Good news for those worried about their credit card numbers being stolen; cybercriminals don’t care that much about your credit card number anymore. Uber, PayPal and even Netflix accounts have become much more valuable to criminals, according to security company Trend Micro.
Your BBB® offers many tips for conducting safer transactions.
Stolen Uber account information on underground marketplaces sells for an average of $3.78 per account. Personally identifiable information (PII) goes for $1 to $3.30 on average, down from $4 per record in 2014. (PII includes any information that can be used to commit identity fraud, like Social Security numbers and dates of birth, and varies in price depending on the specific info for sale.)
Stolen Uber account credentials can either be used for identity theft, or used to charge phantom rides, setting up a fake driver account, and charging nonexistent rides to stolen accounts.
Average prices for other accounts: PayPal — with a guaranteed $500 balance — ($6.43).
Facebook ($3.02), Google Voice (97 cents) and Netflix (76 cents).
Bundles of U.S. issued credit card credentials average 22 cents each.
Credit cards are worth less to crooks because banks and credit card issuers have developed more sophisticated fraud detection, quickly rendering stolen cards worthless.
Hackers advertise stolen data for sale on YouTube. A quick search for tweets with the hashtag #uberaccounthacked reveals numerous complaints related to “ghost rides,” in which users claim their Uber accounts have been charged for rides they did not take, often in other cities.
Tech companies are aware of the threat, and many employ teams to monitor accounts for strange activity, alerting users when accounts may have been compromised. They also encourage users to adopt additional security measures and use different passwords for different accounts.
Facebook advises users to turn on its version of two-factor authentication called Login approvals, and to run a security checkup, a tool that walks users through security options to add extra account protection. Netflix encourages concerned users to contact customer service, and has posted user guidelines for keeping accounts secure.
People using the same password across multiple accounts makes security particularly challenging. Experts say companies should use new and better technologies to protect us. These include moving away from passwords to two-factor authentication, where a code is sent to your smart phone that must be entered to complete a transaction. Other methods include behavioral biometrics solutions which detect how the user actually holds their phone, how big their fingers are and how hard they press the touch screen.
For more information you can trust, visit bbb.org/evansville.