JFK, has anyone at ePass offered to look into this for you? Have they offered any assistance at all?

Sorry to hear that, I'm kinda worried how the guy got your password...

They are looking into it, they will not give me any more info at this point,but I was also informed that the money is GONE... could not get any more details then that. Just wondered who gave them the account in the 1st place. A number of programs offer you a free epass acct if you promote them!

JFK - get ahold of Chris Mallick ( [email protected] ) if you haven't already and explain the situation. See if he'll put his top people on this and get you some resolution. Maybe the money is gone - but they should be able to figure out who got it and offer some advice on how to perhaps get it back or pursue some type of legal remedy. This could not have happened to a nicer guy and ePass should put some effort into trying to help you with this situation. Keep us posted.

If ePass knows who got your money...they should share that information with you. If they know who got your money and don't offer to share that information with you - then please let us know!

Thanks Dean:thumbsup

I usually always avoid doing that too.

jfk--hey man sorry--your a good guy---hope u catch the smuck

This is one reason people post here: Sponsors, give me anon epass account

ouch.. this doesnt sound like an isolated incident, this sounds like a planned convention hack.. or someone is really really stupid..

I think epassporte should let you out the person with full details , i.e. all login ip's address info etc.. you cant get a card without an address , so they exist somewhere and unless this person is really really smart , the info should match with other sponsors and such..

I hope you catch them JFK, sure you have enough contacts at epass to help find the responsible parties that withdrew your funds. It takes me a damn week to withdraw 20$ of my own money from epass, amazing they got it so fast.

I recently had a password breach and fraud detected on an account on a commonly used site. Since it was connected to financial data I cancelled all my cards just to take precautions and alerted my bank. The thing is, it may be keylogging virus' over unsecured network, something really bad and unseen may be going around.

jesus christ of course epass can find out who it is. if the fbi and people can catch pedos then this shit can be tracked out too. anything you do can be tracked back to you on the internet. even surfing through multiple proxies if you want to find them they can be found. it all comes down to how much someone is willing to help you and how persistent you stay on them to help you, including cops. thats grand larceny if i am not mistaken and my experience says that its a felony punishable by imprisonment up to 7 years if arizona is anything close to the california statutes. considering epass is outside the country i'm sure somehow it can tied federally too. its all a matter of how hard you push it.

fuck it!!!!!!!!!!!!!!!!!!!!!! someone call chris hansen he'll find em.

This sounds like there's a keystroke recorder on your machine. That'd be my guess. If not do you recall recently entering your credentials and still not being able to log in (meaning a site was mimicking the real site -- this is what's being used to phish for logins to myspace at the present time and has been used frequently in the past). Oh, and one other thing to consider -- if you are using a common password that you use on other accounts then it might not be that dificult for some unscrupulous person to use it to try to hack accounts.

Regardless, I'm sorry to hear that happened. Theft sucks.

pstation was making the point that someone could have set up an access point that claimed to be the hotel's, but was really some sort of proxy that presented its own pages (and captured the data submitted) for certain sites. How many people check that they're on https://www.epassporte.com/ (note the S) before logging in?

If you must use public wireless then for heaven's sake set up a VPN with a server back at the office so that everything is encrypted, not just content to/from https:// URLs... in the case of SSL sites it's then double encrypted.

That is why I have LoJack installed

one hint of advice....

when not on a network you OWN, turn off all file and print shares. secondly, using your own name servers can help.

if your dont know why either one of these could hurt you, dont ask, just listen. :)

furthermore epass doesnt know shit past the address they sent the card to and which ATM it was withdrawn at.... dont you people realize they will issue a card in the name of 'mickey mouse'?

i predict many more show stalkers and opportunists now that this publicity about wireless at shows has come up. sad but true, there are more shitheads here on gfy than anywhere. many criminals lurk here for sure amongst us. i won't use wireless at a hotel again.

JFK, that's awful. I really hope you're able to, at the very least, expose the criminal behind this. Not a nice way to end a trip to a great convention.

There's two types of access. You can use the cell phone networks and an air card in your laptop. All 4 major Canadian cell providers offer the service. Your speeds vary based on the service in your area. EV-DO (Telus/Bell) and EDGE (Fido/Rogers) is broadband access (over 256 kbps) and is available in most major urban areas. Outside those areas, you have get a signal up to about 56 kbps as long as there's service in the area. The service is costly and often the bandwidth allowed is very limited (as low as 5 MB a month depending on your package).

