Blue Sky Peptide: A Question For Anyone Who's Purchased From Them

[whodathunkit]

Greatings, Peatlings :) : I've recently discovered a fraudulent checkcard charge in my checking account and I'm wondering if it could be tied to my purchase of Blue Sky Peptides a month ago.

So far there are two of us on this forum (me and @HDD) who have found fraudulent checkcard charges in our accounts approximately 1 month (give or take) from making a purchase from Blue Sky.

The other possible pattern is the charges appear immediately after making a purchase from an online pharmacy. So, 1 month after Blue Sky purchase, but immediately after online pharmacy purchase. The pharmacies are not the same. Blue Sky is the link.

Also note I did not give my checkcard number to the online pharmacy...I paid that via echeck. But I *did* give my checkcard number to Blue Sky. My bank assures me there's no way to link my checking account number with my VISA checkcard number, let alone in the timeframe the fraud happened (I purchased from the pharmacy last night and the fraudulent charge was placed approximately an hour later). So whoever is perpetrating the fraud had to have gotten my checkcard number from somewhere else. A possible scenario is that malware was placed on my computer while signed in to Blue Sky and my card used for fraud after making a risky online pharmacy purchase to misdirect suspicion away from the real source of the fraud. The same thing happened to HDD. It's reasonable to suppose that someone who would buy hormones and peptides for research might also make riskier transactions like from online pharmacies. Just a matter of time, for many of us research types. So a scammer placing malware in a site like Blue Sky might make sense.

If anyone else has noticed anything similar after purchasing from Blue Sky, please speak up in this thread. If there's a pattern then maybe there's a bad apple at Blue Sky and they need to be notified. The customer service for my order was great.

Edited to add: forgot to say, for both me and HDD, the frauds were related to travel. Her charges were in Las Vegas, mine was a Caribbean vacation company.

 

[charlie]

Sucuri says it is clear for Malware although that's not an in depth scan.

Sucuri Security

 

[whodathunkit]

Thanks, @charlie. The mystery deepens.

Can I use Sukuri while signed in to a site? Or in the middle of a checkout process?

 

[bluewren]

@whodathunkit

This happened to me as well, though there is a difference in time frame......

I ordered from BSP on May 30, using my credit card, and was scammed on July 13. Once again, the scammer was a travel company, in Sydney, Australia.

It is disappointing this happens......I hope it can be exposed.

 

[charlie]

 

[bluewren]

Amen, brother.

 

[Such_Saturation]

I think the malicious component would be at the checkout process, which is often a different website altogether or anyway a very different part of the website than the one that serves you the webpage.

Or perhaps it could be like in the olden days when you filled out a form with your credit card numbers and the seller physically had to take the numbers and charge you manually. So he could see everything.

 

[Such_Saturation]

@whodathunkit

This happened to me as well, though there is a difference in time frame......

I ordered from BSP on May 30, using my credit card, and was scammed on July 13. Once again, the scammer was a travel company, in Sydney, Australia.

It is disappointing this happens......I hope it can be exposed.

3 data points make a trend lol

 

[charlie]

...which is often a different website altogether or anyway a very different part of the website than the one that serves you the webpage.

Except it looks like they do all their processing in house. I checked the source code on the checkout page and I do not see anything that shows it's processing off site. Maybe @Dan Wich can give it a look over too.

https://www.blueskypeptide.com/onestepcheckout/

 

[HDD]

It seems in my case they had knowledge of my account balance.

 

[Such_Saturation]

Except it looks like they do all their processing in house. I checked the source code on the checkout page and I do not see anything that shows it's processing off site. Maybe @Dan Wich can give it a look over too.

https://www.blueskypeptide.com/onestepcheckout/

Don't people usually get third party services for this stuff? How do they interface with the bank?

 

[whodathunkit]

This happened to me as well, though there is a difference in time frame......

I just realized it was over a month and a half between the scam and my purchase. I bought at Blue Sky in the beginning of June and it was yesterday the charge came up. So it seems they're waiting between 1.5 and about two months to perpetrate the fraud. No doubt to throw people off guard.

@HDD, they don't seem to have any particular knowledge of my bank balance. Maybe they just try to see what they can get away with.

