Staying Safe Online

two people looking at computer screen displaying security lock and password fieldsWith the average American spending 24 hours a week online, internet safety is more important than ever. A hacked or compromised computer can put you at risk for money loss, phishing scams or even complete identity theft.

It gets worse: If your computer’s security has been breached, it can be turned into a “middle man” for online theft. Criminals may remotely control a computer with weak security and use it as a patsy for large-scale crimes against hundreds or thousands of other computer users. An unprotected computer can commit awful crimes without its owner even knowing about it!

Fortunately, keeping your privacy, money and sensitive information safe when browsing the internet is simple; all it takes is awareness, some proactive steps and lots of common sense.

Read on for steps you can take to keep yourself safe online.

Avoid fake sites
The easiest way to get scammed online is to visit a fraudulent site. If you’re browsing a site you don’t usually use, ask yourself these questions to make sure it’s safe:

  • Does your browser warn you against visiting the site? Whether you browse with Chrome, Firefox or Safari, your browser will warn you about certain sites based on actual data and user reports.
  • Is the web text riddled with grammar mistakes and typos? Reputable website owners are careful to present a polished, professional look. If a site looks like it was written by a second-grader, leave it.
  • Is the site secure? Only visit sites with an “https” and not just an “http” in the address bar.
  • Does the digital footprint check out? Google the company’s name to see what the internet and Better Business Bureau are saying about them.
  • Is there a legitimate “Contact us” section? There should be an authentic physical address and phone number for the business.
  • Is there an excessive amount of ads? Ads are intrinsic to the online world, but if a website seems to be covered in intrusive ads, it’s likely a fake.
  • Check the shipping and return policies. If you can’t find this information, the site probably doesn’t really sell anything at all – though they are happy to take your money.
  • Is there a trust seal? Companies that deal with sensitive information make an investment to earn your trust. A trust seal, like the PayPal or Norton Secured seal, tells you the company has worked hard to deserve your trust.
  • Is the URL authentic? When redirected to another site, check the new URL to see if it matches the original company.

Practice password safety
It’s your key to almost every online board and gated site; do your best to keep it safe! Here’s how:

  • Use a password generator. The best way to ensure that your passwords don’t get hacked is to use a password generator like Sticky Password, LastPass or 1Password. These services generate a super-secure password for every site you visit – but you’ll only need to remember your one master password.
  • Change your password. If you don’t like the idea of using a password generator, experts recommend changing your passwords every 30-40 days.
  • Never double passwords. Using common passwords across multiple sites is easy on the memory but hard on your safety and security.
  • Use strong passwords. For optimal security, choose passwords that include a mixture of capitalization use, numbers, letters and symbols.

Update your browser
Perhaps the most neglected and simplest step of internet safety is keeping your browser updated. With just one click, you’ll increase your browser’s security and improve your computer at the same time.

Here’s why you’ll want to keep your browser running with its newest version:

  • Increased speed. Each new version of your browser is an improvement on the old one. Why lag behind when you could be using a faster browser?
  • Improved website compatibility. Lots of websites rely on updated browsers to share all of their graphics and features.
  • A better experience. A newer browser will offer you added features, customizable extensions and sleeker graphics.

Above all else, an updated browser will provide better security. Internet companies are constantly looking for ways to protect you and keep you safer; take full advantage of their efforts by always using the latest version.

An updated browser offers stronger protection against the most recent scams, phishing attacks, viruses, Trojans, malware and more. Newer browsers have also patched up security vulnerabilities that may be present in your older browser.

Updating your browser is super-easy and super-quick. Late model computers will update automatically as soon as new iterations are released to the public. If your computer is a little older, you can choose the “auto-update” feature available on some browsers for the same results. Otherwise, you can update your browser manually by following the instructions on your browser. These are typically easy to follow and take just a few clicks.

Follow these tips for safe online browsing. A few small steps now can save you heaps of aggravation and money lost down the line. Don’t let those hackers get to you!

Your Turn:
How do you keep safe online? Share your best tips with us in the comments.

Advertisements

Beware The Blackmailing Scam!

man looking at laptop screen with hands at temples. Floating danger symbols all around himBlackmail and extortion are some of the oldest tricks in the book—and for good reason: They work. When a criminal threatens to share potentially explosive information with everyone they know, the victim easily panics and is willing to pay any price to protect their privacy and their pride.

In a fresh twist on this age-old crime, scammers have taken to the internet. Online blackmail is nothing new, but a fresh wave of these scams hit the web last month, and it’s already ensnared dozens. Learn how to spot these blackmailing scams and you’ll get to keep your privacy, and your money, too.

Here’s what you need to know about the most recent blackmailing scams.

How it works
The victim gets an email from an alleged hacker claiming to have cracked their passwords, broken into their computer and used their webcam to watch their online activity. They may threaten to reveal that the victim has been visiting disreputable sites or to use their personal information to empty their financial accounts. The scammer then shares a willingness to back off—for the right price, of course.

As proof that they are “legitimate” hackers, the scammers will share an actual password that the victim has used many years ago. They may even include the password in the subject line of the email to grab the victim’s attention and ensure they actually open the email. Often, they’ll also include other bits of stolen data in their message to appear authentic.

If you receive an email like this, don’t panic. There’s no professional hacker behind the scam, no one has watched your online activity, and there’s not much the scammer can do with the information they may have.

The inclusion of the password might give you a scare, but there’s a simple explanation for how the scammer got hold of it. Over the last decade or so, there have been lots of massive database breaches within major corporations, sites and retail stores like Yahoo, eBay, Target, Macy’s, Sony PlayStation and dozens more.

Thanks to these breaches, there are now huge amounts of personal data and passwords floating around the internet. This data can be easily nabbed by a partially skilled hacker or bought on the black market. Once a scammer gets their hands on a password, they’re free to exhort the victim to pay a steep price in exchange for their privacy or security.

How to spot the scam
Many potential victims recognize this scam for what it is as soon as the hacker claims to have dirt on them. For many others, though, the outdated password is their clue. However, for victims who have been using the same passwords for years, this old code might still be in use and the scam can seem legit.

Now that you are armed with the knowledge that this scam is making its way around the internet and may contain an actual password you once used, or that you may still use, you are already a step ahead. If you receive an email with your password in the subject line, stay calm. Simply ignore the message. Better yet, delete it from your inbox and give it no further thought.

How to protect yourself
There’s not much you can do about any bits of your sensitive data that may be loose on the internet. However, you can do your part to protect yourself from falling prey to this, or a similar scam.

Here’s how:

  • Update your passwords frequently and use strong, unique codes for each site you visit. You can use a password generator like 1password or LastPass to make this simpler.
  • Choose two-factor authentication when possible.
  • Never open emails from suspicious or unknown sources.
  • If you are targeted, alert the FTC at ftc.gov.

Don’t let those scammers fool you! Be alert, be aware, and learn how to spot these scams for what they are.

Your Turn:
Have you been targeted by a blackmailing scam? How did you spot the ruse? Share your experience with us in the comments!

SOURCES:
https://www.nytimes.com/2018/07/23/technology/personaltech/phishing-password-email

https://tech.co/online-scams-to-watch-out-for-2018-07

https://www.theguardian.com/money/scamsandfraud

How To Protect Yourself From Identity Theft

Computer hacker staring through computer screenChances are, you or someone you know has had their identity stolen at one point or another. It can be expensive, stressful and extremely complicated to recover from. Here are seven ways to help protect yourself and your most important data from identity thieves.

1. Secure Your Hardcopies
Most of us think of identity theft as a digital crime, but many thieves are just as eager to get their hands on your paper documents. While online accounts are password-protected, important paper documents are often left in a drawer or simply tossed in the trash, where dumpster-diving thieves can find them.

What’s the solution? Buy a safe and a shredder. What’s not shredded goes in the safe. Of course, the same level of care should go into protecting your physical credit cards. Don’t put your wallet in your back pocket. Make it a habit to check to see you have all your cards and IDs when you get home at the end of the day. This will help you be aware of missing items earlier so you can cancel lost or stolen cards before too much damage is done.

2. Examine Your Financial Statements
Reviewing your financial statements is a good practice. Not only will this help you track financial habits, it will also alert you to any fraudulent charges. Credit unions and banks do a lot to protect consumers from fraud and identity theft, but only you know what you purchased and what you didn’t, so look closely at those statements!

3. Choose Good Passwords
Many people have one simple password they use for all devices and platforms. This is convenient, but dangerous. Yes, there is reason to worry that having multiple hard-to-remember passwords may make it more difficult for you to access your own accounts, but potential identity thieves will have a more difficult time too.

If you’re worried about remembering your own passwords, check out these easy and safe ways to store your passwords from Gizmodo.

4. Protect Your Computer
Malware is just one way identity thieves steal your data. Invest in a good and reputable antispyware program to make sure your hardware is safe from invaders.

Another way to protect your computer is to encrypt your hard drive. Apple computers and PCs alike will offer the option to encrypt all data in your hard drive. Go to your security settings and choose to activate the encryption option.

5. Be Aware of Suspicious Emails and Websites
If an email looks suspicious, it probably is. Make your email inbox a tightly curated collection. If you have too many promotional emails, start clicking the unsubscribe button. This will help you spot suspicious, unsolicited mails.

The same goes for websites. Your browser or antivirus software may try and warn you about suspicious websites before you enter them. Don’t disregard those warnings.

6. Use Two-Factor Identification
The most convenient option is not always the most secure, but given the choice between convenience and security, your best bet is the more secure one. Two-factor identification for email accounts and other important online accounts will add an extra step to the security process for log-ins, most often making use of your phone number as well.

7. Secure Your Wi-Fi and Avoid Public Wi-Fi
Public Wi-Fi is often insecure and can be a great way for thieves to get to your data. Steer clear if you can. If you have no choice, be sure to avoid all online banking or password logins while using public Wi-Fi. Additionally, be sure to secure your own home Wi-Fi with a unique and hard-to-guess password.

SOURCES:
http://www.identitytheftkiller.com/10-ways-to-avoid-id-theft.php
https://www.wikihow.com/Prevent-Identity-Theft

Look Before You Pump! Be Careful When You Use Your Card At The Gas Station

Two young ladies filling up car at gas stationHow many times a month do you fill ‘er up? It’s a mindless chore, but did you know it can also be the beginning of a financial nightmare? Gas pump skimming is an old crime that’s made a comeback – and your debit card may be at risk.

Every day, 29 million Americans pay for fuel using a credit or debit card. However, compromised pumps with skimming devices installed by scammers have recently been found in several states.

Since these skimmer devices are almost invisible, they can be really difficult to spot, enabling them to easily capture the information of up to 100 cards a day! And, thanks to Bluetooth technology, the criminal doesn’t even need to return to the scene of the crime to collect the data their skimmer has obtained; it can all be done remotely from as far as 100 yards away.

Yes, EMV-enabled technology has become more commonplace, but gas stations were given until 2020 to update their payment systems. This makes them even more vulnerable to such hacks.

Protect yourself against this heinous hack by arming yourself with all you need to know about card skimmers.

How it works
Hackers choose their gas pumps wisely. They usually opt to outfit the one that is farthest from the on-site convenience shop. This way, their activity is out of the range of any security cameras at the shop’s entrance. The hacker will then place a skimming device on top of the pump’s card reader. It will usually be identical to the existing reader, with only a few and hard-to-spot differences.

Sometimes, hackers may place a skimmer inside the pump itself. This task can be done in less than a minute. The hacker can then leave the area and access all the data being collected by the skimmer, with no one being the wiser.

Choose your payment method wisely
You may consider giving yourself extra protection by using a credit card or cash to pay at the pump. A credit card may be compromised just like a debit card, but you can easily dispute fraudulent charges made on your card. Depending upon your financial institution, your debit card may offer minimal purchase protection.

If you want the safest payment method, cash is a good bet. However, remember that cash cannot be replaced if lost or stolen.

How to spot a skimmer
If you don’t like the idea of carrying around wads of cash, you can still protect yourself against skimmers. Use caution while at the pump, and learn how to spot a skimmer. If something looks suspicious, move on to the next pump and report your findings to the local police as well as the gas attendant on duty.

4 ways to spot a skimmer:

  • Use your eyes. Check out the card reader very carefully. Do the numbers on the PIN pad look raised? Do they look newer or bigger than the rest of the machine? Does anything look like it doesn’t belong? Is the fuel pump’s seal broken?
  • Check the tape. Many gas stations place serial-numbered security tape across the dispenser to protect their pumps from skimmers. If the tape has been broken, or there’s no tape on the dispenser at all, it may have been compromised.
  • Use your fingers. Feel the card reader before sliding your card into the slot. Do the keys feel raised? Is it difficult to insert your card? These are both red flags that the card reader may have been fitted with a skimming device.
  • Use your phone. There are several free anti-skimming apps you can install on your phone, such as Skimmer Scanner. Using these apps, you can scan a card reader for a skimming device and get an alert if one is detected. You can also check your phone’s Bluetooth to see if any strange letters or numbers appear under “other devices.”

General card safety
It’s always a good idea to practice general safety when using a card to pay at the pump.

Choose the pump that is closest to the store and always cover the number pad with your hand when inputting your PIN. If you haven’t yet updated to a chip card, now’s the time to do so. It’ll offer you an extra layer of protection. It’s also a good idea to periodically check your account statements for suspicious charges.

Your Turn:
How do you pay at the pump? Why do you choose this method? Share your thoughts with us in the comments!

SOURCES:
https://budgeting.thenest.com/problems-using-debit-cards-gas-pumps-23710.html

https://www.creditcards.com/credit-card-news/gas-pump-atm-skimmers.php

http://news4sanantonio.com/news/local/skimming-devices-found-on-pumps-at-northwest-side-gas-station

All You Need To Know About Smishing Scams

person using smartphone to send text messageText messaging has come under attack as one of the most vulnerable mediums for identity theft and more. Here’s what you need to know about an SMS message-based scam called “smishing.”

How it works
Smishing scams use text messages to establish contact with the intended victim to later access their personal information.

The scam begins with a supposedly urgent text appearing to be from the victim’s financial institution. The text may claim that the victim’s checking account is locked, or that there has been an unauthorized purchase charged to the victim’s account. The scammer will warn that immediate action must be taken.

The victim is then instructed to call a specified number and, upon doing so, will be asked to share their financial information. Once they’ve got their hands on this info, the scammer is free to steal the victim’s identity, empty their accounts or go on a shopping spree on the victim’s dime.

Who are the victims?
Smishing scams primarily target people who do their banking online, but fraudsters will use any cellphone number they can find. If you own a checking account and a cellphone, you are a candidate for a smishing scam.

Recognizing smishing scams
Your credit union will not alert you of a possible fraud or account lockdown via text; we prefer more personal means to help you know it’s us.

Also, the phone number the smishing text instructs you to call is not ours. You can reach us at 734-676-7000. If you’re told to contact us at a different number, it’s not us you’re calling!

You can also spot the smishing scam just by looking at the phone number. The text will often appear to come from a number that is obviously fake.

If you’ve been targeted
If you receive a suspicious-looking text, do not engage the texter! Jot down the scammer’s number and delete the message. Let us know about the smishing attempt, tell all your friends and alert the FTC.

If you’ve fallen for the scam and your accounts have been compromised, alert your credit card companies and be sure to let us know, too.

Protecting yourself
Always use two-factor authentication for banking app and sites.
Use strong and different passwords across your accounts and apps.
Ignore all text messages from unknown numbers.

Don’t let those crooks get their hands on your money!

Your Turn:
Have you been targeted by a smishing scam? Tell us all about it in the comments!

SOURCES:
https://www.usatoday.com/story/tech/columnist/saltzman/2017/07/03/delete-suspicious-text-messages-on-your-smartphone/439647001/

https://www.google.com/amp/amp.timeinc.net/fortune/2017/07/07/smishing-scam

https://money.usnews.com/money/blogs/my-money/2015/01/23/5-scams-that-target-your-bank-account

https://www.cnbc.com/2017/05/12/this-growing-fraud-will-drain-your-bank-account.html

Beware Tech Support Scams!

Reflection of man over program code pressing "access granted" buttonYou’re always putting yourself out on a limb when you call tech support. You dial the number the company gives you, and perhaps after a while of waiting, you’re connected to someone who may be working on the other side of the world in a completely different time zone. Then you’re asked to give this anonymous person identifying details about your phone or computer and the technical problems you’re experiencing.

Of course, you’re fairly certain the speaker works for your device’s company and you believe it’s perfectly safe to share this information. At the very least, they have contracted with this individual and are tracking their service.

All of that gets a little riskier when you’re asked to allow the tech support agent to have remote access to your device. This step is sometimes necessary to fix the glitch, but it can also be unnerving. Suddenly, it’s as if an invisible person has taken over your screen. Letters you haven’t typed are showing up on the display and the cursor is flying all over the screen, even though you haven’t touched the mouse.

You’re essentially letting someone have free access to a device that houses some of your most personal information. Yikes!

And that’s exactly what tech support scammers are looking for with their nefarious hacks. It’s truly as awful as it sounds: In these scams, fraudsters contact victims and trick them into granting the scammer access to their computers. The crooks may reach out to people through a phone call, insisting the victims have a virus or another problem they’ve somehow detected from the company’s headquarters. Alternatively, they’ll send a popup to the victim’s computer which will flash dire warnings about an impending or existing virus that can be “fixed” by clicking on a link.

There are several outcomes of such tech support scams, none of them good. Sometimes, a scammer will trick you into installing malware on your computer, claiming you have to click on a link in order to heal your computer of its ills. Other times, they might sell you expensive “software” by making the same false claims. Still other times, they’ll direct you to a bogus tech support website where you’ll be asked to input your credit card information. And they’ll oftentimes simply help themselves to the sensitive data they find on your computer and then wreak havoc on your financial life.

Federal Trade Commission (FTC) Scams
Tech support scams are nothing new, but a recent wave of these scams has taken on an ironic twist. The very organization that leads the battle in taking down scammers is being exploited for a particularly heinous hack.

Scammers posing as FTC employees are calling victims, asking for remote access to their computers. They assure victims they can help restore any affected devices to their previous working conditions. Many of them are claiming to represent the FTC’s Advanced Tech Support Refund program.

This program was created to help victims of previous scams collect their refund money from the FTC. The scammers will convince the victims that they are moments away from seeing their money – they just need to provide the alleged FTC employee with remote access to their computer. They may also ask for an upfront payment before the refund can be issued or for checking account information, claiming it’s necessary for the refund to clear.

Of course, none of this is true and the caller has never worked for the FTC. In fact, the FTC will never request remote access to your device or ask you to pay to receive a refund. Also, their refunds are sent in check form via snail mail, and do not require any checking account information at all.

The FTC has alerted the public that the only genuine number to call for information about the Advanced Tech Support Refund program is 877-793-0908. If someone calls you on their own, assume it’s a scam. End the call immediately and report the incident to the FTC.

Recognizing Tech Support Scams
As mentioned, the wave of tech support scams in which fraudsters impersonate the FTC are easy to spot if you know this basic information about the FTC: They will never request remote access to your computer, ask for payment in exchange for a refund, or reach out to you on the phone.

Here’s how to prevent other variations of tech support scams:

  • Never click on a pop-up box that claims your computer has a virus and offers to clean it. This will only infect your computer or grant a scammer remote access to your device.
  • Always call tech support on your own; if they call you, especially if you’re not aware of any problem with your computer, hang up as quickly as you can.
    Never agree to purchase expensive software online to fix an alleged virus.
  • If you think you’ve been scammed, tell everyone you know about it and be sure to alert the FTC. Let’s do our part to put those crooks out of business for good!

Your Turn:
Have you ever been targeted by a tech support scam? Share your experience with us in the comments!

SOURCES:
https://www.ftc.gov/news-events/press-releases/2018/03/ftc-begin-mailing-checks-victims-tech-support-scam

https://www.idtheftcenter.org/Current-Scam-Alerts/ftc-tech-support-scam.html

https://www.consumer.ftc.gov/blog/2018/04/ftc-asking-access-your-computer-its-scam

Ransomware And Mobile Devices

Three bad guys planning ransom demandsOne moment, you’re surfing the internet. A minute later, a pop-up shows your files have been taken hostage and that you’re required to pay a $300 ransom to have them released back to you. You stare at the screen in disbelief. How is this possible, especially considering you are on your mobile device?

Ransomware – malware that accesses your computer system and blocks access to your files until a ransom is paid to restore access all while stealing your payment information – has been becoming more prevalent among PC users. While these attacks typically focused solely on PCs, they are now adapting to include mobile devices. That’s right, the very same mobile devices you use to access your credit union accounts for checking balances, transfer funds and make payments.

An example of a Russian-based mobile device ransomware is called “Svpeng.” It focuses on tactics for infecting mobile phones and mobile banking applications. It infects the device with a phishing window when the application is opened. This overlay attack is used to steal online banking information as the malware pretends to be the application’s login screen. The user enters login and password information, which is then stolen by the hackers. Once they have access to the account, they can control the account. Svpeng also phishes through Google Play if that is on the mobile device.

This tactic also involves SMS messages being sent to two Russian banks to determine if the phone number of the device is connected to any payment cards. If a card is indeed connected to a number, the hackers use commands through the device to transfer the victim’s money into their own accounts. While Svpeng has currently been seen only in Russia, it is expected to expand into other countries; one of the features of the ransomware checks the mobile device’s language settings to determine the appropriate language to use for the attack.

As time goes on, other PC-based ransomware programs may also be adapted for mobile devices, or more ransomware programs that are specifically designed for mobile devices may be created. Hackers are always looking for ways to evolve their tactics in hopes of stealing more information and making immediate profits. Svpeng, for example, had 50 modifications to its malware within a three-month period.

How does this type of malware get onto a PC or a mobile device? It could be through a “drive-by download” where malicious software is downloaded without the user even knowing about it. This happens as the user surfs the internet without a care, yet comes across a compromised webpage or clicks to a website through an HTML-based email. It could have been downloaded through a phishing email, which appears to be from a credit union, yet is a fake email linking to a compromised webpage. The ransomware could also come through an email attachment that is malicious.

After the infection occurs on the mobile device or PC, the overlay or ransomware tactics are used as was described with Svpeng. That way the hackers can either directly steal the login and password information when the credit union account is accessed, or the user is blackmailed by a direct ransomware attack to send money to unlock the mobile device.

Many of the ways ransomware can be prevented from infecting a PC are the same for prevention on a mobile device. Make sure data on a mobile device is regularly backed up. This will help with recovering information if the device is hijacked. Make sure an antivirus program is running on the mobile device. Follow safe web browsing habits. Block suspicious emails.

Don’t download data or apps from questionable sources. Don’t “jailbreak” a device where built-in controls and security features are overridden; this removes an additional layer of protection against ransomware attacks.

If you think your mobile device has become a victim of ransomware, you can try to remove it by running a virus scan through mobile antivirus software. Don’t pay any ransom because it won’t guarantee the release of your data and you are giving additional payment information to the hackers. If none of these work, talk with your mobile device or cellular provider or their tech support. Of course, notify your credit union to monitor your accounts for any potentially fraudulent activity.