In my first interview with cybersecurity expert and author Scott Schober, we explored his personal experiences with being hacked and the eye-opening insights from his book Hacked Again. Now, we’re reconnecting with Scott to go deeper. Because the threat landscape has evolved, and so has his mission.
From identity theft attempts that hit dangerously close to home, to the growing menace of deep insert skimmers and global cybercrime rings, Scott brings firsthand stories and practical guidance that every consumer and business owner needs to hear. In this follow-up conversation, we dive into the critical topic of credit card fraud, how it’s changing in 2025, and what real-world steps you can take to stay one step ahead.
SensorsTechForum’s Q&A Session with Scott Schober
STF: In our first session, we talked about Hacked Again (published 2016) and your firsthand experience with being targeted by cybercriminals. Looking back, how has that experience continued to influence your perspective on digital security, both personally and professionally?
Mr. Schober: Since Hacked Again was released, I’ve found myself constantly being targeted by hackers. The more I present and educate audiences, the more that target on my back seems to grow. I believe many cybercriminals get a kick out of trying to make my life difficult, hoping to silence me. But they’re wrong. Their efforts only fuel my determination to keep educating the public and empowering people to fight back against cybercrime every single day.
Recently, I had my identity compromised. I received a call from my company’s bank – but it was from a branch located 45 minutes north of where I normally bank. The bank manager asked, “Is this Scott Schober?” I replied, “Yes.”
To my surprise, she said, “That’s strange, because someone is sitting at my desk right now. He presented a license with the name Scott Schober and provided this mobile number, claiming it’s his. He’s asking for access to the company’s account.” She continued, “When I logged into the account, I saw a note that said, ‘Please call this mobile number & provide a PASSCODE to access account,’ which is why I’m calling.”
I immediately told her to call the police – I believed I was a victim of identity theft. She was taken aback and said, “Really? The man seems completely normal. He’s just sitting here, waiting for me. I can see him through the glass right now.” I warned her, “He’s probably going to bolt the moment he realizes something’s wrong, so please make sure you call the police right away.”
She put me on hold and called the police. A few moments later, she came back and said, “Oh – he just stood up. Oh no – he’s running out the front door and down the street!” Fortunately, just then, a police car was pulling up. They chased him on foot and eventually caught him. He spent a night in jail and was given a court date.
I asked the bank manager to please scan and send me a copy of the license he presented. When I received it, I was shocked. It was a scary-looking guy. The license was a doctored version of my old ID, but with his photo and signature added.
As I did my own research, I quickly learned that this individual was wanted in several states for check fraud, wire fraud, identity theft, and a long list of other charges. As is often the case with these types of criminals, they rarely show up for court and tend to stay on the run, hopping from state to state.
This is just one of many examples for what I clearly learned over the past few years cyber criminals will do whatever it takes if they really wanna target you and compromise your identity, your money, your personal information. So, everyone needs to be on guard, and cyber security is now everybody’s business.
STF: Since releasing Cybersecurity is Everybody’s Business in 2019, what part of your advice has aged the best? And what would you update now with everything we’ve learned post-pandemic and post-AI boom?
Mr. Schober: When I reflect back to the release of my book in 2019, I remember a powerful statistic that stuck with me. A 2020 survey found that 91% of people know reusing passwords is a security risk, yet 66% still continued to do it (according to SecurityMagazine.com). Fast forward to 2025, and a recent Forbes article reported that 50% of internet users still reuse passwords across at least two accounts.
The good news is that over the past five years, fewer people are reusing the same password across multiple logins. However, it’s still concerning that one out of every two users continues this risky behavior. Think about it – if your password is compromised on a site like Facebook, and you’ve used that same password for your online bank account, the attacker essentially has the keys to your kingdom.
One other positive change I’ve seen: Back in 2019 when I launched Cybersecurity is Everybody’s Business, I would speak at industry conferences about the importance of using multi-factor authentication (MFA). At the time, it was still a tough sell. But today, I’m happy to say that the majority of people I speak with have finally started implementing MFA on their sensitive accounts. This shift is making a huge difference and has made it significantly harder for cybercriminals to gain unauthorized access to accounts.
That said, it’s important to remember: As cybersecurity evolves to protect users, cybercriminals are also evolving. They’re constantly innovating and using the latest technologies to exploit new vulnerabilities and steal personal information.
Now more than ever, we each need to take personal responsibility for our digital safety – because cybersecurity truly is everybody’s business.
STF: Remote and hybrid work are here to stay. What’s the biggest blind spot companies still have when it comes to securing remote employees in 2025?
Mr. Schober: Cybersecurity Ventures’ Cybercrime Magazine has highlighted the growing cybersecurity risks tied to remote work. A survey by Avanan, cited by the magazine, found that 76.1% of over 500 IT managers and leaders agreed that platforms like Slack and Microsoft Teams present significant vulnerabilities that need to be addressed.
I completely agree with that assessment. When employees access a company’s network remotely, it creates another potential entry point for cybercriminals to exploit – often one filled with security gaps. That’s why it’s critical for remote workers to remain vigilant. Using multi-factor authentication (MFA) or another strong form of identity verification is essential to ensure that login credentials aren’t compromised and cybercriminals can’t impersonate legitimate users to gain unauthorized access.
STF: On a different note… Should cybersecurity be part of the high-school curriculum? Why do you think it’s important to introduce these concepts early?
Mr. Schober: Absolutely. My son is graduating from high school this year, and my daughter, who graduated a few years ago, is currently in college. I’m happy to see that during their time in high school, they were required to take courses that emphasized the importance of cybersecurity. These lessons went beyond just securing assignments. They covered real-world issues tied to social media, email, internet browsing, and mobile phone use.
It’s critical that students understand from a young age how to protect themselves in our increasingly connected world. Cybersecurity education should be woven into everyday tech use, helping young people develop a strong cyber posture that safeguards not just themselves, but also their families, from cybercriminals.
STF: Tell us more about Stolen Plastic. What is your latest book focused on?
Mr. Schober: Stolen Plastic takes a deep dive into credit card fraud and identity theft, exploring the tactics and technologies that today’s cybercriminals use to target consumers and small business owners. I co-wrote this book with my brother and partner, Craig Schober, who has worked alongside me to report on a wide range of cybercrimes.
Together, we’ve also helped develop tools that our company provides – such as skimmer detectors, bluetooth sniffers, and direction-finding solutions – used by law enforcement and financial crime units to detect, track, and apprehend cybercriminals.
In the book, I share lessons from over 15 years of firsthand experience in cybersecurity – the good, the bad, and the ugly – with the goal of helping readers stay safe, protect their money, guard their identity, and secure their businesses.
STF: The theme of Stolen Plastic builds on your ongoing mission to expose digital threats. Why did credit card fraud feel like the right topic to explore in 2025?
Mr. Schober: Despite the tireless efforts of law enforcement, investigators, security professionals, and financial crime units, there’s still a long way to go in the fight against credit card fraud and cyber scams. These crimes continue to steal billions of dollars each year – money that hardworking people can’t afford to lose.
That’s why we must work together to push back. Writing a focused book on this subject allows me to empower others with the knowledge and tools they need to join the fight and help turn the tide against cybercriminals.
STF: What’s one thing most people get wrong about credit card fraud or assume won’t happen to them?
Mr. Schober: Many people assume their credit or debit card is safe because they keep it securely in their wallet or purse. What they often overlook is the hidden threat of deep insert skimmers – small, illegal devices placed inside card readers where they can’t be seen from the outside.
Each time you insert your card, the magnetic stripe is read not only by the legitimate terminal but also by the hidden skimmer, silently capturing your data for cybercriminals. It’s an invisible danger that can affect anyone, even if you’re cautious.
STF: We now have mobile wallets, tap-to-pay, and tokenized transactions. Are these truly safer, or just the next target for cybercriminals?
Mr. Schober: When it comes to payment methods, not all are created equal in terms of security. Here’s a breakdown – from least secure to most secure – based on the types of threats they face:
- Traditional swipe payments (with bezel skimmers): This is the least secure method. Card data stored on the magnetic stripe is easily skimmed by criminals using devices hidden around the bezel of card readers, especially at gas pumps and ATMs. Criminals now have shifted to deep insert skimmers that are very hard to detect to the consumer swiping their card, so anytime a consumer is using a mag stripe transaction, they are at risk of having their card skimmed.
- Chip-and-PIN (vulnerable to deep insert skimmers and shimmers): Although more secure than swiping, chip cards are still at risk. Deep insert skimmers are hidden inside the reader, and “shimmers” are thin devices placed inside chip slots that can intercept data from the chip during a transaction.
- Tap-to-pay (contactless cards) : Tap-to-pay is more secure than inserting or swiping, but still not immune. Tools like the Flipper Zero can capture data from some contactless cards if used in close proximity, although limits on these transactions help reduce risk.
- Mobile wallets (Apple Pay, Google Wallet): This is currently the safest and most secure way to pay. These platforms use tokenization, which means your actual credit card number is never transmitted. Instead, a one-time, encrypted token is sent directly to the issuing bank. Since your real card data isn’t part of the transaction, there’s nothing for a hacker to steal – making man-in-the-middle attacks virtually impossible. I personally use Apple Pay and have never had a problem in the past few years. Prior to this I had my debit card and multiple credit cards hacked numerous times.
STF: What are some practical signs that an ATM or payment terminal might be compromised? Are there red flags everyday users can spot?
