My shopee account was being hacked...

The account is link with credit card. The cheater spend Rm8k in 3 transactions buying games card etc。

Any solution or advice? I don't earn much. Rm8k is big amount to me.

This post has been edited by moon yuen: Jan 12 2021, 07:37 PM

sorry to hear that? so what has Shopee did to help you?

immediately call ur bank

sorry to hear that, but how did you get hack when shopee require SMS OTP to login at different browser?

always go back setting remove save credit card after u make payment

i always share to my family, friends, followers, NEVER lock card into ur online acc.. expensive lesson

nope.. first use to tie the card to shopee might have tokenize it.. so liability shift back to issuing bank.. at most u file as unauthorized charge.. might get back the money that way.. but need to prove that your account is hacked..

Bank told me before whether save or not once use the card automatically saved orh

This is why I never link my credit card in apps, plus I also freeze my card after each transaction made when buying things offline.

So how did u get hacked? U gave out OTP to hacker then too bad for u.

thats why i never link any credit cards or debit even put cash on the app because things like that can happen

maybe u can report to police or bank so that they can freeze the account

where got so easy hack. even before buy, shoppe will require you to enter 6 digit password. If real hack also his own people hack it.

It's easy to hack. Your hacked "FB friend" will ask you for otp code sent to you. You give. Actually the OTP code is to reset your email password. After hacker reset your email password, he will proceed to reset your shopper password, then takes control vof your shoppee account. Then will proceed to buy iTunes game card.

And by the way, since he already hack your email account, he will proceed to reset your FB password and take over your FB.

He will then contact all your FB friends to ask for otp code. Surely one of your friends will fall for it.

This post has been edited by gumshoe101: Jan 12 2021, 08:01 PM

So 2 expensive lesson everyone should learn:
1. Never save your CC or DC into any ewallet, be it Shopee, Grab, Lazada and so on. Delete your card if it is saved in those accounts.
2. Never respond to any friend or strangers asking for OTP. If really need help then meet up.

TS, I hope you already block that CC and go make police report.

just dispute bank lo

Last year mco,
My paypal kena....
Direct dispute with PayPal,
But PayPal say the transaction is legit...
Lucky the merchant help me reverse the money.....

This is what I'd like to know too. "Hacked" is easily thrown around these days, when in actuality, most cases like this are due to the carelessness of the user. TS, do share the full story.

Haven't kena. But i'll remove mine just in case

This post has been edited by hirano: Jan 12 2021, 09:20 PM

TS, would appreciate if you could explain further how your account got hacked? i just login shopee,i receive an OTP to proceed further..so how is it possible?

Never save or link your credit card or bank account details with online shopping platforms.

TS pls share full story. Don't feel ashame. Everyone make mistakes.

i think shopee is quite secure. even when my phone is broken, i cannot even login shopee via web.
when want to pay, always ask otp. qhen pay using shopee pay,need password.

This post has been edited by AmIRight?: Jan 12 2021, 10:01 PM

for cc, call your bank, file dispute.

if debit card..gl..

thats why never give OTP away!!!
All TAC/OTP is SECRET from Lazada, Shopee, Bank and everything!



This post has been edited by calvin_ng: Jan 12 2021, 10:26 PM

Man, this is bad. I'm sorry to hear that.
And this is one of the reason why I would never link my credit card in apps.

report police and use charges back from cc.

i use debit card for online and link it everywhere i can for buying item less than 5k (the limit i can accept if lost without thinking too much). but almost always balance is less than rm10. only if i wanted to buy something i did online transfer then buy lo. very safe.

Yah, me too. Linked online site with my debit card and no money in the account. Hack all they want...

Already report police.

Don't understand.... Use charges back from cc?

After seeing your post, I deleted my c.c. detail in shoppee, lazada, grab and boost.

Report mcmc

What is mcmc?

not when 90% of the post here saying things like dont link save cc anywhere when TS asking for opinions on how to recoup charges.

On the other hand, TS, can you just contact shopee directly and cancel ALL orders. also actually can report police. can just look at delivery of those items right, to find the hacker unless everything bought was non-physical?

Shopee should be held somewhat accountable.

This post has been edited by adele123: Jan 12 2021, 11:26 PM

Yup. All items are non-physical.

