How your computer can give you Coronavirus Covid-19
By in

How your computer can give you Coronavirus Covid-19

Hey guys, the world is nervous and talking about Covid-19 the new deadly strain of the Coronavirus. Here in Hawaii folks are buying toilet paper – all of it from anywhere it’s sold. There are parking lot fights at Costco and worse yet, you can’t get toilet paper. The whole island is out, so what does that mean to you? Absolutely nothing because what we’re going to talk today about something very important – how not to spread viruses by using your computer.

Most computers have keyboard, buttons and many touch points that can spread germs from one person to the next. For example, were I to hand my laptop over to someone else, I’m also handing off any germs sitting on any of those touch points. So, how can you keep your computer equipment clean so that the computers doesn’t spread the Coronavirus from person to person? Before we get into that, let me mention that these are all best practices and good hygiene in general when using electronics equipment.

To start, let’s talk about my best friend – disinfecting wipes. Getting your hands on a tube typically isn’t hard (except for now), so if you’re fortunate enough to have a stockpile, they are very tear resistant and perfect for cleaning computer equipment without damaging it. For example, I have a Microsoft Surface laptop and according to Microsoft’s website, disinfecting wipes are recommended for cleaning the device. After using them, the computer is now cleaner than ever and it’s been disinfected. No germs, yay!

While mainstream media and the CDC has been focused on reminding everyone to wash their hands, do you know what else should be kept clean? Your ears! And what do you use at the workplace that involves your ears? That’s right, your phone. So keep your phone nice and clean using those same disinfecting wipes! For years I’ve been called the neat freak, always cleaning my phone. From experience, I’ve had people use my phone, cough and sneeze all over it and leave. I wouldn’t know, use the phone and catch whatever that person had. No thank you. Keep your phone and computer clean!

Next think about ways to boost your immune system. I know it may be considered “new age” or homeopathic but you know what, why not try everything? Who wants to get sick? I know I don’t and I’m sure you don’t either. I personally drink kombucha – it is an acquired taste though. Kombucha is gross but full of probiotics that can give your gut, the seat of your immune system a little boost. Think about other ways to boost your gut biome such as supplements and probiotic capsules. Probiotic yoghurts are great but supplements much more bacteria per capsule there than you’ll find in any single source, including Kombucha or yoghurt.

Lastly, f you really want to try something new, there are essential oils. My favorite is the “4 Thieves blend” and to get the benefits of it, put a little bit of water into a diffuser, a few drops of oil and let it mist your workspace. You can get a diffuser practically anywhere such as drugstores, Amazon and even TJ Maxx. The reason that I personally like “4 Thieves” is because of its backstory. According to the long-told historic tale, the use of thieves oil dates back to the year 1413, the time of the infamous Bubonic Plague (aka The Black Death) that devastated a large portion of France.  The Black Death spread like wild fire amongst the citizens, and the doctors alike.  It seemed impossible to be in the vicinity without contracting it and at the time, the sickness really did mean ultimate demise.

During this time, however, four thieves were captured and charged for stealing from the sick and dying.  The thieves never contracted the plague, despite the close contact with the Black-Death victims.

At that time the crime these 4 men committed was punishable by being burned alive. However, the judge was so intrigued by how these men had stayed immune to this terrible disease that he told them if they shared their secret he would spare them of this punishment.

The Thieves told the judge their secret: they were perfume & spice merchants who were unemployed due to the closure of the seaports and the devastation of the plague. They had prepared an essential oil recipe that when applied to their hands, ears, temples, feet & a mask over their mouths, kept them safe from infection. The judge stayed true to his word. The men were not burned alive, but instead they were hanged for their crimes.

From then on, doctors who treated Black Death victims put the herbal infusion on their hands, ears, temples & feet, and wore beak-like masks stuffed with cloths containing this special blend.  The beak is how doctors got the long-lasting nickname “quack”. You may recognize this somewhat terrifying uniform as a scary Halloween costume worn today. Exactly the way you’d want your doctor to dress, right?

