O’Leary Ventures Chairman and ‘Shark Tank’ Star Kevin O’Leary Reacts to the ‘Terrible Price’ Bud Light Paid for Marketing Controversy, Bitcoin Boom and Future of TikTok Ownership are doing.
Cyberattacks are not new, but when a large company is hacked, it can have a devastating impact on both the company and its customers.
As one breach is fixed, evolving technology seems to create another.
The high-profile corporate hacks of Target in 2013 and Uber in 2016 are just two of many such cases, but they were particularly important in shaping public opinion on cybersecurity.
What is cybercrime?
If one thing is certain, “Cybercriminals are creative and innovative when exploiting any vulnerability, and that cannot be underestimated,” says the 52-year-old Cybercriminals. said Scott Shober, president and CEO of security firm Berkeley Varitronics Systems. he told FOX Business by phone.
Mr. Shober has also written two books on hacking, “Hacked Away” and “Cybersecurity is Everybody’s Business,” which include his own personal experiences of being hacked.
Technology and cybercrime are constantly changing, and so is cybersecurity. Mr. Shober shared his knowledge with FOX Business about high-profile breaches and emerging cyber threats, as well as steps people can take to protect themselves online.
In 2013, Target was compromised when hackers gained access to the company’s POS payment card readers through a third-party HVAC vendor.
Just as personal information is often compromised through password reuse, large companies are also often compromised through third parties that use weak cybersecurity protocols, Shober said. .
Target was sued by numerous customers after a high-profile security breach stole the data of millions of people. (Mukahit Oktay/Anadolu Agency/Getty Images)
The breach affected data collected from approximately 110 million customers, “but ironically, prior to the Target breach, Target was one of the most powerful companies testing chip and PIN technology. And the funny thing is, they ended up giving up on it because it took too much time at the checkout,” Shober said.
Mr. Shober said that in the wake of the Target breach, new rules were introduced that hold vendors, rather than credit card companies, liable for money involved in fraudulent transactions using older, less secure magnetic stripe swipe payment methods. He explained.
Chip and PIN methods require consumers to insert a credit card chip and then enter a PIN code, and are widely used in Europe. In the United States, the tip and signature method is most commonly used, although a signature is not always required.
This saves time but comes at the cost of security.
In 2016, Uber suffered a data breach that compromised the information of 57 million Uber users and drivers. The company’s response was to cover it up and pay hackers to delete the stolen data.
“They basically paid the hackers $100,000 to delete the stolen data and silence the breach,” Shober told FOX Business. “So this is like a bribe. But what they did was disguise the payment… They called it a bug bounty payment.”
Bug bounties are when ethical hackers stress networks to find vulnerabilities and are compensated for their efforts, Shober said.
Microsoft warns Russian hackers are using stolen emails of executives to scale up cyberattacks
The breach occurred when a developer working for Uber uploaded code containing sensitive login credentials to the code-hosting website GitHub, and the revelation of the cover-up led to a reorganization of the company. Given the ensuing backlash from lawmakers, regulators and users over ethics and privacy issues, Schober said Uber set a good example of how not to respond to data breaches.
The trust of drivers and customers has been lost. “And every time I take an Uber, I sit there and think, ‘Oh, am I going to get ripped off here?'” Shober said.
Cybercriminals are cunning. Some seek out niche skimming credit cards in bulk, while others build trust and manipulate victims’ emotions before targeting sensitive information.
Voice cloning and social engineering
“A lot of the scarier things I’ve seen over the last year or so are some of the voice cloning apps that are out there…that actually sample someone’s voice for about 30 seconds or more, and now that voice cloning app… Now you can type text and the app will read it out loud and call someone,” Shober said.
“Once they build a certain level of trust, they will take it to the next level as a hacker and leak the information they need to compromise someone’s account,” he said.
“Phishing” is a general term for any attempt to steal information using technology.
Voice phishing, or “vishing”, is when this happens over the phone.
To protect yourself from vishing, trust your instincts if a call seems suspicious and never give out financial information or other personal information, such as passwords, over the phone.
When large companies are hacked, cybercriminals often access sensitive information through third parties, such as contractors, who have relatively weak security. (Jakub Porzycki/NurPhoto via / Getty Images)
New fishing holes: tax season, real estate
Tax season is a popular time for cybercrime, Shober said.
Criminals can target you with email phishing attacks by pretending to be from your bank or the IRS, often creating a time-sensitive situation that may cause you to panic and socialize to prevent your account from being compromised. We will respond to requests such as immediately confirming your security number. Please close.
The email may provide a link to a site designed to imitate a bank or IRS site, but actually provides the criminal with your username and password when you try to log in. You will have to do so.
If you file your taxes online and your information is compromised, cybercriminals can redirect your tax refund to your bank account.
If a cybercriminal has access to your email account, they can impersonate a real estate agent while you’re trying to buy a home. Since you are already expecting to hear from the agent, the criminal will tell you that your offer has been accepted and ask you to transfer your money to a fake escrow account.
