[quote]”Chase Fraud – There are 2 transactions on card ending 2392. Declined $432.99 at Tickpick LLC & Approved $57.53 at MICROSOFT *STORE? Let us know if you made them. Yes to both, text 1. No to any, text 2″[/quote]
The timestamp? January 3rd. Yes, FOUR DAYS AGO. And where was I while these transactions were being made? Comfortably seated around a hefty, Victorian oak table in a meeting with a new client, with my credit card tucked snugly into my front right pocket (read: not being used).
[easy-social-share buttons=”pinterest” counters=0 style=”button” fixedwidth=”yes” fixedwidth_px=”200″ pinterest_text=”PIN THIS IMAGE”]
Having just spent far too much money on holiday gifts for the family, my credit card had seen better months. Looking over my statements, I can see I’ve made 198 credit card transactions in the past 30 days (speaking of which, it might be time to review my budget…). The holidays are a time for reckless spending, and somewhere, somehow, I left myself vulnerable.
The winter season is a hot-zone for credit card fraud. With so many transactions taking place in a single month, it’s like your most sensitive information is ripe for the plucking. And today, I am well and truly plucked.
Of course, who’s to blame for getting my credit card number stolen? It’s not even the hackers—it’s me. I literally JUST wrote an article about how to keep your credit card information safe online using Bitdefender BOX. The funny (ahem…sad?) part is that Bitdefender sent me the BOX for free. I have zero excuse for allowing this to happen. Did I set it up immediately? Oh yes—I like gadgets! Did I keep using it? Let’s just say I’m distractible.
Like my father always used to say—do as I say, not as I do.
The Bitdefender BOX is like an antivirus solution for every device you own. Once you set it up at home, it protects your devices anywhere you go in the world. And when you’re traveling, not only do you stay protected, but you can actually monitor the security status of your devices right on your mobile phone.
I set mine up at my sister’s house, and between her, her boyfriend, and me, we have five smartphones, three laptops, one tablet, an Echo Dot, PlayStation, smart thermostat, two Google Chromecasts and a doggy video webcam. All hackable!
[box type=”info”]Did you know there’s actually a search engine called Shodan which is used to search for unsecured internet-connected devices? That means people can search for and hack your smart fridge, smart TV and even your webcam without you knowing…[/box]
In the case of my fraudulent charges, I’m just lucky I bank with Chase—who covered my ass—which goes to show the importance of having a good travel credit card. Especially if you’re as pinheaded as I am. If only I had followed the Golden Rule of Internet Security…
The Golden Rule of Internet Security
Prevention beats treatment, every single time.
Even if everything gets sorted out and you get your money or data security locked down, the damage is already done. It has taken a big chunk of your precious time, and it has left your nerves shredded. Today is already ruined. You’ll never get it back.
Preventing an internet security breach is always, always, always better than dealing with theft that has already happened.
But internet fraud is out-of-sight, out-of-mind, right? If it hasn’t happened to you recently, then it’s easy to become complacent, and to assume it’ll never happen to you—or assume that if it did happen, it’d be a simple matter to rectify. After all, there are checks and measures in place everywhere online. I mean, how bad could it get?
Here’s how terrifyingly wrong things can go.
(You may want to arm yourself with a stiff drink for before reading.)
1. A Story of Data Being Held for Ransom
It’s an afternoon like any other, and you’re working away busily on your laptop, when suddenly this appears in the middle of your screen:
[quote]“Your files are encrypted. To get the key to decrypt files you have to pay $500 USD.”[/quote]
It’s a joke, surely? But you’re not allowed to click it away, and you can’t access any of your files anymore.
Welcome to the nightmarish world of ransomware, where a virus-like piece of software infects your system and locks it down until you pay up. The longer you leave it, the more the price goes up—and as New York Times writer Alina Simone’s mother found, even the process of paying up is fraught with misery.
How You Can Prevent This From Happening
One way you can protect yourself from ransomware is by treating it like a virus—by installing a credible antivirus service (for example, AVG, avast! or even Bitdefender’s flagship antivirus software) and keeping it updated.
[box type=”info”]Note, that, even though this article is written in collaboration with Bitdefender, the former IT-technician in me does actually stand by their antivirus product.[/box]
Another smart thing you can do is habitually backup your most important data into a secure cloud-based service (I’m a huge fan of Backblaze
). If you can recover everything important, this nightmare turns into nothing more than a nuisance—and you can wipe your data, clean your hard-drive, change your passwords and get back to work without having a dime extorted out of you.
2. The Story of a Stolen Laptop (and its Recovery)
This is the DEFCON 1 of internet security breaches: when someone steals your computer from right between your legs.
Let’s be clear here. These days, hardware theft isn’t just the loss of a few hundred dollars of tech gear (or, if you buy Apple, a few thousand). It’s what’s on that gear that has the potential to keep doing you damage for years and years to come. Think about what’s on your device right now. What’s here?
Saved passwords? Phone numbers, addresses, personal messages? A few naked selfies? Maybe more than a few?
Luckily, there are powerful and highly satisfying ways to turn the tables and get your stuff back.
Enter fellow travel blogger Matthew Karsten, who had his laptop stolen in Panama City. An avid follower of the Golden Rule of Internet Security, Matthew had previously installed a piece of tracking software called Prey Project. He activated it, and he waited for the thieves to boot up the stolen laptop.
Prey Project gave Matthew access to the laptop’s camera, allowing him to spy on the thieves and take screenshots of their faces that could later be used to prosecute them. But in fact, he never needed to. With the help of readers of his blog, he tracked the thieves down and confronted them—and they handed over his laptop without a fuss.