Essential oils are something to try in your workspace, perhaps get a bit of disinfectant in the air. If nothing else at least your surroundings will smell cleaner. So as a quick recap, use disinfecting wipes on your computer or phone, boost your immune system with probiotics and try essential oil disinfecting mist to minimize airborne viruses.

Stay safe and stay healthy out there.

 

Don’t fall for the new PayPal text messaging scam
By in

Don’t fall for the new PayPal text messaging scam

The crooks are at it again. This time, they’re tricking to trick people into sharing their personal information and PayPal login credentials in a new text messaging scam.

So here’s how it works – a text message could arrive on your phone that looks like it’s from PayPal and sounds urgent. It may say something like ‘Due to a recent failed payment request your account has been restricted’ or ‘We have detected unusual activity on your account’ and includes a link to a FAKE PayPal website.

The scammers have setup countless fake PayPal websites that look almost exactly like the real thing. The site will ask you to fill in your username and password. After the login credential are entered, you’ll be shown another phishing page that asks for more personal details such as full name, date of birth, address, and phone number. Keep going and the site even asks for your credit card information. Wow these guys are bold!

The Takeaway

Don’t click on any links sent you over text message, especially those claiming to be from a bank or credit card company. Type the company’s website address into your phone or computer’s browser instead.

Be wary of any communication that conveys a sense of urgency – scammers use fear to get people to fall for their schemes.

Stay safe out there.

 

7 Tips from the FBI to keep you safe this Valentine’s Day
By in

7 Tips from the FBI to keep you safe this Valentine’s Day

While Valentine’s Day and other opportunities for romance can be exciting, the FBI has issued a warning, that if you’re not careful, this time of year could lead to heartbreak, embarrassment, and financial loss.

This most recent warning from the FBI reminds us that criminals search dating sites, apps, chat rooms, and other social media networking sites attempting to build “relationships” for the sole purpose of getting money or personally identifiable information from their victims. This type of data harvesting is known as “confidence fraud” and losses for last year alone were in the millions.

So, to protect yourself from becoming a victim, the FBI has released the following 7-tips to help us stay safe:

  1. Only use reputable, nationally-recognized dating websites. While scammers may be using these “name brand” sites as well, large dating sites often have better security in place and can minimize your risk of getting scammed by a criminal.
  2. Research photos and profiles of your prospective partner in other online services and be sure to ask questions. Nobody likes a liar.
  3. Never provide your financial information, loan money, or allow your bank accounts to be used for transfers of funds, period. Let me repeat that. Never provide your financial information, loan money, or allow your bank accounts to be used for transfers of funds, period.
  4. Do not allow attempts from someone online to isolate you from family and friends. Usually your friends and family are the voice of reason. Don’t shut them out.
  5. Don’t just blindly believe wild stories of crazy life circumstances, tragedies, family deaths, injuries, or other hardships. Those tactics are designed by criminals to keep your interest and get worried. Don’t fall for it.
  6. If you are planning to meet the person you met online, meet in a public place and let someone know where you will be and what time you should return home.
  7. If you are traveling to a foreign country to meet someone, check the State Department’s Travel Advisories beforehand (http://travel.state.gov/). Also, provide your itinerary to family and friends and if possible, try not to travel alone.

According to the FBI, victims may be hesitant to report being taken advantage of. After all, it’s embarrassing, so it’s important to remember that romance scams can happen to anyone at any time.

Stay safe out there this Valentine’s Day!

 

Amazon’s Ring smart doorbells hit with lawsuit over camera privacy
By in

Amazon’s Ring smart doorbells hit with lawsuit over camera privacy

Ring security cameras continue to be hacked, leaving its victims, including children, terrified. Now, the company and its parent, Amazon, are facing a lawsuit in federal court.

