How Your Credit Card Information Is Stolen and What to Do About It

Your credit card information can be stolen right under your nose without the actual card leaving your possession. Unfortunately, most victims of this type of credit card theft don’t what’s happening until after their credit card account information has already been used. Often, fraudulent credit card charges are the first sign that credit card information has been stolen. Fortunately, there are a few steps you can take to clear your name and get your credit card accounts under control.

How Thieves Steal Credit Card Information

In many instances, thieves don’t steal your credit card information directly from you. Instead, they get it somewhere else in the credit card processing chain.

Hacking Into Other Businesses

Thieves can steal your information by breaching a company where you’ve used your credit card or a company that handles some aspect of credit card processing. Since data breaches target entire organizations, sometimes millions of consumers have their credit card information stolen, as was the case in the Equifax data breach of 2017.2

Skimming

A credit card skimmer is a small device that captures your credit card information in another otherwise legitimate transaction. Thieves secretly place credit card skimmers over the credit card swipe at gas stations and ATMs and retrieve the information captured.

Installing Malware or Viruses

Hackers can design software that’s downloaded in email attachments or other software and sits on your computer, tablet, or smartphone undetected. In one instance, hackers take advantage of public Wi-Fi to trick people into installing malware disguised as a software update. The software monitors your keystrokes or takes screenshots of your page and sends the activity to the thief

Phishing Scams

Thieves set up traps to trick consumers into giving up credit card information. They do this by phone, by email, through fake websites, and sometimes even via text message. In one scam, for example, you may verify some personal information in a call that you think is from your credit card issuer’s fraud department, but it’s really from a scammer. It’s important that you only give out your credit card and other personal information only in transactions you can be sure are safe.6

Dumpster Diving

Throwing away documents or receipts that have your full credit card number printed puts you at risk of theft. Always shred these documents before tossing them in the trash. Unfortunately, you can’t control how businesses dispose of their records. If they fail to shred records that contain credit card information, the information is at risk of being stolen.

What Thieves Do With Your Credit Card Information

If a thief gets access to your credit card information, they can profit from it in a few different ways. All of them can make life more difficult for you. Thieves can use your credit card information to buy things over the internet. It’s much easier for them to do this if they also have your billing zip code and the security code from the back of your credit card.

Thieves may also sell your credit card information on the dark web—and the more information they have, the more it’s worth. For example, it may be sold for a higher price if the thief also has your name, address, date of birth, mother’s maiden name, and three-digit security code from your credit card.8

Thieves can also make legitimate-looking credit cards by programming your credit card information on a gift card or prepaid credit card. When the card is swiped, the transaction processes just like it would if you swiped your actual credit card.9

How to Know If Your Credit Card Information Has Been Stolen

This kind of credit card theft can go undetected for several months. It’s not like a physical credit card that you notice is missing. You likely won’t know until you notice unauthorized charges on your credit card account.

Don’t count on your bank to catch instances of credit card theft. Your credit card issuer may call you or freeze your account if they notice purchases outside your normal spending habits, but don’t take for granted that your bank will always notify you of potential fraud.

Monitor your credit card often and immediately report fraudulent purchases, regardless of the amount. It’s not enough to read through your transactions once a month when your credit card statement comes. Once a week is better, and daily or every other day will let you spot fraudulent purchases before the thief can do too much damage to your account. Some credit cards can send real-time transaction notifications to your smartphone.

Also pay attention to news regarding hacks and data breaches. News reports will often include the name of the store affected and the date or date range the data beach occurred. If you shopped during that time period, there’s a chance your credit card information was stolen.

What to Do If Your Credit Card Information is Stolen

It’s easy to know when your actual credit card has been stolen because your credit card is actually gone. It’s not as easy to know when your credit card information has been stolen. Often, you only notice signs that hint your credit card information has been stolen, like unauthorized purchases on your credit card.1

If you think you’ve been a victim of identity theft of any kind, including having your credit card information stolen, then you can visit IdentityTheft.gov. The website, which was created by the Federal Trade Commission, will walk you through the steps you need to take to report it and recover.

