I have only used that card for online transactions, so quite not possible.
I have already blocked the card of course. I will get to the bottom of this
Moyou London site down and my card has been hacked
- Thread starter asteropi
- Start date
Help Support SalonGeek:
I have already blocked the card of course. I will get to the bottom of this
Anna Ljungberg
Well-Known Member
Okidoki! It could be several different malicious reasons, as long as you'll be able to sort it out it should be fine! I hate it when crap like this happens, good look and try to calm down if you can!
IMPORTANT UPDATE:
I received a very polite email from Moyou London today telling me that they had indeed been hacked! The hacker had replaced their payment page with one of their own and all the financial info would be redirected to them.
Their site is down because they are trying to fix the problem, and they should be up and running soon.
Moyou only uses paypal and worldpay, but I wasn't aware of that because it was the first time I was purchasing from them.
Be aware, not paypal = not moyou!
Hope no one else had this problem! It's so frustrating!
I received a very polite email from Moyou London today telling me that they had indeed been hacked! The hacker had replaced their payment page with one of their own and all the financial info would be redirected to them.
Their site is down because they are trying to fix the problem, and they should be up and running soon.
Moyou only uses paypal and worldpay, but I wasn't aware of that because it was the first time I was purchasing from them.
Be aware, not paypal = not moyou!
Hope no one else had this problem! It's so frustrating!
Last edited:
blossom
Well-Known Member
Well done you for bringing it to everyone's attention, hope you sorted it ok x
- Joined
- Aug 11, 2011
- Messages
- 10,907
- Reaction score
- 6,924
Thanks to all, I really do hope it will be sorted, although there will be some charges from the bank
Why was the thread title changed?
Sorry, that was me. I thought it would be good to make it clear that you have been affected directly rather than a generic hacking issue, if you see what I mean?
Why are the bank charging you if the money was fraudulently taken?
10€ to issue a new card
15€ to initiate a chargeback, regardless of who was responsible
It was a generic hack. People on facebook say they had up to 1500€ stolen from them. Whoever placed a purchase on the 17th and the 20th of June had their data stolen.
15€ to initiate a chargeback, regardless of who was responsible
It was a generic hack. People on facebook say they had up to 1500€ stolen from them. Whoever placed a purchase on the 17th and the 20th of June had their data stolen.
That's outrageous that your bank is charging you. Maybe it's a UK thing but when I had my bank account wiped out a few years ago the bank covered all my losses, fully reimbursed my account without charging me a penny because i was a victim of fraud.
That's so frustrating for you. Could the fees not perhaps be waived?
Most banks here operate the same way. However this is a bank mostly for internet use, which I had to become a member of since that damn capital control imposed in Greece. Without their card I can't shop online, outside of Greece. I have heard that rules are not so strict lately with normal banks, but I still wouldn't be able to spend a big amount of money. So I created this card over a year ago, just after the capital control, and never had any issues so far.
Moyou say they will monitor my problem and that I should be in contact with them in case my money isn't returned. As for the 25€, we'll talk again when I know the full amount I will have lost, in case the chargeback fails.
Last weekend's happiness seems so far away now
Most banks here operate the same way. However this is a bank mostly for internet use, which I had to become a member of since that damn capital control imposed in Greece. Without their card I can't shop online, outside of Greece. I have heard that rules are not so strict lately with normal banks, but I still wouldn't be able to spend a big amount of money. So I created this card over a year ago, just after the capital control, and never had any issues so far.
Moyou say they will monitor my problem and that I should be in contact with them in case my money isn't returned. As for the 25€, we'll talk again when I know the full amount I will have lost, in case the chargeback fails.
Last weekend's happiness seems so far away now
NailtechJoe
IN:@thenailmaestro
There are several ways that someone may have your credit/debit card details and I will try to list them.
1) Trojan - One of them which was mentioned already is via a trojan horse virus which can be in the form of screen capture or keylogger which then sends back the data to a remote server. A good antivirus software should detect if you have this.
2) Phishing - Again previously mentioned, accidentally entering your details into a fake website would result in your card details stolen. This is why some websites have the HTTPS on their URL that proves who they are from a Certification Company or CA.
3) Unsecured communication - For instance, sending card details over an unencrypted connection (HTTPS or TLS) or stating your card details over the phone; something which I never do as phone companies can listen for line quality.
4) Social Engineering - Where trust is gained from the outside and the attacker gains valuable information by simulating a trusted agent.
5) Dumpster Diving - As the name implies - get a good quality shredder or burn your important documents
6) Injections - These are very common and happen all the time, as my lecturer said, no system is safe. What is done is actually trying to limit the damage if someone gets in; imagine like a castle and you place traps to stop invaders from getting in.