The two companies are being sued for negligence, invasion of privacy, breach of implied contract, breach of implied warranty and unjust enrichment. According to the lawsuit, which was filed in the U.S. District Court for the Central District of California, the companies have known about the lack of inherent consumer privacy protection of their products for some time now.

According to the lawsuit, Ring does not fulfill its core promise of providing privacy and security for its customers. Hackers routinely terrorize occupants, invade their privacy and undermine their sense of safety and security.

For example, John Baker Orange, the plaintiff who filed the lawsuit, claimed his camera was hacked while his children were playing basketball. The hacker even commented on his kids’ game and even asked the children to move closer to the camera. The lawsuit includes many other claims, including a hacker who communicated with an 8-year-old girl in her bedroom, claiming he was Santa Claus.

The lawsuit states that Amazon and Ring are blaming owners of their cameras for not creating strong passwords. However, Ring has neglected to add basic security measures such as two-factor authentication which is all but expected in this modern Internet age.

The Takeaway

With all of these IoT (internet of things) manufacturers pushing their products out the door as fast as possible, security has unfortunately been something of an afterthought. So, it’s up to you to make sure that the IoT devices you buy are safe. Here’s how:

  1. Always change the default password Often these Internet connected devices are shipped with passwords that are insecure, such as “admin” “password” or just plain blank. Change this first – it’s the primary point of entry.
  2. Update firmwareOften the manufacturer will ship a product knowing that there is a problem with the software and only later fixes the bug with a firmware update. Making sure your devices are updated is one way to minimize your risk of exposure.
  3. Use a unique password for the online portalOften there is a middleman between your devices at home and your mobile device, such as the manufacturer’s website or online portal that connects the two. The password to that online portal should be unique as those portals are targets for hackers and often compromised. You wouldn’t want to use a shared password for an online portal as your email or bank account for instance, so keep it unique so that even if it is compromised, your exposure is limited.

If you believe you have fallen victim to any of these scams, you are encouraged to file a complaint with the Office of the Hawaii Attorney General or with the Federal Trade Commission. We have a complete list of resources, all in one place for you here: https://cylanda.com/how-to-report-fraud/

Stay safe out there.

 

Warning - New study finds Christmas tech toys unsafe for kids
By in

Warning - New study finds Christmas tech toys unsafe for kids

I don’t know about you, but I feel that the best toys are tech toys and we’re not just talking about kids here. But we probably should focus on the kids since the newest and best toys this Christmas are high tech. Sorry moms – Mr. Potato head fell out of fashion about 50 years ago. Unfortunately just recently security researchers tested smart toys from several top brands including Mattel and Spinmaster and discovered that many if not most of these high tech toys that use Bluetooth or WiFi have major security vulnerabilities.

The Takeway

Here’s what you should look out for when shopping or before you open that battery powered who-knows-what your son, daughter, niece or nephew has been begging for:

  1. Some Bluetooth toys allow you to connect to them without a password. Well, think about it, if you can connect without a password, so can anyone else. From there, who knows what they can do with that toy. They could use the toy to control it or spy on you or your kids. Not good. For example, security researchers found that walkie-talkie devices of the same brand as that of the toy could be effortlessly paired and used to communicate with the child, from a distance of up to 450 feet away. 

  2. Another flaw they found was that some toys required logging into certain websites for updates or downloading certain features. But, these websites were missing encryption and consequently exposed account and session data that could being intercepted by almost anyone. Furthermore, these websites often indicated whether a username or email address was already registered. While this sounds harmless, this could allow attackers to launch brute-force attacks to obtain registered usernames and email addresses which could then be used for spam, phishing and malware. Not good.

So what can you do about it?