Game cards, top up cards etc.

Already contact shopee, report police and bank.



This post has been edited by moon yuen: Jan 12 2021, 11:38 PM

Not all transaction is required to enter 6 digit password (OTP)

Ever heard of these terms for merchants?

1. 3D MID
2. NON 3D MID - SKIP CVV
3. NON 3D MID - SKIP OTP
4. NON 3D MID - SKIP CVV - SKIP OTP
5. Tokenization?

Don't make a fool out of yourself. Google it up.

This post has been edited by sadukarzz: Jan 12 2021, 11:58 PM

Must be very inconvenient

Is it poesible to tell bank to nullify transaction ?

Damn

Now i feel like doing so

LEL freeze card? u mean BigPay? that is not Credit Card tho.....

Why would anyone give out otp to a complete stranger ?

Why Shopee should be accountable? If he gave out OTP to hacker then its own fault.

Report police also cant really do anything i guess unless u know the hacker personally otherwise how police want to find who did it?

3rd page and TS still won't share how he was "hacked"

One thing though, my Shopee linked CC still need OTP when making purchases..
Ok lah lets say the hacker topup money into ShopeePay but that also got daily limit RM2999 for Standard and RM4999 for Premium (Verified IC)

How to get 8K lah?

Guys how to know what platform have we linked our cc/dc to?

And can we cancel it via bank?

No u cant, atleast not that simple and i doubt bank will entertain u.

Want simple just call bank and tell them u suspect ur CC is misused or tell them u lost ur card. They will cancel ur card and send new card (different number) to u.
The problem is different bank treat such incident differently where some bank may just check recent transaction if no suspicious will ask u to just monitor and call again, and for lost card some bank may charge u replacement card fee.

And most of the times, it’s not carelessness which caused these, but the greed bout some too good to be true promises or offers which make no sense to sane people.

It's not a stranger. It's an FB account of your friend that has just been hijacked. Naturally, you'd give the OTP without much thought because it's your friend.

what kind of email password reset that sent OTP code? Email that use 2FA kah

and how do hackesrs know our shopee email login?

Do they need police report?

for lost card? no need

just answer the question TS, did u give out your OTP or not? if not how exactly did u get hacked.

did you ever buy robox (for example) at shopee?

for once was tempted to buy that roblox credit thru shopee seller but when they ask email and password for roblox account i just cancel the intention.

i saw lot of pipul still got courage and buy.

When the hacker hacked they don’t require any otp ady.
Last year on a night I suddenly received 4 consecutive sms saying my amb cc was charged usdxxx for purchased of iTunes gift card. And the fifth sms came in said the 5th transaction not successful coz too many similar transaction performed at the same time.

That time I did not even getting any otp from the bank. I immediately called the bank to check and they said those are genuine transactions and immediately I get them to block my card.

I told d bank it was not my authorised transactions and I didn’t even receive any sms otp. But they told me I can only submit dispute form which it might take 3-6 mths to investigate and come out the result.

I think that was too long so I immediately called apple helpline and informed them on my situation. After further checking they agreed to refund back the money to my credit card which was charged earlier.

So yeah when they hacked into ur cc they won’t need the otp for their spending or not sure now they bypass it

But you can always go back to delete the saved cc numbers before you leave

I deleted my shopee and lazada cc after reading this. Going to be more troublesome next time.

Curiously, TS has been very quite after the first post despite saying the 8k is a lot to him...hmmmm

iTune purchase doesn't require OTP. the hacker is using that loop hole.

This post has been edited by ReWeR: Jan 13 2021, 03:01 AM

It is highly suspicious. Credit card OTP cant simply change phone no. and the SMS OTP will state which Bank, amount to pay and the OTP no.

beware of ALIEXPRESS also.

last week bought something from aliexpress using maybank debit card, since im used to save the card info at shopee & lazada so why not. theres always OTP as security & the transaction completed.

an hour later i bought another stuff, after i click the pay button, suddenly status became paid. im like WTF??? wheres the OTP???

straight away remove my card info from aliexpress.

Citibank credit card got freeze feature bro

Don't make a fool out of yourself better. TS never said she gave any code to anyone to reset the password. If you give the code then it is equivalent of you giving the bank card+password to the thief to withdraw the cash no differently. If you got robbed then it's a different story.

If you did not give any OTP or get robbed, most of the time is the people of your surrounding that secretly get the reset password code from your phone. Without your phone, no way they can login and reset anything inside.

This post has been edited by Accord2018: Jan 13 2021, 07:36 AM

Maybe you need to check if it's a PC or gadget that you used to log on to Shopee before. Every new login seems to require a SMS to your phone.

Best practice is probably to clear the cookies from any 3rd party computer that you use to log on or just use private browsing.

I believe what happened was most likely a family member or "friend" who had access to OP's phone. Shopee requires OTP like many have said, unless using shopeepay

once the credit card is saved no OTP is required for subsequent purchases.

TS probably forgot to log out from another device and someone else had access to his/her account. Since if hacker login from new device shopee will require verification code sent via SMS.

TS post de. Probably you can get an idea of what happened.

The only possibility i can think of is that the hacker probably checkout using credit card as the payment option instead of shopeepay. Cant recall whether is it lazada or shopee, either one of these platform do not send me OTP whenever i perform a topup or purchase directly using cc in their app, the transaction jst gets approved (referring to a saved/linked cc to the app)

Though i am not sure if there is a limit for purchasing directly via cc in shopee but if it follows the credit limit of the cc itself, then it could also be possible if TS' credit limit is above rm8k.

But then again, assuming hacker managed to perform rm8k transaction, the next line of defense should kick in as well, i.e. notice from the issuing bank. Typically for huge amount like rm8k, banks will notify/call/send sms to inform like "how much was just swipe using cc with ending num xxxx and pls call if you did not perform this transaction bla bla bla". And if the cc owner calls timely i believe most banks can stop/reverse this transaction.

This post has been edited by chichabom: Jan 13 2021, 08:26 AM

for sake of convenience once you register tour CC / DB to shopee/lazada they only ask OTP one time. then the subsequent transaction does not require OTP.

it will only ask for OTP after every few months.

convenient yes, secure no.

so after finish transaction delete your card from the platform.
lazy = high risk.

Both aboi and agirl also quite clumsy type eh... i guess they can be easy as a scam target

but why would I give my OTP to my friend ?

is like my friend ask me for my maybank2u password..

It's OTP to reset your email password. Once you give the email reset OTP to your "FB friend", he will take over your email account.

Having access to your email account opens up countless possibility to reset other passwords from other services.

You would give the email reset OTP to your "FB friend" because he won't specifically ask for OTP. He would ask something like...

(This is the actual hacker's message:)

"Shopee has a special campaign for the 4th year, if I get 5 votes, I'll win a gift voucher with you. I'll send you a message send me message copy ?"

Many people will fall for it if the message came from their FB friend.

Again, having access to your email account opens up countless possibility to reset other passwords from other services including lazada, shopee and facebook.

If the service allows, setting up 2-factor Authentication is the best way to prevent people hacking into your accounts

This post has been edited by gumshoe101: Jan 13 2021, 09:38 AM

You wrong la. Now shopee update password mentions clearly in the message "NEVER share this code with others, including shopee staff".

If you still give then you cannot blame. It is always safe as long as your phone has a secure password. Face/fingerprint also not safe because your gf can secretly open it when you sleeping like a pig.

For those who forgot to log out from computer, it's like you left your bank card inside the atm machine after taking money, then you want to blame who?

This post has been edited by Accord2018: Jan 13 2021, 09:26 AM

You be surprise, many will still fall for it even the OTP message contains warning

Btw, read what I said - it's not shoppee OTP that the hacker will ask for. It's email reset OTP.

but you only send message copy not OTP.

Even my friend say he can win 1 million lottery and agree to split with me 50/50, give him my OTP, I still won't give.

I am sure email also will get that warning.

It is scam already not hack. where got so easy hack shopee.

No point arguing with your on the technicalities of the meaning of the word 'hack" or "scam".

In computer security, your security is only as strong as the weakest link.

I was also contacted by scammer asking for shoppee tac..

Don't need to enter OTP when make purchase meh? Can't remember.

If me, farked the scammer straight liao. No need to be polite.

Likely he gaved OTP. Sendiri sarahan, kena scammed, try blame Shopee.

