Popular computer parts company Newegg has just announced that it suffered a data breach between August 14th and September 18th in which it appears that the hackers were able to steal all of the information entered by Newgg’s online customers which would include names, addresses, credit card numbers, expiration dates and the CVC codes that appear on credit cards and are used for security purposes. The sophisticated hackers created a webpage using the name neweggstats.com and then managed to infiltrate the real Newegg’s web servers where the hackers added 15 lines of JavaScript to the real Newegg purchase-checkout page which enabled the hackers to steal all of the data entered into the form fields on that page. This stolen information would enable the hackers to not only use their victims’ credit cards, but also set up their victims for future scams by contacting them through emails and text messages posing as Newegg or a law enforcement agency pretending to assist with the repercussions of the data breach, but instead either luring the victims into clicking on links and downloading dangerous malware or tricking them into providing personal information that could be used for purposes of identity theft.
Major data breaches have become a way of life for us all and therefore it is important to take whatever steps we can to increase our security in the face of the fact that regardless of how cautious we are, we are only as safe as the various institutions and companies with our information with the weakest security. One important lesson is to never use your debit card for online purchases because the consumer protection laws related to fraudulent use of your debit card are not as strong as those that apply when your credit card is fraudulently used. In addition, we should all monitor our credit card statements regularly to discover any misuse of our cards as soon as possible. The earlier fraudulent use is discovered, the easier it is to correct. Certainly if you were a customer of Newegg between August 14th and September 18th you should examine your credit card records particularly carefully Finally, remember my motto, “trust me, you can’t trust anyone.” As I indicated above, following a data breach such as this one, it is common for the victims of the data breach to receive emails or text messages from scammers posing as companies or governmental agencies offering assistance, but often they are merely using the data breach as an excuse to ask for personal information that will be used to make you a victim of identity theft or to lure you to click on a link that will download dangerous malware. If you receive such an email or text message that you think may be legitimate, you only should respond by contacting the real company or governmental agency at an independently confirmed address that you know is accurate to confirm that the message you received was a scam or not.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”