Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Credit Card. Show all posts
Skimmer
ATM Bank Credentials Card Skimming Credit Card Cyber Security Financial Data Financial Security Phishing Attacks Skimmer

Taking Measures to Prevent Card Skimming and Shimming

Protecting your financial information is crucial in the digital era we live in today. Credit card skimming and shimming have grown to be serious risks to customers all around the world with the emergence of sophisticated cybercrime techniques. Maintaining your financial stability depends on your ability to recognize and resist these approaches.

Credit card skimmers, according to PCMag, are deceptive gadgets installed on legal card readers, such as ATMs or petrol pumps, with the purpose of capturing and storing your card information. Cybercriminals have adapted by utilizing shimmers, which are extremely thin devices inserted into the card reader slot, according to KrebsOnSecurity, which cautions that even with the switch to chip-based cards, they have done so. These shimmers allow them to intercept the data from the chip.

The Royal Canadian Mounted Police (RCMP) provides valuable insights into how criminals install skimmers. They often work quickly and discreetly, making it hard for victims to notice. They may place a fake card reader on top of the legitimate one or install a small camera nearby to capture PIN numbers.

To protect yourself, it's important to be vigilant. MakeUseOf suggests a few key steps:

  • Inspect the Card Reader: Before using an ATM or a card reader at a gas pump, take a moment to examine the card slot. Look for any unusual devices or loose parts.
  • Cover Your PIN: Use your hand or body to shield the keypad as you enter your PIN. This simple step can prevent criminals from capturing this crucial piece of information.
  • Monitor Your Accounts: Regularly review your bank and credit card statements for any unauthorized transactions. Report any suspicious activity to your bank immediately.
  • Choose ATMs Wisely: Whenever possible, use ATMs located in well-lit, high-traffic areas. Avoid standalone ATMs in secluded or poorly monitored locations.
  • Stay Informed: Keep up-to-date with the latest scams and techniques used by cybercriminals. Knowledge is your best defense.
Remaining vigilant and well-informed is your primary defense against credit card skimmers and shimmers. By adopting these practices and staying aware of your surroundings, you can significantly reduce the risk of falling victim to these insidious forms of cybercrime. Remember, your financial security is well worth the extra effort.


Read more »
User Data
Aadhaar card Credit Card Digital Payment Finance Online Payments OTP Payment Apps Paytm Privacy Sensitive Information User Data

Paytm's Innovative ID-Based Checkout Solution

Paytm has made history by being the first payment gateway to provide retailers an alternative ID-based checkout solution. The way transactions are carried out in the world of digital payments is about to undergo a revolutionary change because of this ground-breaking innovation.

Traditional Internet transactions need a multi-step procedure that includes entering personal information, OTP verification, and payment confirmation. By enabling consumers to make payments using additional IDs like Aadhaar, PAN, or mobile numbers, Paytm's new system accelerates this procedure. This not only streamlines the checkout process but also improves security and lowers the possibility of mistakes.

The alternate ID-based checkout solution comes at a crucial time when the demand for seamless and secure online payments is higher than ever. With the surge in e-commerce activities, consumers seek faster and more convenient payment methods. Paytm's innovative approach addresses this need by eliminating the need for remembering complex passwords or digging through wallets for credit card information.

One of the major advantages of this system is its inclusivity. It caters to a wide range of users, including those who may need access to traditional banking services but possess valid alternate IDs. This democratization of online payments is a significant step towards financial inclusion.

Moreover, Paytm's solution is not limited to registered users. It includes a guest checkout option, allowing even first-time users to enjoy the benefits of this streamlined payment process. This opens up a whole new market of potential customers who may have been deterred by the complexity of conventional payment methods.

Security remains a paramount concern in the digital payment ecosystem, and Paytm has taken meticulous steps to ensure the safety of every transaction. The alternate ID-based system employs advanced encryption protocols and multi-factor authentication to safeguard sensitive information. This reassures both merchants and consumers that their data is protected.

Paytm's launch of the alternative ID-based checkout solution establishes a new benchmark for online payments as one of the fintech sector's innovators. The user experience is improved by this innovation, which also responds to the changing needs of a broad and expanding consumer base. Paytm is well-positioned to take the lead in determining the direction of future online transactions with its user-friendly approach and uncompromising dedication to security.

Read more »
POS Malware
Business Credit Card malware Personal Data POS Malware

POS Malware: Your Business Might Be at Risk


POS malware- Your business might be at risk

If you are a business owner that uses a POS system for receiving payments, you should be cautious about the dangers of point-of-sale malware and various threats associated with it. 

Malware is not very popular and is currently on the rise, however, if your system isn't protected, your businesses can be at risk.

Threat actors made the malware especially to attack POS systems to steal sensitive information like PINs, credit card numbers, and other personal data. The malware can be installed on any device that interacts with the POS system, this includes handheld devices, computers, and payment terminals. 

What is POS malware?

POS malware is software specifically created to steal customers' personal data via point-of-sale (POS) devices. The malware steals payment card info, this includes credit and debit card numbers, CVV codes, and expiration numbers. 

All of this information is stolen while your payment transaction is under process on the POS machine. The stolen data can be exploited for fraud purchases and identity thefts. 

POS malware is distributed via compromised networks and USB devices connected with the POS systems. It can also be spread using e-mails or other means of the internet. 

How does the POS malware work?

POS malware operates via attacking vulnerabilities in the POS system and software associated with it. The malware archives this by abusing weaknesses in the system, like poor security measures and weak passwords. 

POS malware takes the following steps to attack your business:

  • Getting access to your system

In the initial stage, the threat actor gains access to the victim system through an infected network or USB device. The access is achieved through methods like unsecured WiFi networks, phishing, or weak/predictable passwords.

  • Installing the Malware

After the threat actor gains access to the victim system, they deploy a POS malware into the targeted device (POS system). It can be a manual or remote process.

