Whats going to happen? My thoughts on the security breaches

These are only my thoughts. These are not the thoughts of a security expert who may know more about this stuff than I. Please take it as such.

We’ve had a pretty hard time understanding the massive compromise at Target. The massive amount of coverage that we’ve seen since has lead us to what was going on. Criminals will want to go where the money is, and the money lies in people’s credit cards. It no longer lies in the hacking of web sites, although that will continue. That doesn’t seem to change. What also won’t change is the defacement of software from companies like Adobe, Microsoft, and others. What will change is these data breaches.

Trend Micro in their year end report which you can find on the Internet, hinted at one major breach a month. December and January found Target which was the biggest.

Krebs On Security broke the story of the target breach with the post entitled Sources: Target Investigating Data Breach which was posted on December 15, 2013. The next itemHackers Steal Card Data from Neiman Marcus which was big to start January. Finally, Sources: Card Breach at Michaels Stores which also came out toward the end of January and in to February. This is a big deal, as these are big retail chains. The latest post dealing with target should be no surprise, and it came out on February 12, 2014. Email Attack on Vendor Set Up Breach at Target which was posted at 9 am on Feb 12, goes in to detail on how the hackers were able to phish an employee, maybe 2, in to installing a piece of software.

Phishing is nothing new. It has been going on ever since the telephone became an easy item to get as far as I’m aware. It was not known as phishing until the Internet was born, but scams by telephone are what started the whole thing. They now do this type of thing by E-mail and now a days Smishing or SMS phishing may be used. Voice phishing is another tactic, and more common. What they do is social engineer a caller, SMS recipient, or E-mail a recipient The bate? Try to get personal information and then use it to buy things, steal identity, and other things.

Getting your personal information may mean a lot of different things. They may or may not do anything with the information. They may do it for the fun of it. They may sell your information underground for hundreds of dollars. Targets stolen credit card data was sold in pieces, and according to one article between $60 and $100 a piece. This is fast moving money changing hands, and sadly, prices may be higher, and if they grab your social security number, it may be higher still. We have to do the best we can.

Target got social engineered in the E-mail department. The latest by Brian goes in to great detail. Sadly, the consumers are at a loss, because we can’t do anything about this. I’ve talked on my podcasts numerous times on how I got hacked. It is not fun. It is a hassle. I won’t go in to detail here, I can give you podcasts where credit card discussion is talked about, and you can listen to those. This is going to be a big deal now, since everything is done on the Internet.

Here is what is going to happen. The big companies in which you don’t suspect being bitten will be next. Companies in the hotel industry, banking industry, markets, gas stations, and others. The criminals will go after the big chains like Ralphs, Dollar Tree stores, and other big stores like Walmart. That won’t be my big concern. My biggest concern is the hospitals, doctor offices, and other types of businesses that deal with patient data. All of that data will move to the cloud, or what we call, on the Internet. This can be a big problem, because people don’t know how secure systems are. One article which mentioned a possible breach at such a facility was talking about how 405,000 different records were taken from an inside job. I can’t seem to find the article off hand, but that was the first. More types of this activity will occur, and the criminals know it.

As blind people, which seem to be my target audience, it is very important that you pay attention to your statements and charges. Here is what I personally recommend since I’ve been there twice. I’m not going to tell you what you should do, but I seem to do these things. Its not 100 percent guaranteed, as something may happen in between checks, but you may catch it quickly if it does.

• If you charge a lot, make sure you look at your online account, or call in on a regular basis to determine if anything doesn’t match, or if you have a lot pending, verify that everything is yours. The 2nd time I got hacked, it wasn’t necessarily a hack. It was a small charge at a merchant that I never did business with. The Fraud Protection service would’ve never caught that.
• Don’t wait for your statement to come in the mail. If you have a suspicious charge, I recommend you don’t wait till your statement comes. Sure, you could try and call the merchant like I did, but while you’re doing that, a criminal may put more charges on the card which may or may not set off alarms at the Fraud Protection Service from your issuing institution.
• Don’t wait days to report something is wrong. My biggest mistake, although it didn’t cost me, was waiting days after getting hacked. After giving the company the information they requested, they promptly changed my password, and changed my contact information. I didn’t know this, and thought I had entered the wrong password. I waited for a charge to post before calling and dealing with it, and that could have cost me.
• Read your statement in case something came through in between the times you check online. I doublecheck my statement, to make sure I know where things are. Some things may post within one day of pending. That could be the time someone read your card, shopped somewhere, and it posted just before statement generation. Mcdonalds usually posts within one day, and that is an example.
• Try if possible to remember credit card numbers. When you first get your credit card number read to you, try to memorize it. This way, nobody can take it down when reading it to you later.

I can’t seem to think of anything else, but you can come up with a plan that suits you. Several blind customers who shopped at Target may have been compromised during the Target breach intrusion. Those people may have had charges show up on their credit card statements as new charges before their statement closed. Luckily, the banks and other institutions were aware of the potential breaches, and monitored cards right away, but your hack may be a one time thing, and nothing massive occurred. Don’t rely on the credit card company or bank to help.

What really bothers me about the Target breach is the fact that names, numbers, and possibly debit card information was taken. Debit card customers may want to keep a closer eye on their transactions since money leaves the account within a day or two, even if the charge takes a week. Being disabled means we have less money to play with than the normal sighted person, but it doesn’t mean we are not secure. I was on top of my charges, are you?

Comment on this post with any tips you might have. Lets open this up for dialogue. The comment boards await you.