Let’s be real here. The responsibility of keeping their product safe to use may lie with the manufacturer, but we as parents should check to make sure that the item we are purchasing is actually cyber-safe. A good place to start is to check the manual. Does it have sufficient language indicating the product’s security and privacy? If not, that’s a red flag. Even so, if you have already made your purchase and if you’re worried about security, try being old fashioned and use supervision while your kids are playing with the toy and when they’re done with it, turn it off. In fact, if you’re still nervous about it, go ahead and take out the batteries. Sometimes it’s just not worth the risk.

Stay safe out there.

How to spot the top 3 scams targeting minors
By in

How to spot the top 3 scams targeting minors

It’s a sad fact but scammers target both adults and young people through popular online platforms such as apps, games and popular social networking websites. Youth are particularly attractive targets for scammers as they often have unused Social Security numbers, do not generally check their credit reports, and are used to sharing information online. Scammers may pose as someone else in order to get young online users to involuntarily share personal information, steal their identity and ruin their credit even before they have a chance to make it to adulthood.

If we can help young people recognize these issues now, they can be proactive and protect their personal information, which as we all know may be one of their most valuable assets. Here are the the top 3 scams that target young people so that you can work with your young ones so that they don’t fall for one:

1. Inexpensive/Free Stuff Scam

Many online ads offer cheap or free stuff for sale, such as clothes, sunglasses or handbags. In many cases, these ads are a scam. An unsuspecting young adult may send money but never receive the item or worse, may receive an item of lesser quality. The fake sale may also be an attempt to get personal information, such as user names and passwords, which would allow the scammer to gain access to the victim’s account. It’s very similar to phishing, a topic we’ve covered a number of times. Here’s a recent article about the Venmo scam and College Student scams – they’re all pretty similar. Why? Well, they work – people keep falling for it so scammers will keep using them.

Before purchasing items online, do your research to ensure that the source is legitimate. Scammers often re-post a discount offer that was previously valid but will no longer be accepted by the retailer. Use a search engine to look at customer reviews but beware of websites that post fake reviews to attract more customers. Trust your instincts. If you feel that something seems wrong about the deal, there probably is. Consider only purchasing from established online retailers such as Amazon, Costco, Walmart, etc.

2. Scholarship Scams

Some social media accounts may promise to provide a scholarship, but they’re  actually an attempt to steal your money or your identity. Typically, these scams promise to give scholarships to a certain number of new followers in return for a fee or personal information, such as a Social Security number, bank account information or a credit card number.

Legitimate scholarships do not charge any fees. Avoid sharing your Social Security number, password or any financial information with someone offering a scholarship. None of this information is needed to verify your identity or to “hold” a scholarship. These should all be red flags for online cronies.

3. Account Deletion Scam

Scammers may use messaging services on social media platforms to directly contact other account holders to claim that their account may be deleted or locked if they do not click on a link to update their account. The link may appear legitimate, but when users click it, they are redirected to a website asking for the user’s information, such as passwords, email or physical addresses, or other personally identifying information.

Beware of any message that asks you to click on a link to update your information. If you think you need to update your account, do so through the app settings on your phone or from their website.

The Takeaway

If you believe you have fallen victim to any of these scams, you are encouraged to file a complaint with the Office of the Hawaii Attorney General or with the Federal Trade Commission. We have a complete list of resources, all in one place for you here: https://cylanda.com/how-to-report-fraud/

Stay safe out there.

 

Florida city loses over $500,000 from spear-phishing attack
By in

Florida city loses over $500,000 from spear-phishing attack

The city of Ocala, Florida has become the latest victim of a ‘spear-phishing attack’. Officials revealed that the city lost over $500,000 after sending a payment to a fraudulent bank account.

According to Ocala.com, the city’s website, the incident occurred when a scammer sent a phishing email to a city department employee.

The scammer pretended to be a construction contractor working with the city and sent an email, requesting payment for services via electronic transfer.

While the email was phony, the underlying invoice was legitimate – which was enough to trick the employee.

The employee mistook the email to be legitimate and inadvertently transferred $640,000 to a fraudulent bank account set up by the scammer.

