Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

lobomarunga

macrumors newbie
Original poster
Jun 26, 2013
7
0
Hi guys,

I hope this is the right section of the forum.
My problem is: my debit card (which I only use for ecommerce) was hacked (cloned?) a few days ago. Someone used most of my money to top up their account on a betting website. I was wondering if Clamxav or any other AV could do something against whatever got into my mac. I know macs "don't get viruses", but I the scam did happen and now I just want to get back to buy things online with my brand new debit card without funding someone else's gambling.

Just to clarify, I didn't download any illegal or pirated software, but I do download free apps from websites even when I don't know if they're safe or not.

Thank you for your help!
Antonio
 

blackhand1001

macrumors 68030
Jan 6, 2009
2,599
33
unfortunately any operating system is vulnerable to phishing as it doesn't require any software to be installed. Its all done by social engineering. Windows actually has better anti phishing filtering than apple at the moment who really doesn't have any.
 

Guiyon

macrumors 6502a
Mar 19, 2008
771
4
Cambridge, MA
It's possible (and likely) that it was not even your machine that was compromised. Someone else could easily get your card info if the online shops you are buying from were compromised and they did not take adequate measures to protect your payment information. At that point, no amount of antivirus/antiphishing/etc software is going to help you.
 

firedept

macrumors 603
Jul 8, 2011
6,277
1,130
Somewhere!
I agree with both posters but wanted to add something. Whenever I receive an email requesting personal information, I will go directly to that site and see if they actually require the info they are requesting.

I am a seller on Ebay for many years and have seen hundreds of these type of phishing emails come to me. Thieves are extremely clever & talented (I use those words loosely) at trying to finds ways of stealing from people. You just have to learn to stay ahead of their tricks.
 

lobomarunga

macrumors newbie
Original poster
Jun 26, 2013
7
0
Thank you all for your replies.

The problem is that over the last 30 days I've only used my card on two sites, on which I had used it before with no problems (groupon and the Italian national railways) and I signed up on paypal - which should be ok - therefore I think it might be something in my computer.
What you're saying, tho, is that there is nothing I can install to prevent phishing from happening, a filter for example?
Would it be in any way useful to run a scan with clamxav or any similar sw?
b
 

ApfelKuchen

macrumors 601
Aug 28, 2012
4,334
3,010
Between the coasts
"Phishing" has nothing to do with downloaded software. As the name implies, someone is "fishing" for valuable information. It's another name for "con job."

It can happen when your phone rings and they ask you for your credit card number so they can ship you a "prize," or ask for a donation.

It can happen when someone sends you email that tells you your account info has to be updated or your account will be canceled, just "click this link to get started." You click the link, the web site seems legit, so you give them your info.

If you suspect downloaded software is sending your personal info to someone, then it's not considered "phishing," though the impact on your wallet may be the same. You could obtain a free Mac "anti-virus" program like Avast (available at reputable sites like CNET.com), but if you read the description, it's focused on identifying unsafe/fraudulent web sites - which is a far greater risk to users of Macs than hidden programs on your computer. While it scans files, too, there's very little for it to find. If it'll make you feel better, by all means, install it. I doubt it will find what you expect to find.

Credit card fraud is rampant, and simply doesn't need things like malicious computer programs. As others have explained, your card info could have been collected in many other ways. The fact that you only gave your card info to two sites in the last 30 days is nearly meaningless. Your card info could have been stolen 6 months ago, and simply not used until now.
 

lobomarunga

macrumors newbie
Original poster
Jun 26, 2013
7
0
Thank you for your really helpful comment, ApfelKuchen. I just thought it'd be weird that someone stole my credit card details and waited such a long time before using it (it's a risk for them, in a way, to wait for so long). I am still puzzled since I tend to surf on safe sites and of course never reply to phishing mails and stuff like that, but then again our computers are vulnerable in a thousand ways: I'll install Avast and/or ClamXav and use it as a sentry.

@Guyon, I can see something there attached to my spine, but it is a monkey playing the drums and smoking oregano, so I guess that explains it all, doesn't it?

Thank you again, guys, especially those who actually gave good advice.
 

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
Thank you for your really helpful comment, ApfelKuchen. I just thought it'd be weird that someone stole my credit card details and waited such a long time before using it (it's a risk for them, in a way, to wait for so long). I am still puzzled since I tend to surf on safe sites and of course never reply to phishing mails and stuff like that, but then again our computers are vulnerable in a thousand ways: I'll install Avast and/or ClamXav and use it as a sentry.

You go to a petrol station, use your credit card, and next day money leaves your account. Someone else goes to the same petrol station, uses their credit card, and money leaves their account. People call the police, they find the connection, and catch an employee. Happened exactly like that to a colleague of mine.