Once there, your money is immediately used to buy cryptocurrencies such as Bitcoin, and then other forms of cryptocurrencies.
“Nobody has the resources to go after the money and get it back,” Shober told FOX Business.
“And the loophole that cybercriminals are realizing is that real estate agents and legal people on either side don’t really have any problems,” Shober said.
“They can’t be sued. If someone sends money to the wrong account, it actually falls on the consumer, so they basically just lost money,” Shober said. He said he has interviewed multiple victims of this type of fraud, including one victim who lost $160,000.
credit card shine
You may have heard of credit card skimmers. This is a device placed on or inside a credit card reader to steal card information when the card is swiped. Shimmers are skimmers designed to steal information from credit card chips when you insert them, rather than when you swipe them. Chips were invented to prevent this type of theft.
Chinese hackers preparing to wreak ‘physical havoc’ on US critical infrastructure: FBI director
Shimmer is a big threat, but most people aren’t aware of it right now, Shober said. After downloading all of the credit card numbers Shimmer stole, the criminal burns them onto a new card. They are then free to spend the money or sell the card.
Massive gas theft
Gas stations are prime targets for skimmers and shimmers. Costco offers an example of a simple solution that will go a long way in protecting its customers.
“There are six universal keys on 1.5 million gas pumps across the country,” Shober said. “You open the door and plug the skimmer into it, which is usually connected to a Bluetooth module. Then you close the door. In 30 seconds, you’re done installing the skimmer. As long as you’re 75 to 100 feet away, it won’t work. If you have a top and a car, you can wirelessly recover stolen credit cards from that pump.”
Costco has installed its own locks on all gas pumps, unlike most gas stations that don’t want to spend the large sums required for it, especially when there are few incentives.
trained romanian cyber gang
“What a lot of people don’t realize is the scale of cybercrime organizations,” Shober told FOX Business. “Recently, there have been reports that thousands of trained Romanian cybercriminals are coming to the United States. They are dividing the United States and focusing on different regions where they can place skimmers. This is a large-scale cybercrime operation. The average gas pump, skimmer installed will cause approximately $114,000 in damages before the skimmer is discovered.”
The scam involves stealing gas station customers’ credit card information, using it to purchase gasoline, and then selling the fuel back to the gas station.
”[The criminal] I’ll bring a lot back [stolen] “Then he comes back in a pickup truck with a 600-gallon bladder in the back and a cab on top of it,” Shober said. Then he pumps 600 gallons of diesel fuel and fills it up with your or my stolen credit card. ”
Shober said the criminals would turn a corner and meet a tanker truck, where they would pump the stolen fuel. Finally, the driver returns to the gas station and sells the gasoline to the vendor.
“Now you’re talking about a lot of money. You’re talking about $4 to $5 a gallon x 600 gallons at a time, and now it’s being sold back to the station,” he said.
Romanian gangs operate in the United States and around the world, and are well known for making money through credit card skimming. (Annette Riedl/via Photo Alliance/Getty Images)
You’ve heard it before: Don’t reuse passwords
According to Shober, a simple, if slightly inconvenient, step anyone can take to better protect themselves online is to create long, strong passwords that are never shared or reused. is.
He explained that if just one account is compromised, a hacker can put the stolen username and password into an automated hacking tool and attempt to log into the 100 most-used sites.
“Once they get in, they change your passwords and take over your accounts. And when they do that across multiple accounts, they end up getting into multiple accounts of yours, and that creates a very serious problem. I’ll cause it.”
Mr. Shober also insisted that he fabricate false answers to security questions when setting up his account, as many of the answers to the questions provided were easily searchable.
Layers of security: hackers are lazy
Shober himself keeps written passwords in a safe, uses Safari’s password keychain system, and uses a password manager when he needs to access passwords while he’s out and about.
Click here to read more on FOX Business
Shober likens the layers of digital security to the layers of security in a home, including “placing false alarm stickers, signs on the lawn, installing cameras and alarm systems, and installing deadbolts.”
“Multiple layers of security stop the thief from moving on to the next home and targeting easier targets,” he said. “Hackers are lazy and time is money. They’re just trying to move on to another target.” …So we have to apply the same thing to cybersecurity. ”
Use your chip and PIN at checkout
On the topic of chip and PIN, Shober said, “But ask yourself this: Target aside, when you go to buy something at a retail store, you pick up a card that has a chip on it. Have you ever typed a real pin? ”
Shober explained that tip-and-signature payments, which are easy to forge, are the norm in the United States, and many stores don’t even require a signature to save time at checkout.
“That’s because the United States has the best laws in place to protect consumers. In other words, if our cards, credit or debit cards are compromised, we get our money back. “And who will pay for it? We the consumers.” .
Shober said about 4% of the amount paid in interest on credit cards goes toward fulfilling fraudulent claims.
“Nobody thinks about that,” Shober said. “But you’re talking about countless billions of dollars every year…U.S. consumers are paying money to fight cybercrime, and they pay all these charges when their cards are compromised. They pay. It’s just because they’re not doing it right.”
