does this and then uses their own credit card ! 
And which crim would use this method for a stolen credit card as opposed to just creating a fake account from scratch on a stolen device ! 

 
 
 
 


Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 746749 18-Jan-2013 11:28
Send private message

Gooseybhai: Have you checked with anyone else in your household?
Have you previously disposed of or sold a computer etc without wiping your accounts and details?

Sounds like there isnt anything sinister here except for someone using your email address as the account login to change and update the details to their own details. Which crim does this and then uses their own credit card ! 
And which crim would use this method for a stolen credit card as opposed to just creating a fake account from scratch on a stolen device ! 


Who makes $100-$200 in-app purchases? Also, it's probably easier to hack an account than create a new one, and harder to trace.

473 posts

Ultimate Geek
+1 received by user: 72


  Reply # 746752 18-Jan-2013 11:31
Send private message

Apple don't really help the situation with making people enter their password when using the app store on the device
That causes me to have an easier password to what I would usually have since it is a hassle having to enter it every time

They should allow you to set a pin that only works on your devices for purchasing

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 746754 18-Jan-2013 11:34
Send private message

skewt: Apple don't really help the situation with making people enter their password when using the app store on the device
That causes me to have an easier password to what I would usually have since it is a hassle having to enter it every time

They should allow you to set a pin that only works on your devices for purchasing


100% agree... this is bad practice

4131 posts

Uber Geek
+1 received by user: 1679

Trusted
Subscriber

  Reply # 746771 18-Jan-2013 11:53
2 people support this post
Send private message

My initial thought was 'I don't understand this, who benefits from buying you two apps on someone else's credit card?' but then I figured it out.

It's another variation on credit card money laundering:

1. Develop crap app and set outrageous price for it
2. Buy stolen credit card details
3. Hack or buy hacked iTunes accounts
4. Add stolen credit cards to pwned iTunes accounts
5. Use pwned iTunes accounts to purchase crap app with stolen credit card
6. ???
7. Profit





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


10541 posts

Uber Geek
+1 received by user: 1747

Trusted

  Reply # 746773 18-Jan-2013 11:54
Send private message

Got an email from my 14yo daughter who has her own Apple ID but my creditcard, exactly the same issue, the creditcard details changed.

2777 posts

Uber Geek
+1 received by user: 586


  Reply # 746789 18-Jan-2013 12:30
Send private message

SaltyNZ: My initial thought was 'I don't understand this, who benefits from buying you two apps on someone else's credit card?' but then I figured it out.

It's another variation on credit card money laundering:

1. Develop crap app and set outrageous price for it
2. Buy stolen credit card details
3. Hack or buy hacked iTunes accounts
4. Add stolen credit cards to pwned iTunes accounts
5. Use pwned iTunes accounts to purchase crap app with stolen credit card
6. ???
7. Profit



Yeah it looks like an attempt to add a layer of laundering (Apple) between the credit card and the final recipient....

The app developer can deny all knowledge, While the hacker (likely to be in league with the developer) uses someone elses itunes account making it harder to trace them..


Apple need to start looking hard at apps with high cost in-app purchases, or apps that have a high purchase price that appear out of line with what the app does..... 

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 746791 18-Jan-2013 12:34
Send private message

It's exactly how the toll fraud rackets work, except in the country where the actual call billing occurs the practice is legal.  In this case it's probably quite legal in the country where the developer is too.  But Apple could easily kill off these developers.

2479 posts

Uber Geek
+1 received by user: 535


  Reply # 746797 18-Jan-2013 12:40
Send private message

This is the third thread I have read here this week regarding hacked Itunes accounts, is this on the increase or is it more widely reported now?

Is it safest to remove my credit card and use prepaid itunes cards from the supermarket?

I'd rather loose $20 that the amount that could potentially be put on my credit card.

I haven't been hacked but better to be safe than sorry!




I know a little more than nothing but not much...

10541 posts

Uber Geek
+1 received by user: 1747

Trusted

  Reply # 746799 18-Jan-2013 12:48
Send private message

dickytim: This is the third thread I have read here this week regarding hacked Itunes accounts, is this on the increase or is it more widely reported now?

