How to Keep Your Credit Card out of Hackers' Hands?
Some of you are probably too young to remember the times when buying things required leaving your house. A lot of work was involved in completing a single purchase. You had to go to a store, communicate with a shopkeeper, and, crucially, hand over cash and coins. The combination of credit cards and the Internet changed all this.
Right now, you just click some buttons and brace for the excruciating wait until the delivery person finally comes knocking on your door and you have what you want. People definitely like online shopping. They spend billions every day on stuff bought on the Internet, and that's unlikely to stop any time soon.
The Internet conveniences not just the users, though. Cybercriminals also like it because it gives them the opportunity to steal large quantities of money without even leaving their mom's basement. According to The Nilson Report, in 2016, losses due to credit card fraud reached a whopping $22.8 billion. The crooks are profiting from stolen credit cards, and unfortunately, this is unlikely to stop, either.
Now that we know why this is all happening, it's time to see how it works.
How cybercriminals steal your credit card
There are more than a few mechanisms, but if we list all of them we'd probably have to sit here all day. Instead, we'll show you the main types of attacks that could eventually lead to your credit card falling into the wrong hands.
With a lot of online vendors, you have the option of saving your credit card which makes future purchases and subscription renewals much quicker and easier. This, however, means that the vendor needs to store your card number, the CVV, and the rest of the information in a database. Unfortunately, databases get hacked day in, day out.
In some cases, however, hacking isn't required. Sometimes, the vendors store users' credit cards insecurely, and the attack is as simple as entering a URL in the address bar and hitting Enter.
Crooks know how the human brain works. They know that when users see a banner saying "You've won $1 million! Click here to claim your prize.", at least some of them will click on it. They also know that when you receive an email saying that you need to urgently log in to your account and update your credit card information, you will likely be in a hurry to do it. Last but not least, they know that because their phishing page is well designed, you probably won't spot the fact that you're giving away your information to a fake website.
Phishing is still the simplest, yet one of the most widespread types of online fraud, and some security professionals argue that the users' poor education is to blame. The truth is, while awareness is a problem, the bigger issue lies with the fact that the bad guys seem to be one step ahead of the good ones. It's difficult to distinguish phishing pages from the real thing nowadays, and the tricks used to get people to give away their data are remarkably clever.
When they do carry out a successful social engineering attack, the crooks sometimes deploy malware on the victim's computer. Malicious programs come in different shapes and sizes, and they can do a lot of different things. Gone are the times, however, when unleashing a trojan horse was done, as the hackers would put it, for the lulz.
Today, criminals want to monetize on the time and effort they put into their attacks, and one way to do this is to steal your credit card. Thanks to keyloggers and data stealers that can be purchased on hacking forums for a few bucks, this is possible.
How do you minimize the chances of having your credit card compromised?
As you can see, in some cases, there's not much you can do to protect your credit card details. When a vendor stores them, you can actually do little more than keep your fingers crossed and prepare for immediate action in case the worst happens. That said, you are still responsible for keeping your data safe, and there are a few common wisdoms you should adhere to.
Keep a close eye on the address bar
The difference between a URL that starts with https:// and one that starts with http:// could be the difference between having your credit card stolen and keeping it safe. The "s" stands for "secure," and it denotes the presence of an SSL certificate which means that the information sent to the website is encrypted. This, in turn, means that if hackers intercept it in mid-flight, they won't be able to use it. Every website that asks you for sensitive information should have an SSL certificate. If it doesn't, don't use it.
Be careful with the links in your inbox
Remember when we said that phishers' techniques are extremely clever? Take a look at the following two domains: bank.com and bаnk.com. Do they look identical or what?
In the second domain, however, the "a" is the Cyrillic "а." In other words, two completely different domains look almost exactly the same. There's a name for this type of phishing. It's called a homograph attack, and the way to fight it is by avoiding links sent to you via email or other means. If you think that you need to log into your bank.com account, type the domain manually into the address bar and hit Enter.
Computer programs change over time, and sometimes, users are annoyed when a software vendor decides to overhaul the entire interface for no obvious reasons. The thing is, in addition to moving buttons around, new versions of programs and operating systems also ship patches for security vulnerabilities. Keeping all your software up-to-date might not completely eliminate the threat of malware, but it will give you the best chance of avoiding it.
Up your password game
Hackers won't need to hack any databases if your account is wide open. And if you're using (or reusing) a weak password, you can be pretty sure that it is. The only way to minimize the risks of someone getting access to your data is by using complex, unique passwords for all your accounts.
The easiest way to do that is by using a dedicated password management application like Cyclonis Password Manager. You won't need to bother with creating or remembering long, complex passwords. Cyclonis Password Manager will do it for you, and all you'll need to do is make sure that you don't forget your master password.