  • Threat actor starts collecting data

After the POS malware is installed, it hides secretly in the system and starts collecting data from customers' payment cards. The info stealing is done when the card details are stored in the system's RAM. It's the only time when data is encrypted. 

  • Harvesting the collected data

In the final stage, the threat actor harvests the collected card information for identity theft or fraudulent purchases. In some instances, they extract this data to a remote server where it is either sold or used for other criminal activities.

How to protect your business from POS malware?

  1. Create and implement robust security policies to protect yourself from threat actors.
  2. Use two-factor authentication (2FA), this ensures additional verification steps. 
  3. Check and verify network and device security
  4. Lookout for suspicious activities
  5. Inform and educate employees, and provide them proper POS training. 
  6. Use security software like antivirus to protect your business from external threats. 








Read more »
User Security
Credit Card Credit Card hack Cyber Security Data Theft Identity Fraud Identity Theft User Security

Here's How a Lost Wallet Becomes a Nightmare for Your Credit and Identity

 

Theft of identity and the establishment of bank accounts in your name can result from losing your wallet. That can result in years of battling false creditors and claims, building up bad credit. Jessica Roy, an assistant editor on the utility journalism team at the Los Angeles Times, experienced this. 

In 2018, she claims that her wallet was stolen from her purse at a pub, but she didn't pay it much attention. 

I actually didn't keep that much in there. My driver's license, some cash, and a few credit cards were all there. The following day, I discovered they had completed a few transactions. I changed the cards and got those backward. I initially believed it to be the conclusion, Roy stated. 

But in the middle of January 2019, she began receiving a tonne of letters. “It was like, ‘Congratulations on your new Bank of America account. Congratulations on your new Wells Fargo account. We're following up on your Target card inquiry.’ And I realized they were using my identity to start opening new accounts.” 

Roy speculates that the hackers might have secured her social security information through the dark web. According to her reporting, that is typical. Many people dismiss the frequent data breaches and online intrusions that result in the theft of personal information like passwords or social security numbers. 

Roy claims that nobody is secure. She discussed the 2017 Equifax hack, which affected 147 million Americans, in her blog. That comes from a credit bureau and is private information. Our every financial move is being tracked by the credit bureaus, who aren't even protecting our data, which is why we need to keep our identity so secure. 

She always believed that because she was a reporter and was being thorough, she would be able to thwart false claims and transactions. 

I never imagined that I would experience this. And when it happened, I said to myself, "You know what, I'm going to start doing something." I'll be in control of this. I'm going to call the banks and demand that they put things right. And that will be the conclusion of it. And they're going to take care of it and shut these accounts in a really friendly manner. And everything will be a closed book. But it persisted. 

In Roy's instance, some arrests eventually took place, which she claims is unusual. “It wasn't because ‘oh, the police dug into my crime and worked night and day to solve this.’ It's because [the suspects] were pulled over and arrested for something else. And incidentally, they happened to have a bunch of my identity material in the car with them.” 

Roy claims that despite their repeated attempts, the criminals were unable to access her bank and email accounts because they were secured. Things like two-factor authentication stopped future problems from getting worse. 

“They called me impersonating my bank and asked me to repeat my password as if it were a security question. And I realized I was like, ‘Oh my God, this is them. They're calling me on Christmas to try and steal my identity some more,” she further added. I really think the conclusion that I came to in experiencing this and reporting this story is that yes, there are steps you can take. Nothing is foolproof, and this is a systemic issue that has to be addressed.” 

Roy advises users to proactively freeze their credit cards and set up two-factor authentication for each account, including email and bank accounts, to lessen the risk of identity theft.
Read more »
Security
Carding Credit Card Cyber Fraud Data Financial Data Fraud Safety Security

Carding: What is it and how can you Safeguard Yourself ?

 

Carding has attracted a lot of attention recently, but not everyone understands what it includes. Carding is a type of credit card fraud that occurs when a stolen bank card is used to make purchases. It is a criminal act that affects both consumers and merchants. So, what exactly is carding, how do cybercriminals do it, and what are the risks? 

Carding is the illegal acquisition of goods or services through the use of another person's credit card information. This can be accomplished by stealing someone's credit card information or purchasing stolen financial data on the internet. Cybercriminals target online stores because they can purchase goods like electronics and other high-value items anonymously.

In some cases, criminals may sell or exchange stolen credit card information with others in underground forums. However apart from that, since such transactions are difficult to track, many cybercriminals buy gift cards or other types of prepaid cards. 

Many malicious hackers buy items with stolen cards and then sell them for a lower price for cash, earning money illegally. The main danger of carding is identity theft, as criminals can use stolen credit card information to buy items with someone else's money. If a credit card is used fraudulently and the user is unaware, financial losses or even criminal charges may result. 

Carding is carried out in a variety of ways by lawbreakers. They can use a variety of software tools to scan and find vulnerable websites, as well as brute-force password, cracking. Here are some other popular methods of carding used by cybercriminals:

  • Phishing: One of the most common methods is "phishing," in which criminals send emails or messages posing as legitimate companies and requesting credit card information.
  • Skimming: Skimmers, which are devices attached to ATMs and card readers, can also be used by criminals. Without the user's knowledge, the device collects credit card information.
  • PoS Malware: PoS malware is a type of malicious software that is designed to steal credit card information from retail stores and restaurants. This is a more advanced method of carding because it necessitates specialised knowledge and resources.
  • Zero-day vulnerabilities: Some criminals also use zero-day vulnerabilities, which are security flaws in software applications and operating systems that vendors have not yet discovered. To gain access to private data stored in databases, zero-day vulnerabilities can be exploited.
What is the process of carding?

Carding is usually implemented in the following steps.

Step 1: Card information has been stolen.
The first step in carding is to obtain credit card information. This can be accomplished through one of the aforementioned methods, such as phishing, skimming, and so on.

Step 2: Card information is validated.
Once the credit card information has been obtained, it must be verified to ensure that it is valid. Criminals typically carry out this step by making a small purchase on one or more websites and then watching to see if it is successful. It could be as little as $1, for example.

Step 3: Card information is used for purchases.
Criminals are now using substantiated card details to buy products or services from various websites. This enables them to profit by reselling the purchased items for cash (or they might just enjoy the products themselves).

Step 4: The transfer of funds
Finally, criminals transfer their illegally obtained cash using money laundering methods. They might also sell stolen credit card information on underground forums and dark web markets.

How to guard against carding attacks?

The best way to avoid carding is to take preventive measures and be cautious when using or sharing your credit card information.

The most obvious piece of advice is to be cautious with your information. Don't give out your credit card information to anyone, and be especially cautious when providing it online, as criminals may use phishing techniques to gain access to your information. Check your credit card statements on a regular basis to ensure that all transactions are legitimate. If you notice any suspicious activity, contact your bank right away. Use strong passwords for all of your online accounts. This will prevent criminals from accessing your financial information.
Read more »
User Privacy
american express Credit Card Cyber Security Data Privacy Safety Scam User Data User Privacy

An Online Date Led to an Inquiry into 'Systemic' Failures at American Express

 

Last summer, John Smith* had just returned to Sydney after more than a decade abroad when he met someone online. He began chatting with a man named Tahn Daniel Lee on the dating app Grindr. Lee was undergoing treatment for COVID at the time, so they communicated online for a few weeks before meeting in Sydney's Surry Hills for their first date - a Japanese dinner followed by Messina ice cream. The date would be one of many in a relationship that progressed quickly before taking a dark turn when Smith began to suspect Lee was watching his bank accounts.

The Age and The Sydney Morning Herald can disclose that American Express, one of the world's largest financial companies, would not only dismiss Smith's initial complaint without proper investigation but would also provide misleading information during an external inquiry. It comes after two major ASX-listed companies, Optus and Medibank, revealed sensitive identification and health data to criminals, igniting a national debate about how to best deal with emerging cyber threats.

The "insider threat," according to cybersecurity experts, is a major risk, and the Privacy Commissioner's inability to penalize companies that violate the law has created a culture of impunity among corporate Australia.

“Because, what is the recourse? Businesses just aren’t doing the risk management that’s required. The tone starts from the top, ” says former Australian Federal Police investigator turned cyber expert Nigel Phair.

Smith's first assumption of Lee was that he had a charming smile, and the relationship developed quickly. Lee worked as a relationship manager for American Express Centurion, an exclusive club for black cardholders who spend at least $500,000 per year.

Smith had a platinum American Express card from living in the United States, but Lee suggested he sign up in Australia so he could illustrate how to maximize the benefits. He consented and began using American Express as his primary banking card shortly thereafter. After a series of comments about items Smith had purchased, places he had been, or payments he had made, he became skeptical that Lee was watching his transactions.

“I asked him how he was able to do this without my consent or authority (one-time pin etc), and he replied, ‘because the system is completely open, I have god mode’,” Smith wrote in a complaint later filed with American Express.

Smith has autism, and while he is classified as "high functioning," he occasionally struggles to recognize inappropriate behavior. He noticed "warning signs" about Lee but ignored them while traveling to Hawaii and Hamilton Island with his new partner, he claims.

During one of these trips, Smith became uneasy with the manner in which Lee discussed his clients' affairs, including major food distributor Primo Foods, which he claimed siphoned millions of dollars to the Cayman Islands. Lee later texted, "FYI, everything I tell you about work is highly confidential." 

By April, he had attempted to end the relationship and had warned Lee that he would report his behavior to American Express. Lee reacted negatively to this. He begged Smith to continue the relationship and, at one point, called Smith's close friend out of the blue to persuade her not to file a complaint. This was the breaking point. He was hell-bent on reporting Lee.

Amex: ‘No inappropriate access’

At the same time, another American Express employee noticed unusual activity on Smith's account. Lee was subjected to an internal investigation, which swiftly cleared him of any wrongdoing. On May 26, the company wrote to Smith, claiming Lee was not in a position to access his account and, in any case, there was training and processes in place to protect customer data.

Unconvinced, Smith asked American Express to confirm that Lee's access to his account had been blocked and reported the Primo Foods discussions. Smith claims that the following week, during a phone call, he was told that if Lee had looked at his account, it was no big deal because they were partners, and discussing Centurion's clients was also no cause for concern.

Smith filed a complaint with the Privacy Commissioner, who directed it to the Australian Financial Complaints Authority. AFCA immediately requested a meeting with American Express to verify that Lee had lost the rights to Smith's account.

The company's response was quick, but it turned out to be incorrect.  “We confirm that the employee has no access to [Smith]’s account,” Amex responded.

In subsequent letters between AFCA, Smith, and American Express, the company continued to imply that there had been no inappropriate access or violation of privacy laws. Until the plot shifted. In August, three months after Lee's suspicious activity was discovered, Smith was notified by American Express that Lee had indeed accessed his personal information.  

Lee accessed Smith's private account nine times between February and April of this year, according to digital access logs. American Express then stated that while it was impossible to prevent Lee from accessing the account, he would be disciplined and the account would be monitored to ensure no further intrusions.

“American Express is unable to practically restrict American Express employees from being able to access any specific Card member data. We acknowledge that [Smith] feels uncomfortable with his previous partner access to his personal information and have made every effort to implement controls to further protect his data,” the company wrote in a letter.

In a final decision issued this month, AFCA determined that American Express violated privacy laws by letting Lee to access his accounts without authorization both before and after the relationship. It awarded Smith $2000 in damages but did not order an apology or absolve the company of any wrongdoing.

“I am satisfied the financial firm has investigated the matters raised by the complainant, and in the circumstances, it has responded appropriately,” AFCA found.

