A recent Ipsos Reid poll revealed that only 10 per cent of Canadians rate online credit card payments as being very safe.
While cautious about web shopping, Canadian cardholders are less vigilant about protecting their personal and financial information in other ways. This can have serious consequences, since computer hackers happily take advantage when you let your guard down.
Below, CreditCards.ca identifies five of the most dangerous hacker tricks to watch out for.
1. Free Wi-Fi access traps
Free internet services are easily accessible at many coffee houses, hotels, libraries, malls and restaurants. After signing onto these open Wi-Fi networks, you're just clicks away from becoming a hacker victim. Posing as regular customers, cyber criminals surf these wireless networks too, waiting for you to browse the internet.
Hackers use widely available Sniffer software to intercept data exchanged across wireless networks. Sniffer applications enable hackers to see what you're viewing on screen, and to:
- Steal personal and financial data including credit card information.
- Plant remote-control programs.
Hackers can also intercept emails and plunder your private email account. Rafael Etges, director of security at Telus, recently told W5 investigative reporter Paula Todd that he's worried that hackers are increasingly cunning and focused. "We're finding more sophisticated breaches in terms of virus, maleware code or malicious programs that can be specifically designed to find and capture credit card information," said Etges.
Tip: When using free wireless networks, visit only well-known websites that don't require sign-in.
2. Website breaches and suspicious
Last week, hackers hijacked millions of email addresses and customer names from Epsilon Data Management, an email campaign marketer. Epsilon clients include credit card issuers Capital One and Citi, both of which have Canadian operations.
Security experts fear that hackers will send out personalized emails purportedly from the compromised financial institutions asking customers to apply their private login IDs and passwords at genuine-looking websites.
Visiting legitimate websites can also be risky. Even at a valid site, a single pixel in a booby-trapped ad can place a remote-access program on your computer. Just as troubling is the fact that 11 per cent of Canadians admit to sending credit card information via email, another Ipsos Reid poll finding.
Tip: Never click on links from suspicious sources, nor include credit card information on emails.
3. Invading your Facebook account
Canada has over 17 million Facebook users. Facebook is one of the easiest websites to penetrate. With just your email address and name, cyber criminals can easily take over your account.
Invading hackers can then copy any credit card information found under Payment Methods on the Payments tab of your Facebook account settings.
Tip: Always clear credit card information from your Facebook account settings.
4. Sabotaged USB keys
Social engineering means manipulating people into performing actions or divulging confidential information.
Hackers use social engineering when they plant USB memory sticks at high-traffic areas, including bus and train terminals. Those USB keys are loaded with hidden malicious code. After curious commuters pick up the apparently lost USB sticks and plug them into their computers, the sabotaged devices automatically install remote-control software.Hackers then access and intercept personal and financial data sent online, including credit card information.
Tip: Never use suspect USB memory sticks.
5. Offline hacking
Hackers target your financial information even when you're away from the computer.
This is especially true for credit cards with embedded radio-frequency identification (RFID) chips that send out radio waves for exchanging data with credit card processors.
Often, hackers employ inexpensive RFID readers sold on eBay. By placing a reader close enough to where you carry your card, hackers retrieve your credit card number, expiration date and name.
Tip: Defend against radio-wave theft by keeping RFID credit cards inside stainless-steel wallets.