PBH / colombia (active forums more▼ | travelguide | pictures) / post

Warning Identiy Theft in Colombia

Warning when you use use an internet cafe's in Colombia. I was the victome of a very clever scam that managed to steel my internet Password and Log on, My bank password and log on and also a none US account and log on that contained Gold.
I was very lucky that my bank advised me by E mail that some one else had accesed my accounts. they found out that I logged on to look at my accounts in Colombia and ten minutets later some one in California logged on and two houres later some one in Noth Caroliner logged on, so my bank shut down the accounts. However who ever did this was able to sell $3.000.00 of my gold just by identifying them selfs by E mail as me. I caught this by being notified by the company of the sale and managed to stop the transfare of money but it caused me to buy back the gold at a loss. My bank advised me that who ever did this had probably installed a program in Inter Net Cafe's computer that recorded every key stroke I had made and as I usualy check all accounts when I go to the Cafe's thats probably what happend. I also met an Austrian guy who claimed some one had been into his bank account in Austria while he was in Colombia. So be ware it can happen to any one.

By Boatygringo on May 1, 2008, 19:45 in Friendly Talkzone.

webmanco says on May 1, 2008, 20:07:

Thanks for the warning, would care what city and what Cafe Internet? It helps visitors to avoid at least the internet cafes. Although not necesarily the owners of the cafe are to blame. Davivienda asks you to certified that you are not loggin from a public pc, and Bancolombia has a moving numpad with asterisks showing before the numbers, which are not in their usual position. More security for the user.

...A yo, déjenme queto y no me jodan má! ...

0 funny, 0 helpful.

miamimike says on May 1, 2008, 23:34:

BG---Interesting but I am not surprised,,,Glad you didn't suffer a huge loss as it looks like it could have been much worse,,,

"Wait a minute. What did you just say? You're predicting $4-a-gallon gas? That's interesting. I hadn't heard that." -- Feb. 28, 2008 --George W. Bush, Washington, D.C.

0 funny, 0 helpful.

Boatygringo says on May 2, 2008, 04:28:

I use internet cafe's in and aroung Cartagena but I think it happend in the small town I live in 22kl out side of Cartagena.

Boatygringo

0 funny, 0 helpful.

dwmte7 says on May 2, 2008, 05:29:

aahhhh, colombia, where the clever are ever on the prowl. there's a culture of corruption which exists there, from casa narino on down. years ago, a very close friend...oddly enough, a friend to this day...stole something from me. when i confronted him about it, he said, in his defense, ".....shit, douglas, you had two of them." it's just that the folks think that if the president and congressmen/women can steal, if the police and local govt officials can steal, why can;t they?. like i said, he's a friend to this day and i understand that his bad habit was one born of a culture that nursed him from his youth to today.

moral: don't go online with info, you wouldn't give to a man in the street, free.

dwmte

0 funny, 0 helpful.

tejasmarcos says on May 2, 2008, 06:16:

sounds like your bank did a good job in averting the problem. kudos to them....

trying to walk a straight line on sour mash and cheap wine...

0 funny, 0 helpful.

wolfttz says on May 2, 2008, 06:28:

Maybe this guy took you.

http://www.scmagazineus.com/Colombian-pleads-guilty-to-internet-based-...

wolfttz

0 funny, 0 helpful.

gringoesteban says on May 2, 2008, 06:56:

I am glad to hear that things worked out for you and that your bank was so proactive. But on the other hand, why would anyone access their bank account from an internet cafe? With all the spyware out there, that's just asking to get robbed. Same goes for using an unsecured wireless internet connection.

Gringoesteban

0 funny, 0 helpful.

CatGirl says on May 2, 2008, 07:41:

Boatygring: Yes, they have viruses that can do this (watch your every key stroke). But really, the problem is NOT isolated to Colombia, it's the reality of the WWW - a combination of fast growing technology and truly minimal or no regulations....until of course something happens to you and then there are laws and agencies that will enforce.

So for now...it is like practicing safe sex, you gotta protect yourself - it's a jungle out there, jaja. There are ways to "help" protect yourself with wireless connections - but not 100% guaranteed. If you use the internet for personal reasons, it's really important you educate yourself AND keep up to date on the latest and greatest updates.

Love and Time: the only two things that cannot be bought, but only spent

0 funny, 0 helpful.

roquero says on May 2, 2008, 08:08:

Do what I do
Get yourself a little portable flash drive that you can carry in your pocket
A 2 GB one will do fine, but you can get up to 8 GB at a reasonable price
Then go to
http://portableapps.com
Where you can download all kinds of programs for your flash drive so you don't have to use the inter net cafe's browsers
Download the free Firefox browser to your flash drive
From http://portableapps.com/apps/internet/firefox_portable
Then you can take your browser with you, bookmark your financial pages, access your accounts with saved passwords on the browser and avoid having to use the browser at the cafe
There are other neat applications on the page such as Thunderbird to access your email from prying eyes
All you have to do is plug it into the USB port of the computer
Just don't forget to unplug it and take it with you when you leave the Ciber!
Mozilla Firefox®, Portable Edition is the popular Mozilla Firefox web browser bundled with a PortableApps.com Launcher as a portable app, so you can take your bookmarks, extensions and saved passwords with you.
Download Now

0 funny, 0 helpful.

hongo_joe says on May 2, 2008, 08:23:

Thanks for the excellent tip roquero.

