People think of cyber criminals as an über-smart bunch. But obviously they’re not. A researcher from FaceTime Security Labs has uncovered a man selling credit and debit card details,including PIN numbers, who not only included his location, but also, quite helpfully, a photo of himself. The cache was posted to a warez forum where hackers generally traded pirated videogames and other media. Since some of the details included an e-mail receive address, it was apparent that they’d been obtained from a back-end online payment system. "The odd thingabout it was that the person who posted the details didn’t really come across as a professional carder – more like someone who happened to stumble across a stockpile of sensitive informationand was now trying to distribute it as quickly as he could," said Chris Boyd, senior director of malware research for FaceTime. "This is a case of stupid criminals at work. The posterhappily included all of this information with a photograph of himself as well as his location listed under his forum avatar." The company counsels people to take appropriate precautions– not to click on IM links, even from friends, without checking with the friends first, updating security patches on browsers, checking bank and credit card statements, and when using a cardonline, making sure the padlock icon is closed. "Everyone takes a security risk when they shop or hang out online, but we can reduce the risk with some common sense and specificmoves," said Boyd. "A company would never stop using email just because they get SPAM, but everyone needs to balance the benefits of the Web with ways to avoid the risks." FaceTime told authorities about the incident, but there’s no word as to whether the seller has yet been arrested.
