Avoiding Holiday Cyberscams

TOM FUDGE: Well the holiday shopping season is coming up and that means that cyber criminals are going to try to steal your credit card well how do we stop them stay tuned and we will talk about that. You're listening to midday. You're listening to Midday Edition, I'm Tom fudge. Target, Home Depot, Neiman Marcus and Michael's. They are some of the huge retail chains where customer credit and debit card numbers have been stolen by cyber criminals. The cyber security breaches have affected tens of millions of consumers, in fact I got a new Mastercard in the mail just a few weeks ago to due to fears that my card was compromise. Add to all that the huge number of people who will be shopping online this holiday season, putting themselves at risk of scams like fake websites and criminal phishing expeditions. We are talking about how consumers like you can protect themselves and their bank accounts from cyber crime. Call us if you have a story to tell, or a question to ask about the danger that lurks online, the call-in number is 888-895-5727, that is 888895K PBS we will be happy to hear from you. And joining me in studio to talk about the subject is Lance Larson. Lance is assistant director of the graduate program in homeland security and a lecturer on management information systems at San Diego State University. Lance, thank you very much for coming in. LANCE LARSON: Thank you Tom for having me. TOM FUDGE: Lance, one-way cyber criminals access information is through bogus e-mails, or so- called phishing schemes. Give us an example of what they are and how they work. LANCE LARSON: Absolutely. So phishing techniques are pretty old. They've been around for a long time. And really how your listeners can understand what a phishing e-mail is is maybe they've received an e-mail from a bank but they don't actually do business with that bank and it asked them to click on a link and asked them to enter personal information and that is when we should be a little hesitant. I tell my students in the classroom, I tell them think three times and click once. Because once we click, sometimes we've already given away our identity or our personal information. TOM FUDGE: Now when you click on that link, what does that allow? The cyber criminal to do? LANCE LARSON: So one thing it allows is it gives us that the people that are shopping or clicking, it gives us a sense of trust when we click on a link or maybe a bank that we do business with and once they get us onto a website that we trust. Then they asked us for personal information and once we give them the personal information they take it and they can sell it on the black market. Hackers refer that to profiles or full these, and believe it or not, our identities in the US are only worth about $20 each to a hacker. TOM FUDGE: Once again give us a call if you have a question or story to tell about a cyber crime or suspected cyber crime. It's 888895KPBS. Let me tell you a story, Lance. I had to buy some worms recently because I have a composter and so I went online and I found a website I don't know, something like Joe's worm farm. I ordered some worms for my composter and they arrived. Everything seemed fine. But I'd never heard of this website before. Before I clicked on it. Now, was I taking a risk? LANCE LARSON: I think trust can either be used against us, or we can use trust to identify retailers that we like to do business with. And so I think it is really important that if we have any sense of mistrust, or we just have a bad feeling down in our gut that we do not do business on these websites that give us that feeling. And so I think it is really important that we frequent websites that we trust and we've seen as you said earlier, we've seen Target, we've seen Home Depot, we've seen retailers that we trust go through a cyber crime. And essentially lose our information. And so I think the bigger question is who can we trust out in the retail space? Who is protecting our information and how can we make sure we only shop with those retailers that do take us and our information as an important thing to protect. TOM FUDGE: How do you know you are looking at a bogus website? LANCE LARSON: So it is sometimes very difficult. A lot of us have antivirus, or we have other types of software that run on our computer that can help in detecting some of these phishing websites. But really it comes down to trusting who we are going to. All of us have probably shopped on eBay before and we've probably had a bad experience with at least one or two sellers. We didn't trust them, but we trusted eBay. So on those kind of marketplaces like PayPal and eBay we hope they are vetting their sellers as well. TOM FUDGE: Who are these people, these cyber criminals? And let me tell you why I'm asking. I've heard some people say that one way you could check these, know that you are looking at a bogus website is if you see, if the colors are wrong, or maybe there are a lot of misspellings which suggest they may be from countries where English is not spoken. LANCE LARSON: So really when we look at these criminal hackers or criminal hacking groups, first we look at their motivation. Why are they doing this, or why do they want to actually go in and