This largely depends on how much the company invests in security and patching up on their servers with up to date software that runs their systems and has no vulnerabilities. One example that comes to mind was a script kiddie (think of a pyramid and these are plentiful unskilled hackers that steal code from the professional hackers from the top) hacking Talk Talk and publishing their details online which made the news on national TV. SQL injections were used and these are simple SELECT * FROM x SQL statements using a parameter on the URL via GET method. Suppose if the attacker does acquire one way encrypted card details using alphanumeric sets. The attacker would need to use brute force methods to go through billions of combinations to get through all possible combinations which takes several years at the current rate which processors can carry out processes. This is why cards have an expiry limitation of around 4 years.
7) Cloned cards - Sliding your card unwittingly in an ATM card reader where your card details have been copied and used by the attacker.
Other methods exists and these are the ones at the top of my head so there could be other reasons why those payments have appeared but if you suspect anything, just tell your bank to cancel the card and flag those payments as suspect.
Miss_Holly
Well-Known Member
She already stated they contacted her to let her know the moyou website was hacked and a fake payment page was created by the hackersThere are several ways that someone may have your credit/debit card details and I will try to list them.
1) Trojan - One of them which was mentioned already is via a trojan horse virus which can be in the form of screen capture or keylogger which then sends back the data to a remote server. A good antivirus software should detect if you have this.
2) Phishing - Again previously mentioned, accidentally entering your details into a fake website would result in your card details stolen. This is why some websites have the HTTPS on their URL that proves who they are from a Certification Company or CA.
3) Unsecured communication - For instance, sending card details over an unencrypted connection (HTTPS or TLS) or stating your card details over the phone; something which I never do as phone companies can listen for line quality.
4) Social Engineering - Where trust is gained from the outside and the attacker gains valuable information by simulating a trusted agent.
5) Dumpster Diving - As the name implies - get a good quality shredder or burn your important documents
6) Injections - These are very common and happen all the time, as my lecturer said, no system is safe. What is done is actually trying to limit the damage if someone gets in; imagine like a castle and you place traps to stop invaders from getting in.
This largely depends on how much the company invests in security and patching up on their servers with up to date software that runs their systems and has no vulnerabilities. One example that comes to mind was a script kiddie (think of a pyramid and these are plentiful unskilled hackers that steal code from the professional hackers from the top) hacking Talk Talk and publishing their details online which made the news on national TV. SQL injections were used and these are simple SELECT * FROM x SQL statements using a parameter on the URL via GET method. Suppose if the attacker does acquire one way encrypted card details using alphanumeric sets. The attacker would need to use brute force methods to go through billions of combinations to get through all possible combinations which takes several years at the current rate which processors can carry out processes. This is why cards have an expiry limitation of around 4 years.
7) Cloned cards - Sliding your card unwittingly in an ATM card reader where your card details have been copied and used by the attacker.
Other methods exists and these are the ones at the top of my head so there could be other reasons why those payments have appeared but if you suspect anything, just tell your bank to cancel the card and flag those payments as suspect.
willowrose
Well-Known Member
I remain of the opinion that one doesn't air this type of issue - particularly prior to having concrete evidence.
HOWEVER, it turns out you were 100% right and I was utterly wrong!
I am off to eat a large slice of humble pie
Apologies
HOWEVER, it turns out you were 100% right and I was utterly wrong!
I am off to eat a large slice of humble pie
Apologies
Both my brother, my boyfriend and my sister-in-law are all IT tecks, specialising in various fields. Even if I wanted to lose my money somewhere, they are always hovering over my systems, checking for antiviruses, our-network safety etc. Not to mention I'm fairly good at it myself, but having no prior contact with moyou, I didn't know they use only paypal, instead of a normal charging procedure.
Anyway, the chargeback has been initiated. We shall wait and see.
I remain of the opinion that one doesn't air this type of issue - particularly prior to having concrete evidence.
HOWEVER, it turns out you were 100% right and I was utterly wrong!
I am off to eat a large slice of humble pie
Apologies
No worries willow. You were right that false rumours shouldn't be spread around, but I was quite certain of my facts and quite disheartened at the time. Still am to be honest. Seems to be taking a lot of time to be sorted out.
magentatears
Unicorn!
If your card is wireless, they can now get your information simply by walking past ur bag with a wireless card reader....
blossom
Well-Known Member
I don't understand why contactless is a good thing. It takes all of 10 seconds to punch in a PIN number. Really think it's not worth it.
magentatears
Unicorn!
I agree - i dont have contactless and im glad i dont lol
