{"id":6280,"date":"2022-08-18T12:00:00","date_gmt":"2022-08-18T09:00:00","guid":{"rendered":"https:\/\/blog.eset.ee\/?p=6280"},"modified":"2022-08-18T19:29:02","modified_gmt":"2022-08-18T16:29:02","slug":"5-ways-cybercriminals-steal-credit-card-details","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2022\/08\/18\/5-ways-cybercriminals-steal-credit-card-details\/","title":{"rendered":"5 ways cybercriminals steal credit card details"},"content":{"rendered":"\n

The cybercrime underground is a well-oiled machine worth trillions of dollars<\/a> annually. On dark websites hidden from law enforcers and most consumers, cybercriminals buy and sell huge quantities of stolen data as well as the hacking tools needed to obtain them. There are thought to be as many as 24 billion illegally obtained usernames and passwords<\/a> currently circulating on such sites, for example. Among the most sought-after is fresh card data, which is then bought in bulk by fraudsters to commit follow-up identity fraud.<\/p>\n\n\n\n

In countries that have implemented chip and PIN (also known as EMV) systems, it\u2019s challenging to turn this data into cloned cards. So most commonly it\u2019s used online in card-not-present (CNP) attacks. Fraudsters could use it to buy luxury items for onward sale, or potentially they could buy gift cards in bulk \u2013 another popular way to launder illicitly obtained funds. The scale of the market in these cards is difficult to estimate. But the administrators of the world\u2019s largest underground marketplace recently retired after making an estimated US$358m.<\/a><\/p>\n\n\n\n

With that in mind, here are five of the most common ways hackers could get hold of your credit card data \u2013 and how to stop them:<\/p>\n\n\n\n

1. Phishing<\/h2>\n\n\n\n

Phishing<\/a> is one of the most popular techniques for cybercriminals to steal data. At its simplest, it\u2019s a con trick in which the hacker masquerades as a legitimate entity (e.g., a bank, an e-commerce provider, or a tech firm) to trick you into divulging your personal details, or unwittingly downloading malware<\/a>. They often encourage users to click on a link or open an attachment. Sometimes doing so takes the user to a phishing page \u2013 where you\u2019ll be encouraged to enter personal and financial information. Phishing is said to have hit<\/a> an all-time high in Q1 2022.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/a>Example of a phishing email. For more details about this email, check out this article: Don\u2019t get phished! How to be the one that got away<\/a>.<\/u><\/em><\/p>\n\n\n\n

These scams have evolved in recent years. Instead of an email, today you may receive a malicious text (SMS) from a hacker pretending to be a delivery company, a government agency, or another trusted organization. Scammers may even call you up, again pretending to be a trusted source, with the aim of obtaining your card details. SMS phishing<\/a> (smishing) more than doubled year-on-year in 2021, while voice phishing<\/a> (vishing) also surged, according to one estimate<\/a>.<\/p>\n\n\n\n

2. Malware<\/h2>\n\n\n\n

The cybercrime underground is a huge marketplace, not just for data but also malware. Over the years, different types of malicious code have been designed to steal information. Some record your keystrokes \u2013 for example, as you\u2019re typing in card details on an e-commerce or banking site. How do the bad guys get these tools on your machine?<\/p>\n\n\n\n

Phishing emails or texts are a popular method. Malicious online ads are another. In other cases, they may compromise popular websites and wait for users to visit them. Drive-by-download malware of this sort installs as soon as you visit the compromised site. Info-stealing malware is also often hidden inside legitimate-looking but malicious mobile apps<\/a>.<\/p>\n\n\n\n

3. Digital skimming<\/h2>\n\n\n\n

Sometimes hackers also install malware on the payment pages<\/a> of e-commerce sites. These are invisible to the user, but will skim your card details as they are entered. There\u2019s not much users can do to stay safe, aside from shopping only with big-name brands and websites, which are likely to be more secure. Detections of digital skimming (aka online card skimming) rose 150%<\/a> between May and November 2021.<\/p>\n\n\n\n

4. Data breaches<\/h2>\n\n\n\n

Sometimes card details are stolen direct<\/a> from the companies you do business with. It could be a healthcare provider, an e-commerce store, or a travel company. This is a more cost-effective way to do things from the hackers\u2019 perspective, because in one attack they get access to a huge trove of data.<\/p>\n\n\n\n

On the other hand, with phishing campaigns, they have to steal from individuals one-by-one \u2013 although these attacks are usually automated. The bad news is that 2021 was a record year for data breaches in the US<\/a>.<\/p>\n\n\n\n

5. Public Wi-Fi<\/h2>\n\n\n\n

When you\u2019re out and about it can be tempting to surf the web for free on public Wi-Fi hotspots<\/a> \u2013 in airports, hotels, cafes, and other shared spaces. Even if you have to pay to join the network, it may not be safe if hackers have done the same. They can use this access to spy on your details as you enter them.<\/p>\n\n\n\n

How to keep your credit card details safe<\/h2>\n\n\n\n

Fortunately, there are plenty of ways to mitigate the risk of your card data getting into the wrong hands. Consider the following as a good place to start:<\/p>\n\n\n\n