How to Protect Your Money From Online Crooks While Holiday ShoppingBy Susan Tompor
(TNS)—As shoppers whip out the plastic for online deals, the holiday angst only heightens when it comes to threats to your credit card accounts and other personal information.
Even consumers who shop online through a major retailer, like Macy's, can fall victim to some of these incredible hacking incidents. During a one-week period in early October, for example, sophisticated intruders targeted online shoppers at Macys.com to secretly collect addresses, emails, names, credit card numbers and other personal information. As a shopper, you would have had no idea there was any sort of trouble when you used your card to buy merchandise. Later down the line, though, you likely received a letter from Macy's explaining that you were a victim of this limited data breach. The Macy's breach mirrors a proliferation of specific e-skimming attacks outlined earlier by the Federal Bureau of Investigation. The FBI said in October, before news of the Macy's breach broke in November, that the bureau was seeing a number of e-skimming cases open up. The danger of this latest cyber attack: Cyber criminals are getting our data in real-time, which can make that information more valuable in the underground market. Such theft can happen whether you're buying something online through a legitimate website or mobile app. How E-Commerce Attacks Work Fraudulent websites, apps, emails and texts are particularly dangerous on big shopping days, such as Black Friday and Cyber Monday, when everyone's in a rush to quickly snag the best bargains. The attack on e-commerce sites, like the one experienced by Macy's, is known as Magecart, a scam that skims card numbers of online shoppers using widely distributed malicious software. In the Macy's breach, the criminals were able to access information when customers used credit card data at the checkout page and the "place order" button was hit. Experts say the Macy's incident is similar to the digital skimming techniques and code used in a number of other Magecart attacks lately. The skimming code would capture your information in real-time and send it to remote server where the data is collected by the criminals behind the scene. The consumer's credit card data would either be sold or used to make fraudulent purchases from that point going forward. The e-skimming incident at Macy's won't be the last that we're likely to hear about this holiday. Unfortunately, it's not something that a consumer can readily spot or avoid while shopping online. "E-skimming is easy to deploy, hard to detect and extremely lucrative," says Adam Levin, founder of CyberScout. He notes that e-skimming victims often are none the wiser because the attack doesn't interfere with the processing of the credit card. "The first sign of trouble is usually a notification from a credit card company or bank regarding a suspicious transaction." Data From Initial Hack Can Be Used Later Given that the Macy's attack exposed customer names, addresses, email addresses and phone numbers, those customers could see more phishing attempts later, Levin says. Scammers may try to get more information on these calls to be used in further identity-related fraud. Levin also suggests that given the breadth of the personal information stolen in the recent Macy's attack, it is possible that data could be connected to other stolen information readily available for sale on the Dark Web. If so, that would make it possible for a criminal to open new accounts in a victim's name. "Be on the lookout for suspicious activity," he warns. What You Can Do to Protect Data, Money The proliferation of cyber crime gives consumers more reason to lock their doors, if you will, to their personal information. Consider the following tips:
Visit Detroit Free Press at www.freep.com Distributed by Tribune Content Agency, LLC |
Today's Top Stories |