Saturday, March 26, 2016

How easy it is to install a credit card skimmer

Ever wonder how easy it is to install one of those skimmers that steals your credit card information straight from the magnetic stripe on the back of the card? Check out this YouTube video to see how a pair of convenience store shoppers install a credit card skimmer on the point-of-sale (POS) device in two and a half seconds. It's pretty amazing.

And here is a 5-minute ABC News Nightline story on YouTube showing thieves installing a skimmer on a gas pump. As I was watching this, I wondered how the bad guys are able to open up the pump's front panel. Turns out, every gas pump uses a universal key, easily purchased online for a few bucks.

Want to know more about these skimmers? See Brian Krebs' blog All About Skimmers.

The FBI warns: Taking a Trip to the ATM? Beware of Skimmers. Recently, here in Georgia, an investigation was launched covering six states, as described in this news story: Secret service launches 6 state investigation into ATM skimmers.

If you think you've been a victim of credit card skimming, contact your local U.S. Secret Service field office. If you're not sure whether to report, see When and how to report fraud to the U.S. Secret Service.

Be smart when swiping your card.

  • Never let a cashier or server swipe it for you or take it out of view.
  • Keep an eye on your credit card account, checking every statement line-by-line
  • Report any suspected fraud immediately to your bank, certainly within 60 days
  • Don't swipe your card at gas pumps that are "in the shadows," or pay inside
  • Look before you swipe

Wednesday, March 16, 2016

Beware big uptick in ransomware this week!

Last July, we posted What is ransomware? If your computer is infected with ransomware, the hacker encrypts all of your data and then offers to decrypt it in exchange for payment. If you do get hit with ransomware, you have two choices: (1) pay, or (2) wipe your hard drive and restore it from backup.

Did you know that your computer can get infected with ransomware when you visit safe, familiar web sites like or, national weather web sites, everyday news sites like the New York Times, and other "safe" places? It's true. That's because these sites host advertisements, which are run by third parties that they do business with. All those little ads that you see popping up on every news site you visit—that is called adware.

If you get a pop-up like this, you are a victim of ransomware:

It isn't that the big name web site owners like New York Times aren't being careful, it's that the adware companies suffer some sort of breach or domain name takeover before anyone else realizes it, and they start serving up malicious ad links on the "safe" sites that we are familiar with and use every day.

And if you're smart, you do not click those links. They can be downright convincing, but if your personal rule is "don't click," no matter how enticing an ad may be, then you are practicing safe browsing. Make this your mantra when surfing the web: Do. Not. Click. Ads.

For details read Big-name sites hit by rash of malicious ads spreading crypto ransomware [Updated].

Saturday, March 5, 2016

If Microsoft "tech support" calls, hang up!

I actually saw a very bright young college grad fall for this scam a few years ago.

It goes like this: You get a phone call from someone who says is name is so-and-so (Mack, Jack, Mike, Matt, Joe or what-have-you), and that he's with Microsoft Support or Windows Tech Support—something along those lines. He may speak with a thick accent.

He'll tell you that your computer is showing up on his monitor as being infected with a virus and that in order to prevent something really awful from happening to your data, he's going to help you fix it. Typically, he'll direct you to a web site and may even offer to help you change settings in your browser configuration (e.g., a proxy server IP address) if the site appears to be blocked.

If the conversation gets this far, it is way past time to hang up. Never, ever make changes to your security settings or navigate to a web site URL given to you by an unknown caller. Oh, and they may continue to try to call you at least once more before giving up.

Microsoft does not make unsolicited calls to help you fix your computer.

In fact, if anyone calls you claiming to represent some established corporation, retailer, charity, or government agency and then asks you to either (1) navigate to a web site, or (2) provide a credit card number or other personally identifying information, just hang up. Never give your information to an unsolicited caller, even if he says you already have an account with his organization. That's called social engineering; don't fall for it.

For more information about the tech support scam, see this page at the Microsoft Safety & Security Center: Avoid scams that use the Microsoft name fraudulently.