I’m sure you’ve heard some of the bad press Target has been getting lately. The story goes that hackers installed malware on their payment terminals. About 70 million Target shoppers banking and personal information was stolen including email, mailing address, telephone number, card number (including security codes), expiration dates, and PIN numbers.
The bad news didn’t stop there though. Recently it’s come out that seven out U.S. retailers, including Neiman Marcus, were the victims of hacking. Cyber thieves stole the same type of information from millions of people. Although authorities are being vague about the exact number of people affected by these cyber-crimes last month, it’s estimated that over 100 million people in the U.S. we’re affected, that’s almost a third of our nation’s population.
Unfortunately I was one of the affected. About two weeks ago I got an email from my bank, Bank of America, saying that my information might have been compromised at a retail shop. I looked at my statement and sure enough I had shopped at Target during the 2 weeks when the hacking took place. Son of a gun!
So now on top of all of life’s other stresses I have to worry about possible attacks from hackers. Just great!
Even though Bank of America cancelled my old card I still could be a victim. It wouldn’t take much information (or additional effort) for them to pull it off. Over the next couple of weeks I am going to have to be vigilant; checking my statements daily for unauthorized charges, not giving out personal financial information over the phone, verifying emails are from trusted sources, watching out for unsolicited texts.
Specifically there are four scams hackers could come at me with to try to profit off me.
Except that I am now on the lookout for any kind of phishing or unauthorized charges on my account. If you are in the same boat as me you should be wary of phone calls, emails, texts,
There are four types of scams these hackers could pull to try to get rich off me. If you have been a victim of the recent attacks watch out for these four types of attacks by thieves to get information from you.
1. Phishing
This one is the most common of the four. If you are online at all you might have already seen this kind of attack in action. Most of the time in phishing scams thieves send you an email claiming to be your bank, a store you frequently shop at, a friend you know or your credit card company.
The email is usually filled with a worrisome story or an urgent message that requires immediate action on your part. They’ll direct you to click on a link they provide. And proceed to ask you to enter sensitive information like username, password, credit card, PIN number or the 3 digit security code on the back of your card.
If you are ever unsure about an email’s authenticity avoid clicking on the link and go to a new web page and type in the web address, this will ensure you don’t install any viruses or malware.
2. Spear-phishing
Spear-phishing is a lot like phishing, except that it is more targeted. Just as a fisherman would use a spear to get a single fish; spear-phishing targets individuals rather than the masses.
The term is a play on words of how a fisherman targets fish. When a fisherman casts out a wide net he is waiting to see who takes the bait. Phishing hackers work in the same way. When a hacker sends out a mass email to hundreds of people trying to gain access to their personal information it is called phishing. When a hacker sends a single email that is tailored to the individual it is called spear-phishing.
Spear-phishing usually comes in the form of an email or text message and always comes from someone you know or a company you have regular contact with. Like I said before, the message is usually customized just for you. It contains bits and pieces of your personal information, just enough to make you trust that they are who they say they are.
While the emails may be tailored to you, the thieves want the same kind of information they would get from a regular phishing email. They’ll provide you with a link to a web page that looks awfully similar to one you trust and ask you to provide personal information like username, password, social security number, PIN number, etc.
These are highly sophisticated emails so a lot of people fall for them. The good news is that these types of scams usually only happen to corporations and wealthy individuals. The hacker has to spend a lot of time creating personalized emails and spoofed web pages so they don’t target a person unless they think they can get big money out of them.
To protect yourself never open attachments from strangers. If the email is coming from what looks to be a trusted source do not provide personal information if you’ve clicked on a link they sent you.
3. Vishing
Vishing, or voice phishing, happens when you receive a call from someone pretending to be from a trusted source, like your bank, the IRS or a company you have done business with sometime in the past.
They’ll ask you to verify information so they can help “fix” whatever so called problem they are calling about. You’ll be asked to “verify” personal information such as your account number and routing number, or Social Security number or credit card number and security code. In other versions callers direct you to a web page to enter in this personal information.
If a company ever calls you and asks you to “verify” personal financial information or your social security number tell them you’ll call them back. Then look for a number on the back of your credit card or for the company’s customer service number online. Call them and inquire about the problem. This will verify that you are talking to who you think you are. Never give our personal details over the phone.
4. Smishing
Smishing involves hackers contacting you through your cell phone, but this time via a text message. The text usually comes from a hacker pretending to be a close friend, your bank or credit card company. They’ll give you a link or phone number and tell you that your account has been compromised and you need to act quickly. Usually they’ll direct you to a link or a phone number in which you’ll be asked to provide or verify personal and financial information.
In many cases the text comes from a disguised number, usually from a “5000” number instead of an actual phone number.
Your real bank and credit card company will never contact you via a text message asking you to give personal information. Always look up the number on the back of your card and call to inquire about the problem.
Target has offered shoppers a free year of credit monitoring as a possible solution. While that may help some, all of us need to be on the look-out for hackers trying to get more information out of us so they can open up additional lines of credit in our names. Be mindful of who is asking for what whether it be through your phone or email – I know I will.
Keeping Money in Your Pocket,
Nancy Patterson