He even got photos of the thieves picking their noses and browsing the web for transvestite prostitutes. The full, glorious story is here.
How You Can Prevent This From Happening
The lesson is obvious: you can’t do anything once your stuff has been lifted, so you have to adhere to the Golden Rule and install tracking software and other security measures before the proverbial brown stuff hits the fan. It’s your best hope of getting your stuff back—and as Matthew Karsten can attest, it really, really works.
If someone can intercept your private data, they may gather enough of it to convincingly pretend to be you. They can use that information to withdraw money, sign up for credit cards, and make purchases online. It’s better known as identity theft—and it affects approximately 15 million people in the US every year.
Take the story of Amy Krebs, victim of an identity thief who managed to open more than 50 accounts for credit, purchases and utility services—all under Krebs’s name and address, sending everyone straight to her door when it was time to pay.
Her impersonator was eventually caught, but because of local laws the thief escaped jail time—and for Krebs, the road to vindication was a long and distressing one:
[quote]“When you are a victim of identity theft, you are put in the position of having to prove who you are to a greater extent than the criminal had to to get goods and services. You’re treated like you’re trying to get out of paying for something.”[/quote]
First step: be aware of attempts to tamper with your data. Leading the pack is the aforementioned Bitdefender BOX, which I outlined here last year. This internet security solution will protect every single device connected to your home network, scanning for unusual activity, blocking intrusions originating from suspicious web addresses, and giving you secure access to its diagnostics even when you’re not at home.
Next—and this is the one everyone messes up at some point—avoid using the same passwords for different accounts! Use a reliable password manager (I use Dashlane
) or create your own system for storing and remembering different passwords.
Lastly, most importantly, and hopefully most obviously, be careful about giving personal details in a non-secure channel online, and never give passwords, bank card details or other confidential information over an unsecured connection. (For online payment services, look for the padlock symbol in your browser’s URL frame, along with “https”, suggesting a secure link.)
If they’re asking for truly confidential data, they’re guilty until proven innocent—so make sure they’re absolutely, 100% who they say they are before you do what they’re asking you to do.
4. The Story of the Melted Computer
Yes, really. The right (or perfectly wrong) code placed in the right place can force your hardware to do things it was never meant to do—and damage it irreversibly.
Take the Mac. Macs are famously locked up tight against malicious attacks—but no computer is perfectly safe, as security researcher Charlie Miller discovered in 2011. Thanks to a firmware vulnerability, Miller was able to fry the batteries on a number of Apple laptops.
Hackers now have the ability to access your devices and overload their hardware to the point they melt or even explode. Think about that for a second. Think about where you put your phone when you go for a walk (tip of the hat to Samsung Note 7 users). Think about going to your laptop in the morning and finding it’s been reduced to metal junk. Think about losing it all.
There’s no way back when that happens.
How You Can Prevent This From Happening
Due to the severity of this problem, hardware manufacturers are on high alert for these kinds of vulnerabilities, and usually very, very quick to issue updates that fix them. Your job is to install those updates as soon as they’re available.
Never leave those updates queued up.
5. The $47 Million Dollar Phishing Scam
The oldest trick in the book is to send you an email that looks just legitimate enough to be plausible—and gets you to click a link that cracks your security wide open.
And it’s the oldest trick because it still works, time after time. Even consumer issue experts fall for it, like this one from Which? magazine in 2012. But nothing gets close to the blunder the CEO of FACC, an Austrian aircraft parts manufacturer, made in 2016.
Using a form of scam e-mail called the “fake president incident”, thieves convinced CEO Water Stephan to transfer money to an account for an apparently-authorised but secret acquisition project. The sum? 42 million Euros ($47 million). Yeah. They company managed to block around 11 million Euros from being transferred—but the rest? Never seen again.
Needless to say, FACC now has a new Chief Executive Officer.
How You Can Prevent This From Happening
Spam filters to maximum! Treat any unsolicited e-mail with suspicion, especially if it contains links and attachments, or if something looks….off, somehow. No reputable online service will ask for your secure details over an unsecured line, so that’s a dead giveaway.
Next, if you become aware that an email is spam, don’t just delete it—tag it as spam, forward the e-mail to the security team of the company it’s pretending to be from, so they can investigate and take action—and then Block the sender.
Next, monitor suspicious activity from certain email addresses and websites. Bitdefender blacklists malicious websites, so that’s a good place to start. Also, get used to looking at the e-mail addresses of the e-mails coming your way—it’s usually easy to spot the spammy ones (say, [email protected] or [email protected]).
But above all, cultivate a healthy skepticism for any “too good to be true” offers or requests for sensitive data that come your way.
Your best defense is your wits. Use them wisely.
Basically, Don’t Be Me
Internet security isn’t just protecting your money. It’s protecting your entire online life, now and for years to come. It may not feel like it at the time, but being hacked or scammed is as invasive and damaging as having someone steal your favorite device out of your bag or your pocket. It’s that bad.
Your best defense is the Golden Rule: prevent, don’t treat.
Establish a first line of defense with a solid, intelligent security solution like Bitdefender BOX.
Install tracking software so if the worst does come to pass, you have an excellent chance of finding the thieves and beating them at their own game.
Become healthily paranoid of any requests for sensitive data.
Monitor all activity in your financial accounts, especially at times of heavy spending and/or credit card use.
Best of luck in 2017! And in 11 months’ time, when the holidays roll around around, please, think of me.
[box type=”note” icon=”none”]The first thing I’m doing after publishing this article is reactivating my Bitdefender BOX! The second generation will be available at the end of the year—click here for more information and to be notified when the new product launches.[/box]