Security Expert’s Credit Card Hacked

An excellent way to improve one’s level of security intelligence is to follow the writings of Robert X. Cringley, one of my favorite technology know-it-alls.

Anyway, Cringley’s credit card was recently hacked. And if his card can be hacked, anyone’s can. Like many cardholders, Cringley received a notification from his credit card company’s fraud department, informing him that his card data was being used overseas, on an online dating website.

A scammer used Cringley’s credit card number to create a fake profile, posing as a woman named Katya to lure desperate, unsuspecting men into dating scams.

Cringley determined that the IP address associated with the fraud was anonymized, going through numerous channels to disguise its origin. A Russia-based email address may mean Russian criminals are involved in the hack.

Cringley’s card was used to purchase Badoo credits, which are used to unlock certain features of the dating website, such as chatting with another user or requesting photos. The scammer used Cringley’s card to buy Badoo credits in numerous countries, making her profile internationally accessible.

Cringley surmises that his card data may have been skimmed when he used an ATM or handed his credit card to a store clerk or waiter, or possibly stolen when used to make an online purchase. Even if you are giving your card number to a legitimate online merchant, there’s always the risk they may get hacked. It’s also possible than an unknown worm could have slithered onto Cringley’s PC and sniffed out a credit card transaction.

Even a security expert’s PC can fall victim to hackers, and even someone who knows plenty about security can get hooked. So you must be that much more alert, aware, and on top these issues.

Websites like Badoo can eliminate scammers with device reputation scanning. Real-time device reputation checks, such as those offered by iovation, can detect computers that have been used for fraud, as well as expose all of the accounts associated with the suspicious device or group of devices, allowing websites to immediately shut down sophisticated fraud rings and fraudulent accounts.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft for the National Speakers Association. (Disclosures)