In retail, next Monday marks “Cyber Monday.” It is the Monday following Thanksgiving weekend, when enthusiastic Black Friday shoppers continue their gift buying spree from the comfort of their cubicles. But after all the shopping is complete, Cyber Monday can turn into Cyber Attacks.
If last year’s holiday season Target breach taught us anything, it is that no one is safe from attack. Last week, we looked at the ways fraudsters target retailers in phone fraud attacks to the call center. Today, we will consider the ways fraudsters can attack consumers directly, and how they can protect themselves.
Fraudsters target retailers for online and point-of sale (POS) attacks to get access to shopper’s personal data. This can mean anything from credit card or account numbers, to information as innocuous as email address and phone number. Any information that a fraudster can get can be used as part of an attack to gain access to an account.
Earlier this year, we detailed how fraudsters used information from the Home Depot breach to answer Knowledge Based Authentication (KBA) questions used to protect phone access to bank accounts. If fraudsters could pass three out of five questions, they were able to change PIN numbers associated with accounts, and from there run a complete account takeover.
Another tactic used by phone fraudsters is vishing, or voice phishing. Fraudsters often call consumers, posing as a trusted retailer or institution. They use the information they already have on consumers; maybe birthdates or the last four digits of Social Security Numbers, to sound more legitimate and gain trust. They may then ask for additional personal information that can be used for identity theft or account takeover fraud.
More aggressive fraudsters posing as retailers or financial institutions will demand immediate payment for a fake “outstanding debt.” They threaten victims with arrest warrants or deportation notices, unless the victim will immediately wire money to the fraudster.
Awareness is the most effective way for consumers to protect themselves from holiday phone fraud attacks. Here are some tips for shoppers this holiday season:
- Hang up on robocallers. Pressing any button (even the button to unsubscribe) will mark your phone number as in service, and will likely lead to more calls.
- If someone calls asking you to verify personal information, hang up and call the company back directly, using the phone number on the back of your credit card, or a phone number found on the official retailer website.
- Never pay any outstanding debt without first seeing official legal paperwork to confirm the debt. No legitimate lender will insist on immediate wire payment.
- Register personal phone numbers with the National Do Not Call Registry. Any subsequent unwanted spam calls are likely to be illegal and fraudulent.
- Consumers can report suspected phone scams to the Federal Trade Commission (FTC) online at https://www.ftccomplaintassistant.gov or by calling 1-888-382-1222.
Check in later this week to learn more about the most popular phone scams that affected consumers in 2014.