Scam of the day – August 28, 2016 – Russian hacker convicted of massive credit card theft

Two years ago, I first told you about the arrest of Russian hacker Roman Seleznev who this week was convicted of hacking into small businesses accross the United States including many pizza parlors, stealing credit card information and selling it on the Dark Web to other cybercriminals.  He even had a website in which he instructed would-be cyberciminals about how to use the stolen credit cards.   Seleznev has been incarcerated while awaiting trial for two years and faces a sentence of up to forty years in prison.

TIPS

What does this conviction mean to you and me?  It is more of a reminder of how large the problem is.  Hacking into retailers at point of sale terminals in stores has become a relatively easy task to accomplish and not only is it easy to accomplish, it does not even have to be done at the store.  It can be done totally over the Internet by hackers anywhere in the world.   Although the EMV smart card chip technology mandated for retailers and credit card companies in October of 2015 prevents attacks such as those of Seleznev from being effective, many retailers have still chosen not to comply with the regulations which are trade group regulations and not a government mandate.  Therefore, the most prudent thing for you to do when shopping at a company that does not use your EMV chip card is to first, refrain from using your debit card for retail purchases so that your bank account is not at risk in a hacking attack  It is important to remember that the rules protecting you from liability for fraudulent use of a debit card are not as strong as those that protect you from liability for fraudulent use of your credit card  You also should monitor your credit card’s use regularly to discover any fraudulent use as early as possible.

This story is also a good example that the risk of data breaches is a risk to small businesses as well as large businesses.  Often small businesses are targeted by hackers as the low hanging fruit because they have not taken proper security steps.

Scam of the day – August 15, 2014 – Accused Russian hacker arraigned

In my Scam of the day for July 12th I told you about the arrest in Guam of Roman Seleznev, a Russian accused of hacking into the point of sale systems of the Broadway Grill in Washington DC and retail establishments throughout the country between 2009 and 2011.  Now, Seleznev has been extradited to the United States and he was arraigned in federal court in Seattle a few days ago.   According to his indictment, Seleznev scanned the computers of retailers throughout the United States looking for vulnerabilities which he exploited through malware that he would inject into the computer systems of these vulnerable retailers, which would capture credit card data which Seleznev would then sell online to other criminals.  The Secret Service says that he stole the data from more than 200,000 credit cards and made more than two million dollars selling this card data on black market websites.  Complicating the situation is that Seleznev is the son of a prominent Russian politician.  The Russian government is calling the arrest an illegal kidnapping.

TIPS

What does this arrest mean to you and me?  It is more of a reminder of how large the problem is.  Hacking into retailers at point of sale terminals in stores has become a relatively easy task to accomplish and not only is it easy to accomplish, it does not even have to be done at the store.  It can be done totally over the Internet by hackers anywhere in the world.  Credit card fraud is worse in the United States than in most of the rest of the world because we still have not adopted the smart card technology by which credit cards carry a computer chip that issues a new identifying number every time it is used which makes the stealing of the number used at any particular transaction worthless.  The hacking of point of sale terminals will be an exercise in futility when we finally start using smart cards in large numbers.  However, it is not expected that this will be done in the United States until October of 2015 when, through a change in the rules governing credit card usage, companies, whose point of sale terminals are hacked, will be responsible for data thefts.  Until that time, the best you can do is to refrain from using your debit card for retail purchases so that your bank account is not at risk in a hacking attack.  You also should monitor your credit card’s use regularly to note any fraudulent use so that you can limit the damage.