3 data points make a trend lol

Looks like there's more than 3 data points. I did a quick google search for similar problems and it seems Blue Sky and other peptide companies are doing this. But I found a couple instances of Blue Sky, definitely.

Now that I've culled back over my bank transactions I think there's a few fishy Amazon ones, as well. I saw reference to small Amazon purchases as a way for the scammers to test the waters with these accounts, see if stuff gets noticed, or maybe just skim some funds unnoticed. I didn't notice this...I buy a lot of stuff from Amazon so it just flew under my radar. I'm going to have to try to untangle it, see what's legit and what's not. Some of it is definitely legit. Some may or may not be.

Another scam was a bunch of small Starbucks purchases. They may be able to gain some kind of temporary access to our accounts to see where we go most often. Or maybe they're just using the most likely suspects of where people often go. Amazon is a big internet retailer and a lot of people shop there like I do. Likewise, a lot of people make many purchases at Starbucks.

@HDD, @bluewren, you might want to go back through your account and see if there are any fishy small purchases between the time you bought at Blue Sky and the time the big fraudelent purchase was attempted.

@charlie, @Dan Wich, @Such_Saturation...in you opinion what are the best malware removal tools? I'll be getting Malware Bytes but I can't remember any of the others I used to use regularly. I've gotten lazy with my computer support but those days are over. I want several because I know one doesn't catch all the stuff. I used to run several until I just got lazy.

Also, what's the best virus protection? I lazily have McAfee since it came with my new computer but I know they suck. I just don't know anything else all that much better. On my Windows 7 box I had Kaspersky but then I started hearing the quality of that was going downhill, too. Which is why I just s fortuck with the McAfee that came when I bought it.

Time for a pre-paid burner VISA, too.

 

[Such_Saturation]

I think Malwarebytes is well respected. Among the old-school large antivirus programs I think the only one that has retained any kind of respect is Kaspersky Internet Security. Lots of people do not see the point of the classic "antivirus" anymore. Probably the biggest threats nowadays are getting fished as well as becoming part of botnets, etc. through vulnerabilities in various programs that you forgot to keep up to date. Other threats such as rootkits for other purposes I think are too hard to avoid to even worry about. My bank account can generate virtual debit cards on-the-fly with the expiration date that I want and the amount of money that I want.

 

[Such_Saturation]

@whodathunkit remember that transactions can appear on your bank account quite a while after they happen. In my account I could see a malicious transaction show up today when in truth it was made just hours after I bought something from a website a week ago.

 

[whodathunkit]

@whodathunkit remember that transactions can appear on your bank account quite a while after they happen. In my account I could see a malicious transaction show up today when in truth it was made just hours after I bought something from a website a week ago.

Yeah, I know. I asked my bank when the big fraud tx was placed. They said it was just about an hour after I went to ADC.

I may have to let the small questionable Amazon tx's fly by as my Amazon account is so busy I might not be able to tease it out. They're not prohibitive. But from now on I'm keeping track of all my purchases so I can at least identify the ones I definitely didn't make.

BTW, @bluewren, did you make a purchase from someplace a little dicey like an online pharmacy right before your fraud showed up? If so, how much was that tx and also how much was the fraud?

 

[ecstatichamster]

Use virtual account numbers

Problem solved.

 

[whodathunkit]

Use virtual account numbers

My bank used to do that. Now they don't. I think they may offer pre-paid, though, so I"m going to look into that.

 

[whodathunkit]

@HDD, this just occurred...did you make a large $$$ purchase with your debit card right before the fraud?

 

[Dan W]

It's weird: as best I can tell, they're using Magento (a common store platform), and Authorize.net (a common payment processor). Those should work in a way where I wouldn't expect people's card numbers to be accidentally lying around for a rogue employee or hacker. But that doesn't mean they weren't modified at some point (by the company or just a hacker) to grab the numbers independently.

It might be worth asking Blue Sky if they fixed anything recently: I notice they have McAfee's site scanning service, do you recall if that badge was there when ordering?

There was a minor Authorize.net leak on March 21st, but that timing doesn't seem right.

in you opinion what are the best malware removal tools?

I'll just punt to Such's answer since I don't know much about them.

 

[HDD]

@HDD, this just occurred...did you make a large $$$ purchase with your debit card right before the fraud?

No, the online purchase was under $100.