Rogers and Bell have a new wireless broadband service as well. From what I understand, they've been installing transmitters in cell towers in major urban areas. As long as you're less than 4 KM away from a tower, you can get up to 3 mbps. You get an external modem which you can use anywhere in the service area as long as you have a power source. Bandwidth consumption allowed is a lot higher (10 - 20 GB a month, IIRC). It's about $60/month.

https:// == encrypted, can't be sniffed over wireless.

Only the endpoint IP address would be exposed.

another top-notch company... 100..

1. It was a porn convention so using a name like that wouldn't exactly be pulling it out of their asses :winkwink: It's not like they're going to use their own name or the name of their own company
2. If they were "on" your computer and watching you move money around, then voila, they know all about Epassporte. Just like someone hitching on to my computer would know all about the little hometown bank I use

Just making an assumption, that's all. I guess I just really hate to think it was someone in the biz :(

It's possible to defeat it. the attacker could have poisoned jfk's arp cache and positioned himself between jfk and the hotel router.

That really sucks that that happened to you, especially when you do so much which is great for everyone. Some people really suck.

True - very true! JFK is one of the hardest working peeps in our business and ya' never ever hear anyone say anything negative about him. Sucks for something like this to happen to someone with such a good heart but our industry has it's share of real scum and this is just another example of how they operate.

If ePassporte does not help JFK get his money back or at least tell him who stole it - they are no better than the guy who stole the money in the first place. I would like to think that ePassporte would step-up do the right thing here but history has shown that they usually do not. Epassporte has not impressed me with how they've handled stolen money in the past and I won't hold my breath that JFK's situation will be any different.

Interesting to note that my bank has a fraud department that looks into stuff like this. Does ePassporte have a fraud department? If so...what are they responsible for? What's the use in having a fraud department if they can't (or won't) pursue the scammers?

I currently have $2.18 in my ePassporte account. If someone wants to rip me off...more power to them. I try not to use ePassporte for anything unless I have no other choice and then I get the money out of there as quickly as possible. That appears to be the only way to keep your money safe. Better to store your money in a place where it's guaranteed - and that is not an ePassporte account!

Dam that sucks, What Epassorte account was it drawn from..? let's make sure no one pays on it and if someone like epass would like to disclose the loser' that would be help full...get the ip of the transaction and other related info

then give it to my boyz Sal, Anthony, Bruno and Dominick...hehe

to bad epass does not offer chargeback insurance...

Sucks to hear JFK, hope you find out who it was.

I would be surprised if epass can give out that information based on privacy laws. I would assume that would be the only reason for them not to give it out.

I to get my money out as fast as possible.


I use EDGE from time to time and it works great, for times when I can't I use a VPN to a server where I use a remote desktop. That is when I am doing something more then checking google maps or something.

On a side note I got this link in an email, was it sent to everyone with a ccbill account? or just people who have attended the forum at some point?

Yea - the scammers are having a field-day with this. They are breaking into peoples accounts...stealing thousands and thousands of dollars all the while knowing that ePassporte won't reveal their identities because it's a privacy issue. Something is really fucked up about that situation ... wouldn't you say?

I never said it was right.

I know...I know.

It's not right. If a scammer can break into someone's account and steal a few thousand dollars and ePassporte does not and will not do anything about it - even though they could - that really says a lot about ePassporte.

If that $3000 was stolen out of Chris Mallick's account - you bet your ass something would be done about it - and quickly! :thumbsup

If their hands are tied then there is nothing they can really do though now is there?
I dont know where epass is located nor do I know the privacy laws there.
But I know if they were here in Canada giving out that information could very likely mean jail time and fines.

Would YOU give out information to get someone back 3 grand if you knew very well it could mean you would end up behind bars and have fines levied against you and your company? What if doing that froze epass's account and everyone with any money with them ended up losing it all?

I doubt very much that the people at epass are just sitting behind their monitor thinking to themselves that its only 3 grand and not worth their time to do anything.

Dean, I dont know you personally, but from your other posts you always seemed like someone intellegent, but it seems your just being ignorant in thinking that they wouldnt do whatever they LEGALLY could.
If they started breaking laws they would be no better then the theifs.

It doesnt matter actually.. all that information is being sent through the air and anyone with the right skills can intercept it.

Even with SSL that only makes it a little bit harder but not very, if someone was sniffing his packets from the very first packets sent then they already have the crypto keys and crypto suite information that they need to decrypt everything as its being transmitted.

The lesson here is to avoid transmitting your private information through the air where anyone can intercept it. Encrypted or not.

I would never ask ePassporte to break the law. I would only ask them to stand up and take some responsibility to ensure that their customers money is safe. And if their customers money is stolen - that they do everything possible to either get it back or help with prosecuting the offenders. So far...it doesn't seem that this is the case. I have seen many posts from people complaining about their money getting stolen but I have yet to see one post where someone complimented ePassporte for doing everything possible to help them get their money back or help to find out who the offenders were. Of course I'm not here 24 hours a day so it is possible that I missed such a post.

