Please help us with a fraud situation

People always point to the Internet when bad things happen...

We had our Chase account compromised a few years ago - Had nothing to do with Internet, but person used stolen checks from other mailboxes (reported), deposited into our account with cash back...but not caught.

Anyway - just think about all the places someone has your "info".

- credit cards when you hand them to someone at a food place

- checks at the grocery store, or anywhere you pay by check

- driver lic for some ID written down - maybe even on check

and NONE have anything to do with the Internet

I don't see anything resembling fraud. More like common sense and internet security setup. If this sounds like blame the victim, I appologize, but if your surfing and security practices are lacking, you are as big a part of the problem as the typical hacker.

There are plenty of ways to get that info without involving the internet. Most commonly, it's a theft of credit card data from some idiot vendor that leaves the data on their web site. Having a virus or trojan horse on your computer, that sends "interesting" files back to the evil hackers, is also quite common. Lots of others. Hopefully, you have a clue how it happened or who leaked the data.

Yes. WPA2-PSK-AES encryption is about as secure as it gets. However, that requires a shared key, which can easily be leaked if some evil person has access to one of the computahs. To prevent that, you can install a RADIUS server to provide a one-time encryption key along with an extra login and password.

Incidentally, one of my friends got ripped off via identity theft. I trashed a nice dinner by literally pounding the concept of NOT using the same password for every account she was using. A month later, she was moaning that it was too difficult to remember all the passwords, so she just wrote them on a ledger pad and hung it on the wall of her office. Moral: You gotta understand how security works in order to be fairly safe.

Any particular model wireless router? Are you using WPA2 encryption with a fairly obscure and non-dictionary password?

Comcast uses DOCSIS with BPI (Baseline Privacy Interface). That's quite safe from sniffing.

Ummm... are the number keys missing on your keyboard or is there some security reason why you don't disclose the model numbers?

Give me a break. When was the last time you remember typing in your drivers license number into a web form? If you did, it was probably a hackers site. Do you even have any documents on your computah that have the drivers license in them? If the drivers license number was involved, it probably wasn't by sniffing your traffic or breaking into your computer.

So do I. Have you checked that you're actually using the banks web site, and not some impostor (phishing) site? Most banks have some mechanism for storing an identifying icon or phrase that insures you've got the correct site and not some phony that's collecting passwords.

No hardware. Anti-phishing software (i.e. Free AVG 8.0) works well for identifying evil sites. Add some common sense and some heavy reading about how internet security works. Pay attention to anti-virus, anti-spyware, anti-rootkit, and anti-phishing software. Pick *ONE* that works for you, and uninstall the rest as they trample each other.

Detail. OK. See:

Grab the XP and the wireless security checklists. You probably can't impliment everything on the shopping list as much of it is not applicable. However, you can get a good idea of what is expected if you want to be REALLY secure.

This looks interesting. NIST Wireless Security Checklist:

Our only problem with this kind of thing happened because of the old system of using carbon paper between slips for credit cards. The retailer didn't properly dispose of the carbons and neither did any of the other retailers in the mall. Crooks went dumpster diving for the slips and then tried to take advantage of the credit card numbers. Luckily, they were dumb as knobs because they went to our bank to try and cash a cheque but the tellers all knew us and knew immediately that the persons trying to pass themselves off as us were crooks....case solved rather quickly.

We did however have to keep an eye on all of our accounts and the bank and credit card companies questioned every purchase that we made for the next year.

To restore balance to the world snipped-for-privacy@gmail.com wrote in snipped-for-privacy@w1g2000prd.googlegroups.com

I think you may find it has sod-all to do with your WIFI/Internet but more to do with the way you dispose of discarded mail or mail stolen from your letter box.

Buy a good cross cut shredder and shred all letter (and I mean all) make sure you have a good secure large mail box the post people can get the mail in,but know one can get it our and never let you cards out of your eyesight as it can be scanned in a blink of a eye.

Chris

Yep, if it has any identifying information we shred it. Not catalogs or other direct mail junk, as that would put wasteful wear on the shredder blades. But any solicitations or other financial documents get shredded. Cheap insurance against identity theft.

make

That and it can't hurt to periodically get new cards. I've had plenty 'wear out' just to get new numbers. With the advent of electronic bill paying from most banks it almost eliminates the need to use a credit card number for most payments. Sure, a few will still need it but those can be managed easily when being issued a new number.

a more secure scheme is - no wireless, as then getting the security wrong is much less risky.

ethernet cables are a lot more difficult to tap into without physical access to the wires.

Hmmm... I'm typing this answer on my laptop, while sitting on the toilet. So, you want me to drag a 100ft CAT5 cable around the house, or install an ethernet port in the bathroom? Well, that would work, but I kinda like internet without wires.

I beg to differ. Ethernet is TRIVIAL to tap and sniff. There are even commercial products for the purpose:

I want one of these:

I once found a mystery CAT5 cable running from an under the house ethernet switch to the neighbors. Since I installed the switch about a year previously, spotting the extra connection was easy. The guy was very clever, using a short length of CAT5 that was identical to the other cables coming from the switch. Following the CAT5 with a tone tested into the neighbors house was also easy. The dead beat next door claimed the he didn't do it. About a month later, I caught him trying to hack the WPA2-AES password on the wireless, without much luck.

If you're faced with taping into a CAT5 cable, it's easy enough to cut the cable, crimp on two RJ-45 connectors, and stuff an ethernet switch in between. When leaving, just install a double RJ-45 receptacle. I've found a few of these in rather suspicious locations, indicating that someone knew the trick and was probably sniffing.

There is one problem with plugging into a switch. You can't sniff other machines traffic. The switch isolates the traffic on each port to only traffic to/from the machine on that port.

However, security features are useless when someone gets clever. A friend told me about a 15 year old brat, that got a new telescope for Christmas. Instead of astronomy, the brat points the telescope out the window and towards the neighbors LCD monitor. I think he mentioned that the keyboard was also visible. He then takes his parents camcorder and proceeds to record the neighbors screen and keystrokes. Fortunately, he got caught before he could misuse the info.

Incidentally, sniffing and capturing wireless traffic for the purpose of recovering logins and passwords is not as easy as it might seem. I posted some stuff on this in the past, but am too lazy to go find it.