Since lockdown, we have been relegated to primarily shopping online. That has given the cybercriminals a new large attack surface from which to prey. Listen in and we find out what you can do to be safe online.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine Generated Transcript:
Craig Peterson: Hello, everybody. Craig Peterson here on WGAN and of course firstname.lastname@example.org. A few of you guys probably got some emails from me this week. I’m trying to clean up my email list. I have thousands of people on them that we send email to every week and trying to keep costs under control if you know what I mean.
[00:00:26] So, you know, we’ve been kind of sending things out to people to remind them to, you know, if, if you’re not clicking on the emails, if you’re not downloading the graphics that come on some of those emails, I just plain won’t know that you’re there and that you’re reading them. Because that’s how I do it.
[00:00:45] Right? And I’m always telling you, you know, being careful with downloading the graphics while, in my case at least once a month to make sure you download the graphics. So I know you’re there. I don’t mind paying to send you the emails if you’re reading them. That’s absolutely for sure. Hey, if you are using a website, I’ve got a warning for you and a particular warning for people who are in a business setting up websites.
[00:01:08] Maybe you’ve never really had one before. Frankly, all businesses coming up, right? You know right about now that we’re brick and mortar with a small website presence. Everything’s changing now. You’re going to be primarily an online store, maybe with a brick and mortar presence. And I hate to say that because so many of us have worked so hard over the years, and if you’re online shopping, I think you’ve got an even bigger problem.
[00:01:38] Because what we’ve found right now is that there are massive numbers of attacks going on against websites. This is a study that was put out by SiteLock, and they’re saying that the typical websites are experiencing about one attack every 15 minutes or almost a hundred tax per day on average. Now, why have seen with some of our customers a hundred attacks in the course of a minute?
[00:02:07] We are getting scanned like crazy. The bad guys may not have Coronavirus, but they certainly do have attack methodologies that they can use against us and they are, they’re using them full time. So we’ve got to talk about what does that means to you. And what can you do? What should you do? What shouldn’t you do when you are online?
[00:02:28] Because we’re talking about over 2,600 automated bots per week. Are visiting each website. That is a huge, huge number. And we’re talking about attacks on websites jumping 52% over the previous year. So what are they doing? Well, they are doing a few things. One is they are trying to get into the. Credit card processing code that might be on your website.
[00:03:00] Now you might say, well, you know, I don’t do it myself. I use Stripe or PayPal or square or something else on my website and so I don’t have it. I’m not doing it. But no, that, that’s not what these bad guys are doing cause they realize you don’t process a credit card yourself online. I had a call this week, in fact, from some restaurants that are having a problem because they are trying to reopen, they are opening up outdoors and they’re trying to get the point of sale systems to work outside sell there.
[00:03:28] They’re not working. And that’s where my recommendations of a good match network come in and we’ve been installing a lot of those lately. We’ve, we have this $2,000 package that includes the consulting, all of the help, all the equipment that you need in order to extend out into the parking lot. And then after that, continued to have good service in the business.
[00:03:52] This is business-grade stuff, right? This is all stuff that is kept up to date by the minute, which I think is ultimately really important as well. But you, we’re talking about POS here, right? Where people are trying to use point of sale equipment. Well, I’m gonna get right down to it.
[00:04:12] So on the website, you go to a shopping cart, for instance, maybe you’re using like woo commerce, for instance, which is a real top-notch eCommerce site, a plugin for WordPress. But to say you’re using the word a woo woo commerce on WordPress, what that means now is that you can upload your inventory.
[00:04:34] You can place everything in there. You can tie it into some backend credit card processors, all well and good, right? But to see if these bad guys that are attacking us thousands of times a week, each website, if the bad guys can find that you haven’t done enough. Date, or maybe there’s a zero-day flaw with your website.
[00:04:54] What they’re doing is putting in a credit card skimmer, so think of ATM. You’ve heard about this before, the automated teller machines, and how bad guys put this little device right there on the slot that you slide your credit card into. That means while your card is getting pulled into the ATM, it is being read by the credit card skimmer.
[00:05:16] Now. in an ATM, they also will frequently put a little pin pad reader too, so they can see what numbers you’re typing. And oftentimes there’s a little camera that’s pointing up at the pin pad so that they have that. Well, you’re not entering a pin when you’re shopping, are you when you’re online. So. They can now have this little skimmer in there and maybe it’s your business, it’s your website, and that skimmers collecting credit card data, you are now liable under the payment card industry, the PCI standards, those agreements that you entered into.