Review your recent credit card transactions to see if there are any you didn’t make. Note the fraudulent charges you found. Even if you didn’t find any fraudulent charges, call your credit card issuer and let them know you think your credit card information has been stolen. Let your card issuer know of any transactions on your account that you didn’t authorize.

You have protection under the Fair Credit Billing Act and the Electronic Fund Transfer Act if your credit information is stolen. You’re not liable for any unauthorized charges so long as you report the loss before your credit card is used. You must report the transactions to your credit card issuer so they can investigate and remove them from your account.

The credit card issuer will cancel your old credit card account, remove the fraudulent transactions from your account, and send a new credit card and a new credit card number. Continue monitoring the transactions on your new credit card. Also shred any documents with your credit card information on them. As soon as you start using your credit card, the details are at risk of being stolen.

Keeping Your Credit Card Information Safe

If you use your credit card at all, anywhere, your information is at risk. Still, there are a number of things you can do to keep your credit card information safe. That includes using strong passwords, being cautious about where you use your credit card, always using secure websites, and avoiding storing your credit card details in your web browser.13

By LaToya Irby

More Contents:

Windows 10 Users Beware New Hacker Attack Confirmed By Google, Microsoft

As Microsoft confirms a Google-disclosed and unpatched zero-day vulnerability is being targeted by attackers right now, here’s what you need to know.

Microsoft has confirmed that an unpatched ‘zero-day’ vulnerability in the Windows operating system, affecting every version from Windows 7 through to Windows 10, is being actively targeted. Microsoft was first informed of the vulnerability by Google’s Project Zero team, a dedicated unit comprised of leading vulnerability hunters, which tracks down these so-called zero-day security bugs.

Because Project Zero had identified that the security problem was being actively exploited in the wild by attackers, it gave Microsoft a deadline of just seven days to fix it before disclosure. Microsoft failed to issue a security patch within that hugely restrictive timeframe, and Google went ahead and published details of the zero-day vulnerability, which is tracked as CVE-2020-17087.

The bug itself sits within the Windows Kernel Cryptography Driver, known as cng.sys, and could allow an attacker to escalate the privileges they have when accessing a Windows machine. The full technical detail can be found within the Google Project Zero disclosure, but slightly more simply put, it’s a memory buffer-overflow problem that could give an attacker admin-level control of the targeted Windows computer. Recommended For You

While attackers are known to be actively targeting Windows systems right now, that doesn’t mean your system is going down. Firstly, I should point out that, according to a confirmation from Shane Huntley, director of Google’s Threat Analysis Group, the attackers spotted exploiting the vulnerability are not targeting any U.S. election-related systems at this point. That’s good news, and there’s more.

While Microsoft has confirmed that the reported attack is real, it also suggests that it is limited in scope being targeted in nature. This is not, at least as of yet, a widespread broad-sweep exploit. Microsoft says that it has no evidence of any indication of widespread exploits.

PROMOTED Civic Nation BrandVoice | Paid Program Election Day On College Campuses: Not A Day Off, A Day On MORE FROM FORBESNew Windows 10 Remote Hacking Threat Confirmed-Homeland Security Says Update NowBy Davey Winder

Then there’s the attack itself which requires two vulnerabilities to be chained together for a successful exploit to happen. One of them has already been patched. That was a browser-based vulnerability, CVE-2020-15999, in Chrome browsers, including Microsoft Edge. As long as your browser is up to date, you are protected. Microsoft Edge was updated on October 22 while Google Chrome was updated on October 20.

There are no known other attack chains for the Windows vulnerability at this point. Which doesn’t mean your machine is 100% safe, as an attacker with access to an already compromised system could still exploit it. However, it does mean there’s no need to hit the panic button, truth be told. Microsoft has also confirmed that the vulnerability cannot be exploited to affect cryptographic functionality.

I reached out to Microsoft, and a spokesperson told me that “Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers.”

