The September Cyber Security Report
6 tips for dealing with fraudulent charges, reporting to the bank, and getting a new card
It's likely something like this will happen to you, a family member, or a friend. Here are some tips for handling it:
1. If you haven't already, sign up for text or email alerts for your bank and credit cards. If you can get both, even better. You should be able to set up these alerts through your bank and credit card's online portal. If you have trouble, contact your bank's customer service.
2. Make it a habit to check your accounts regularly. Sometimes technology fails us and we don't get that text or email alert. Log in to your accounts on a regular basis to review all charges.
3. And be sure to look at all charges closely. Experts say that oftentimes, card-stealers make small purchases to test the waters before spending big. If you see even the smallest fraudulent charge, contact your bank or credit card company immediately.
4. Change your PIN. When I went to the bank to get my new card, the associate asked if I wanted to keep my old PIN. Sure, typing four new numbers will take some getting used to, but that's much easier than dealing with fraud.
5. Change your online password.
6. Be sure to update any auto-pay accounts that you have. With a new card number, you'll have to update any accounts that have auto-pay, like Netflix, your cable and Internet, your gym membership, and so on. You don't want to be charged a late fee because your account no longer exists.
Dealing with a cybersecurity incident isn't fun, but it happens. Set up prevention methods such as text or email alerts and a credit freeze to limit the amount of damage that can be done. But still be aware of your cybersecurity at all times. We can't always prevent the hackers from getting our information, but we can act quickly and limit the losses.
Emerging threat: video-jacking
Think twice before connecting your phone to USB charging stations. Security expert and blogger, Brian Krebs covered an emerging threat out of DEF CON regarding your smartphone and USB connections. Krebs spoke to researchers from Aries Security who warned of a new smartphone threat, "video-jacking" which occurs when your plug your vulnerable phone into a USB charging station. Hackers can infect the charging stations and record everything that happens on a phone that is plugged in.
If you check your email, it can record a password you type plus any messages you view. If you sign into online banking, they can get your account number and login information. The results could be very damaging.
Not all phones are affected by this threat. You can see if your phone is at risk here.
Regardless, hackers find new ways to get your information every day. Keep your device safe by not using the USB charging stations you see in airports and other public places. Instead, plug your phone into a wall electrical outlet.
Social Security Administration adopts two-factor authentication for online accounts. Users who manage their retirement benefits at ssa.gov will now have the option to provide a cell phone number when creating or logging in to their account. The SSA will send a code to the cell phone number whenever the user attempts to log in. That code will need to be entered online to validate the login. When the SSA first released this plan, it required that users provide a cell phone number. However, after a difficult rollout and complaints that the program would not stop fraudulent accounts from being created, the SSA has made two-factor optional.
Shadow Brokers claim to have hacked the National Security Agency. The hacking group has put the stolen code (called "cyber weapons") up for auction. Experts have confirmed that the malware originated from the NSA, although they are not sure how the group accessed the software. The specific software, SECONDDATE is allegedly used by the government to monitor millions of computers globally.
Voting machines become less secure each year, according to a group of Princeton professors. Professor Andrew Appel bought his own voting machine online and set out to hack the machine. He found that many of the machines are less secure than our iPhones and worries that many states' voting machines could be vulnerable to attack.
Samsung Pay flaw exposed at DEF CON security conference. The mobile payment app used on Galaxy smartphones has a bug that would allow hackers to intercept payment card information from other users. The flaw allows hackers to see payment tokens. These "tokens" are codes generated by the phone which act as payment card information. While the tokens can only be used once, being able to intercept a large number could allow hackers to find patterns and create their own usable tokens. Samsung has said the claims are "inaccurate and misleading."
Over 3 million people have information compromised from breach at health care insurance ID card company, Newkirk Solutions. The company provides ID cards for insurance agencies including Blue Cross and Blue Shield. Newkirk says no Social Security numbers, banking information, or medical information was leaked. However, hackers did access names, addressed, plan type, and member and group numbers. Affected customers will receive a letter from Newkirk Solutions.
900 million Android smartphones are at risk, according to security research firm Check Point. The security firm says Android phones using Qualcomm internal parts are at risk. The flaw could allow hackers to access data on the phone, control the camera, and also track the device's location via GPS. Android flaws are much more difficult to address because so many different devices run Android software. Unlike iOS on Apple, there is no central manufacturer releasing updates to the devices. If you use an Android phone and do get an update notification, be sure to update immediately.
Over 300 Eddie Bauer stores in the U.S. and Canada suffer malware attack. The outdoor clothing chain says payment cards used at stores between January 2016 and July 2016 may be at risk. Online purchases were not affected. If you shopped at Eddie Bauer in the last six months, you will be contacted by the company and offered identity protection services.
Hackers send phishing emails from legitimate Walmart email address. Customers of Walmart.com report receiving multiple emails asking them to reset their Walmart account passwords in what appears to be a phishing attack. The emails, however, seem to actually be coming from a legitimate Walmart.com email address. Experts say this could mean that an employee is sending the messages or a hacker has been able to infiltrate Walmart's email system.
Democratic National Committee (DNC) hack much larger than originally thought. The hack, which first exposed private emails within the DNC, is now found to have affected the private email accounts of over 100 Democratic officials and groups, including the Democratic Governors' Association. Experts believe Russia is responsible for the attack.
Following hacks, DNC forms cybersecurity board. Acting DNC Chairwoman Donna Brazile is working to create the Cybersecurity Advisory Board which will be made up of industry experts. The board will help prevent future attacks. Members include former Department of Homeland Security members and former White House chief technology officers, among others.
20 hotels breached exposing over 10,000 customers. HEI Hotels & Resorts, which owns Starwood, Marriot, Hyatt, and Intercontinental hotels, has discovered a breach dating back to March 2015. The hotel chain says its systems were infected with malware that stole payment card information in real-time. Names, credit card numbers, expiration date, and verification codes are believed to have been exposed.
Better Business Bureau provides tips to college students for preventing identity theft. The BBB reminds students that they are at particular risk of identity theft, since their clean credit is attractive to hackers. Some recommendations include using a safe in your dorm, protecting your computer with antivirus software, and checking your debit and credit card statements closely.
Apple: iPhone and iPad users should update to iOS 9.3.3 to avoid a serious bug. You may remember the Stagefright bug that affected Android devices last summer. Now, there is a similar bug affecting iPhones. The flaw allows hackers to send you malicious messages or webpages if they have your number. Your devices will prompt you to update and you should do so immediately. If you don't have enough room on your device, remember you can plug your phone or tablet into your computer to update manually.
Microsoft: Microsoft released a round of critical updates this month closing security holes in Internet Explorer, Edge, Microsoft Office, Skype, and other programs. Most of the critical updates are for Internet Explorer and Edge. Your system should update automatically so be sure to update immediately. You can read more about the patches here.