Here’s another example of how malicious hackers are in it for the money: Botnet owners are using their arsenal of hijacked computers to steal account information from eBay users.
One victim, Sam Houston, has written an extensive account about it in his blog. He writes that he awoke Monday morning to discover that someone in England had hacked into his personal eBay data and changed it to reflect a completely fraudulent identity with an English mailing address. Then, using that identity, the fraudster sent out at least 25 emails to people in the U.K. who are trying to sell Sony laptop computers offering them more than they are asking for the machines.
“[The hacker] also managed to set two Trojan horses on my hard drive which compromised my PayPal information and apparently hopes to transfer payment for the laptops from my checking account via my PayPal account,” Houston says. “I managed to contact PayPal and have had them temporarily stop all payments coming from their end but, since this is a bank holiday, my checking account is still hanging out there until start of business tomorrow.”
Houston says he spent almost five hours trying to clean the malware from his machine and going back and forth with PayPal and eBay in an attempt to restore order.
Some respondents to his blog entry shared their own tales of woe at the hands of identity thieves.
One person noted that someone used his or her credit card information last year as part of a “low-key” scam. Another respondent described how a random Web site snatched her mom’s credit card information earlier this year and tried to make a $600 charge.
Unfortunately, these tales show how identity fraud victims are becoming easier and easier to find.
The best advice I can think of comes from Rennee Schwartz, a Davenport, Iowa, resident whose credit card information was stolen two years ago. Shortly after news broke of the TJX data breach, she shared her experiences with me, explaining how someone was able to steal account information from an Xbox Live program her son was using.
After cleaning up the mess that comes with being an ID theft victim, she took steps to ensure she wouldn’t be victimized again. The Xbox program is no longer used on the computer where she keeps personal data. She also changes her password more frequently now, and will only use one credit card for online transactions instead of the two she used to use. She also checks her online credit card statements more doggedly to make sure there are no suspicious charges.
Her main message to those who must conduct commerce online: Mind your data. Watch closely and constantly for suspicious activity involving your credit cards and make sure the home computer is locked down with up-to-date security software.