Hi PhilR,
There was a famous case in California where a company's database was hacked and credit card numbers stolen. The Californian State hite the company with a huge fine and amended the state law to attempt to stop this happening again. This is one way that your details can be stolen if the company themssleves store your credit card details.
It could have happened numerous different ways and some of the way are below (although I don't know your situation so some of them may not be applicable or possible for you).
- If you store your credit card details on your PC, a hacker could get them from there. If you store your creidt card details on your PC, encrypt them.
- Keyloggers are very popular just now. The new VML exploit that Microsoft has so far refused to patch until October installs a keylogger and sends back your PayPal details when you log onto that site. Keyloggers traditionally send back everything you type to a central server which stores the details and let's the thief access the details by searching through the logs. The recent keyloggers are getting a bit more sophisticated, as in the example above, where they are targetting specific details. PayPal comes up tops every month (quickly followed by eBay) as the top phishers choice.
- As I said above, if the company stored your details in their database, that's the location thiefs will target.
- A site that is compromised could send your details back to the thief; you enter your credit card details and the compromised site processes them but also send them off to somewhere else.
- Other forms of spyware (other than keyloggers which I mentioned above) can log sites you visit and information you send.
- Phishing emails or social engineering. If my bank called me to say there had been dodgy transactions on my account I wouldn't have beleived them (as my bank never calls me out of the blue). If your bank calls you or sends you an email, how many people give them their PIN, password or username? You'd think 'who'd be that stupid', but if it didn't work, they wouldn't use it so much ...
- Fake websites. You buy a product from a website, they get your bank details and you never see the product (as it doesn't exist). Phishers have duplicated entire websites before (CitiBank) including information that you wouldn't normally look at.
Even though the sites you visted are affiliated with Amazon, does Amazon check them out? I bet not and I bet they have that in their T's & C's too.
It's not easy to steal your card details and it's getting harder, although the thiefs are also working harder. The easiest way to get your credit card number is to simply ask you for it - if I do that and sound like asking for your details is something I do all the time (ie. I work in a call centre and sell soemthing or I work for a bank) then most people are going to feel more comfortable in handing them over. That's why social engineering is the easiest way to get your details and that's why it will always be until people become more suspicious. This is something I have a great deal of interest in - computer and onlilne security. You can never be too secure, but you can never be secure enough.
Best way to counter the risk, in my opinion:
- Never give your details to anybody, including the bank, unless you have called them (if I call you I could be anybody, if you call me at the number on your statement then unless they are some very sophisticated crooks you WILL get your bank).
- Get up to date anti-virus, anti-spyware (essential now as spyware is rapidly becoming a bigger problem than viruses) and a good firewall.
- Make sure you only submit your bank details to ENCRYPTED sites that use SSL (the higher the better encryption).
- Don't shop at store you know nothing about. Even these 'Verified by XYZ as a secure shopping site' don't mean everything. There was a recent article about this (which I can't find) that a number of these sites that were 'verified' were still dodgy.
- And my tip, which is not applicable to you PhilR, is not to shop abroad unless you really have to. I just feel more secure shopping in the UK. A narrow minded and blinkered view I know, but it lets me sleep at night I have shopped abroad in the past but only with sites I knew were legitimate.
Hope this helps, but it is only my two pence worth.
Kind regards,
Paul Broadwith
Blue Ivy Ltd, Wick - Certified Microsoft Small Business Specialist
Bookmarks