- I got swiped. Someone could have double-swiped my card in a restaurant, or I might have used a dodgy ATM that stole my number as it doled out twenties. But if that was the case, how the heck did my number end up overseas? I did travel in France late last year; if somebody stole my credit card info back then, why wait until March to use it?
- I got crammed. I could have ordered something online from what I thought was a legitimate source, only to have bogus charges surreptitiously added later. I pored over my bank statements and found no weird charges or new low-rent venues that were likely to cram me. I'm nixing that theory too.
- I got infected. This is the most likely cause -- some piece of malicious code wormed its way onto my computer and stole my credit card information. Checking my security logs, I discovered that Norton Internet Security had detected and blocked a Blackhole Toolkit Website attack on my system about two days before my card was first used. At least, Norton thinks it blocked the intruder. I'm not so sure.
Kevin Haley, a director for Symantec's Security Response team, says the Blackhole Toolkit attacks about 100,000 PCs every day. Its primary purpose is to steal logons and/or display fake antivirus software alerts to dupe people into spending $50 on a useless program. Now that I think about it, I remember one of those bogus AV window popping up recently. I thought it was a spammy website -- guess it was a little more serious.
Haley says credit card numbers sell on the Internet black market for anywhere from 7 cents to $100 a pop. The really expensive ones are for banks with poor fraud-detection schemes, because that allows the scammers to rack up more charges. Fortunately, my bank isn't among that group. If it had been, who knows what damage I'd suffer at the hands of Katya?
I've learned my lesson, though. I'm going to keep a much closer watch on my security logs from now on, as well as my bank records. I'm going to scan my system (or use Norton Power Eraser) whenever I get even a whiff of something that smells foul. And I'm never unplugging for that long again. It's just too dangerous.
This article, "No one ever expects the Russian credit card scam," was originally published at InfoWorld.com. Track the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter. For the latest business technology news, follow InfoWorld.com on Twitter.