Call me ignorant if you want - but I just have no respect for a company that might know the identity of people who are breaking into other peoples accounts and would rather sit on that information instead of chasing these folks down and prosecuting them. As I said before - if this $3000 was stolen out of Chris Mallick's account - you bet your ass something would be done about it. You don't think Chris would just sit back and let someone break into his account and steal thousand of dollars from him do ya'?

I dont see posts about people getting paid by sponsors on time either... Maybe I should start every time I get a payment, just so you will know who is paying on time...
I know thats not exactly the same, but its just how it is, people don't post when things go as planned, and often then dont post when a problem has been fixed, or if they do its an old bump that goes un-noticed.

Its already evident that epass has looked into it to some extent, even given JFK some info on who it was.
Your just ASSUMING that epass isnt doing everything they can. Do you know for sure that they havent gathered all the information they can get and given it to the proper authorities? How do you know its not in some officers in box, or that an officer reviewed and just pushed it aside?

Do you want epass to just refund every "theft" that happens? how do you know people wont just scam them by saying something was a theft? Have you read the epass TOS? do you understand them? agree to them?

If Chris Mallick's account was hacked I'm sure something would happen, but I couldn't tell you what. For all I know his legal team would force him to do exactly what is being done for JFK.

Maybe they can't give out that information, but the least they can do is refund his money to his account. That would do a LOT to reinstate confidence in their service, don't you think?

sorry to hear - i really hope epassport helps you to find the theif and post the motherfuckers name on here so we can all spit in the face of this asshole next time we see em.

damn... ..

Sorry hun, but epass accounts arent instant signups. Takes awhile to even get an account. This was definitely someone in the industry.

Heres what probably happened.

#1 - The day people arrived, someone set up a fake access point

#2 - Their access point was set up as a http/https relay. A fake epass site was installed on the local AP server. When people logged into paypal or epass, first their login & user name was captured on the local machine & then relayed onto the real epassporte site, so all you saw was a seamless login.

#3 - Several logins were stolen within the first few hours. Everyones checking their balance before they hit the bar/strip club for cash.

#4 - These new stolen logins from people at the show, were used to move the $ around in a giant loop.

Now depending on the # of logins compromised, the # of transactions those other accounts completed themselves/transferred to other accts.. And the # of days between it happening, & JFK alerting epassporte. That money could be lost in a "literal" circle jerk void forever.

Epassporte might literally have to contact 100 customers & confirm each transaction to another party.

Your not dealing with a hotel employee. Your dealing with someone that has probably been using epassporte for years & hatched a little pre-meditated scheme months ago.

In fact, I wouldn't be surprised if this has been going on for several years. Just in amounts people don't immediately notice, or don't wish to embarrass themselves in public.

I wouldn't be surprised if more people come forward in the following weeks with the same complaints.

Then again...it could have been some idiot using a xp exploit & a keylogger. Or even a lost access key social engineering trick with the hotel front desk, while your laptop sat tucked away seemingly safe.

All we can do is hope little bloodsuckers like this get caught, or karma brings them a hefty dose of the AIDS :pimp

First of all, sorry to hear this happening (again) Jules...

You've not been the first in this account circle-jerk-scam scheme, as we've read numerous time on here and other boards now... just to add an extra cherry on top they've gotten you at a show, which means it 100% is someone from within our own rows!

A quite easy solution to fuck up this scammers world:

ePass sends out a letter with a set of TAN's (Transaction-Numbers) for each customer - it needs some work on their end of course, but it's worth it. This way you have to maintain a real address on file as well, as you need these TAN's every once in a while, as each TAN list has only around 100 to 200 TAN's which are used up every X months.

Then for each transaction you make, you have to enter a specified TAN from your very own list, if it matches - the payment goes thru, if it doesnt match, the payment doesnt go thru and you'll get a warning - 3 wrong TAN's = ePass Account locked down, you have to contact ePass.

Would work with the same generator PayPal uses as well, but that means buying these generators and send them out, where paper obviously is cheaper...

Just a thought to add a layer of security that prevents all of this crime.

It's an old standard with the banks over here and it works like a charme.

Personally, I would'nt mind paying a few cents more per transaction to cover the cost of this added layer of security - if they raise it from .25 to .35 on all of the accounts - which doesnt hurt anyone directly that bad, in essence it would very well make up for the cost I hope - epass would have to calculate that though...

:2 cents: