Headlines and the attention of IT professionals have been dominated by Heartbleed recently, yet it's a news story out of Florida that reminds us of an all-too-common identity-theft threat that most of us face on a routine basis: credit-card skimmers.

From an Orlando Sun report:

Between Nov. 29 and April 3, the (Victoria's Secret clerk) hid the skimmer under her skirt at Orlando Premium Outlets and swiped customers' cards before running them through the cash register, according to court documents. The woman, whose name is not revealed in court documents, was paid $500 whenever a felon named Alexander Sundeman Sanchez, downloaded card numbers from the device (once a week), records show. "I forgot to tell u i really only want foreigners and tourists," Sanchez texted the woman, according to court documents.

Three details struck me: The targeting of victims less likely to contact law enforcement; $500 a week is plenty of temptation for a retail-store clerk with a criminal disposition; and the scam went undetected for months.

That's one clerk in one store. Now think of how many times you hand your card to a waiter or insert it into a gas pump or ATM that might also carry a skimmer.

And skimmers - even the fake ATM kind - are not hard for criminals to come by, according to security expert Brian Krebs.

The Secret Service's website has a description of the more popular skimmer scams and offers this advice for avoiding them:

Ensure your credit card is swiped only once at a register.

Conceal your PIN as you enter it into an ATM or credit card reader.

In other words, pay cash.