Yes, you're so clever. Not everyone is as smart as you.

yup. ownself give atm password to people. cash withdraw then blame bank?

No point farking. He would just move on to another victim. You think he will take your farking personally? He's just doing his job in the syndicate. 🙂

This post has been edited by gumshoe101: Jan 13 2021, 10:34 AM

thats weird, normally paypal is pro customer right?

I can't remember the whole situation
but I recalled, one of my staff last time got issue with paypal
took like 2 months to resolve the blady transaction before it can go through
from that day on, I don't think I want to do any paypal transaction.

oh yes, transaction going through is a pain on paypal. dont know why those westerners send money so easily but when we try to send it takes ages to approve.

but dispute vs merchants i think paypal often side the customer more.

If the transaction was via Non 3D MID, which Shopee is most likely to have as they might use their own MID instead of TPA MID; and its Skip OTP, then the transaction will complete without OTP being requested. In this case, there is NO OTP being REQUESTED TO COMPLETE THE TRANSACTION.

Please, do some research, I work in a Payment Gateway company, so don't come up with such lame excuse of hax hax hax alone. You want to be the hero, go ahead. Jeez. Wannabe.

@moon yuen

When the transaction is NON 3D, Skip OTP, the ECI value will be 6 depending on Master/Visa.

In issuing bank's (YOUR CREDIT CARD BANK) perspective, they can shift the liability to acquiring bank (SHOPEE's BANK) provided that the user (YOU) can provide evidence to support their claim while filing dispute. If the value of loss is high enough, cardholder can raise this further to pre-arb/arbitration, but do bear in mind if you lose your dispute case in this stage, you will be charged with the documenting and admin cost (roughly $300 for mastercard).

I suggest you to assist your issuing bank to file a dispute, and cooperate with them to provide all form of evidence you have to show that you DID NOT make this transaction, so that your claim of UNAUTHORIZED CHARGE is sound.

I mean the code to login, not CC OTP. You too act smart la. Without the code from shopee, no way you can login to buy.

There is an acknowledgement clause when you add your CC to Shopee that states that you accept that your information is secure and OTP might not be required for future transactions on Shopee.

So it is possible for CC transactions to go through without OTP.

I am pointing towards the solution to help TS. Not dwelling how they got hacked.

1. If the transaction is 3D fully secured, even if the hacker hacked into the Shopee account, they cant complete the transaction without 6 digit OTP sent to TS's mobile.

2. However, if the transaction is 3D not fully secured, then the hacker can use the saved CC to make transactions without 6 digit OTP sent to TS's mobile. This is the entry point I am trying to help TS to file a dispute to recover their losses.

Geddit?

And At this point does it matter to TS who hacked? If you found out how they got hacked will Shopee refund them?

Or their 8k loss matters more? Go figure, Geez. Buat lawak je. Hack already then what? You prove this then Shopee / CC bank give you back the money?

You so pandai, help TS win their dispute lar sohems.

coz you adi sohem from the beginning that my 6 digit is mean to login shopee not CC OTP. still ldun wan admit ur sohem is it.

I did not argue on you on the filing of dispute. u reli sohem leh.

Okay, you win, I sohems. You most pandai now you help TS defend dispute. Byes.

eh that's weird, yes I know it is saved, but it will always asked for OTP before proceed. So, question is, how did he managed to use the card without need OTP?

By the way, inb4, I don't know how to read, must be I stupid hahahaha! I read as "even before buy", not "even before login".

report to bank and cancel the transaction ? why when you buy, no need to validate from phone 1 meh ?

Never had any issue with it before.

If a hacker would like to hack into your account.
1 - He needs to know your email and password to your login.
2 - If he access from another browser which probably reach the limit of simultaneous login (Shopee control that), the browser will send OTP to your registered number.
3 - If he got the OTP, only he can access into your Shopee account
4 - Then the hacker needs to have the 6 digits number which you set it before to secure your Shopee Seller balance.
5 - If he happens to have it, then he is able to access into your Shopee Seller balance and request a draw out. And this will Shopee will take 1-3 days to proceed and a notification will be sent to you.

Say now, is it so easy for hacker to hack into your account just to get RM8k? Why not he go and access into others with higher value?
And, could it be you or bf/gf did a withdraw and you don't know or forgotten?