[00:05:51] Hey. Hey, does that sound like fun? No, it is not because we’re talking over a hundred dollars per credit card that you have processed over the last year. It’s just plain crazy how large the fines for these breaches get to be. So businesses are trying to be careful. Consumers obviously are trying to be careful, and I think I’ve got a little, Piece of advice that’s going to help you out. We have, for instance, a credit card number, right? And they’ll often ask you for that little code on the back of that credit card number, right? Well, there are what are called one-time use cards out there, and I’m looking right now at visa and these one time use credit cards.
[00:06:38] Or a, basically a disposable. Credit card number that’s tied into your main credit card, so you can have various alias credit card numbers for the same account. That means that each merchant age website that you go to online and you give the credit card number two is assigned a different account number.
[00:07:01] So your real credit card number is never revealed. It’s generating a fake one. Well, it’s not fake every time. It is a different credit card number. So you need to talk to your bank or you can see it on many websites. I noticed it on my credit card processors website the other day. And they had a, just a sign up right there.
[00:07:25] You can just click on it and it was a visa card and it will immediately just set you up for the service. It makes it very simple. You’re linking this preexisting credit card. You can even do it in many cases from a different bank to an online service. So that’s my first piece of advice for people who are looking to use credit cards online, usually is virtual or single-use credit cards.
[00:07:50] Very, very important. Now another thing that you can do now. If you have an iPhone, there’s something called Apple pay, and more and more websites are taking them, particularly if it’s like an Apple site. For instance, I was over it at Mac sales the other day, buying some more memory for the computer, and guess what they had right there.
[00:08:12] ApplePay, and that’s available on the website and it functions in a very similar way. You have a credit card associated with your Apple pay account. And when you go to the website and you click on use Apple, pay the website, now we’ll go to your phone and your phone will pop up with Apple pay and you have to authorize it with your pin or with your fingerprint reader and you tell her which credit card you want to use.
[00:08:39] And then Apple only gives the website a one time use. A card. Basically. In reality, what it is is it’s a transaction ID that they can use to claim the money, but it’s the same basic concept. Samsung has something similar, it’s called Samsung pay, and if you have a Samsung, you can use it. SamsungPay, I’m just typing in, and right now is we’re talking about, in order to make payments.
[00:09:09] And again, it can be used. Well, you’re right there as a near field communications. You know, where you, you put your phone up right up to the credit card reader and then you authorize it with your pin or your face ID or your fingerprint reader. Just like with ApplePay, there’s also AndroidPay and SamsungPay which are known as digital wallet platforms.
[00:09:43] And there are others that are out there as well. My kids tend to use pretty frequently, a couple of these, and I’ve used them as well, but I have never seen them on websites, so they’ll, they’re probably coming in the future. So instead of going to an unknown website, or even a known website, like you’re shopping at Target or Walmart or Amazon online, it’s a known site and you trust them right.
[00:10:08] Even in those cases, using an onetime credit card or one of these digital wallet platforms could save you a ton of grief. Now, I know that with Apple pay, there is no monthly charge for that. I’m not sure about Android pay. Android pay is not. That widely accepted. Frankly, from the banking side, many vendors will accept it, but it’s designed so that it just won’t be hacked.
[00:10:41]but you know, if there is a security issue with Apple or Google or whomever if they have a security issue with their main websites that actually have the credit card numbers, cause you remember you have to have a credit card number at some point. Right. So if that vendor is hacked, that credit card number could be stolen.
[00:11:05] Your personal information could be stolen. Kind of like the Equifax breach. Hey, did you read this week? Speaking of Equifax, you know, almost every American had their information stolen. Equifax apparently hasn’t paid a single American a dime yet, and now they’re fighting with the banks about how much money the banks want from Equifax because of all the credit cards they had to reissue.
[00:11:29] Isn’t that something so that you’re either, there you go. A couple of tips here on shopping from home or during the covert 19 and far beyond, so stick around when we get back. We’re going to talk about identity theft, but we’re talking about business identity theft. You’re listening to Craig Peterson on WGAN, so stick around.
[00:11:50] We’ll be right back.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: