Monday, November 23, 2015

Cunning payment card fraud, or just a random glitch?

I have a strange tale to tell. I am sharing it here because I honestly don't know if it represents a simple computer glitch on the part of a bank or payment processor, or it it represents a breakthrough in payment card fraud. I have intentionally kept the dates and amounts approximate rather than exact, and am not doxxing the other party in this event, but otherwise what follows is a reasonably detailed sequence of events.

In early September, a charge I did not recognize appeared on my Chase credit card. I figured my card number had been taken in the latest Point of Sale card breach, so called Chase to report the fraudulent use. I expected they would identify it as fraud, close my account, and issue me a new card, as has happened 3 or 4 times in the past few years.

As I have written before, this type of fraud doesn't really bother me much - it's a bit annoying, but I've taken a few steps to limit any real consequences to me. This guide to financial fraud prevention explains what I do, and what I recommend my readers do too. By purchasing with credit cards and never debit cards, setting up transaction alerts by email or text message, and keeping a fraud alert on my credit report, I ensure that any card fraud is the bank's problem and not my problem.

Today's tale begins with an aforementioned transaction alert.

Tuesday, November 17, 2015

Schlotzsky's: Funny name, serious sandwich, poor privacy

I had a hankering 4 @Schlotzskys. Then I remembered the loyalty app demands too many perms. Guess I'll have to settle 4 a lesser sandwich...

When I began writing this post, I did not know how it would end. My hope was it would become a story of a privacy issue acknowledged and a restaurant modifying its customer loyalty app to respect its customers' privacy. Thus far, 5 months after initially reporting this, the Schlotzsky's "Lotz4Me" mobile loyalty app remains an egregious invasion of privacy beyond any loyalty app I have seen in the past.

Those not from the Texas may not recognize the name Schlotzsky's. For that matter, you might not even know how to pronounce the name. That's OK. The chain that originated in downtown Austin makes a fantastic hot sandwich on fresh sourdough buns. Since the first restaurant opened in 1971, the chain has grown to some 350 locations - mostly in the southern and southwestern US (well over half are in Texas).


They are great at making food.

They are not so good at choosing digital products.

Wednesday, November 11, 2015

Free Disney World Tickets? Nah, it's another Facebook scam (Part 2)



Some of this article appeared on this blog a few weeks ago; it has been updated with more examples, as well as some investigation into the possible motivations for such scams.

Disney is giving away hundreds of tickets to Disneyland and Walt Disney World! All you have to do is like a page on Facebook and share it with your friends!

Or not.

My friends and family know I am in the cyber security field, so often ask me questions or send suspicious things my way for my opinion. And occasionally, they send things my way not realizing they've been hooked by a scam. The week before Halloween a friend shared what appeared to be a drawing for Disney theme park tickets. At the time I grabbed a few screen captures and pointed out a few things that led me to believe it was a scam, but left it at that.

In the time since then, I've seen about a half dozen similar scams and figured perhaps it's time for a more thorough discussion of what is going on, as well as possible motivations for the scammers.

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.