If I stole credit card info, I would wait a while to make sure nobody can make the connection. You know the expiry date, so there's not much of a risk.
 

SpinalTap

macrumors regular
Sep 25, 2003
205
15
Bournville, UK
For what it's worth, I have Norton, Sophos, and Intego AV software on my Mac.

Of the three, only Intego has warned me of a phishing attack on my Mac - for which I took the appropriate avoidance action on being warned.
 

lobomarunga

macrumors newbie
Original poster
Jun 26, 2013
7
0
You go to a petrol station, use your credit card, and next day money leaves your account. Someone else goes to the same petrol station, uses their credit card, and money leaves their account. People call the police, they find the connection, and catch an employee. Happened exactly like that to a colleague of mine.

If I stole credit card info, I would wait a while to make sure nobody can make the connection. You know the expiry date, so there's not much of a risk.

You're probably right, I hadn't thought of that, it clearly isn't a career option for me, I am afraid... :)
 

lobomarunga

macrumors newbie
Original poster
Jun 26, 2013
7
0
quick update

I ran a scan with avast! and found a few pc viruses (which I deleted just in case) and a couple of "bankfraud-BJG Trojans" (apparently the Zeus type) which are probably guilty for the, ehm, bank fraud. I deleted them from Avast! and got rid of the AV altogether afterwards, since it isn't apparently the best for macs.
I am now scanning my mac again with clamXav and nothing was found so far.

What I learnt from this is that no matter how safe your computing is, malwares and trojans can still affect your computer, and a scan every now and then is good practice.
 
Last edited:

Guiyon

macrumors 6502a
Mar 19, 2008
771
4
Cambridge, MA
AFAIK, the Zeus trojan series is for Windows, BlackBerry and Android; it does not run on Mac OS X or Linux. It's possible (and likely) that all avast found were some cached files that you picked up at some point but there is no way for them to actually do anything as they are not code that Mac OS X can execute. Still useful to remove them, though; it stops you from being a carrier by accident.
 

lobomarunga

macrumors newbie
Original poster
Jun 26, 2013
7
0
AFAIK, the Zeus trojan series is for Windows, BlackBerry and Android; it does not run on Mac OS X or Linux. It's possible (and likely) that all avast found were some cached files that you picked up at some point but there is no way for them to actually do anything as they are not code that Mac OS X can execute. Still useful to remove them, though; it stops you from being a carrier by accident.

I am not sure it was a Zeus (avast didn't tell me its name), but avast certainly called it a "bankfraud-BJG [Trj]. If it wasn't the culprit, I wonder what else could be. I am scanning both my macs just in case, with extradoses of antiviruses. I haven't found much so far (apart from the abovementioned trojan), but it's good for my peace of mind.
 

Guiyon

macrumors 6502a
Mar 19, 2008
771
4
Cambridge, MA
Just because it find something doesn't mean you're infected. You can pick up a surprising amount of crap in your cache just from regular browsing. In addition, most virus scanners use a signature database that is unified across platforms; if the signature matches, the scanner will report a match regardless of whether the program is able to execute or not. It doesn't help that the scanners are tweaked to report a maximum number of critical warnings. For example, running scanners on a typical Windows systems will report a *huge* number of "infected" cookies when most of them are simply tracking cookies that, while not being something you want on the system, aren't going to really do anything.

tl;dr: take everything malware scanners report with a grain of salt. If you don't know what you're looking for, they are akin to randomly searching WebMD; you start out with the sniffles and end up with brain cancer.

Edit:
Looks like your "trojan" is HTML/Bankfraud.gen. Avast has basically identified a known phishing email. It's completely harmless as long as you don't click any links and then enter whatever sensitive information they are asking for.
 
Last edited:

carlgo

macrumors 68000
Dec 29, 2006
1,806
17
Monterey CA
Evidently there are scanners that can read your card in your pocket. The perps hang out where people gather. Mine was I am about 90% sure was scanned at Seaworld.

BofA detected the suspicious activity, attempts to buy iToys in another state.
 

lobomarunga

macrumors newbie
Original poster
Jun 26, 2013
7
0
Looks like your "trojan" is HTML/Bankfraud.gen. Avast has basically identified a known phishing email. It's completely harmless as long as you don't click any links and then enter whatever sensitive information they are asking for.

Which I of course didn't. I am not saying that *that* trojan must be the one that infected my system. As you said, I might not even be infected. I am just trying to clean my system(s), since I actually got scammed and I am trying to figure out what happened and if it happened through my computer. But as you said earlier, they might have stolen my credit card details in a variety of ways, i.e. not through a virus/malware/trojan and I do appreciate your sensible advice not to stress too much over it.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.