- CyberCrime Center
February 10, 2014
Forty million is a number that’s difficult to wrap your brain around. However, the story of one woman in the small California town of Martinez narrowly missing becoming a Target breach victim brings things home as possibly nothing else can.
Here’s the story as told on martinezgazette.com:
The breach of Target’s payment systems reached home last week as attempted fraud was reported by downtown resident Harriett Burt.
Burt said she received a call on the morning of Dec. 27 from a number her caller ID displayed as “private.”
“I nearly never answer those, but something made me go ahead and see what it was,” Burt said. “It also had, in the lower left corner (of the caller ID display) a bell with a line through it, and I’d never seen this before.”
The caller identified himself as being from an investigative division with Visa, and said the division showed a recent charge on Burt’s card of approximately $200, with the purchase being sent to Las Vegas. He asked if Burt lived in Las Vegas, and said he would investigate and call her back promptly.
But the call raised a red flag with Burt, who asked why the caller’s number was displayed as private on her caller ID. The caller said the division’s numbers often did not display because of the nature of their investigative work, and that he would proffer an 800 number when he called her back.
A few minutes later, the same caller rang back and gave Burt an 800 number. She instead decided to call her Visa company directly, and discovered the number the mysterious caller provided was not a number associated with Visa.
“These folks have thousands, millions of numbers, and they know in a situation like this all they really have to do is ID someone who’s been to Target,” Burt relayed from her conversation with Visa.
It’s likely Burt’s credit card number was one of 40 million hackers were able to retrieve using malicious software that infiltrated the store’s payment systems beginning Nov. 29. The only cards affected were those used for in-store purchases, which Burt says she made to buy cat food.
Hackers stole customer names, credit and debit card numbers, expiration dates, card security codes and PIN numbers, according to Target. Other customer information was not compromised, the company said, and Target is cooperating with federal authorities, including the Secret Service and Department of Justice, but is withholding additional details about the hack at the request of law enforcement.
In the meantime, anyone receiving calls from people purporting to be from credit card companies or other banking institutions is encouraged not to forfeit any information, but to hang up and call their credit and banking institutions directly. Target customers are also encouraged to check their statements carefully, especially for small purchases that may indicate fraudulent persons verifying if accounts are still active. Customers should request replacement cards, and even while new cards on the way, Target recommended PIN numbers be immediately changed.
Unfortunately for some who failed to act as intuitively as Burt, there have been instances of cash withdrawals and purchases made using PIN numbers – charges that can be difficult, and sometimes impossible, to reverse. Lawsuits are continuing to pile up over the Target hack as thousands of customers continue to be victimized by debit card fraud.
Burt said she was lucky in that she’d recently applied for a new card, and her credit line will be transferred to it. She’s since alerted Martinez Police of the call.
However, while away from home for a few hours after the initial fraudulent call, Burt said she received a muffled voicemail message from the same person who’d called that morning, again offering an 800 number. “So the fraud continues,” Burt said.
Fortunately for her, she used caution and acted correctly.
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 160 million active user accounts, 2,500 customers and 10,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Botnets, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Data Breach, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, Man-in-the-Browser Detection, MitB, Mobile fraud, Online Fraud, Phishing, Phishing Detection, PII, Target, Target Data Breach, ThreatMetrix Cybercrime Index, ThreatMetrix Global Trust Intelligence Network, ThreatMetrix Web Fraud Map, TrustDefender Cybercrime Protection Platform, Web Fraud