Mr. Schober: Yes, there are several telltale signs I look for when approaching an ATM with my debit card. First, I inspect the machine for any loose or misaligned parts. I pay close attention to areas where overlays might be placed, and I check the keypad for any signs of a fake overlay that could be used to capture my PIN.
I also carefully examine the card slot for wear or damage. If the card feels tight or rubs against something when inserted, it could indicate a deep insert skimmer. When I look at the display, I check for any unusual messages, prompts, or unexpected requests for additional information, as this could be a sign that the machine’s firmware has been modified to steal sensitive data.
Another red flag is if the ATM takes an unusually long time to respond or if any buttons don’t work as expected. These could be signs of malware secretly capturing my information.
I also ensure that the ATM is in a well-lit area, preferably with visible cameras around it.
I’m always cautious to check for any hidden pinhole cameras aimed at the keypad, and I make a habit of covering the keypad with my hand when entering my PIN.
Given all the risks, I prefer to use Apple Pay or other secure payment methods over ATMs these days. It’s a safer, more reliable way to make purchases without worrying about skimming devices.
STF: What role does organized cybercrime play in card fraud today? Are these attacks mostly local, or part of global operations?
Mr. Schober: Organized cybercrime plays a significant role in card fraud today, with a major shift toward global operations. One notable example is the onslaught of cybercriminal gangs, particularly from Romania, that have been inserting skimming devices into point-of-sale (POS) terminals at convenience stores, gas pumps, and ATMs. These skimmers allow cybercriminals to capture the card data of unsuspecting consumers, leading to billions of dollars in credit card fraud every year, particularly in the United States.
The scope of these attacks is global, with criminal organizations using sophisticated tactics to target vulnerable payment systems around the world. They are well-coordinated and often operate under the radar, utilizing the dark web to remain anonymous. Through the dark web, these criminals can buy and sell stolen credit card credentials, paying with Bitcoin or other cryptocurrencies to further obscure their tracks. The use of cryptocurrency allows these criminals to stay off the grid, making it much more difficult for law enforcement to trace the stolen funds and apprehend the perpetrators.
This form of crime is particularly insidious because cybercriminals can distance themselves from the victims. They remain largely invisible, operating from remote locations and using tools like skimming devices and the dark web to carry out their attacks. The anonymity provided by the dark web, combined with their global reach, makes it a challenging and persistent issue for authorities to combat.
STF: What would a 3-step survival guide for protecting your credit cards and financial information in 2025 encompass?
Mr. Schober: Here are my 3-steps…
1. Use Tokenization and Mobile Wallets
Why it matters: Tokenization replaces your actual credit card details with a one-time-use token during transactions, reducing the risk of your information being compromised. Mobile wallets (such as Apple Pay, Google Pay, and Samsung Pay) use tokenization and are more secure than traditional cards.
How to do it: Move away from using physical credit cards whenever possible and opt for mobile wallets. These wallets don’t store or share your actual card details with merchants, reducing the chances of fraud. Additionally, always choose “Tap to Pay” for contactless payments to avoid exposing your card number.
2. Enable Multi-Factor Authentication (MFA) Everywhere
Why it matters: Multi-factor authentication (MFA) adds an extra layer of protection, requiring more than just your password to access sensitive accounts. In 2025, many financial institutions and online services will offer MFA, which should be utilized for all accounts, including online banking, payment services, and retail sites.
How to do it: Set up MFA on all accounts that store or use your credit card information. Use an authenticator app (like Google Authenticator or Authy) or biometrics (fingerprint or face recognition) for extra security. Avoid relying on SMS-based MFA, as it can be vulnerable to SIM swapping attacks.
3. Be Cautious with Public Wi-Fi and Online Shopping
Why it matters: Public Wi-Fi networks and unsecured websites can expose your financial information to hackers. Cybercriminals often use these open networks to intercept sensitive data and gain access to your accounts and compromise your credit cards when you are online shopping.
How to do it: Avoid using public Wi-Fi for banking or online shopping. If you must use it, always use a Virtual Private Network (VPN) to encrypt your connection. Also, make sure that websites are secure (look for HTTPS in the URL and a padlock icon) before entering any payment details. Stick to trusted and reputable websites, and be cautious when shopping on unfamiliar or sketchy sites.
STF: If you had to write a new cybersecurity motto for 2025, what would it be?
Mr. Schober: One that motto that I have often stated recently is Secure Today, Protect Tomorrow which emphasizes the importance of proactive security measures now to safeguard against evolving threats in the future. It reflects the need to stay vigilant and adapt to new cybersecurity challenges as technology and cybercriminal tactics continue to evolve.
Join Our Team of Experts
Are you a cybersecurity expert that wants to be featured in SensorsTechForum’s interviews and Q&A sessions? Make sure to drop us a line at support[at]sensorstechforum.com and follow our LinkedIn page!
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: