Someone tried to rob me today. Luckily, it wasn’t a physical robbery. It was a digital robbery. Someone tried to use my credit card online and spend up big on booze and holidays.
Earlier today my credit card company sent me a text message. The text message asked about three transactions and to reply Y if it was me or N if it wasn’t.
My first reaction was to delete the text message. And I did. That’s common practice in my household, and it should be in yours too. If you get an unsolicited text message, delete it immediately. If it in anyway has anything to do with money then always assume fraud.
I then tried to log in to the app on my phone. No dice. It had locked me out.
With the text message gone and clearly something going on I decided to call the credit card company. Again, if you’re ever in the same situation you should do the same. Any link or number that you receive in a potentially suspicious message could be part of a scam. But if you call the company’s customer service number yourself, you know you’ll get the real deal.
Once through to customer service I asked if they had sent me a text message. They had. The text message was real, but it didn’t take much to confirm it.
Then we got to the nitty gritty. I said I couldn’t get into the app and wanted to know what was going on.
I then discovered someone has tried to spend £1,345 with Air France. Someone had also tried to spend £160 with 31Dover (an alcohol delivery company). And then there were two other transactions, both for a travel agency.
The good news is that my card company immediately declined all of the transactions. It’s as though they knew immediately these were fraudulent transactions. They then suspended my account — hence the app lockout.
Thankfully the credit card company were all over it from the start. Somehow they knew these were fraud. Perhaps it had something to do with the location of the payments tied to an IP address. Perhaps it had something to do with the location of my app.
To be honest, I don’t care how they knew. The fact they did know and sorted it out without any loss to me was the impressive part. But therein lies a question I’ll pose to you today.
How much personal information would you be happy to forego in order to protect yourself?
Steal a little from a lot to make some coin
The idea of giving up information to stay safe online is something you should get used to. This is even more important as the digital world starts to bleed out into the physical world.
Take for instance some of the new innovations that car companies are pushing forward.
Jaguar and Land Rover (JLR) has decided to partner up with Shell. This partnership will enable Jag or Land Rover owners to pay for fuel from inside the car. You simply fill up at the pump, and use the car’s touchscreen to pay. Once payment is completed an electronic receipt is sent to your email address.
Now this is incredibly convenient. However, it’s also vulnerable to cyber-attack. You see, in order for the car to know how much fuel you put in, the price at that station and where you are, a lot of connections have to take place.
For a start, the station has to connect to Shell’s networks. Shell’s networks need to connect to JLR’s networks. JLR and Shell need to connect to the car. And the car needs to connect to your payment account, which currently can PayPal or Apple Pay, with Android Pay soon to come.
Every single one of those connections is a potential point of entry for a cyber attacker.
For example, they could manipulate the connection that tells Shell how much fuel you put in. If you put in 20L but the hacker changes that to 20.01 litres you’d pay a nominal amount more. Small enough that you probably wouldn’t notice it. Or perhaps they could compromise your car’s touchscreen so that you pay for 20.01L but the car says 20L.
Instead of paying $30 for the fuel you pay $30.015. And the attacker might make off with 1.5 cents. Now you might say, ‘Who cares about 1.5 cents?’ But what if that hacker compromised all 575,842 new cars JLR sold in 2016? And every time a JLR car fills up, they steal another 1.5 cents?
Let’s say every one of those cars fills up 24 times a year. That would mean the hacker could get away with $207,303 every year. Stealing money from right under your nose, but such a small amount you never notice.
But multiplied out, stealing a little from a lot of people can add up fast.
If it’s not a priority then don’t invest
Now this is all just a hypothetical example. But it’s possible. And the idea of paying at the pump from your car is certainly something that most car makers would take on board.
In fact, using the car as an extension of your digital life at home is exactly what’s taking place right now. New cars now connect to more devices than most smartphones do.
And in the coming years, they will connect to more. Things like your home or office. Connections to critical infrastructure, retail businesses…other cars.
And when self-driving cars are moving around our world in the next few years these connections will multiple millions of times over. In fact the car will be more connected and ‘smarter’ than your smartphone or any other piece of technology you’ll ever own.
That’s why the most important industry in the world right now is cyber security. There is nothing else more important for a company than to ensure it’s products and services are safe from cyber-attack. It’s also never been more important for you to also make sure you follow all safety precautions when operating in the digital world.
You wouldn’t walk out of the house and leave your front door wide open, would you? Well think of your digital world as your house. Lacking the right safety and security online is effectively the same as leaving the front door open.
But as I say, many companies are already putting safety and security as a number one priority. Some however still treat it as an afterthought. It’s the companies that don’t put it as a priority that you need to be wary of.
Even for companies you invest in. If they aren’t actively talking about their cyber security measures, you need to ask why. If they’re not taking steps to protect their connected assets, then I’d suggest rethinking any investment in them.
That’s how serious this issue is and how serious business needs to take it. A bank without cyber security as one of their main focuses may as well leave the safe open. A software company without cyber-attack redundancy may as well throw money out the window.
If you don’t have strong passwords, offline storage for important files and folders, and cyber security running on your computer and smartphone — then you may as well leave the front door open next time you go out.