As for that seven-day disclosure deadline from the Google Project Zero team, the Microsoft spokesperson said that “while we work to meet all researchers’ deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.”

Although Microsoft has not commented on the likely timing of a security patch to prevent exploitation of this Windows vulnerability, the Project Zero technical lead, Ben Hawkes, has tweeted that it is expected as part of the Patch Tuesday updates on November 10.

How big a threat is this to your average Windows user? That remains to be seen, but currently I’d classify it as a be aware but don’t panic situation. Hang-fire, ensure your web browsers are bang up to date, and you should be fine. There are far more significant risks to your data than this zero-day attack, in my never humble opinion. Risks such as phishing in all forms, password reuse, lack of two-factor authentication and software that isn’t kept up to date with security patches.

MORE FROM FORBESHacker Uploads Own Fingerprints To Crime Scene In Dumbest Cyber Attack EverBy Davey Winder Follow me on Twitter or LinkedIn. Check out my website

Davey Winder

Davey Winder

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

.

.

Business News

As Microsoft confirms a Google-disclosed and unpatched zero-day vulnerability is being targeted by attackers right now, here’s what you need to know. Microsoft has confirmed that an unpatched ‘zero-day’ vulnerability in the Windows operating system, affecting every version from Windows 7 through to Windows 10, is being actively targeted. Microsoft was first informed of the vulnerability by Google’s Project Zero team, a dedicated unit comprised of leading vulnerability hunters, which tracks down these so-called zero-day security bugs. Because Project Zero had identified that the security problem was being actively exploited in the wild by attackers, it gave Microsoft a deadline of just seven days to fix it before disclosure.

Connect with CNBC News Online Get the latest news: http://www.cnbc.com/ Find CNBC News on Facebook: http://cnb.cx/LikeCNBC Follow CNBC News on Twitter: http://cnb.cx/FollowCNBC Follow CNBC News on Google+: http://cnb.cx/PlusCNBC Follow CNBC News on Instagram: http://cnb.cx/InstagramCNBC

#vulnerability #newsupdate #newstodayheadlines #newsworldnow #newstodaybbc #newstodayoncnn #newstodayusa

Hackers Sell Data of 129 Million Russian Car Owners for Bitcoin

1

A database of 129 million Russian car drivers is being exposed on the darknet for just 0.3 Bitcoin or about $2,900.

The major cryptocurrency, Bitcoin (BTC), continues to be actively used for illicit activity. Anonymous hackers have taken the data of over 129 million Russian car owners to expose it on the darknet in exchange for cryptocurrency.

The leaked information includes the full names, addresses, passport numbers and other data belonging to millions of Russian car drivers, Russian news agency RBC reported May 15.

The stolen data is claimed to be leaked from the registry of Russia’s patrol jurisdiction, the General Administration for Traffic Safety of the Ministry of Internal Affairs of Russia. The authenticity of data has reportedly been confirmed by an employee of a local car sharing company.

The leaked data is being sold for cryptocurrency, RBC said, citing an original report by local publication Vedomosti. As such, the full version of the database costs 0.3 BTC, which amounts to about $2,900 as of press time. The hackers also offered to buy some “exclusive” data for 1.5 BTC ($14,400), the report notes.

Cryptocurrencies are being increasingly used for illicit activity on darknet markets. According to Chainalysis — a New York-based blockchain analytics firm — the volume of darknet markets’ crypto flows doubled in 2019 for the first time in four years.

Cybercriminals often sell stolen data on the darknet for almost nothing or even give it away for free. In mid-April 2020, hackers were selling over 500,000 accounts of popular video conferencing platform Zoom for less than a penny each.

In March, cryptocurrency fund Trident Crypto Fund suffered a major security breach, resulting in the theft of 266,000 usernames and passwords.