0 funny, 0 helpful.

Mr. Hollywood says on May 2, 2008, 08:26:

That still won't save you from a keystroke logger, though, roquero. Well, maybe in one case. If you have your passwords saved in an autofill keychain they won't be typed into the keyboard and logged, but then you're opening up a whole can of other worms.

Best bet, if possible, is to avoid public terminals for any kind of private information. Likewise open wireless networks.

0 funny, 0 helpful.

tigredelnorte2 says on May 2, 2008, 08:32:

Before you leave an internet cafe computer you might think about going to the herramientas option, and eliminating all of your passwords etc, the you put on the computer during your session. The process is different, depending on the version of Windows you are using.

0 funny, 0 helpful.

hongo_joe says on May 2, 2008, 08:40:

Mr. H: How about copying and pasting id/pswrds from another file on the flash drive?

0 funny, 0 helpful.

Mr. Hollywood says on May 2, 2008, 08:46:

I don't know.

I would never trust such a workaround to keep me safe from the millions of hackers busy every day trying to figure out ways to steal.

Whenever I'm forced to use a public terminal for something like checking my email, I change the password as soon as I can from a private terminal.

Call me paranoid, but I've seen what people can do.

0 funny, 0 helpful.

hongo_joe says on May 2, 2008, 08:49:

I agree. Unfortunately, I'm hooked.

0 funny, 0 helpful.

droble77 says on May 2, 2008, 09:39:

I'm not 100% sure of the portable apps strategy; I'm going to try to ask around at work to some IT security types and/or do some research on my own.

I work in IT but frankly I'm embarrassed I don't know more about these security issues, although I am aware of the dangers of keylogging in internet cafes, it's a common scam all over the developing world, not just Colombia.

It's probably best to just avoid doing any online banking or checking your primary email account on any hardware that isn't your own.
You can setup a temporary email on yahoo/hotmail (with a different password from your main email account of course) and just use "email forwarding" for the time that you are traveling.

You can always bring your own laptop but that does suck because lugging that around just means one more thing to worry about. And if it's stolen, since most people don't password protect their pcs, your passwords and personal data is easily available to the thief.

It's pretty scary how vulnerable you are if you think about it. . .

0 funny, 0 helpful.

expatriate says on May 2, 2008, 10:09:

If the website you are logging into shows https:// , then you have an encrypted connection. At that point you can use the Windows XP On-Screen Keyboard found in Accessories> Accessibility to enter your username and password. There will not be any keystrokes to record.

I take that back. I just read "Most on screen keyboards are useless against Software keystroke logging programs because most of them use the keyboard API and its (dll) is easily hooked to grab the keystrokes from it! The best advice I can give you to protect against those is keep your antivirus up to date and scan often, when using a public terminals I would recommend using a bootable usb drive with OS that has an on screen keyboard built into it."

There is also this software, though I have not tested it - http://www.qfxsoftware.com/

0 funny, 0 helpful.

roquero says on May 2, 2008, 11:19:

Here's a nifty portable app you can download to your flash drive, that I forgot to mention- the following excerpt describes in detail:

"‘Bad guys’ often use a something called a keystroke logger to steal passwords from regular folks. Keystroke loggers are nifty tools for bad hackers because they are simple programs that can be easily installed, despite an Internet cafe’s best security efforts. Don’t be fooled though, most Internet cafes (especially overseas - even Europe could care less about security).

All the keystroke logger does is record every single thing typed into the keyboard - then it just emails the entire text to Kazakhstan (for example). Anything you type, from emails, passwords, to credit card numbers. And it will be hard to do anything about it while you’re traveling and quite possible ruin your vacation.

The easy way around this is to download and install Safekeys to your USB thumb drive. It creates a little keyboard on the screen you can click with the mouse."

Here is the link:

http://www.aplin.com.au/?p=204

More details from the developer:

ADVANTAGES:

* You don’t use your keyboard (keyloggers cannot record the password)
* The utility changes width and height each time, as well as its placement on the screen (to fool mouse-loggers, buttons will always be in different positions each time you use the program)
* Nothing is stored in the clipboard (clipboard loggers cannot save the password).
* You can use upper-case letters and symbols (such as ! at #${}) by pressing the CAP button - no matter how complex your password is, the utility can type it.
* …and now the last pressed key is not highlighted at all (minor bug fix from previous version).

I think with this app you will be safe

Nothing is 100 percent foolproof but I would be confident using the portable Firefox browser and this app

0 funny, 0 helpful.

roquero says on May 2, 2008, 11:31:

here is an article that covers keylogging in depth and talks about how to prevent it:

http://cups.cs.cmu.edu/soups/2006/posters/herley-poster_abstract.pdf

0 funny, 0 helpful.

droble77 says on May 2, 2008, 11:33:

OK guys, did a little more research on this and talked to one of our IT security staff. . .

Here's an interesting trick you can use in a pinch although you should NOT solely rely on it:

1. Click on a blank part of the web page and type a bunch of random characters.
2. Now click inside the password field and enter ONLY ONE character of the password
3. Click on another blank part of the web page to give "focus" to any other area BUT the password field
4. Type as many random characters as you feel like :)
5. Return to the password field and enter the next character in the password
6. Repeat until all password characters are entered

This simple trick can work because virtually all keystroke logging software can't tell when focus is NOT in the password field! Instead of seeing a string of characters that can be interpreted as a user ID and password, you get a bunch of gobbledygook which would take a long time to extract the password from.

Keep in mind though that the real password in the text field could still be recoverable in the internet cache if the computer is configured that way!

Still, this trick can provide some security in an emergency although you should still avoid doing online banking on a public pc.

This SafeKeys thing sounds like a good idea. But with this simple trick, you don't need any additional hardware that you can lose not to mention the time spent setting it up properly.

0 funny, 0 helpful.

roquero says on May 2, 2008, 14:15:

the hardware is a snap to set up

I downloaded SafeKeys, unzipped the file, and just used my mouse to click on the SafeKeys keyboard, selected the text in the window, and dragged it to my web browser window

No hay nada mas facil!

0 funny, 0 helpful.

bhill says on May 2, 2008, 14:28:

The only real way to "safely" do online baning in a web cafe is if your account has a Secure ID Token:
http://en.wikipedia.org/wiki/Security_token

The one-time password is useless if captured (since it's only valid the one time that you used it).

0 funny, 0 helpful.

Boatygringo says on May 2, 2008, 15:54:

Thanks for the input and ideas guys and girls. I live full time in Colombia and all of my accounts are overseas so I have to do my banking on line.

Boatygringo

0 funny, 0 helpful.

tomtom33 says on May 2, 2008, 16:08:

If you don't have cable Internet, you can get a pre-paid dial-up card. Hopefully you can access a land line.

0 funny, 0 helpful.

droble77 says on May 2, 2008, 17:20:

bhill, the Secure ID token is used a lot in the corporate world, that's what we use in our company.

Problem is I'm not sure if you can set that up with any bank, plus if you LOSE the token while traveling you are in for some complications to say the least.

0 funny, 0 helpful.

Alma del Norte says on May 2, 2008, 17:25:

My UK bank, (or Building Society), have sent all customers card readers for use on all on-line transactions. Problem is, mine's still in the UK!

La vida es una rutina

0 funny, 0 helpful.

joeylove007 says on May 2, 2008, 18:46:

"A McAfee Avert Labs white paper, released in January of 2007, reports that the number of keyloggers—malicious software code that tracks typing activity to capture passwords and other private information—has increased by 250 percent between January 2004 and May 2006."
Makes us more aware how bad it has gotten.
Thanks roquero and droble77. Both of you have good heads up info.

Trust no one...except God. Hope to retire in Colombia

0 funny, 0 helpful.

webmanco says on May 3, 2008, 06:14:

Amigos de Colombia

...A yo, déjenme queto y no me jodan má! ...

0 funny, 0 helpful.

robi666 says on May 3, 2008, 06:38:

Webmanco, could you explain us how they got into Boatygringo account?

"I am a citizen of the most beautiful nation on earth. A nation whose laws are harsh yet simple, a nation that never cheats, which is immense and without borders, where life is lived in the present."

0 funny, 0 helpful.

aztec says on May 3, 2008, 06:50:

Advice please from some of you computer experts.

Am I safer using Ubuntu (Linux) with Opera and Firefox browsers? Since that is my system should I be worried at all about security problems via viruses or Trojans?

0 funny, 0 helpful.

expatriate says on May 3, 2008, 16:57:

droble77 has the right idea.

0 funny, 0 helpful.

Man Tequila says on May 3, 2008, 17:21:

There are viruses for Linux but they are less common than for windows. Keyloggers are simple, and this type of theft is not particularly sophisticated. Read this and shudder.
http://en.wikipedia.org/wiki/Rootkit

Aunque no me creas/ si me lo propongo/ lograre olvidarte/ porque a fin de cuentas/ no soy tan cobarde./ Y termino todo una de estas tardes/ no sera dificil buscar algún sitio donde refugiarme/ donde nunca mas vuelvas a encontrarme. (Polo Montañez)

0 funny, 0 helpful.