American Express declined to answer specific questions about how it investigated Smith's complaint or what action it took against Lee, but stated it maintains the "highest levels of integrity" and has cooperated with AFCA.

“Whilst they made a determination against us, they concluded that American Express had investigated and responded appropriately,” the company said. “We are satisfied that this matter poses no risk to the integrity of our systems. Protecting the privacy of our customers and the integrity of our systems remains our utmost priority.”

Current laws allow for fines of up to $2.2 million for each unauthorized access. The federal government is considering raising the penalty to $50 million per breach, which would mean that American Express could have faced penalties totaling $450 million for the nine breaches.

“Companies need to take this issue around unauthorized access to information more seriously because the penalties are significant,” CyberCX privacy law expert David Batch says. “But in reality, the Privacy Commissioner has historically not handed down those fines.”

Smith was informed in October that AFCA's systemic issues team had agreed to investigate American Express's handling of Smith's case. This team investigates serious violations and systemic issues and has the authority to refer cases to other regulators, such as the Privacy Commissioner, however, its findings are a little transparent. AFCA was unable to comment on whether the promised investigation would be carried out.

According to Nigel Phair, Professor of Cybersecurity at the University of New South Wales, the "insider threat" is a major concern for businesses, where the actions of rogue employees can jeopardize the security of the entire organization.

He claims that the government's failure to implement harsh penalties on companies that mishandle their customers' data fosters a culture of impunity among Australian corporations.

For Smith, American Express and the system designed to hold companies accountable have let him down. He now makes a point of only using the card in ways that do not reveal his location. Requests for comment from Lee and Primo Foods were not returned.

*Not his real name. He asked that his identity be kept confidential.
Read more »
Virtual Credit Card
Credit Card Cyber Security Digital Cards Information Online Payments Virtual Credit Card

Is it Safe to Use Virtual Credit Cards?

 

People all over the world use the internet to pay their bills, buy goods and services, and transfer money. This has many benefits, but one major disadvantage is security: millions of people fall victim to fraud and identity theft each year. 

Staying safe online necessitates constant vigilance, secure software, and a variety of skills required to navigate the World Wide Web. However, when it comes to online payments, virtual credit cards can add an extra layer of security. Virtual credit cards are primarily short-term digital cards intended for one-day or even one-time use. A virtual card is linked to a physical credit card or bank account.

It generates a card number, expiration date, and security code at random. As a result, your true information is not visible to or shared with anyone. Consider the following scenario to better understand how virtual credit cards work. You've logged into your preferred e-commerce platform, added various items to your cart, entered your information, and are about to pay. Instead of entering your credit card number, you create a new virtual credit card and enter all of the required information from it.

You learn several weeks later that this e-commerce platform was compromised by an unknown threat actor. The cybercriminal gained access to the company's systems, injected malicious code into the website, and stole user data, including credit card numbers. Your information and bank account, however, are safe because you used a virtual credit card rather than a real, physical card. 

Because the virtual credit card you used has already expired, you can proceed without concern about the breach. This is essentially the purpose of virtual credit cards. They conceal your true identity from threat actors and safeguard you from cybercrime. They obviously provide more privacy than physical credit cards, which is an added bonus.

Virtual credit cards are clearly something that everyone who values their security (and their hard-earned money) should consider. So, how does one go about obtaining one? The answer may be disappointing, but your best option is to contact your bank and inquire about virtual credit cards. Many people nowadays do.

However, if your bank or card issuer is incapable to provide you with a virtual credit card for whatever reason, there is another service called Privacy that you could utilize. It is a simple and easy-to-understand online platform for creating virtual credit cards. Essentially, all you need to do is add a funding source, create a card, and you're ready to go.

Of course, privacy provides much more. Setting spending limits, creating an online wallet with multiple cards, setting recurring payments (great for subscription services), tracking your spending, and more are all possible with the platform. Privacy also has a mobile app and a chrome extension, enabling you to access the service from almost any device.

More notably, privacy is extremely safe. It is PCI-DSS compliant, which means it is held to the same standards as US banks. Internet Protocol Security (IPsec) with AES-256 encryption protects all data center communications, while Transport Layer Security protects web traffic (TLS). Customers' passwords are hashed, and their data is stored on servers spread across the globe.

Privacy has three different plans: personal, professional, and team. Personal is free, but you can only create 12 virtual credit cards each month. You can make up to 36 cards with Pro and up to 60 with Teams. These two plans charge $10 and $25 per month, respectively.

However, there is one major drawback to Privacy: it is only available to US citizens and legal residents, as well as residents of Puerto Rico, Guam, the Virgin Islands, the Northern Mariana Islands, and American Samoa. According to the company's official website, it is striving to make its services available globally, so keep an ear to the ground if you are not based in the US but require a virtual credit card.

The fact that virtual credit cards cannot be used in person is an evident disadvantage. You can, however, add some virtual credit cards to a safe and dependable mobile wallet and pay that way whenever possible.
 
The main disadvantage of using virtual credit cards over physical ones is that they are only destined for one-time or one-day use. Furthermore, even if a virtual card is not intended for temporary use, you would need to generate new ones on a regular basis to ensure maximum security. The issue is that if you pay for something online with your virtual credit card and then demand a refund because the goods do not arrive or receive the product damaged, you will have no way of getting your money back if the card number has already expired.

Another potential disadvantage is that you sometimes need to utilize the same card to pay for a service. For example, if you make a hotel reservation online using your virtual credit card but do not pay the full amount in advance, the hotel may ask you to pay for your room with the same card you used to book it—which you will be unable to do if your virtual credit card has already expired.

Virtual credit cards are secure, simple to use, free (or, at the very least, inexpensive), and will improve your security and privacy. Most importantly, they will safeguard you against fraud, theft, and other forms of cybercrime.

