Double Take: Subtle Ways Fraudsters Are Taking Your Data
Whether it’s a Nigerian Prince in your inbox or credit card skimmers at the ATM, fraudsters can be found anywhere vying for your information. While you might have put your fraud goggles on to see past these traps, fraudsters are constantly evolving and creating new ways to steal your data that might not be caught at first glance. Here are some of the different ways they’re gathering your data that’ll make you take a closer look.
Card Skimming 2.0
Despite the number of local news stories and Dateline specials on card skimmers, they’re here to stay and even harder to identify. Tried and true favorite of scammers, card skimmers are attached to legitimate card readers so that they can steal information from magnetic strips. And you might be thinking, but what about the shift to EMV and that handy chip on my card – won’t that protect me? Not so much, as POS magnetic strips and ATMs everywhere are still functional to work with card readers that haven’t quite made the switch to EMV.
Krebs on Security recently highlighted one of the most popular ways fraudsters have been applying this technique – overlays on point-of-sale terminals from Ingenico, which consumers have come across at many Wal-Mart and Safeway stores. According to Krebs, “the Ingenico overlay skimmer has a PIN pad overlay to capture the user’s PIN, and a mechanism for recording the data stored on a card’s magnetic stripe when customers swipe their cards at self-checkout aisles.” Beyond a few centimeters so that the shell overlay can be placed over the legitimate terminal, it’s very difficult to tell the difference. While Ingenico published a report on how to spot the differences, Krebs had to post not one but two pieces to inform the public of this deceptive tactic.
The Nigerian Prince isn’t the only charlatan who has you in his address book. Emails have become even more sophisticated, with the use of official-looking graphics and professional language. Egregious typos and grammatical errors aren’t as glaring, and if you skim too quickly and click any links within that email, you might find yourself unknowingly sharing your information.
Take for instance this email received from “PayPal”. Without taking a closer look, you might just want to rush to unlock your account. The email address has improved, however with a subtle extra “e” when you hover your cursor over the address -- <firstname.lastname@example.org>.
And it’s not just limited to PayPal, fraudsters have pushed out emails on behalf of USAA, American Express, Lloyds Bank, among others.
Save the clicking for your seatbelt and avoid touching any links. You can verify your account and messages from the company by logging into your accounts directly at their official sites.
Call Me Maybe
That unknown number blowing up your phone with a call or text? It could be a fraudster trying to get you to respond and rack up extensive charges. A number of mobile apps offer text message warnings about security issues or fraud. Fraudsters have taken advantage of them and have tried to impersonate those themselves.
Instead of immediately replying, take the time to look up the number before you respond. Also, like suspicious email, avoid clicking on any links sent via text from unknown numbers, which can also take data right from your phone.
While you may always be on the go, take an extra few seconds to slow down and do a double take. That extra look or thought you give a card scanner, email, or text can help separate you from a fraud victim to a fraud detector.