I know I brought this up before a while back. You need to change your CC service provider. When I enter my CC for a donation, it takes me to another looking website (very unprofessional) that asks me for my SSN and birthdate. That kind of personal info there as it can be used to hijack identity. Most people will not enter that. I hope you realize you are losing donations. Thanks!
Hi, could you send me a screenshot of this other website at the following address sophie.gautier@documentfoundation.org. Thanks a lot in advance. Kind regards - Sophie
Hi wyattb
Unfortunately you are just spitting in the wind by posting here. No-one that can change anything will ever see it. Search for ‘Florian Effenberger’ (LO director). He will be able to change it.
If this helps then please tick the answer (
)
…and/or show you like it with an uptick (∧)
@Alex2. While I believe some answers may be beyond the relm of what is even possible by the people at LibreOffice, this forum is precicely the place to post issues such as CC providers and links within websites giving re-directs to sites that ask for SSN and other data. So far, the question was asked on October 7th, and Sophie has asked for further details, Like the URL etc. that are legitimate questions.
On Oct 21 Florian directly responded to the original poster. So, how is that just …
… just spitting in the wind, so to speak. While the Wheels of Change may appear to be slow, sometimes the LO staffers do read these forums. I am guessing but it sounds, based on the description, that the browser has been hijacked and that specific laptop or computer is having the problem. If the user goes to a public Internet location, and enters the same web page (LO Donate) from their publicly accessible web page, there should be no issue with re-directs (and questions about SSN and DOB)
“If the user goes to a public Internet location…” (shiver). The one place that you never want to be entering personal, yet alone financial detail, is at such sites. (I understand that you never suggested such a thing, and checking for DNS poisoning is a very good idea in this situation, but people need reminding of such fundamental issues as man-in-the-middle hacks, as can occur over WiFi or such public sites; SSH is your friend).
Public Library is a valid location, where the Computer is usually hard wired into a network, and has up to date patches on their computers to TEST whether there is a different web page showing up for Donations and CC processing. Just because your location is not secure, that does not mean an alternate location is any worse (or better). But it does determine if it is the User’s PC that is compromised, or their connection to the internet. Granted, it SHOULD be a Https connection on the web page…
Thanks for the report - TDF does not ask for any mandatory private data when donating. We use payment providers that handle the payment on our behalf - but it’s rather uncommon to ask for your SSN and birthdate.
Normally, when paying via credit card, you have to provide the card number, expiration date, card holder’s name and the CVV (three digit security number from the back of the card, not to be mixed up with the PIN).
With some additional security measures in place by some card providers, you might get sent a TAN to your mobile phone or asked a password, but that depends on your bank/credit card company.
Do you have a screenshot of the page you can send to info@documentfoundation.org? I’d love to have a look - sending it via mail is better, as it’s not in public then, and I don’t watch AskBot on a regular basis.
Thanks,
Florian
Possible Hijack of a Users Computer by Drive-by software installing re-directs to Nefarious Websites. Had a similar occurrence while travelling. By going to a Public Library or other Commonly available location that gives web access, the user can determine if its their browser that is corrupted or if the ISP has their DNS cache poisoned by hacking.
If the user gets a different response when they go to the LibreOffice Donations page, then they will know if its the LO CC provider or if is the local machine and the browser installed on it.