By:

Source:https://cointelegraph.com

GM-980x120-BIT-ENG-Banner-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-2-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-1-2-1

Hello World’s host Ashlee Vance traveled to Moscow and got a rare glimpse into the heart of Russia’s hacker underworld and the latest techniques in investigating cybercrime. #BloombergHelloWorld Watch the full episode of ‘Hello World: Russia’: https://www.youtube.com/watch?v=tICL-… Read more about FindFace on Bloomberg.com: http://bloom.bg/2h1VPSy Like this video? Subscribe to Bloomberg on YouTube: http://www.youtube.com/Bloomberg?sub_… And subscribe to Bloomberg Politics for the latest political news: http://www.youtube.com/BloombergPolit… Bloomberg is the First Word in business news, delivering breaking news & analysis, up-to-the-minute market data, features, profiles and more: http://www.bloomberg.com Connect with us on… Twitter: https://twitter.com/business Facebook: https://www.facebook.com/bloombergbus… Instagram: https://www.instagram.com/bloombergbu… Bloomberg Television brings you coverage of the biggest business stories and exclusive interviews with newsmakers, 24 hours a day: http://www.bloomberg.com/live Connect with us on… Twitter: https://twitter.com/bloombergtv Facebook: https://www.facebook.com/BloombergTel… Instagram: https://www.instagram.com/bloombergtv

CEOs Are Feeling Better About Data Security–but Hackers Aren’t Far Behind

No matter what you do to protect your business from hackers, cybersecurity will always be a moving target.

Increasingly sophisticated hacking techniques mean CEOs always have to stay one step ahead of the latest ploys. A November Inc. survey of CEOs and other senior executives from more than 150 Inc. 5000 companies asked respondents about their level of confidence in the security of both their company and personal data. The results: 53 percent of respondents said they feel more confident about the security of their company’s data now compared to five years ago, while just 28 percent said the same about their personal data.

Matt Singley, founder of Chicago real estate firm Pinnacle Furnished Suites, is concerned about new methods being used by hackers, but feels confident in his company’s defenses against them. One way the company minimizes the potential impact of a breach is by storing customer information only when necessary. Pinnacle also performs regular audits to purge its system of data it doesn’t need. “The only way to be completely secure with your data,” he says, “is to not store it.”

John Kailunas II, CEO of wealth management firm Regal Financial Group, says that the external threats his company faces have increased in both quantity and complexity. The company has countered this by adding required security awareness training for every employee and hiring cybersecurity consultants to recommend changes. Kailunas says cybersecurity is an issue that requires constant examination. “Still,” he adds, “we have seen a significant improvement in our ability to identify potential threats.”

Advances in hacking practices aren’t the only factor that have made security more challenging. “More and more, people are working from different devices that companies own,” says Shana Cosgrove, CEO of cloud software firm Nyla Technology Solutions, which provides software and cybersecurity services to the Department of Defense. “It’s a lot harder to handle security when you don’t own the entire platform.”

Jack Wight, CEO of device rebate company Buyback Boss, says his company is under near-constant attack from hackers trying to access bank account information. Scammers will spoof the company’s vendors over email and ask for wire payments, so Buyback Boss has implemented a policy of always calling vendors before sending payments. “Five years ago there just wasn’t as much of this going on,” he says. “Now we’re dealing with scammers almost on a daily basis.”

Claude Burns used to work in data security for the U.S. Navy before founding corporate beverage service Office Libations. He says his knowledge of the cybersecurity field has led him to be constantly on guard. “I don’t think any information is safe or secure,” he says. “Your personal information is out there. Companies whose whole job is to protect it, like Equifax, are getting breached and hacked repeatedly.”

Burns compares being hacked to getting in a car accident: Drive enough miles, and it’s going to happen eventually. For him, the key is making sure that if something does look weird, his team can detect it quickly. “That way,” he says, “when something does happen, you’re able to mitigate the damage from it. In other words, wear your seat belt.”

