Category Archives: The Coming Storm

This category includes blog posts about computer and Internet security threats now and on the horizon.

Thieves Cash Out Rewards, Points Accounts

November 3, 2014

A number of readers have complained recently about having their Hilton Honors loyalty accounts emptied by cybercrooks. This type of fraud often catches consumers off-guard, but the truth is that the recent spike against Hilton Honors members is part of a larger fraud trend that’s been worsening for years as more companies offer rewards programs.

Many companies give customers the ability to earn “loyalty” or “award” points and miles that can be used to book travel, buy goods and services online, or redeemed for cash. Unfortunately, the online accounts used to manage these reward programs tend to be less secured by both consumers and the companies that operate them, and increasingly cyber thieves are swooping in to take advantage.

Chip & PIN vs. Chip & Signature

October 30, 2014

190 Comments

The Obama administration recently issued an executive order requiring that federal agencies migrate to more secure chip-and-PIN based credit cards for all federal employees that are issued payment cards. The move marks a departure from the far more prevalent “chip-and-signature” standard, an approach that has been overwhelmingly adopted by a majority of U.S. banks that are currently issuing chip-based cards. This post seeks to explore some of the possible reasons for the disparity.

‘Replay’ Attacks Spoof Chip Card Charges

October 27, 2014

145 Comments

An odd new pattern of credit card fraud emanating from Brazil and targeting U.S. financial institutions could spell costly trouble for banks that are just beginning to issue customers more secure chip-based credit and debit cards.

Signed Malware = Expensive “Oops” for HP

October 9, 2014

32 Comments

Computer and software industry maker HP is in the process of notifying customers about a seemingly harmless security incident in 2010 that nevertheless could prove expensive for the company to fix and present unique support problems for users of its older products.

LinkedIn Feature Exposes Email Addresses

September 15, 2014

40 Comments

One of the risks of using social media networks is having information you intend to share with only a handful of friends be made available to everyone. Sometimes that over-sharing happens because friends betray your trust, but more worrisome are the cases in which a social media platform itself exposes your data in the name of marketing.

Counterfeit U.S. Cash Floods Crime Forums

August 20, 2014

85 Comments

One can find almost anything for sale online, particularly in some of the darker corners of the Web and on the myriad cybercrime forums. These sites sell everything from credit cards to identities and stolen merchandise, but until very recently, one illicit good I had never seen for sale on the forums was counterfeit U.S. currency.

Banks: Card Breach at Goodwill Industries

July 21, 2014

84 Comments

Heads up, bargain shoppers: Financial institutions across the country report that they are tracking what appears to be a series of credit card breaches involving Goodwill locations nationwide. Goodwill Industries International Inc. says it is working with federal authorities on an investigation into these reports.

Even Script Kids Have a Right to Be Forgotten

July 18, 2014

36 Comments

Indexeus, a new search engine that indexes user account information acquired from more than 100 recent data breaches, has caught many in the hacker underground off-guard. That’s because the breached databases crawled by this search engine are mostly sites frequented by young ne’er-do-wells who are just getting their feet wet in the cybercrime business.

Beware Keyloggers at Hotel Business Centers

July 14, 2014

97 Comments

The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.

Crooks Seek Revival of ‘Gameover Zeus’ Botnet

July 10, 2014

49 Comments

Cybercrooks today began taking steps to resurrect the Gameover ZeuS botnet, a complex crime machine that has been blamed for the theft more than $100 million from banks, businesses and consumers worldwide. The revival attempt comes roughly five weeks after the FBI joined several nations, researchers and security firms in a global and thus far successful effort to eradicate it.