perform these crimes? And usually it comes down to a few different reasons. First is financial. They want to make money. Our identities as we said earlier are worth money, our credit card, credit information is worth money to these criminal war criminal hacking groups. Another reason is notoriety. Maybe they want to be the best hacker. Maybe they want their friends to know them as someone who's been able to hack so many different identities. And the actual geographical location, it's really all over the map. But what we hear a lot of is Eastern Europe and places outside of the US where they are able to commit these crimes and know that they might not get caught right away if at all. TOM FUDGE: And I'm talking about the coming holiday season and the chances that your credit card information or personal information may be compromised as a result of holiday shopping either online, or at the mall. My guest is Lance Larsen assistant director of the graduate program in homeland security and a lecturer at San Diego State University. You know as I mentioned before we saw with the breach of Target just how vulnerable our credit card information is. What did we learn, the breach is a Target, Home Depot, what have we learned from this, or better yet what has Home Depot learned from this? LANCE LARSON: I think retailers are learning that we have to trust them to do business. And if we feel little bit of mistrust it's unlikely we are going to visit them again. But what always really mystifies me if we look at the Target breach, for example, is one thing that targeted was offered 10% off on a certain Saturday to be able to tell their consumers that they can still shop at Target and they are trustworthy. I asked my students I asked how many people took advantage of the 10% discount and a lot of them raise their hands and I said keep your hands up, how many used their credit card at Target on that day, and a lot of them raise their hand. Because we are easy to forget and forgive. So one more tip I would give to the listeners is if they have a debit card and a credit card air on the side of caution and use your credit card because it is a lot easier to have that type of protection on a credit card than it is on a debit card, where the bank might take a few weeks to get your money back and it might clear out your entire checking account. TOM FUDGE: When it comes to a credit card, if somebody fraudulently uses your credit card number, who is the crime victim? Is it you, or is it the bank that issued the credit card? LANCE LARSON: So eventually the ultimate victim is the merchant themselves because they are actually taking the hit when they send out a product and receive payment. Now they've lost both the payment and the product and they get a fee for what is called a chargeback on top of that. But when the bank said issuers have to send us new credit cards it's also affecting us and potentially the rates we are paying these merchants in the long run. TOM FUDGE: Let's take a call from Daniel who was calling from Claremont. Our number is 888895K PBS. Daniel, go ahead. NEW SPEAKER: I'm just wondering, I live here in America, a first world country and when I went to Target and use my credit card and they had the breach, they never contacted me or they never did anything. So I'm just wondering what is making these organizations be compliant and how can we hold them accountable and who holds them accountable? TOM FUDGE: Talking about holding Target accountable, is that what you're talking about? NEW SPEAKER: Not just Target, Home Depot, all these companies that are supposed to be legitimate companies that have led our information go away and they never compensate us and they never prove that they're going to be worthy to keep our information again. TOM FUDGE: Okay thanks very much. Lance, how do you want to answer that? LANCE LARSON: So, Daniel I think you have definitely hit the nail on top of the head because that is a problem.And I think that California for example is starting to lead the charge to require merchants to be able to disclose to consumers that are affected by a breach right away. And I think that other states need to have similar laws requiring very quick notification and there should be retribution, there should be something that should happen, maybe loss of business in the long run to these merchants so that they value cyber security and hire people like a chief information security officer who is there protecting our information when it sits on their systems. TOM FUDGE: You mentioned the fact that we should use credit cards, not debit cards. But if your debit card number is compromise, what are the chances that the thief is going to know your pin number? LANCE LARSON: So it's not a great chance unless for example they have seen you enter the pin number while at an ATM. So it is always good to be cognizant of your surroundings when you are at any Tim or at a merchant typing your pin number. So it is not a great risk however what is a little bit different with a debit card than a credit card is that the debit card is normally linked to your checking or savings account. And so when the money comes out, the bank takes a little bit more time to do an investigation to make sure it really was fraudulent activity, and so around the holidays may be allotted your listeners are depending on having that money in there checking account or savings account to buy gifts and if it is not there for a few weeks will that affect them? I think it will unfortunately. TOM FUDGE: We have a call from Arlene and the starling go ahead. NEW SPEAKER: Hi, I had a question about the RFID chips in credit cards and the ability to track information--- is that still a concern or is that technology improved? TOM FUDGE: Thanks, Arlene. LANCE LARSON: Arlene, I think it is still a risk and there are some simple thingsyou can buy. One is called a Faraday bag and basically this bag, you can put your credit cards or debit cards that have an RFID chip into this bag and it will stop the signal from going out of your pocket, or your purse to someone that may have a device, the scanner to pick up the RFID. It is definitely still a risk, so I would be extra protective on those cards. You can also sometimes call your card issuer and you can actually give them, asked them to give you a card without the RFID chip if we are really worried about that. TOM FUDGE: Lance, what can we do, what can we do if we notice unauthorized charges to our debit or credit card? What is the next step? LANCE LARSON: I would advise you to immediately call your bank or call your credit card issuer and alert them to the issue.Then, do a little bit of investigation yourself. And think of when might my credit card or debit card have been out of my come out of your person, or maybe been out of reach for a little while. But sometimes it's never been out of reach. And so maybe think about where you have use that credit card, which merchants in the past few months, so that you can may be pin down what merchant might have lost your information and I think it is a problem because when we receive those new credit cards a lot of times our bank does not tell us what merchant lost our information. TOM FUDGE: Lance Larson is director of the graduate program in homeland security and a lecturer at San Diego State University. You know, I asked you what has Home Depot, what has Target learned from this breach? Do they have ways of preventing this malware from getting on their computer systems? LANCE LARSON: So I think that when we look at these criminal hackers and criminal hacking groups that are perpetuating this type of attack and the small where, I think they are always adapting and they are always getting better, unfortunately, as we find a safeguard, or a countermeasure as we call it in the cyber security industry to stop or thwart a cyber attacker. Sometimes they are one step ahead. So I think it's really important for these retailers to understand that a loss of our information means a loss of business for them and their shareholders. TOM FUDGE: You know, these phishing expeditions cyber criminals use come in all sorts of forms. They can send you an e-mail saying that they are a charity and ask you to donate to a charity. Is a lot of this, is avoiding that a lot of common sense if you get an e-mail from someone you do not know, some organization you've never heard of, or even one that you have heard of, should you be careful? LANCE LARSON: So using that common sense is really important in understanding when something might be too good to be true. If you have won the lottery inside of a European country you've never been to and you receive notification we've got to really be hesitant and not always trust right away that what we hope has come true has in essence come true. And I think probably the biggest threat is something called spearfishing. And the spearfishing is a little different than phishing because it is targeted. They already know something about you. Maybe they have gained access to some of your information and can use that information to make you trust that e-mail even more. TOM FUDGE: And finally, identity theft, what is the best way to avoid it? What are a couple steps? LANCE LARSON: So I think it's important to understand the difference between identity theft and credit card fraud.Credit card fraud could simply be a charge on your credit card that you do not recognize, where identity theft is when someone takes all of your personal information. It can be very difficult to be able to restore your identity. So be very hesitant when someone calls you on the phone, sends you an e-mail, or even postal mail, or knocks at your door about what information you are giving them. Put yourselves in their shoes. And see what they might be trying to solicit from you in order to take your information and make some money for themselves. TOM FUDGE: Once again, Lance Larson is assistant director of the graduate program in homeland security and he's a lecturer at San Diego State. He joined us to talk about the coming holiday shopping season and how you can protect yourself from hackers, whether you are online or just using your credit card at a store. Lance, thank you very much. LANCE LARSON: Thank you, Tom. TOM FUDGE: And coming up in just a minute, do you think you can learn a foreign language in three months? Well our guest on the next segment of the show says you can. Let's hear what he has to say. Stay tuned to Midday Edition.