There is always the potential of having problems getting a refund or something similar, but that is probably a reasonable compromise for most people. And, until you get a virtual credit card, make sure you are familiar with the most common online shopping security threats and how to avoid them.
Read more »
User Security
Credit Card Crime Data Data Breach data security Security User Data User Privacy User Security

Over 1M+ Credit Cards Exposed to Criminals on the Dark Web

 

A recently launched underground marketplace has distributed over 1.2 million credit cards via the dark web.

According to Bleeping Computer, the hackers behind 'BidenCash' have distributed the details of 1,221,551 credit cards in an effort to attract cybercriminals to their platform. The illegal carding market, which is accessible via the dark web, went live in June 2022. This particular marketplace began by leaking thousands of credit cards.

However, in order for its services to gain traction, BidenCash decided to release information for over 1.2 million cards all at once. Stealing and selling credit card information can be lucrative for the individuals involved, as such sensitive data is typically sold in batches. After all, cybercriminals can use the cards to purchase items, withdraw cash from accounts, or simply charge the card itself until the bank realises the transactions are false. 

So, what's the point of BidenCash's giveaway? The solution lies in distributed denial of service (DDoS) attacks on its original domains. As a result, in order to spread the word about new URLs for the service, the hackers are distributing the data for free. In addition to a clearnet domain, they distributed the new URLs via various hacking and social media channels.

In terms of credit cards, the file contains cards with expiry dates ranging from 2023 to 2026. Although some of the cards belonged to non-US residents, the vast majority belonged to Americans. Along with the obvious sensitive data pertaining to the cards, the dump also includes personal information such as email addresses, phone numbers, and the cardholder's address.

According to security analysts, the majority of the 1.2 million cards come from web skimmers, which are scripts found within checkout pages of compromised e-commerce sites that send any credit card information entered directly to the threat actors. As previously stated, credit card fraud is a lucrative business for criminals. Global payments fraud has increased from $9.84 billion in 2011 to a staggering $32.39 billion in 2020, according to Merchant Savvy data.
Read more »
User Security
Card Skimming Credit Card Cyber Fraud Cyber Scam User Security

WooCommerce Credit Card Stealer Found Implanted in Fake Images

 

Card skimming and card details theft is one such sophisticated technique attack that seldom fails. Earlier this week, cybersecurity researchers at Sucuri blog unmasked a malicious campaign where a credit card swiper was injected into WordPress’ wp-settings.php file. The WooCommerce customers reported that images were disappearing from the cart almost as soon as they were uploaded. 

According to researchers, the credit card skimmer was buried deep down into the file titled '../../Maildir/sub.main', and it was easy to miss on a casual review. Scammers usually prefer to deploy malicious content out of the way so it is more difficult to detect. The common tactic employed is to create directories that look like system directories, or to place malware in existing core CPanel or other server directories. 

Upon analyzing the malicious file, researchers uncovered over 150 lines of code that had been obfuscated with str_rot13 and base64. Attackers also used multiple functions to store credit card data concealed in the wp-content/uploads/highend/dyncamic.jpg image file. When decoded, that data revealed not only credit card details submitted to the site, but also admin credentials to the site’s backend. 

Injecting card skimmers into WordPress plugin files is the newest trend, avoiding the heavily watched ‘wp-admin’ and ‘wp-includes’ core folders, where most injections are short-lived. It is one of the most lucrative and stealth attack tactics employed by scammers to make money. 

There are a couple reasons why this is a useful tactic. The primary reason is that it makes it very easy for scammers to download the stolen details in their browser or a console. Secondly, most website/server malware detection scans focus on website file extensions such as PHP, JS, and HTML. Image files, particularly those in a wp-content/uploads sub-directories, can sometimes be overlooked.

“Scammers are aware that most security plugins for WordPress contain some way to monitor the file integrity of core files (that is, the files in wp-admin and wp-includes directories). This makes any malware injected into these files very easy to spot even by less experienced website administrators. The next logical step for them would be to target plugin and theme files,” researchers explained.
Read more »
Windows
Credit Card Data data security Internet Explorer Login Credentials malware Malware Campaign Phishing Campaign Windows

Latest Phishing Campaign Deploys Malware and Steals Critical Information

A phishing campaign on a massive scale is targeting Windows PC and wants to deploy malware that can hack usernames, passwords, contents of the crypto wallets, and credit card credentials. Malware named RedLine Stealer is provided as a malware-as-a-service scheme, giving amateur level cybercriminals the option to steal various kinds of critical personal information, for amounts as much as $150. The malware first surfaced in 2020, but RedLine recently added a few additional features and is widely spread in large-scale spam campaigns in April. 

The phishing email campaign includes a malicious attachment which, if active, starts the process of deploying malware. Hackers target users (mostly) from Europe and North America. The malware uses CVE-2021-26411 exploits discovered in Internet Explorer to send the payload. The vulnerability was revealed last year and patched, to limit the malware's impact on users who are yet to install the security updates. Once executed, RedLine Stealer does starting recon against the target system, looking for information that includes usernames, the type of browser that the user has, and if an antivirus is running in the system. 

After that, it finds information to steal and then extracts passwords, credit card data, and cookies stored in browsers, crypto wallets, VPN login credentials, chat logs, and information from files. Redline can be bought from the dark web, hackers are offered services on different hierarchical levels, this shows how easy it has become to buy malware. Even noob hackers can rent the software for $100 or get a lifetime subscription for $800. 

The malware is very simple, but very effective, as it can steal vast amounts of data, and inexperienced hackers can take advantage of this. ZDNet reports "it's possible to protect against Redline by applying security patches, particularly for Internet Explorer, as that will prevent the exploit kit from taking advantage of the CVE-2021-26411 vulnerability." The users should keep their operating systems updated, anti-virus and apps updated, to prevent known vulnerabilities from getting exploited for distributing malware.

