Cyber Security is an area of huge growth right now. You’ll have seen Martin talk about Facebook’s Cambridge Analytica scandal and Boards.ie being targetted with DDoS attacks (Distributed Denial of Service). Just last week, Napoli fell foul to a scam, transferring funds for a player purchase to fraudsters instead of another football club.
You can be sure that governments, banks, tech companies and anyone else who stores anything of value are spending big in order to protect their assets. But let’s be honest, which of these is really likely to affect you personally? Which of these is going to take cash out of your pocket or funds from your accounts? Really, what we are looking at here is your financial data. How do the bad guys get their hands on it, what can they do with it and what can you do to protect yourself? Let’s start by looking at “card not present” fraud.
What is Card Not Present Fraud?
By a long way, the biggest type of fraud being carried out against the individual is what is called “card not present” fraud. Even with the wealth of payment methods we have at our disposal these days, the good old card fraud is unfortunately popular. This basically means that somebody has gotten their hands on your credit or debit card details and is using them to buy stuff over the phone or online. Scammers are selling card details to each other for dollars right now, depending on how recently they have been sourced. There is a sliding scale of cost depending on age and quality, a new number with the PIN, name and address, CVV etc. will command more than just a number that’s been out there for a few days.
So how are the fraudsters getting your details in the first place? There are lots and lots of ways, many of which we could be doing more to prevent. They range from the incredibly sophisticated to the incredibly simple. In some cases, we don’t know that our details are being taken at all, in others we are unwittingly handing them over. It may be through our reliance on our online devices or it may be our simple naivety. I don’t intend to call them all out here (we would both be here far too long for that) but I will mention one or two.
How Fraudsters Get Your Details: Viruses and Malware
One source that will spring to most minds is through a virus or malware on a PC which is used for online shopping. Someone buys something on Amazon or eBay or wherever and some malicious piece of code picks up the details and sends them off to a scammer, who immediately uses them to buy loads of stuff for themselves. Well yes, but it is often a little more complex than that. Some of the malware that is out there is built to be so much smarter.
For example, there are variants of the ZeuS Trojan virus that are particularly nasty. They will obviously steal your card details but they will also hang around until you log into your online banking. They will steal your login details, but they will also mask any fraudulent transactions that have been carried out on your account, so when you log in you just don’t see them and your balance is altered to be what you would expect. This means that detection can take much longer and so the cards remain active for the fraudster. And it’s not just PC’s that are vulnerable, Android phones and tablets are also widely targeted. The restrictions placed by Apple make their devices significantly more secure but never say never!
How Fraudsters Get Your Details: Phishing, Smishing, Vishing
Of course, if you are reading this, you are probably up to speed enough to never be caught out by Phishing, Smishing, Vishing and the likes. These are all variants of the same thing, fraudsters acting like someone you can trust and asking for your bank or card details.
- Phishing: fraudulent attempts to get your details through email, instant messaging etc.
- Smishing: fraudulent attempts to get your details through SMS messages
- Vishing: fraudulent attempts to get your details through a phone call
These are still very prevalent for two simple reasons. Firstly, they are very cheap to operate and secondly, they still work! It may be hard to believe but so many people still fall for this kind of scam. In fairness, the fraudsters are smart. They can be hugely convincing and there is usually some form of implied threat included like ‘you won’t be able to access your funds unless you answer’ or ‘your laptop will be disabled’.
Ransomware is not a million miles from this, but with ransomware, the threat has usually already been acted upon and you are paying to get it removed.
Fraudsters will also play on your over-confidence. There are cases of fraudsters sending out numerous phishing emails that are obviously bad so the victim thinks that they know what a phishing mail looks like. They then send out one which looks perfect. It’ll have the right logo, be carefully crafted sentences with no spelling mistakes, use the correct tone and voice etc. All of this leads to the victim thinking that it must be real. They may also phone claiming to be from your bank saying that they are aware of fraudulent calls and wanting make sure that you have not been compromised. Sneaky, but very easy to fall for.
