Saturday, May 28, 2016

Beware "overlay" skimmers installed at Walmart check-outs

Look before you swipe, and don't ever swipe your debit card. Wherever possible, dip your chip-enabled credit card instead of swiping it.

We've said this all before. Today, security journalist Brian Krebs gives us reason for a reminder.

The card skimmers that thieves use to steal the data about you and your account—data that is stored in the magnetic stripe—are so well crafted these days that it is difficult to tell they're a ruse. Take a look at the photo here. Can you tell it's a fake?

ingenico_inserted

Probably not. Here is what it looks like before the thief snaps it onto the existing point-of-sale device:

A skimmer made to be fitted to an Ingenico credit card terminal of the kind used at Walmart stores across the country. Image: Hold Security.

This device records your account information when you swipe your card, including your PIN. The data is downloaded later when the fake front is retrieved by the thief.

These were found installed in Walmart stores in Virginia and Kentucky. But they can be installed anywhere that uses this particular Ingenico credit card terminal. Grocery store shoppers suffered card thefts when similar devices were installed at Safeway stores a few months ago.

For more information and a surveillance snapshot of criminals installing an overlay skimmer at a Walmart self check-out station, see Brian Krebs' blog posting Skimmers Found at Walmart: A Closer Look.

If your card is chip-enabled, dip it. And never swipe your debit card.

Saturday, May 7, 2016

Can your phone be hacked?

Yes, of course that computer in our pocket is easily hacked. When that happens, the hacker can see all of your phone data—email messages, account information, credit card numbers, text messages, bank information—and the bad guy can even listen to your calls. What is even creepier than that is the fact that the hacker can turn on your video camera and watch you without your knowledge.

How hard is it to hack a phone? It's not. Watch this 13-minute CBS News 60 Minutes episode "Hacking Your Phone," for a live demonstration of hackers listening in on a congressman's phone.

They say there are two types of people in this world: Those who know that their phones have been hacked, and those who don't know that their phones have been hacked.

Want more protection for your phone? Stay educated and alert, don't randomly connect to public Wi-Fi networks, don't click unexpected links (or attachments) delivered to you via texts or email messages, encrypt your data, keep your operating system and apps up to date, and consider installing a security app like Lookout. That happens to be the app that I use.

Other tips:
- FCC Smartphone Security Checker
- Smartphone Security (by Kaspersky)
8 common sense tips to keep your smartphone secure (by Verizon)