Read more »
User Security
Credit Card Data Breach Hackers Personal Information User Data User Security

1.8 Million People's Credit Card Information was Stolen from Sports Gear Sites

 

Four well-known affiliated online sports equipment websites recently disclosed and claimed a significant cyberattack. In this cyberattack, hackers compromised and stole the credit card information of over 1.8 million customers. A law firm representing these four sports gear websites revealed that on October 1st, 2021, a data breach occurred in which hackers compromised personal and credit card information; for the time being, the firm concluded with this much detail only. 

Tackle Warehouse LLC (Fishing gear), Running Warehouse LLC (Running apparel), Tennis Warehouse LCC (Tennis apparel), and Skate Warehouse LLC (Skateboards and skating apparel) are the affected websites. Full name, Financial account number, Credit card number (with CVV), Debit card number (with CVV), and Website account password have all been compromised as a result of this incident.

On the 15th of October, these sites discovered that they had been compromised, and on the 29th of November, they told their consumers about the data breach, in which hackers obtained over 1.8 million credit card information. Finally, on December 16th, they notified and sent security alerts to all affected persons. 

Because none of the published notices impacted customers to provide any information about the nature of the incident, the real means of getting the data remains unknown. However, as stated in the description, "External system breach (hacking)," this appears to be a database breach rather than the installation of card skimmers on the websites, though both situations are possible. 

Tackle’s notification states, “Upon becoming aware of the incident, Tackle Warehouse took the measures. We also reported the incident to the payment card brands in an attempt to prevent fraudulent activity on the affected accounts. However, we have reported this incident to law enforcement and have worked closely with the digital forensics and security firms to enhance the security of our sites to facilitate safe and secure transactions.” 

If customers made a purchase from one of these four compromised websites, they should keep track of everything, such as incoming communications with vigilance, keep an eye on their bank account and credit card statements, and report any unusual activity right away, said the security researchers. Aside from that, they stated that the compromised data is extremely sensitive, but that the portals have not yet given any identity protection services to all of their affected clients.
Read more »
User Data
Credit Card Credit Card Fraud Cyber Security Debit Cards. Financial Data Breach ransomware attacks User Data

Wawa Paying $9 Million in Cash, Gift Cards in Data Breach Settlement


The Wawa convenience store chain is paying out up to $9 million in cash and gift cards to customers who were affected by a previous data breach, as reimbursements for their loss and inconvenience. 

The affected customers can request gift cards or cash that Wawa is paying out to settle a lawsuit over the security incident. Here's everything you need to learn about the proposed class action settlement – who's eligible, how to submit a claim for cash or a gift card, and how to object to the deal. 

Customers who used their payments cards at any Wawa store or gas pump during the data breach, but were not impacted by the fraud, qualifies to receive a $5 gift card, as compensation. These claimants are referred to as 'Tier One Claimants'. 

However, the claimants will be required to submit proof of the purchase they conducted at a Wawa store or fuel pump between March 04, 2019, and December 12, 2019 – when the data breach occurred – in order to claim the gift card. Customers would essentially be required to provide proof of the transaction date, preferably a store receipt of a statement by the bank, or a screenshot from the concerned bank or credit card company website or app. 

The next category of claimants, referred to as 'Tier Two Claimants' could receive a gift card worth $15 if they show reasonable proof of an actual or attempted fraudulent charge on their debit or credit card post-transaction. 

The last category of claimants, referred to as 'Tier Three Claimants' qualify to receive a cash reimbursement of upto $500, if they provide reasonably documented proof of money they spent in connection with the actual or attempted fraudulent transaction on their payment card. It must be reasonably attributed to the data breach incident. 

During the 9 month span of the data breach, around 22 million class members made a financial transaction at one of the Wawa stores. Customers have been given a deadline of November 29, 2021, to submit a claim for recompensation. By doing so, they are giving up their right to sue Wawa over the 2019 security incident. 

Those who wish to retain their right to sue the company over the security incident and do not wish to receive the payment will be required to exclude themselves from the class. The deadline given for the same is November 12, 2021. 
 

What is this settlement for?


In 2019, the Wawa convenience store chain experienced a data breach wherein cybercriminals hacked their point-of-sale systems to install malware and steal customers' card info. As the fraud impacted Wawa's 850 locations along the East Coast, the U.S based convenience store company found itself buried in a series of lawsuits. One of which – filed by the law firm Chimicles Schwartz Kriner & Donaldson-Smith, of Haverford – claimed that the data breach “was the inevitable result of Wawa's inadequate data security measures and cavalier approach to data security.”

The massive data breach that lasted for nine months,
affected in-store payments and payments at fuel pumps, including “credit and debit card numbers, expiration dates, and cardholder names on payment cards.” Meanwhile, hackers also attempted to sell the stolen financial data on the dark web. 

As a result, a police investigation was called in for and the organization also conducted an internal investigation by appointing a forensics firm for the same.
Read more »
User Privacy
Credit Card Cyber Attacks E-commmerce Magecart User Data User Privacy

Stolen Credit Card Data Hidden in Images by Magecart Hackers for Vague Exfiltration

 

Magecart-affiliated cybercriminals have adopted a new approach for obfuscating malware code within comment blocks and embedding stolen credit card data into pictures and other files stored on the site, illustrating how attackers are always upgrading their infection chains to avoid detection. 

Sucuri Security Analyst, Ben Martin, stated in a write-up, "One tactic that some Magecart actors employ is the dumping of swiped credit card details into image files on the server [to] avoid raising suspicion. These can later be downloaded using a simple GET request at a later date." 

Magecart is an umbrella name for several gangs of hackers that attack e-commerce websites intending to steal credit card data and sell them on the black market by injecting malicious JavaScript skimmers. 

Sucuri connected the assault to Magecart Group 7 based on similarities in the threat actor's techniques, methods, and practices (TTPs). The skimmer was located in one of the PHP files involved in the checkout process in the form of a Base64-encoded compressed string in one instance of a Magento e-commerce website infection analyzed by the GoDaddy-owned security business. 

Furthermore, the attackers are claimed to have utilized a method known as concatenation, in which the code was merged with extra comment portions that "does not functionally do anything but adds a layer of obfuscation making it more difficult to detect.” 

The attacks' ultimate objective is to collect customers' payment card information in real-time on the hacked website, which is then stored to a fake style sheet file (.CSS) on the server and then downloaded by the threat actor via a GET request. 

Martin added, "Magecart is an ever-growing threat to e-commerce websites. From the perspective of the attackers: the rewards are too large and consequences non-existent, why wouldn't they? Literal fortunes are made [by] stealing and selling stolen credit cards on the black market."
Read more »
User Privacy
Credit Card Data Breach Herff Jones US User Data User Privacy

Herff Jones Credit Card Breach: College Students Across the US Affected

 

Graduating students from many universities in the United States have reported fraudulent transactions after using payment cards at Herff Jones, a prominent cap and gown seller. Following the initial reports last Sunday, the company launched an investigation to assess the scope of the data breach. 

The complaints persisted this week, prompting others to review their credit card statements for fraudulent charges. Students at universities in Indiana (Purdue, IU), Boston, Maryland (Towson University), Houston (UH, UHD), Illinois, Delaware, Michigan, Wisconsin, Pennsylvania (Lehigh, Misericordia), New York (Cornell), Arizona (Wake Forest), Florida (State University), and California (Sonoma State) are affected by the issue. 

Herff Jones was entirely unaware of the data violation until students began to complain about fraudulent charges to their payment cards on social media. They all had one thing in common: they were graduating students who had purchased commencement gear at Herff Jones. Some of them had to withdraw their payment cards and file a dispute with the bank over the fraudulent charges. 

Apart from delivery delays, the students said that they had been charged fraudulently for amounts ranging from tens of dollars to thousands of dollars. While the majority of reports indicate losses ranging from $80 to $1,200, one student said that a friend was charged $4,000. 

“Someone just bought a ps5 with my card info and I respect the hustle,” stated one student.  

A parent chimed in saying that their “daughter and about 30 other graduates that she knows of at her school (not Purdue) have had their debit cards compromised through HJ [Herff Jones].” 

According to one Cornell University senior, their credit card was stolen, and fraudsters attempted to charge $3,000 to "asics" and use it on adult content subscription service OnlyFans. Although the exact date of the Herff Jones violation is unknown, some of the earliest transactions date from the beginning of the month. Several students reported that they bought graduation products in April. 

Herff Jones released a statement on May 12th acknowledging the payment card data breach and apologizing for the incident.

Herff Jones said in a statement, “We sincerely apologize to those impacted by this incident. We are working diligently to identify and notify impacted customers. The company is investigating the incident with the help of “a leading cybersecurity firm.”
Read more »
User Data
Credit Card Credit Card Shop Data Breach Hacker Swarmshop User Data

The User Data of Swarmshop Card Shop has been Leaked Online

 

The details of the Swarmshop Darknet payment card market have been removed for the second time in two years and published on a competing underground website. The breach includes all of Swarmshop's records and all the data exchanged on the platform with the stolen credit card. 

Group-IB, the global threat chasing business, has detected that Swarmshop credit card shop consumer data was leaked on the internet on 17 March 2021. As per the Group IB, details of 623,036 bank cards provided by banks in the US, Canada, United Kingdom, China, Singapore, France, Brazil, Saudi Arabia, and Mexico have been dumped into the Swarmshop dump. 

Though recently, Swarmshop Carding Store seems to have been a common, illegal digital shopping market where cybercriminals were permitted to sell and buy stolen card and banking information. However, it remains unclear as to who has extracted this information, or how and when. The leak revealed massive amounts of data comprising data on four website operators, 90 sellers, and 12,250 purchasers. The researchers have written, "The dump included criminals' nicknames, hashed passwords and account balance and contact details for some entries.” 

The researchers also found that “498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.” 

The one who breached Swarmshop did not warn the hacker and only sent a message with a connection to the database. At first, the administrators of the Card Shop claimed that the information was linked to a prior breach of the platform by a hacker in January 2020. However, their passwords were requested to be modified. Group-IB reviewed the current dump and found it fresh based on the most recent timestamps for user operation. 

“While underground forums get hacked from time to time, card shop breaches do not happen very often,” Dmitry Volkov, Group-IB’s CTO, said in a statement. “In addition to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users.” 

For decades, hackers have hacked other hackers. It seems quite simple for them to gain access to new hacking instruments, dumps, cards, PII, and value products than to hack people who steal them first of all. It is not surprising that Swarmshop has been successfully breached several times. Like everybody else, cybercriminals have security problems. It only shows that cybersecurity is a hard issue regardless of who you are. 

In Swarmshop's case, researchers seem to think that the attack is yet another criminal's business. About one year ago, a set of information has also been compromised. The site underwent a similar attack. No matter who is responsible, researchers believe that the breach would affect Swarmshop's position on cybercrime.
Read more »
Have I Been Pwned
Carding Mafia Credit Card Credit Card Hacking Forum Data Breach Have I Been Pwned

Credit Card Hacking Forum Compromised 300,000 User Accounts Due To A Data Breach

 

As per the information provided by the website ‘Have I Been Pwned’, Carding Mafia, a credit card stealing and trading platform that exposed nearly 300,000 user accounts, has indeed been compromised. However, Motherboard indicates that there was no indication that its consumers were warned on either the Carding Mafia Forum or its community telegram channel. According to forum data, Carding Mafia has more than 500,000 users. 

The breach potentially released 297,744 users' e-mail addresses, IP addresses, usernames, and hashed credentials. The authenticity of stolen data was verified by the founder of Have I Been Pwned, Troy Hunt. Hunt has stated that the carding site identifies e-mail addresses leaked through the 'forgot password' feature although it declined to identify and use any other random e-mail addresses. The carding website cautioned that when anonymous e-mails are submitted, a notification pops up which reads, “you have not entered an email address that we recognize” as per the Motherboard. 