How Fraudsters Get Your Details: Card Skimming
Then there is the physical card itself. Card skimming is certainly an issue, both at ATMs and in store. Recently many banks have updated their ATM’s to make it much more difficult to attach skimming devices; you may have seen the machines with the round flashing green card slot. It wasn’t long before the fraudsters adapted. Many of you will have seen the below video from Vienna, but maybe you haven’t seen the photograph. It’s happening here as well.
Using our cards in-store can also bring a share of risk. You may remember how one of the country’s largest retailers unknowingly allowed fraudsters to alter the point of sale machines in one of its largest branches to capture and send customer data. The fraudsters disguised themselves as service agents looking to check the machines, but instead, they fitted card readers along with SMS capabilities so the card details were sent to the scammers in real time. This was an extremely rare example, what is more, usual is a rogue person who is working at a till holding your card over a hidden camera, or attaching a second card reader to the genuine one.
So basically whatever you do, there are bad guys out there trying to get your hard-earned cash. So what can you do about it? Well, it’s mostly common sense but there are some very simple things that you could and should be doing to protect yourself. I don’t want to come across all preachy, but these really are simple and no one will look after your own data, money and cybersecurity better than yourself.
Protect Yourself From Payment Fraudsters
Cover Your Hand
When using an ATM or a card machine in a shop, cover your hand when you are entering your PIN. The value of your card number is massively reduced if the bad guys don’t have your PIN as well. That’s why you often see the handguards broken off ATMs. Hidden cameras or shoulder surfers may be trying to see what you are entering, so don’t let them!
Physically Protect Your Card
The technology that lets you tap your card is called RFID. Some scammers have RFID readers and can run this alongside your bag or pocket, nabbing details. Some banks are wise to this and offer RFID protection sleeves. If you don’t have that option, pick yourself up a Secrid Wallet. These protect your card and looks lovely to boot.
Never Let Your Card Leave Your Hand
When you are buying stuff in a shop and especially in pubs, don’t hand over your card. The point of sale machine should be accessible for you to either tap or put your card into. There is no reason to give it to the person working in the shop to do it for you. Go on, imagine the last time you handed over your card for a few pints and the barman vanished for a few minutes.
Use Google Pay or Apple Pay
Ok, so you’d expect members of team Goosed to be biased towards tech, but both Google Pay and Apple Pay have added protection for shoppers. When you tap your phone, the payment app cloaks your actual card number with a virtual number. If someone is on the lookout for your card number, the one they get will be useless.
Also, store assistants and bartenders are a lot less likely to grab phones than they are cards. Which brings me to my next point…
Seriously, It’s Your Card: Stop Being So Polite
It’s not easy for us but stop being so polite. We often don’t want to seem rude by asking to shop assistant to give the point of sale machine to us. Or even worse, we don’t want them to think that we don’t trust them, so we openly enter the PIN in front of them. They would do it themselves so deep down they’ll understand.
Could You Be Talking To A Fraudster?
Unless you have instigated the conversation and know who you are talking to, don’t give anyone your passwords or login details. Simple as. If someone contacts you and asks for your details, just say no. If you think that it might be genuine, you are wrong. If they insist, ask them to put it in writing (a proper written letter) to the address that they should have on file for you. Then hang up, go and find the number for their complaints department and tell them about the poor business standards.
Use Anti-Virus and Anti-Malware Software
What we have all been told since we started using computers. Use anti-virus and anti-malware software and keep it up to date. It’s not a guarantee but it will certainly help. It is also in your terms and conditions of use for online and mobile banking, so if you do suffer fraud because your software was not effective, you may not have any come back.
If you’re on the lookout for some free options, both AVG and Avast offer free anti-virus protection that will suit most users. Malwarebytes is another critical piece of software with a really effective free tier that’ll both protect you from malicious software and help your remove existing gunk on your laptop.
The bottom line is that fraud is here to stay. Scammers will continue to try and find ways to get at our money. They will always be one step ahead and they only need to be successful once. We will always be playing catch up and we need to stop them every time. At the same time, there is no reason for us to make it easy for them. Noone cares about protecting your money and data more than you do, so take a few simply steps and make yourself a moving target for fraudsters.
Whoa there! While We have you…