It hasn't been my year, online security-wise.
As some of you may recall, my Facebook and Yahoo accounts were hacked a couple of months ago. Either that, or I really was mugged in London and needed money to get home. While Yahoo's concierge service had my e-mail account back in my hands in pretty short order, Facebook promised to help, then completely disappeared on me. The account's still frozen.
In more recent non-travel news, apparently my credit card went to Argentina without me.
Making an online payment the other day, I noticed my balance was considerably higher than anticipated. I flagged it with the bank, but since transactions take a couple days to post, there were no suspicious transactions.
I went on vacation, much of it spent at an isolated cottage a 15-minute boat ride from civilization — no TV, no computer, no store, no reason to use my credit card. While I was gone, the credit card company left a voice mail on my office phone. I returned the call Monday morning.
“We've had a few suspicious transactions on your credit card account,” a rep told me. “Do these names mean anything to you?” He rattled off several transactions from retailers in Argentina. I've never been. I guess my credit card got wanderlust.
Clever people, whoever bought my account information (for I presume it was expose in a breach and auctioned). They began with a credit to my account, thus establishing a transaction history. Then they began to pluck transactions from the account.
Fortunately, the bank's algorithm was cleverer. Mind you, it had a hint in the form of a transaction at a downtown Toronto restaurant a few minutes before I was supposedly on my South American shopping spree.
The rep reversed the charges, no muss, no fuss, which was at once encouraging and unnerving. Encouraging in that I wasn't compelled to jump through any hoops to prove I hadn't made the purchases; unnerved at how routine the agent made it see: “Yup, we'll take that one off. This one? No? Okay, we'll take that one off …” These scams are so prevalent, a bank was giving me money back, virtually no questions asked.
No matter how low-profile you are, expect cybercrime to affect you. After these two incidents (and how many more did I overlook?), I'm beginning to treat it as routine myself. Yes, plan for worst, take all the necessary precautions. But don't expect that to be enough. You and your enterprise will be a target. Vigilance is necessary, before and after the fact.