In this issue: a hacked debit card abroad and six tips for stopping the fraud



Download 16.06 Kb.
Date30.06.2017
Size16.06 Kb.
#22095
In this issue:

  • A hacked debit card abroad and six tips for stopping the fraud

  • Cybersecurity shorts: 20 hotels hacked, a Samsung Pay flaw discovered, a health care breach, and more

  • Software updates

Welcome to the August edition of the Savvy Cybersecurity newsletter. As always, this month was full of cybersecurity happenings.

Read on to learn more about:



  • What to do if your card is used fraudulently

  • Why 900 million Android phones are at risk

  • Why you need to update your iPhone and iPad now

  • And more

A hacked debit card abroad and 6 tips for stopping the fraud

Your cybersecurity can never rest, even when you're on vacation, as I learned last month. My name is Devin Kropp, assistant editor at Horsesmouth, co-creator of Savvy Cybersercurity, and co-author of Hack-Proof Your Life Now!

I spend a good majority of my time at Horsesmouth researching cybersecurity threats and methods to keep you and your clients safe. I've implemented the recommendations we give in our program in my own life—but sometimes hackers can still strike.

At the end of July, I traveled up to Montreal for vacation. Not having an international cell phone plan, I turned the cellular data on my iPhone off and put my phone on airplane mode, meaning I would only receive iMessages when I was connected to Wi-Fi.

I went out for the day to do some exploring and when I tried to use my debit card at the metro station, it was declined. I thought that was odd but figured the bank thought it was a suspicious charge because it was coming from Canada. I let it go and used my credit card to purchase the ticket with no problem.

Discovering the problem

But when I got back to the hotel the declined card was still on my mind. I connected to (secure and private) Wi-Fi and logged onto my online banking app. There I saw three charges from Long Island, New York—hundreds of miles away.

All three charges were small—under $15 each—but I knew my debit card number had fallen into the wrong hands. Normally, I would receive text message alerts of the purchases, but because I did not have cell phone service, the texts could not go through. I immediately sent my bank a message via the app and reported the fraudulent charges, asking them to close my account if they had not already.

The aftermath

When I got back home, I visited my bank to report the fraud in person and get a new debit card. Because my physical card was not lost or stolen, the bank reimbursed me for the fraudulent purchases.

They didn't have any insight on how my debit card number was exposed, but with the countless data breaches in the last few years, I can't say I'm surprised. While we want to prevent our information from being stolen, we need to accept that some of it has already been exposed and we need to have protection measures in place.

Normally, my text message alerts would do that, but like many things in life, cybersecurity doesn't always work out as planned. Because my personal security is something I think about on a daily basis, I didn't let the declined charge go and I investigated further. I may have stopped a large purchase from being made with my message to the bank.



6 tips for dealing with fraudulent charges, reporting to the bank, and getting a new card

It's likely something like this will happen to you, a family member, or a friend. Here are some tips for handling it from my own personal experience.



  1. If you haven't already, sign up for text or email alerts for your bank and credit cards. If you can get both, even better. If I had email alerts as well, I would have gotten a message when I logged on to the Internet. You should be able to set up these alerts through your bank and credit card's online portal. If you have trouble, contact your bank's customer service.

  2. Make it a habit to check your accounts regularly. Sometimes technology fails us and we don't get that text or email alert. Log in to your accounts on a regular basis to review all charges.

  3. And be sure to look at all charges closely! Experts say that oftentimes; card-stealers make small purchases to test the waters before spending big. In my case, three small charges were made and it's possible a larger purchase was planned. If you see even the smallest fraudulent charge, contact your bank or credit card company immediately.

  4. Change your PIN. When I went to the bank to get my new card, the associate asked if I wanted to keep my old PIN. Since I had no idea how my card was compromised, I said no and changed my PIN number. Sure, typing four new numbers will take some getting used to, but that's much easier than dealing with fraud.

  5. And change your online password. As soon as I got my new card, I also changed my online banking password. I have no reason to believe that my PIN or online account was compromised but why risk it and make the hackers' job easier.

  6. Be sure to update any auto-pay accounts that you have. With a new card number, you'll have to update any accounts that have auto-pay, like Netflix, your cable and Internet, your gym membership, and so on. You don't want to be charged a late fee because your account no longer exists.

Dealing with a cybersecurity incident isn't fun, but it happens. Let my story be an example that we always need to be thinking about our personal security—even when we want to take a break. Set up prevention methods such as text or email alerts and a credit freeze to limit the amount of damage that can be done. But still be aware of your cybersecurity at all times.

If something does happen, don't let it get you down. I am thinking about cybersecurity every day and still my card was used fraudulently. Again, we can't always prevent the hackers from getting our information, but we can act quickly and limit the losses.



Cybersecurity shorts

Social Security Administration adopts two-factor authentication for online accounts. Users who manage their retirement benefits at ssa.gov will now have the option to provide a cell phone number when creating or logging in to their account. The SSA will send a code to the cell phone number whenever the user attempts to log in. That code will need to be entered online to validate the login. When the SSA first released this plan, it required that users provide a cell phone number. However, after a difficult rollout and complaints that the program would not stop fraudulent accounts from being created, the SSA has made two-factor optional.

Voting machines become less secure each year, according to a group of Princeton professors. Professor Andrew Appel bought his own voting machine online and set out to hack the machine. He found that many of the machines are less secure than our iPhones and worries that many states' voting machines could be vulnerable to attack.

Samsung Pay flaw exposed at DEF CON security conference. The mobile payment app used on Galaxy smartphones has a bug that would allow hackers to intercept payment card information from other users. The flaw allows hackers to see payment tokens. These "tokens" are codes generated by the phone which act as payment card information. While the tokens can only be used once, being able to intercept a large number could allow hackers to find patterns and create their own usable tokens. Samsung has said the claims are "inaccurate and misleading."

Over 3 million people have information compromised from breach at health care insurance ID card company, Newkirk Solutions. The company provides ID cards for insurance agencies including Blue Cross and Blue Shield. Newkirk says no Social Security numbers, banking information, or medical information was leaked. However, hackers did access names, addressed, plan type, and member and group numbers. Affected customers will receive a letter from Newkirk Solutions.

900 million Android smartphones are at risk, according to security research firm Check Point. The security firm says Android phones using Qualcomm internal parts are at risk. The flaw could allow hackers to access data on the phone, control the camera, and also track the device's location via GPS. Android flaws are much more difficult to address because so many different devices run Android software. Unlike iOS on Apple, there is no central manufacturer releasing updates to the devices. If you use an Android phone and do get an update notification, be sure to update immediately.

Over 300 Eddie Bauer stores in the U.S. and Canada suffer malware attack. The outdoor clothing chain says payment cards used at stores between January 2016 and July 2016 may be at risk. Online purchases were not affected. If you shopped at Eddie Bauer in the last six months, you will be contacted by the company and offered identity protection services.

Hackers send phishing emails from legitimate Walmart email address. Customers of Walmart.com report receiving multiple emails asking them to reset their Walmart account passwords in what appears to be a phishing attack. The emails, however, seem to actually be coming from a legitimate Walmart.com email address. Experts say this could mean that an employee is sending the messages or a hacker has been able to infiltrate Walmart's email system.

Democratic National Committee (DNC) hack much larger than originally thought. The hack, which first exposed private emails within the DNC, is now found to have affected the private email accounts of over 100 Democratic officials and groups, including the Democratic Governors' Association. Experts believe Russia is responsible for the attack.

Following hacks, DNC forms cybersecurity board. Acting DNC Chairwoman Donna Brazile is working to create the Cybersecurity Advisory Board which will be made up of industry experts. The board will help prevent future attacks. Members include former Department of Homeland Security members and former White House chief technology officers, among others.

20 hotels breached exposing over 10,000 customers. HEI Hotels & Resorts, which owns Starwood, Marriot, Hyatt, and Intercontinental hotels, has discovered a breach dating back to March 2015. The hotel chain says its systems were infected with malware that stole payment card information in real-time. Names, credit card numbers, expiration date, and verification codes are believed to have been exposed.

Better Business Bureau provides tips to college students for preventing identity theft. The BBB reminds students that they are at particular risk of identity theft, since their clean credit is attractive to hackers. Some recommendations include using a safe in your dorm, protecting your computer with antivirus software, and checking your debit and credit card statements closely.

Software updates

Apple: iPhone and iPad users should update to iOS 9.3.3 to avoid a serious bug. You may remember the Stagefright bug that affected Android devices last summer. Now, there is a similar bug affecting iPhones. The flaw allows hackers to send you malicious messages or webpages if they have your number. Your devices will prompt you to update and you should do so immediately. If you don't have enough room on your device, remember you can plug your phone or tablet into your computer to update manually.

Microsoft: Microsoft released a round of critical updates this month closing security holes in Internet Explorer, Edge, Microsoft Office, Skype, and other programs. Most of the critical updates are for Internet Explorer and Edge. Your system should update automatically so be sure to update immediately. You can read more about the patches here.

Securities offered through National Planning Corporation (NPC), Member FINRA/SPIC. Kusske Financial Management, Inc. and NPC are separate and unrelated companies.

Download 16.06 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page