With various malicious threat actors continuously evolving their attack techniques it is becoming extremely important to keep our credit card details safe in our highly networked world.
With how convenient it is to shop online, the amount of electronic transactions has skyrocketed. This means that cyber crime threats as well as the techniques used to steal credit card information has also gotten more sophisticated.
For a cyber the holy grail of prizes is that of credit card information. They would then use this for identity theft and fraudulent activities.
Knowing and understanding some of the popular ways that malicious threat actors can steal such information is helpful to ensure you don’t fall victim to one of these attacks and get defrauded.
3 types of attacks that we will look into that cyber criminals use are the following:
- Data Breaches
Phishing – Getting the Unexpected Person On The Hook to Share Sensitive Information
The most widely used technique used by cyber criminals to steal credit card details is that of phishing.
Convincing emails, messages or websites posing as legitimate entities are created by the cyber criminals. With these they lure their victims into giving their credit card information, other personally identifiable information, and even sensitive login credentials with out knowing they are giving them to cyber criminals.
The Anti-Phishing Working Group (APWG) notes that such attacks keep increasing year on year with billions of emails with malicious intent sent globally.
As time passes, such attacks are getting becoming more sophisticated making it more important to be cautious when one shares sensitive information online.
Typical Phishing Scenario
Imagine you are the victim and you get an email which is claiming to be from your bank and that you need to update your credit card information due to a security incident.
In the specially crated email there is a link to the fake bank website, which is designed to look exactly like the official site. You enter your credit card information on this fraudulent website, and once submitted the cyber criminals that sent out this phishing email have your details.
The physical world is still a favorite of criminals. Skimming is a technique used to obtain credit card details from unknowing victims.
Covert devices are installed on point of sales systems, ATM’s or gas pumps which in turns captures data from the cards magnetic strip or chip when it is swiped or inserted.
The US Federal Trade Commission (FTC) defines skimming as a method used criminal individuals to steal credit card information from various physical locations. They advise consumer to be cautions when using cards in public places and report any suspicious devices or activities to the authorities.
Typical Skimming Scenario
A cyber criminal has discreetly attached a skimming device to the ATM at your local bank.
Put your self in the shoes of an unsuspecting victim. You insert your card into the ATM that has this skimmer attached. The device reads and stores the card’s details. This includes account number, name, and expiration date.
With this stolen information can make counterfeit cards or sell the information on the dark web allowing other malicious actors to make fraudulent transactions.
Data breaches on a large scale are becoming increasingly common. Malicious threat actors look at infiltrating business and organizations by unauthorized means to access their vast amounts of data that is stored in their databases.
These threat actors are able to by pass a companies security measures using advanced hacking techniques they siphon off the sensitive information for nefarious uses.
in the US in 2022 there were over 1,100 reported data breaches alone according to the Identity Theft Resource Center (ITRC). These breaches made up of millions of compromised individuals personal and financial information including their credit card details.
Typical Data Breach Scenario
Imagine that your favorite retail outlet is a victim of a data breach. As a result of this millions of their customers have had their credit card information stolen.
Those threat actors that are responsible for breaching the retailer and their database did not only steal the credit card numbers but also personal details such as names, addresses, and social security numbers.
This stolen data can in turn be sold on the black market or used for fraudulent intent.