WELCOME TO PCMG! | Request an eQuote

1-800-625-5468

 
 

For contract & open market purchases, please call 800-625-5468, or click here to register/logon to your Business Direct Pricing Portal!

Select your Contract

For help with Federal, State & Local Goverment or Education contracts, or your PCMG Business Direct go to:

or Call 1-800-625-6568

Home >  Networking & Security Solutions

PCM Networking Security Solutions

Demystifying ID Fraud


How does the data get stolen from my computer?
There are many ways sensitive data can be pried out of computer users. In a typical social-engineering phishing attack, a consumer opens an e-mail that looks like it was sent by the consumer's bank, Amazon, PayPal, or some other trusted source. With a bogus excuse, such as suggesting there was a security incident and the user needs to verify his or her account details, the e-mail will prompt the recipient to provide username and password via a link to a Web site that looks legitimate but isn't. The consumer enters the information and continues on, not knowing that the data is now being sent to criminals.

In other cases, criminals create fake e-commerce Web sites where consumers provide their credit card information to pay for a product that will never arrive. Attackers also have ways of rendering legitimate Web sites risky by injecting malicious code into the Web sites with cross-site scripting, SQL injection, and clickjacking attacks. Such attacks, typically invisible to the consumer, can be used to steal data that a consumer types in.

Other attacks are accomplished by getting spyware onto a victim's computer. For instance, attackers can distribute a worm via an e-mail attachment that downloads a keystroke logger onto the recipient's computer when it is opened. Attackers also can create programs that exploit unpatched holes in Windows or holes in a browser that haven't been fixed and download keyloggers onto computers. The keyloggers can be written to send data to a remote server every time the computer user types a password or social security number, for example.

 

If I don't use my credit or debit card on the Internet, how does the data get stolen?
Attackers can steal data by planting a skimming device that reads the magnetic-stripe data from the card when a user slides it through a payment card reader at a register or using a skimmer on an ATM machine combined with a video camera that records the PIN when someone is making a transaction. The magnetic-stripe data includes name, credit card number, and expiration date.


Attackers can steal more people's payment card data at a time by hacking into a retail firm or payment processor's computer network. In the TJX incident, experts believe attackers made their way into the company's system by first gaining access through a wireless regional hub for the company's store controllers, which handle the point-of-sale system. Attackers also can grab unencrypted PINs from bank systems during the authorization process using specially crafted malware that scrapes the data from the memory of the bank's computer, according to Wired. Or attackers can trick a misconfigured hardware security module, which decrypts and re-encrypts PINs as they make their way across various bank networks, into revealing the encryption key.

What do the criminals do with the data when they get it?
Cybercriminals tend to have specialties. The data thieves, also called "harvesters", sell it to brokers who either use the data themselves, hire others to do the leg work to withdraw the money, or sell it to others via IRC channels, private peer-to-peer networks, carder sites, and other organized underground marketplaces.


Often, the data is sold with a money-back guarantee in the event that the cards are found to have been reported as stolen or if the data is incorrect. Brokers have a number of ways of verifying cards. They can break into an e-commerce Web site and process small transactions on the card with a payment processor to see if the transactions go through. Or they can use the card data to make a $1 donation to a charity.

Once the data is verified, the criminals can turn it into cash by either moving the money from the victim's account to an account they control, wiring themselves the money, creating counterfeit checks, or even just withdrawing small amounts (under $50) on a regular basis that may not get noticed by the cardholder.

 

Many of the criminals are located outside of the data's country of origin and will need to be able to either transfer funds or make international purchases without alerting the authorities. To do this, criminals have elaborate schemes using middlemen, also known as "drops". For instance, criminals will advertise work-from-home jobs in the U.S over the Internet and by e-mail. The drop is merely asked to provide a local address or bank account and when money or goods arrive, they are instructed to transfer it on to a foreign address. The criminal then takes over the bank or credit card account for which data was stolen, and changes the address or bank account to that of the middleman.

Solutions Partners

More than an IT Provider - We’re Your Technology Partner!

Since 2002, PCMG has been a leading provider of IT products, services, and solutions to government agencies, educational institutions, and healthcare facilities. We provide access to over 300,000 IT products like tablets, laptopsdesktops, servers, storage, and networking from leading manufacturers like Cisco, HPI, Apple, Adobe, Lenovo and Microsoft. With powerful eProcurement tools, comprehensive software licensing solutions and dedicated Account Executives, it's easy to get exactly what you need to tackle your technical challenges.

In addition, we offer world class procurement and logistics, IT consulting, and implementation services delivered through over 1200 technical professionals. Whether you want to deploy tablets securely or move your data center to the cloud, PCMG is here to make it happen. Our Services experts will collaborate with you to understand your requirements and provide tailored services to allow your organization to lower costs, increase agility, improve efficiency and succeed in today's global economy and beyond.

Our Company

Support

We Provide

About Us
Affiliations
Blog
Brands
Careers
Events
Tech Journal
Site Map
Terms of Use and Sale
Why PCMG?
Catalog Subscriptions
Contact Us
Email Subscriptions
My Account
Order Status
Product Recalls
Leasing & Financing
Product Configurator
Services
Solutions
We proudly welcome American Express® Cards
 
 

14120 Newbrook Drive, Suite 100 - Chantilly, VA 20151
1-800-625-5468 | © 2016 PCMG, Inc.

SSL