January 17, 2014

Hackers and breaches and credit cards - Oh My!

Well, it's a new year and another story of a big data breach. The more things change...

;">Update: Breach exposes data on 110 million customers, Target now says

As long as there is something to steal, people will try to steal it and periodically they will be successful.  Sometimes they will be wildly successful. 

Most people read about these things and their thoughts immediately turn to "OMG they have my credit card info! They're going to charge stuff!". While this is true, there are other things you will need to keep in mind.  Let’s consider the data that was taken.  Credit  and debit card numbers yes, but also, full name, address, email, and phone info too. This may be far more of a problem than the credit card numbers.  

It’s not possible to cover every bad thing that might happen from a data breach in one post (or even several posts) so let’s look at the most likely results and how you can keep from becoming a victim after the fact. 

With all that identifying data, it becomes very easy to target people with phishing emails and even phone calls.  The chances of a direct snail mail campaign are small, but possible.  With snail mail the cost is high and there are very specific laws that come into play that aren’t there for email, but please extrapolate anything said about emails and phone calls to include snail mail.   

Sadly, suspicion is your friend no matter the method of contact.  If someone walked up to your door and knocked, or stopped you on the street, then asked for your credit card info or login information for your bank, would you tell them?  Right now I’m going with - No!!! Please tell me you wouldn’t give this information out to a random person you don’t know!  

Phishing email has gotten very good over the last few years.  It can be nearly impossible for people to detect whether or not an email dropping into their inbox is from the place it says it’s from.  While there are still huge numbers of badly worded and misspelled phishing emails that can easily be spotted, the real problem are emails that are so good you believe it is legitimate. 

Because the information stolen is most of what a company would use to identify you, the bad guys can now create even more plausible emails and phone calls.  They know the correct name associated with an email. They know the correct address and phone number.  The end result is, the approach looks legitimate and you believe them because they have this information already.  

So, what to do?  Here are things to keep in mind. 

Never trust a person or business who contacts you directly asking for information. Do not open email attachments.  Do not click links to respond. Do not ever reply to an email asking you to fill out a form and return it. And please please don't tell me you would only do this if the email is from someone you know.  Don't. Period. 

Let me say that again.  Never give out information to anyone if you did not contact them first and were waiting for a response. 

But how about a little extra information so you can see why you should be careful.  

First of all, do not place all your trust in anti-virus software. It is useful for catching older stuff, but it won’t catch everything all the time and it won’t catch anything that is new and hasn’t had virus signatures created - I don’t care who makes it or what their claims are. It also will not catch an email that just asks you to fill out information and return it... that isn't a virus.  As always, you are responsible for what you click or delete or what information you give out. Think about it carefully.

Let’s start with email. Phishing emails are sent out by the millions. At some point in time, they are going to hit your inbox and look real.  It may say "we have tracking information about your UPS order please open the attached file” or "your bank account will be frozen unless you respond to this email, please open the attached file”. Or "this is an emergency, please click this link to go to our site and update your login information”. 

It may appear to come from your particular bank.  It may even appear to be a store you shop at regularly.  And you think, I need to check this out. After all, it couldn’t be the bad guys,  "how would they KNOW I just ordered something to ship via UPS???” , "how would they KNOW I use this bank???" The short answer is, they don’t (unless someone is stalking you and that’s a whole ’nother conversation).  So many of these are sent out on a daily basis, they will eventually contact a number of people who believe it applies to them simply because of timing. The variations on these emails are endless. Therefore, view all these requests with skepticism. The delete button is your friend.  

Another tack they take is to call and tell you they are from Microsoft, your ISP, a tech company, or some anti-virus company and there has been a virus detected on your system, could you please let them connect to your computer and they will clean it up.  Maybe they say they are from your bank and they need to confirm your information or you won’t be able to access your money.  (a bank threatening to take away money access is an easy way to scare people) 

No no no!!!!  Hang up.  Do not even talk to these people, don’t be polite, just end the call.   Here’s a hint… Microsoft has billions of copies of their operating system out in the world, they don’t call their customers.  EVER.  Never EVER.  Remember this.  Anti-virus companies don’t call either.  The idea is, you contact them if there is a problem. They never contact you asking to get on your system. If your bank really calls you, they will not ask you to give them your account number (if they do, find a different bank immediately!).  

If you are sincerely worried about your bank account.  Call your bank directly from a phone number on your statement, not from a number given to you by someone you don’t know. Better yet, go see them in person.  Don’t trust caller id as this can easily be spoofed by bad guys and be made to say anything they want. 

I have had my credit card companies call me because of likely fraud on my card.  They are generally automated calls.  I listen to them on my voicemail, then I call the 800 number on my card (not the one left on the voicemail).  These have all been genuine, but I do the calling to a valid number to make sure I know exactly who I’m talking to.  

And these are just a few things you can do to keep yourself somewhat safer out there in the Wild Wild Internet. 

Questions?  It's hard to fit everything into a post, so I very likely missed something. 

Posted by: Teresa in WebTech at 04:27 PM | Comments (6) | Add Comment
Post contains 1207 words, total size 11 kb.

1 Good tips all around! Thanks.

Posted by: joated at January 17, 2014 06:47 PM (brwqG)

2 What joated said. We recently experienced debit card fraud: someone got hold of my card info & ordered about $2,000 worth of automotive accessories from L.A., Salt Lake City and Toronto.

My wife caught it while doing her daily read of the transactions, We'd already reported it about 4 hours before the bank's automated call. I have a new card now.

Posted by: Rev. Paul at January 17, 2014 07:03 PM (IMSbm)

3 Oh - and the bank covered all the charges because we reported it so promptly. That's another important point.

Posted by: Rev. Paul at January 17, 2014 07:03 PM (IMSbm)

4 You have to let them know BEFORE the bill is paid.  After is too late.  They don't have more of a deadline than that because there are many people who don't log in online and therefore don't find the problem until they get their statements. 

Posted by: Teresa at January 17, 2014 07:07 PM (KhgAG)


Good advice.  And important to check every email, because they come in innocent looking packages with (almost) real logos, etc. 

Another thing we do is use a program that stores/encrypts our info, and syncs to our phones and our computers at home.  We can export the data to Excel to have a checklist of every password we need to change with links to the provider websites, etc.  Because keeping it elsewhere is totally unsafe.

Posted by: Barb at January 18, 2014 10:50 AM (6Tehe)

6 LOL yes, there is that too Barb.  Unfortunately the post as it is was already overly long.  Can't get everything all at once sadly.  There is so much to be covered it can be exhausting.  

Posted by: Teresa at January 18, 2014 01:47 PM (KhgAG)

Hide Comments | Add Comment

Comments are disabled. Post is locked.
33kb generated in CPU 0.02, elapsed 0.0681 seconds.
69 queries taking 0.0546 seconds, 224 records returned.
Powered by Minx 1.1.6c-pink.