The data reportedly hacked from this carding facility was 990 GB in the size of 660,000 artworks and 130,000 threads, according to the screenshots shared by Motherboard. The accused hacker presented the database through their inbox for free. Researchers noticed some months ago that too many cybercrime payments were being shifted to private message applications, to prevent alerting officials and security researchers that typically warn of compromised organizations. 

It is not unusual for hackers to post the stolen data publicly on popular hacking forums to gain "street cred" or a reputation. One can use this credibility to claim data or even request premium prices. Hackers find it harder to individually sell hacked information and use data brokers to divide over-generous fees. 

Hacker on hacker Cybercrime is a common way to stifle competitiveness by offering similar services to rival gangs. It may also be a simple way to get the gigabytes of compromised data free of charge or to boost the credibility of the hacker. Although IP information could encourage law enforcement agencies to identify the whereabouts of cybercriminals, as most criminals use VPN services to hide their real internet addresses. In order to register for hacking websites, hackers also use untraceable email addresses from vendors including Mailinator. However, new hackers are likely to be mistaken by logging into their actual IP addresses or by using real email addresses on the carding hacking pages. 

Meanwhile, Ilia Kolochenko, Founder and Chief Architect at ImmuniWeb, says: “Most of the compromised accounts have fake data and IPs from anonymous VPNs or proxies that are not likely to bring much actionable evidence to law enforcement agencies for investigation. Moreover, even the Western law enforcement agencies are currently underequipped to investigate and prosecute cybercrime on a large scale and will probably not initiate investigatory operations after the leak.”
Read more »
skimmers
Card Skimming Costway Credit Card Cyber Crime Magento skimmers

Outdated Magneto 1 Witnessed Credit Card Skimming Threats

 

Magento is an open-source code e-commerce site that supplies online traders with a scalable shopping cart system, and managing their online store's layout, content, and features. Lately, threat actors began leveraging a flaw in the ‘Magento 1’ branch that has not been managed any longer in the fall of 2020. 

Thousands of retailers worldwide on the platform are encouraged to upgrade the mobile version to ‘Magento 2’, as thousands of e-commerce shops were hacked with the credit card skimming code infecting all of them. During the tracking of events related to the ‘Magento 1’ initiative, observably, an e-commerce shop was attacked twice by skimmers. 

In this particular incident, the threat actors devised a copy of their writings that is well-known to places that were already injected by the Magento 1 skimmer. The second skimmer will now actually collect the credit card data from the pre-existing fake form which were previously injected by the actors.

"A large number of Magento 1 sites have been hacked but yet are not necessarily being monetized,” as stated by the researcher at Malwarebytes. He further added that “Other threat actors that want access will undoubtedly attempt to inject their own malicious code. When that happens, we see criminals trying to access the same resources and sometimes fighting with one another.” 

The end-of-life of Magento 1, paired with a famous feat, was an immense blessing for the actors at risk. Many pages were indiscriminately compromised merely because they were weak. RiskIQ has allocated these cases to Magecart Group 12, which uses diverse tactics including chain threats with a long history of web skimming.

On the payment websites of Costway, one of the leading retailers in North America and Europe, two web skimmers have been found selling appliances, furniture, etc. The skimmers seek to provide payment information with consumers' credit card. “Our crawlers identified that the websites for Costway France, U.K., Germany, and Spain, which run the Magento 1 software, had been compromised around the same time frame,” said researchers. 

On the Costway check-out page, the researchers noticed the credit card skimmer injection, which stands out in English while the majority of the platform is in French. This is no surprise considering the automated and very indiscriminate Magento 1 hacking campaign. 

The threat to victims is huge, as scientists claim that just in December 2020, Costway's French portal (Costway[.]fr) received approximately 180K tourists. There is also a second skimmer (loaded from the securityxx[.]top externally) on the web which targets the skimmer of Magento 1. 

Many Magento 1 websites have been compromised, but they are not monetized yet. Additional attacks would certainly continue to inject their own malicious code.
Read more »
Hacking
Credential Stuffing Credit Card Data Breach Hacking

Clothing Brand 'The North Face' Hit By Credential Stuffing Attack, Suffers Data Breach

 

After North Face's website faced a credential stuffing attack, the company has reset the customers' credentials. In a recent cybersecurity incident, North Face informed its customers that it suffered a data breach attack. On its website, the customers can explore through clothing and accessories collection and buy apparel; they can also earn loyalty points when they buy a thing. Further inquiry revealed that hackers attacked The North Face on 8th and 9th October. 

The North Face says, "we strongly encourage you not to use the same password for your account at thenorthface.com that you use on other websites because if one of those other websites is breached, your email address and password could be used to access your account at thenorthface.com. Besides, we recommend avoiding using easy-to-guess passwords." In credential stuffing, hackers attack users who re-use their login credentials for different accounts or platforms. The hackers use ID and passwords stolen from other attacks, for instance, a data breach, and use the credentials for hacking purposes. The hackers use stolen login credentials to gain unauthorized access to websites. The entire process is mostly automatic, and now the hackers have modified their strategies and gained leverage in these types of attacks. 

Hackers have been successful in stealing data from prominent organizations like Dunkin Doughnut. The company suffered two cyberattacks in three months. As per the investigation, The North Face believes that it is probable that the hackers stole user credentials from any other source or website and used that information to attack the company's user accounts. According to StatSocial, The North Face leads the U.S market in the clothing and accessories segment, generating $2 Billion of the total $4 Billion revenue in 2019. 

The company didn't reveal the number of customers attacked; however, SimiliarWeb says that The North Face website had 6.96 Million customers in October. "We do not believe that the attacker obtained information from us that would require us to notify you of a data security breach under applicable law, but we are notifying you of the incident voluntarily, out of an abundance of caution," says The North Face.
Read more »
Subscribe to: Posts (Atom)