Someone used my prepaid debit card in bad ways. The card is already blocked. Now, I'm trying to figure out if I did something wrong or if I should take extra precautions other than blocking it. The only thing I know from the customer support is that my card was successfully linked to someone else's Google Pay and during this process there was an SMS/OTP confirmation. I did not confirm anything like that myself. So if I understand the situation well, not only the card data were leaked, but probably either my SIM card or authentication app is also corrupted. How can I figure out if this is really the case? What should be my next steps to prevent similar cases in the future?
Either at least one of your devices was compromised or else a company (or any other third party) leaked your data most likely because of an attack. That what you describe is typical for a carding attack, somebody has your debit card data as well as ohter personal information like address, phone, email etc. but I dont think that the attacker has other data which are necessary to effectivly use the card, like your IP address, useragents, session cookies etc. otherwise he would sim swap your number. If so the consequences would have been far beyond receiving a sms with otp :)
Ofc check all your devices and anaylse your opsec. but imo it's enough to block the card and get a new one. you can change your phonenumber and email adress as well but that depens on your specific cost-benefit ratio.
reply
oh yeah in case that you find anything on your device(s) you might need to do some more things. but from that what you describe it sounds more like a third party was hacked/leaked or acted malicious and sold the data
reply
I am not sure if I was clear enough. The card is not only linked to Google pay, but it is actually used for payments in three different transactions.
reply