Payment

now browsing by tag

 
 

#parent | #kids | Stimulus check money: A $1,200 payment could still go out in 2020 | #parenting | #parenting | #kids

Calculate the maximum payment that could end up in your pocket if another stimulus package comes your way. Sarah Tew/CNET Now that the 2020 Republican and Democratic national conventions are history, […] View full post on National Cyber Security

#deepweb | Joker’s laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web

Source: National Cyber Security – Produced By Gregory Evans

“INDIA-BIG-MIX” (full name: [CC] INDIA-BIG-MIX (FRESH SNIFFED CVV) INDIA/EU/WORLD MIX, HIGH VALID 80-85%, uploaded 2020-02-05 (NON-REFUNDABLE BASE)”

If you’re wondering what this seemingly random set of words mean, that is how a fresh database of 461,976 payment card records currently on sale on Joker’s Stash, a popular underground cardshop in the dark web has been listed.

Group-IB, a Singapore based cybersecurity company specialising in preventing cyber attacks which detected the database, says that over 98% of this database on sale were cards issued by Indian banks.

At the moment, the source of this new breach is unknown. The card records were uploaded on the 5th of February and that the total estimated value of the database according to Group-IB, is USD4.2 million, at around USD 9 apiece. Till yesterday morning 16 cards details were found to have been sold. Those who buy these cards do so with the intention of committing payment card fraud.

The company says that they have already alerted India’s Computer Emergency Response Team (CERT-In). The Economic Times will update this story as and when we hear from CERT-In on the steps they have taken.

With the sharp rise in digital payments in India and a lack of corresponding rise in awareness of the best practices to use payment cards safely online and offline, the country has become an attractive destination for nefarious elements online.

This newest breach has, according to Group-IB, “exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.”

This is the second major database of Indian payment card details that Group-IB has detected since October when 1.3 million credit and debit card records of mostly Indian banks’ customers uploaded to Joker’s Stash with and estimated underground market value of USD130 million was detected in what became “the biggest card database encapsulated in a single file ever uploaded on underground markets at once.”

According to Dmitry Shestakov, the head of Group-IB cybercrime research unit, “In the current case, we are dealing with so-called fullz — they have info on card number, expiration date, CVV/CVC, cardholder name as well as some extra personal info.”

They also say that unlike earlier breaches what “distinguishes the new database from its predecessor is the fact that the cards were likely compromised online, this assumption is supported by the set of data offered for sale.”

Shestakov adds “such type of data is likely to have been compromised online — with the use of phishing, malware, or JS-sniffers — while in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example.”

Source link
——————————————————————————————————

The post #deepweb | <p> Joker’s laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Netflix email scam tells victims to ‘update your payment information’, news update

Source: National Cyber Security – Produced By Gregory Evans If you receive an email from Netflix telling you to update your payment information immediately, you could be the victim of sophisticated new scam. The streaming giant has once again been embroiled in a phishing email scam, which uses the same branding and username seen with […] View full post on AmIHackerProof.com

Basic #Payment #cash raises #computer #hacker #threat

Source: National Cyber Security – Produced By Gregory Evans

Basic #Payment #cash raises #computer #hacker #threat

EASY access to information about Scottish farmers’ Basic Payments has made them prime targets for cyber crime, the Scottish Business Resilience Centre has warned.

At the end of October, payments worth £254million were issued to farmers and crofters across the country, and SBRC advised farmers to be “extra vigilant” regarding their internet safety, including being aware of suspicious emails or phone calls.

Chief ‘ethical hacker’ with the SBRC, Gerry Grant, said: “I know how vital these payments are to the livelihood of farmers and crofters. This makes it even more important that they’re fully aware that it can make them an easy target for criminals to try and scam them.

“Criminals can easily work out an accurate estimation of what a farmer is likely to receive in CAP payments and armed with this information, they can try and steal the money. They can send various emails to try and get passwords for bank accounts or even try and trick unsuspecting farmers into making payments to the wrong account.”

The types of emails and calls farmers may receive will generally consist of them being asked to take urgent action regarding their finances/bank accounts. SBRC said that any unusual emails or phone calls should be investigated fully, and the contact details should be verified before any action is taken.

Things to look out for include:

• Emails from suppliers asking for funds to be transferred to a different bank account;

• Emails claiming that there is a problem with an account;

• Phone calls from banks saying that there appears to be unusual activity on their account.

The post Basic #Payment #cash raises #computer #hacker #threat appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Scammers are #conning homebuyers out of their down #payment

Source: National Cyber Security – Produced By Gregory Evans

Scammers are #conning homebuyers out of their down #payment
  • Scammers are going after homebuyers’ down payments in a growing version of “email access compromise.”
  • Because it’s the consumer authorizing the wire transfer, the usual protections don’t apply.
  • Experts say don’t trust emailed closing instructions. Call a number you know to be correct to confirm.

$52,660.57.

It’s a number Shannyn Allan knows by heart. That’s how much money she painstakingly saved for a 20 percent down payment and closing costs on her dream home — one with a claw-foot tub and enough room to run her fundraising group for dog rescues.

It was “the only house in San Antonio in our price range,” she said.

And it’s how much money the first-time homebuyer nearly lost this spring to an increasingly common scam.

“It was a nightmare every single day,” Allan said of the three-week ordeal. “I almost lost the house.”

Variations of so-called email access scams have become a $5.3 billion problem affecting businesses and consumers in all sectors, the FBI warned in a May public service announcement.

The bureau’s notice called out real estate transactions as a trending forum for the scam, targeting “all participants … including buyers, sellers, agents, and lawyers.” In particular, complaints to the FBI from victimized title companies jumped 480 percent in 2016.

“They’re tough numbers to digest because we do think they’re underreported,” said James Barnacle, chief of the FBI’s money laundering unit.

In some of the largest real estate cases, he said, losses have been “in the low millions.” But even smaller losses are significant.

“They’re people’s life savings,” Barnacle said.

Tactics for the scam vary, but thieves’ aim is the same: Compromise the computer or email account of a person or business involved in real estate to monitor upcoming transactions. That gives them an opportunity to impersonate that party and try to intercept funds.

“Scammers and hackers want to target you when you’re either scared out of your mind or extremely happy,” said Ryan O’Leary, vice president of the Threat Research Center at WhiteHat Security. “Real estate is the perfect one-two combo, and there’s a lot of money at stake.”

Elements of real estate transactions are becoming increasingly digital, giving would-be thieves plenty of opportunities, he said. Nor does it hurt that a home purchase is one of the few instances where a request to wire money won’t set off alarm bells for the consumer.

In Allan’s case, the thieves interceded just hours before the closing.

“They waited and they watched, like a damn gator in the water,” she said.

She was on her way to the bank when she got an email that appeared to be from her title company, with a change of wire transfer instructions. Suspicious, Allan reached out to her real estate agent — who, she says, simply apologized for the hassle.

Allan wired the money at 9:34 a.m. Central time.

By a lucky coincidence, the real title company reached out to Allan shortly after, to give her the final closing instructions and confirm the money would be wired.

“They were like, ‘You wired the money? Who did you wire it to?’” she said.

How to avoid real estate wire fraud

An educated homebuyer is the first line of defense, said Jessica Edgerton, associate counsel for the National Association of Realtors. No matter what security precautions other parties, such as your title company or real estate agent, have in place, ultimately you’re the one wiring the money.

“This is happening all the time,” she said. “Attempts are happening on a daily basis.

“Don’t dismiss this as an interesting news story and distance yourself thinking this is something that won’t happen to you,” Edgerton said.

Here’s how to avoid falling victim to this kind of scam:

1) Verify everything

When you’re buying a house, you expect to hear from your real estate agent, attorney and other parties in the transaction. So you’re naturally less suspicious of emails that appear to be from those people — which thieves take advantage of, said the FBI’s Barnacle.

Don’t assume any emailed instructions or account details are legit.

“You have to call, and you have to confirm,” Barnacle said. “Having some kind of redundancy and some kind of check in place is the number one way of avoiding being hit by these frauds.”

But don’t call the phone number in the email, he said. That may redirect you to the would-be thieves. Instead, call a number you know to be correct for say, that title agency or mortgage broker, based on a web search or previous interactions.

2) Be suspicious of changes

Last-minute changes to closing procedures are a red flag — especially requests that you change the payment method or send money to a different bank or account, said Doug Johnson, senior vice president and senior advisor of risk management policy for the American Bankers Association. Real estate closings are a “standard process,” he said, and it would be unusual for those details to change.

Again, verify any changes by calling the other parties involved.

“Trust your instincts on this kind of stuff,” Johnson said. “We tend to know when something smells a little fishy.”

3) Secure your emails

Given the risk of compromise, don’t send sensitive data such as bank account details or your Social Security number over email, Edgerton said. Use a secure file-transfer service to send documents required for that home purchase, or a secure client-access portal that the business (be it your title company, mortgage broker, etc.) has set up.

Be suspicious of communications that don’t follow whatever protocol has been set up — for example, a request that you email details that you’ve previously securely submitted via a portal.

4) Use good cybersecurity hygiene

This scam begins with thieves gaining access to the computer or email account of someone involved in the real estate transaction, said O’Leary — make sure that someone isn’t you.

Keep your antivirus software and operating system up to date, use unique, complex passwords and enable protections such as two-factor authentication where available. Don’t click on any suspicious links in emails, he said.

5) Pick a secure payment method

Ask about your options for paying the down payment and closing costs, said Allan, who blogs about personal finance at FrugalBeautiful.com and now, after her experience, at Realestatewirefraud.com. You may be able to bring a paper certified check or cashier’s check to the closing or an agent’s office ahead of time, avoiding the possibility the funds end up in a fraudster’s hands.

WHAT TO DO IF YOU’RE VICTIMIZED

If you fall prey to one of these scams, you’ll need to act immediately. The odds of recovering that stolen money aren’t in your favor.

Money sent via a wire transfer is quickly moved electronically from your bank to the recipient bank, and then into the payee’s account. You typically have only a tiny window for the banks to halt a transfer, or freeze the account before fast-moving thieves withdraw the funds. Once the money is out of that account, it’s gone.

Even if you spot and report the fraud within 24 hours, you might not get your money back, said Barnacle.

“I don’t want to set false expectations for consumers,” he said. “The chance of recovery here is slim.”

Because the consumer is the one to authorize the wire transfer, protections covering unauthorized financial transactions don’t apply. The banks will work with you, but you may bear some or all of the liability for lost funds, depending on the details and extent of the crime, said Johnson.

Allan’s almost immediate notice of the fraud was instrumental in recovering of her money because the bank was able to freeze the thief’s account. In the end, she lost just $430 — including $70 in wire transfer fees. She’s quick to point out she was extremely lucky.

“I feel like a magical unicorn, because this doesn’t happen,” she said.

Here’s how to take action if you fall prey to a scam:

Alert the banks. “Immediately call your bank or financial institution,” Johnson said. “They may still be able to call back the wire.” Alert the bank on the receiving end of the wire transfer, too. They can often work with your bank to halt the transfer or freeze the recipient’s account.

Call in law enforcement. File a local police report detailing what happened. Call your local FBI office and file a complaint with the FBI’s Internet Crime Complaint Center, too. “At the FBI level, we have briefed all of our 56 field offices and all of our resident agencies, and they are equipped to rapidly respond,” Barnacle said.

The post Scammers are #conning homebuyers out of their down #payment appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers breach Kmart’s credit card payment system

Source: National Cyber Security – Produced By Gregory Evans

Hackers breach Kmart’s credit card payment system

Financially-troubled Sears Holdings has confirmed that hackers recently breached the credit card processing system of some of its Kmart stores, and that the cards of some customers could have been compromised. But Sears said that neither Sears nor Kmart were deeply impacted by the attack — the second of its…

The post Hackers breach Kmart’s credit card payment system appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Digital Payment Providers Are Prone to Hacking risk, Need Upgraded Security

paytm

Source: National Cyber Security – Produced By Gregory Evans

Digital Payment Providers Are Prone to Hacking risk, Need Upgraded Security

With more and more people logging into e-wallets or m-wallets for daily payments, the target for hackers has increased exponentially, experts warn, suggesting that upgraded security is the only way to safeguard millions of first-time users and small and medium

The post Digital Payment Providers Are Prone to Hacking risk, Need Upgraded Security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

IT warned to act now or risk losing access to vital online payment services.

more information on sonyhack from leading cyber security experts

Source: National Cyber Security – Produced By Gregory Evans

IT warned to act now or risk losing access to vital online payment services.

Online businesses in the UK are being warned by Bacs Payment Schemes Limited (Bacs) that they could be locked out of secure websites including those used to make salary payments, if they don’t act to update their systems. From 13 June, Bacs is adopting the new security, called SHA-2- SSL. At the same time as this change is being made, Bacs will withdraw support for older connection protocols to beef up security between connections. After 13 June 2016, only TLS 1.1 and 1.2 will be supported, meaning that IT departments professionals who want to access Bacs via Bacstel-IP or the Payment Services website to make or collect payments will need to have a web browser, operating system, and – if used – a Bacs Approved Software Solution that support these changes. It’s a significant shakeup that could have serious implications for UK businesses which use Bacs to make salary payments, and IT departments which manage back office supplier payments or payment collection by Direct Debit will be affected. This security update will affect everyone using Bacs to pay their staff and suppliers, or collect payments from customers using Direct Debits. In short, it adds stronger security to the way in […]

The post IT warned to act now or risk losing access to vital online payment services. appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

Related Post

The post IT warned to act now or risk losing access to vital online payment services. appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com

Few Retailers Accepting ‘Chip’ Credit Card Payment Feature for Holidays

Source: National Cyber Security – Produced By Gregory Evans

Few Retailers Accepting ‘Chip’ Credit Card Payment Feature for Holidays

Maybe you’ve noticed: At many stores, both big and small, you still have to swipe the magnetic stripe on your new chip-enabled credit card, rather than insert or dip it into a chip-reader. Edgar Dworsky, founder of the website ConsumerWorld.org, wondered why he’s rarely asked to dip his smart cards, despite an Oct. 1 “deadline” for retailers to adopt the new standard. So he decided to survey the marketplace last week. He checked 48 national and regional chains and found that only one in four had payment terminals able to process a purchase using the chip security feature in the EMV cards (an acronym derived from Europay, MasterCard and Visa, the three companies that originally developed the standard). “Virtually all – except for Radio Shack – have installed checkout terminals with the card slots for these chip cards, but most of them did not work. They had not turned on the system yet,” Dworsky told NBC News. Only 10 chains in the ConsumerWorld survey have enabled the chip card function chainwide: Best Buy, Home Depot, Lowe’s, Macy’s, Old Navy, Rite Aid, Sam’s Club, Target, Walgreens and Walmart. Big-name national and regional retailers that cannot accept chip cards at some or […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Few Retailers Accepting ‘Chip’ Credit Card Payment Feature for Holidays appeared first on National Cyber Security.

View full post on National Cyber Security

POS made Michaels, Aaron Brothers risk millions of payment cards

Two independent security firms that dates back to January, arts and crafts retailer Michaels Stores confirmed that, much like retail giant Target, its U.S. stores had experienced a payment card breach.
The Michaels breach involved malware on point-of-sale systems that neither security firm had encountered before, Michaels CEO Chuck Rubin wrote in a Thursday statement, explaining the malware has been removed and the incident has been fully contained.
About 2.6 million payment cards may have been compromised from Michaels outlets between May 8, 2013 and Jan. 27, Rubin said, adding that about 400,000 payment cards could have been compromised from Aarons Brothers stores, a Michaels subsidiary, between June 26, 2013 and Feb. 27.
Rubin explained that the breach impacted a “varying number” of Michaels stores, as well as 54 Aaron Brothers locations. The crafts retailer posted online which Michaels and Aaron Brothers locations were affected.
“While we have received limited reports of fraud, we are offering identity protection and credit monitoring services to affected Michaels and Aaron Brothers customers in the U.S. for 12 months at no cost to them,” Rubin said. “We also are offering these customers a fraud assistance service for 12 months at no cost to them.”
Rubin announced at the end of January that Michaels was looking into a possible payment card breach, shortly after technology writer Brian Krebs reported that the retailer was investigating an incident. The investigation was spurred due to reports of fraudulent activity on cards used in stores.

Source: http://whogothack.blogspot.co.uk/2014/04/pos-made-michaels-aaron-brothers-risk.html#.Vj0wWPmqqko

The post POS made Michaels, Aaron Brothers risk millions of payment cards appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof