Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

TuneIn hacked my credit card

This site may earn commission on affiliate links.
#21
dusty22 said:
Well, the way Ronald Lyster worded his post, it sounds like he did just that...
Click to expand...
They just describing "I scanned the image displayed on the screen and a bad thing happened" as "manifested on the Tesla" when it's actually seems to have been an interception on their phone. (It's _conceivable_ that the image was on the Tesla screen but it only happens sometimes so the image the poster showed wasn't the "scammed" code.)

There is a physical type of scam where criminals put QR code stickers over existing ones on signs.
 
Last edited:
#22
JayElDee said:
Ok, let me spell this out more clearly. If one tries to sign up for TuneIn on the display in the car a QR code comes upis displayed. Take a picture of it and you are sent to the TuneIn website that describes the services offered by TuneIn. One of the services is a free account; there are others. I chose the free account. In order to sign up for the free account a credit card is needed "for verification." This was the QR code that the Tesla display showed. Yes, I put my credit card info in, as one would for any reputable online service, assuming TuneIn is one. Within minutes, one card number was stolen and used. Within a couple of hours the two other cards were used fraudulently. Fortunately USAA and Cap One recognized declined, alerting us.
A fraudulent link displayed on a OEM Tesla screen for a service that is included in the Tesla software is definitely something they would need to know about. This was a link given to me by Tesla/TuneIn and it directly led to 3 credit cards being stolen.
Click to expand...
You were hijcked. You were not on the Tunein site but another that was going to reject ALL cards so you entered lots of them (so they can steal them all). They just made up that "we need a CC for the free tier" to steal your stuff.

As for how the hijack occurred, that is more complex. It may be Tesla (but the QR code is just a public URL), it may be Tunein, or the hosting company, your ISP, or even your router.
 
#23
drtimhill said:
You were hijcked. You were not on the Tunein site but another that was going to reject ALL cards so you entered lots of them (so they can steal them all). They just made up that "we need a CC for the free tier" to steal your stuff.

As for how the hijack occurred, that is more complex. It may be Tesla (but the QR code is just a public URL), it may be Tunein, or the hosting company, your ISP, or even your router.
Click to expand...
That's a good point. The redirection can have happened pretty much anywhere, unless you could see the URL in the QR Code scanner before it opened the link.
 
#24
ItsNotAboutTheMoney said:
That's a good point. The redirection can have happened pretty much anywhere, unless you could see the URL in the QR Code scanner before it opened the link.
Click to expand...
QR codes use a standard encoding, you can take a photo/screenshot of the QR code and upload it to any number of sites found by Googling "QR decoder". I took the one from Ronald Lyster's post and rotated it in a photo editor then uploaded it to QR Code Raptor and it decoded it to:

Code: 
https://offer.tidal.com/oauth-start?client_id=[REDACTED]&client_unique_key=[REDACTED]&redirect_uri=https%3A%2F%2Fqr-server.prd.mp.tesla.services%2Fv1%2Ftidal%2Fredirect&response_type=code&restrictSignup=true&scope=r_usr+w_usr+r_sub&state=[REDACTED]

That all looks normal, i.e. the QR code isn't decoding to some random website, and certainly not to fanjestic.com.

+1 for: your phone / router / dns-server has been compromised and is redirecting you to illegitimate sites.
 
Last edited:
#25
Just some followup, and I appreciate the discussion from all.
I have long used an app (android) called QR Reader, or something like that. I started using it years and phones ago. I think it may have been the issue. I knew that taking a picture of a QR code would do the same thing, ie direct to a website, but by habit continued to use the QR reader. A few weeks later I used it again and it didn't function properly, can't remember what exactly it did, but remembering the Tesla/TuneIn experience I deleted the app and just now use the phone camera.
Thanks to all for an informative lively discussion; sorry to hear others have had similar issues, but glad I am not alone in this.
 
  • Like
Reactions: drtimhill
You must log in or register to reply here.

Similar threads

J
Phone/user interface issues
Replies
8
Views
2K
Model Y: User Interface
SourJellybeans
SourJellybeans
P
Credit card charged twice for same SC session
Replies
8
Views
2K
Supercharging & Charging Infrastructure
ATPMSD
ATPMSD
bmah
  • Article
Trip Report: Orlando, FL
Replies
19
Views
2K
Road Trips
ItsNotAboutTheMoney
I
B
Any indications whats wrong with my screen/MCU?
Replies
11
Views
920
Model 3
buss
B
I
Tesla App Keeps Losing my CC Info for Supercharging
Replies
7
Views
2K
Model X
bmah
bmah
Top
Back
Blog
New
Forum list
Marketplace
Menu