Preventing Theft of Email Passwords and Credit Card Numbers when Using Public Computers
I remember sitting in a bar in Honduras with some tall blond girls from the Netherlands. They were very confused. Their credit card security had been compromised at some point during their trip through Central America, even though they were still in possession of the cards themselves.
“We think maybe the guy at the hostel opened the locks on our bags and copied the numbers,” one of them told me.
I had other guesses as to what happened: “Did you buy anything online from a public computer recently?”
They had purchased plane tickets, but did not quite comprehend what this had to do with anything.
“But nobody could see our card.”
“They don’t have to.”
This morning I received an email from an old friend named Josh. The email’s subject heading was “VACATION PROBLEMS . . . JOSH.” The body of the email went as follows:
I am writing this with tears in my eyes… My family and I came down here to United Kingdom for a short vacation,unfortunately we got Robbed at the park of the hotel where we stayed. All cash, credit cards and cell were stolen off us but luckily for us we still have our passports with us.
We’ve been to the embassy and the Police here but they’re not helping issues at all and our flight leaves in less than 3hrs from now but we’re having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the bills.
Am freaked out at the moment…
I read this email and said no way. My friend Josh travels, and he very well may be in the UK with his family, but he did not write this email. The tone, content, and the lack of prospective solutions were not his own. My friend Josh may very well sprout tears from his eyes from time to time, but there is no way that he would be so wussy as to tell me about it. Josh’s email account had been hacked.
The message that was sent out to his contact list was to requisite some heroes to step up and quickly send over money so that “Josh” could settle his hotel bill and get out of the UK. I like how the conductor of this scam made the situation seem urgent by saying that his flight was leaving in 3 hours, giving the impression that money is needed immediately in order to rush people to send over money before checking the facts. I am also impressed by how this email did not directly solicit funds, but rather was sent out as a query letter — a hook — to draw any potential sucker into a funnel of confidence through which they would quickly lose their money trying to help out their old friend “Josh.” The con artist had, apparently, done this before.
This type of email account hacking is becoming common, and this was not the first email like it that I had received from a friend’s compromised email account.
How email account and credit card security can become compromised
What is happening here? How could the girls from the Netherlands have their credit card numbers swiped without ever loosing contact with their cards? How could Josh have his email account compromised?
There are many ways both of these actions could have been perpetrated, but one is so simple that any fool who can upload a program to a computer can execute with brash efficiency:
As I explained to the Netherlands girls, “There are programs that can be uploaded on a computer that record keystrokes, so when you enter your credit card number into the web page these programs can pick it up and make it available to anyone who wants it.”
These programs record all keystrokes entered into a computer, including bank account numbers, email passwords, Facebook account info. The execution of this theft is so incredibly simple and that the potential for it becoming widespread is high. Just about anybody can use these programs: all they need to do is download it, upload it onto a computer that other people may use to make online purchases, comeback throughout the day and seize the spoils. The companies who make these programs justify themselves by saying that they are meant to be used as a way to backup data that you enter into your own computer, but, as is obvious, this is not really how they are used.
NEVER ENTER SENSITIVE INFORMATION INTO A PUBLIC COMPUTER.
Sensitive information means passwords, bank account log info, or credit card numbers. Entering this information into a public computer may mean giving it away to anyone who may want it.
I published this advice years ago, but knowledge of this scam still is not widely known. I become severely annoyed when my wife uses a public computer to check her email, I become enraged to see other travelers entering in their credit card info on a public computer.
Are you trying to be robbed?
Any keystroke entered into a computer that multiple people use can be easily recorded and used by unauthorized parties. If you don’t trust showing your credit card to someone then don’t put its numbers into a public computer.
It will probably always be unclear if it was a keylogger program that got the girls from the Netherlands or my friend Josh, but it very well could have been.
Keylogger program solutions
A simple solution to subvert the potential threat of programs that can record keystrokes entered into a public computer has just been made known to me by Andy Hobotraveler.com at Log in safely in internet cafe. The solution is a program called Safekeys v3, which allows a virtual keypad to be called up onto a computer screen when the user wants to enter in private information. This virtual keypad is clicked with a mouse so no data is entered through the keyboard. This programs also claims to offer security against screenlogger programs, which scrap data entered into a computer at screen level.
The Safekeys v3 program also has a portable version which can be run on a flash drive.
Travel tip: never enter sensitive information into a public computer or use a program which offers protection against keylogger and other info scrapping programs.