In the United States, the Thanksgiving holiday travel season is in full spate. Last year, the American Automobile Association (AAA) estimated 54.3 million Americans would travel over the Thanksgiving Holiday. A record-breaking 112.5 million will likely travel for the year-end holiday season around Christmas and New Year’s Day.
With this mass movement of vacationers, tourists, holiday shoppers, and merchants come an increased risk of travel-related and card-related cybercrimes.
Cybercrimes to Avoid
Regardless of when or where you travel, you can never be too careful about protecting your devices and your information from thieves. Unfortunately, the situation is constantly changing, and there are a lot of scams going on these days that can potentially drain your account dry or damage your credit.
Card Skimming
According to the Federal Bureau of Investigation (FBI), card skimming happens when devices are illegally installed on automated teller machines (ATMs), retail equipment such as points of sale (POS), or fuel pumps. These devices capture data about the victim’s credit card and may use hidden cameras to record video of the cardholder’s personal identification number (PIN). The FBI estimates that skimming costs consumers and financial institutions more than $1 billion each year.
The skimming attacks become increasingly harder to avoid each year as crooks are using sophisticated technologies such as wireless skimmers, tiny pinhole cameras, and keypad overlays to steal data. The FBI warns that some gasoline fuel pump skimmers are being installed inside the equipment itself, where it is invisible to even the most cautious consumers. Still, there are a few ways to reduce the risk to yourself and others:
- Inspect ATMs and other card readers before using them
- Don’t use the device if you notice something suspicious
- Cover up the keypad any time you use it
- Be extra alert in tourist areas, which are popular targets.
- At fuel stations, consider paying inside
- Consider using cash
- If you think you have been a victim of skimming, contact your financial institution immediately
Shimming Attacks on Chip-Enabled Cards
Most credit, debit, and ATM cards in 2019 use a security chip to help avoid attacks on the card’s magnetic stripe. The chip itself is virtually unclonable. Unfortunately, this may not be enough to protect consumers due to a newer scam variation called shimming.
According to the credit agency Experian: scammers place a paper-thin “shim” inside the slot where your card and the security chip go. The shim contains chip-reading contacts and a device to read and save information from your card. While the stolen data can’t clone the chip card, it can apparently recreate the magnetic stripe.
While this new scam is harder to detect, Experian provides a few tips on how to protect yourself:
- If you feel an obstruction when inserting your card into a chip reader, stop and notify your bank and the store
- Businesses should inspect their card readers daily for tampering
- Consider contactless payment systems
- Consider paying in cash
e-Skimming
If the skimming problem wasn’t enough for you, there is an emerging threat from e-skimming attacks. This form involves compromised websites rather than a physical point of sale.
First, a bad actor may gain access to a website via a phishing attack, spear-phishing attack, or similar scam. Second, the hacker will inject malicious code into the website, which will capture credit card data in real-time as the user enters it.
E-Skimming is a relatively new threat that the FBI, the Secret Service, Homeland Security, and other agencies have partnered against in 2019. The latest warnings are specifically targeted to small and medium-sized businesses, as well as government agencies that accept credit card payments online. Among other things, officials say you can protect your business or agency by:
- Updating and patching all systems with the latest security software
- Changing default login credentials promptly
- Educating coworkers about safe cyber practices
- Avoiding hyperlinks or unexpected attachments in messages
- Segregating and segmenting network assets
Conclusions
When you are out traveling (especially in a new area) it is practically impossible to tell which ATMs or fuel pumps you should trust. But we hope these tips give you a few guidelines on what to look out for.
Regardless of the scenario, if you believe your personal data has been breached. The recurring message from law enforcement agencies and credit-monitoring services is to report problems as soon as you notice them.
References
[1] | AAA.com, “Make Your List, Check it Twice: Next Week’s the Best Time to Start Booking Holiday Flights,” AAA, 19 Sept. 2019. [Online]. Available: https://newsroom.aaa.com/2019/09/best-time-to-book-holiday-flights/. [Accessed 27 Nov. 2019]. |
[2] | United States Federal Bureau of Investigation, “Skimming,” FBI.gov, [Online]. Available: https://www.fbi.gov/scams-and-safety/common-fraud-schemes/skimming. [Accessed 27 Nov. 2019]. |
[3] | U.S. Attorney’s Office District of Massachusetts, “Brazilian National Sentenced For ATM Skimming,” U.S. Department of Justice, Boston, MA, 2019. |
[4] | C. Osborn, “Scam involved 241 fake credit cards and 10 skimmers, Round Rock police say,” Austin American Statesman, 25 Nov 2019. |
[5] | United States Federal Bureau of Investigation, “Skimming,” FBI.gov, [Online]. Available: https://www.fbi.gov/scams-and-safety/common-fraud-schemes/skimming. [Accessed 27 Nov. 2019]. |
[6] | U.S. Attorney’s Office Northern District of New York, “Romanian Man Sentenced to 48 Months in Capital Region ATM Skimming Conspiracy,” U.S. Department of Justice, Albany, NY, USA, 2017. |
[7] | M. Marino, “Tampa Bay travelers should watch out for skimmers this holiday season,” WLFA-TV, 27 Nov 2019. |
[8] | Experian, “‘Shimming’ Is the Latest Credit Card Scam,” Experian, 10 May 2018. [Online]. Available: https://www.experian.com/blogs/ask-experian/shimming-is-the-latest-credit-card-scam/. [Accessed 27 Nov 2019]. |
[9] | R. DePompa, “Scam alert for 2019: ‘Shimming’ is the new skimming,” WCSC-TV, 1 Jan 2019. |
[10] | United States Federal Bureau of Investigation, “Oregon FBI Tech Tuesday: Building a Digital Defense Against E-Skimming,” FBI.gov, 22 Oct. 2019. [Online]. Available: https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-agaist-e-skimming. [Accessed 27 Nov. 2019]. |
[11] | U.S. Federal Bureau of Investigation, “FBI, This Week: Joint Campaign Aims to Prevent E-Skimming,” FBI.gov, 17 Oct 2019. [Online]. Available: https://www.fbi.gov/audio-repository/ftw-podcast-e-skimming-101719.mp3/view. [Accessed 27 Nov 2019]. |
Important Notice: This article and its contents (the “Information”) belong to Unboxing-tomorrow.com and Voxidyne Media LLC. No license is granted for the use of it other than for information purposes. No license of any intellectual property rights is granted. The Information is subject to change without notice. The Information supplied is believed to be accurate, but Voxidyne Media LLC assumes no responsibility for its accuracy or completeness, any error in or omission from it or for any use made of it. Liability for loss or damage resulting from any reliance on the Information or use of it (including liability resulting from negligence or where Voxidyne Media LLC was aware of the possibility of such loss or damage arising) is excluded.