Source: CEOs Are Feeling Better About Data Security–but Hackers Aren’t Far Behind

Thanks Bitdefender for sponsoring this video! Try Bitdefender Total Security 2019 FREE for 90 days at https://lmg.gg/tqbitdefender There have been plenty of headlines about data breaches lately…but where does all that data go once it’s been stolen? Techquickie Merch Store: https://www.lttstore.com Follow: http://twitter.com/linustech Join the community: http://linustechtips.com Leave a reply with your requests for future episodes, or tweet them here: http://twitter.com/jmart604

Microsoft Issues Excel Security Alert As $100 Million ‘Evil Corp’ Campaign Evolves

Russian cybercriminal group Evil Corp is using Microsoft Excel to infect victims

Evil Corp may well be best known to millions of viewers of the Mr. Robot TV drama as the multi-national corporation that Elliot and FSociety hack. However, back in the real world, Evil Corp not only exists but is weaponizing Microsoft Excel to spread a malware payload. Researchers from Microsoft Security Intelligence have this week taken to Twitter to warn users to be alert to the ongoing campaign being run by Evil Corp, also known as TA505. Like most successful cybercriminals, Evil Corp is constantly evolving in terms of techniques and tools. The latest twist in this felonious tale involves Microsoft Excel as a payload delivery vehicle.

Who or what is Evil Corp?

Evil Corp, or TA505, is a Russia-based hacking group that has been credited with being the mastermind behind a $100 million (£76 million) global bank fraud. Two alleged members of Evil Corp were charged by U.S. prosecutors with bank fraud in December 2019, although both remain at large. One of them, Moscow-based Maksim Yakubets, is thought to be the Evil Corp leader and currently carries a $5 million (£3.8 million) bounty issued by the U.S. Justice Department. Meanwhile, the U.S. Department of the Treasury has stated that Yakubets is believed to provide “direct assistance to the Russian government’s malicious cyber efforts.”

Thought to have been active since at least 2014, Evil Corp shows little sign of reigning back on the cybercrime activities it is renowned for: the distribution of banking Trojans and ransomware malware. New research from cyber-intelligence outfit Prevailon suggests that TA505 has compromised more than 1,000 organizations. Organizations that include two U.S. state government networks, two U.S. airlines and one of the world’s top 25 banks.

What is the Excel alert that Microsoft Security Intelligence researchers have tweeted?

In something of a tweetstorm on January 30, the Microsoft Security Intelligence team alerted users to a new and active malware campaign from the Evil Corp actors. After what the Microsoft researchers referred to as “a short hiatus” by Evil Corp, they warned that a new “Dudear” phishing campaign was up and running, still deploying an information-stealing Trojan known as GraceWire but doing so using tweaked tactics.

The use of HTML redirectors, to avoid having to use malicious links in emails or infected attachments, means that the threat actors can directly download a malicious Excel file on the victim to drop the Trojan payload. Not that there is no interaction from the user required, of course. The victim still needs to open the Excel file that is automatically downloaded, and they will still have to enable editing and enable content in order to be infected.

How can you mitigate against the Evil Corp Excel threat?

Microsoft is proving to be more than just reactive to malware threats, adopting a proactive position as far as these kinds of phishing campaigns are concerned. When the Microsoft Digital Crimes Unit and the Microsoft Threat Intelligence Center discovered an advanced persistent threat (APT) hacking group, thought to be operating out of North Korea, using carefully constructed fake domains to spoof victims into thinking they were dealing with Microsoft, a powerful legal counterpunch soon closed them down.

As far as this latest Evil Corp campaign is concerned, however, the biggest mitigation clue has already been given in my last paragraph: don’t enable editing of that Excel file you didn’t ask for, and certainly don’t enable content. Microsoft Security Intelligence has confirmed that Microsoft Threat Protection will stop this latest attack threat, Office 365 also detects malicious attachments and URLs used in such phishing emails. Finally, Microsoft Defender ATP will detect and block the Evil Corp threat trinity of malicious HTML, Excel file and payload.

Follow me on Twitter or LinkedIn. Check out my website.

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994….

Source: Microsoft Issues Excel Security Alert As $100 Million ‘Evil Corp’ Campaign Evolves