Is it safest to remove my credit card and use prepaid itunes cards from the supermarket?

I'd rather loose $20 that the amount that could potentially be put on my credit card.

I haven't been hacked but better to be safe than sorry!


From what I gather, the Apple ID has been hacked into, but it seems odd that they do not seem to be using it, from the threads above, they have changed the creditcard.

But your suggestion to use iTunes vouchers is a good one. I have never used one, but on the Redeem screen does adding the serial add all the $ on the iTunes card to your Apple ID?  Related, if I wanted to buy on the Apple website, I assume I can add my creditcard to my Apple ID then remove it later?

3788 posts

Uber Geek
+1 received by user: 593

Trusted
Subscriber

  Reply # 746805 18-Jan-2013 12:51
Send private message

I used to work for a major domain name registrar and we used to frequently get waves of credit card fraud where overseas scammers would use stolen cards to register useless domain names (e.g. 'abcqwexyz.com'). You have to wonder why.

Sometimes scammers will make purchases like this and then request refunds to a foreign bank account. When the original credit card transaction eventually gets charged back then the retailer ends up out of pocket, having effectively now refunded the transaction twice. Fortunately I was aware of this practice and had procedures in place to prevent it.

My rep at the bank suggested that the other likely motive was to circumvent fraud detection algorithms by creating a pattern of spending on the card using small transactions before making a major purchase.



1841 posts

Uber Geek
+1 received by user: 144


  Reply # 746808 18-Jan-2013 13:01
Send private message

Gooseybhai: Have you checked with anyone else in your household?
Have you previously disposed of or sold a computer etc without wiping your accounts and details?

Sounds like there isnt anything sinister here except for someone using your email address as the account login to change and update the details to their own details. Which crim does this and then uses their own credit card ! 
And which crim would use this method for a stolen credit card as opposed to just creating a fake account from scratch on a stolen device ! 


You sound exactly like Apple..
As I answered Apple, no to both questions.

Correct, nothing really sinister but damn annoying and now I want to know HOW.
How they managed to get into my account to change details without knowing my password (was able to use the original password while at work to try and look at things)

I do want my 98 cents back!

10541 posts

Uber Geek
+1 received by user: 1747

Trusted

  Reply # 746814 18-Jan-2013 13:10
Send private message

I AGREE

How, so I can prevent this in future, or seek other safer means to conduct business at Apple, i.e. iTunes cards or add CC, buy sometning at their website, remove CC

Is Apple unique with this issue, or might it be from the users end, such as malware, keylogger, etc? (Not pointing finger OP, just seeking how)


Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 746815 18-Jan-2013 13:12
Send private message

How are you sure they didn't figure out your password?  Is it very, very strong?

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand's IT industry in 2018 and beyond
Posted 22-Jan-2018 12:50


Introducing your new workplace headache: Gen Z
Posted 22-Jan-2018 12:45


Jucy set to introduce electric campervan fleet
Posted 22-Jan-2018 12:41


Hawaiki cable system will be ready for service in June 2018
Posted 22-Jan-2018 12:32


New Zealand hits peak broadband data
Posted 18-Jan-2018 12:21


Amazon Echo devices coming to New Zealand early February 2018
Posted 18-Jan-2018 10:53


$3.74 million for new electric vehicles in New Zealand
Posted 17-Jan-2018 11:27


Nova 2i: Value, not excitement from Huawei
Posted 17-Jan-2018 09:02


Less news in Facebook News Feed revamp
Posted 15-Jan-2018 13:15


Australian Government contract awarded to Datacom Connect
Posted 11-Jan-2018 08:37


Why New Zealand needs a chief technology officer
Posted 6-Jan-2018 13:59


Amazon release Silk Browser and Firefox for Fire TV
Posted 21-Dec-2017 13:42


New Chief Technology Officer role created
Posted 19-Dec-2017 22:18


All I want for Christmas is a new EV
Posted 19-Dec-2017 19:54


How clever is this: AI will create 2.3 million jobs by 2020
Posted 19-Dec-2017 19:52



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.