Here’s the thing, the email address used in the attack included an extra letter that is not part of the legitimate contractor’s email. So, it was only one letter off but enough to pass the human firewall test.

Once the city learned of the payment to the fake account, it reported the issue to law enforcement agencies.

About $110,000 was still in the account when law enforcement later tried to access it. So, the scammer collected a just over $500,000.

The Takeaway

Ocala spokesperson Ashley Dobbs confirmed that no information systems were compromised in the incident. Furthermore, Dobbs added that the incident has been isolated and customers’ data is safe. Now let’s be clear, that taxpayer money is straight up gone. What’s the city doing about this? Here’s what they said:

“While we can’t change this outcome, we will continue to update and refine our cybersecurity systems and training to minimize future impacts.”

So, they’re doing exactly what all companies should be doing – cybersecurity training. This is small, short, ongoing micro-training sessions to educate employees on the latest methods criminals use to try and trick them into giving out company data such as employee records and bank account information. As you can see, once that money is gone, it’s gone for good and that could really sink even a medium sized business. At Cylanda, we do this and more, including monthly simulated phishing attacks to keep your employees on their toes. Feel free to reach out if this sounds like something you and your organization could benefit from. We can help.

Stay safe out there.

The Hamburglar is loose on the McDonald's App
By in

The Hamburglar is loose on the McDonald's App

I’m not sure if you’ve noticed but McDonald’s has been doing a lot to modernize their restaurants, including big touch screen kiosks to take orders as well as being able to order and pay for food on a mobile app. But, as you may have guessed, where there’s technology and money involved, there’s sure to be criminal activity.

The so-called “Hamburglar” is at large, hacking customers’ McDonald’s app accounts and ordering food on their dime. Since February over 20 people have reported that fraudsters, we’ll call them “Hamburglars” somehow infiltrated their McDonald’s phone app which was linked to their debit or credit card — and ordered meals for pickup. In one case, more than $2,000 worth of meals was ordered in one day at different McDonald’s restaurants!

But, here’s the problem. When the victims reported the problem to McDonald’s, the fast food retailer acknowledged that there was a problem but downplayed it as a glitch in the system and assured the victims personal information is secure, but just to be safe, that they should change the password on any site that uses the same password as the McDonald’s app. Suspicious, right?
Unfortunately, McDonald’s isn’t issuing refunds, claiming that there’s a middleman processing the payments and that it’s not them and to instead the victims have to take it up with their bank. Victims have reported trying to do this, they’ve reported that it’s a hassle and in some cases they weren’t able to get their money back at all!

The Takeaway

Based on the way McDonald’s is handling this situation, completely disregarding any security problems with their system, making victims take up their problem with their bank, and seeing how obvious it is that that there’s an issue with their App, I’m going to give the McDonald’s app a solid D- score. I wouldn’t recommend using it until they figure this out.

Stay safe out there.

Alert: Phishing scam imitating state agency sent to local businesses
By in

Alert: Phishing scam imitating state agency sent to local businesses

Governer David Ige and the department of commerce and consumer affairs issued an urgent alert to local businesses last week regarding criminals targeting Hawaii businesses with a dangerous phishing scam that could potentially capture and hold a business hostage with ransomware. The Office of Consumer Protection (OCP) has received numerous reports of local businesses receiving emails purportedly coming from the Department of Commerce and Consumer Affairs (DCCA) and OCP. These emails commonly referred to as “email phishing scams” are fraudulent and are an attempt to illegally obtain private information and to place malware on the businesses’ computers.

The fraudulent email attempts to deceive consumers through the inclusion of a DCCA letterhead and uses a spoofed sender email of “[email protected]” The phishing correspondence is as follows:

Dear Business Owner:

We are formally notifying you of a claim submitted against your company with the Office of Consumer Protection.

Your company has a rebuttal period of 7 business days from the receipt of this notice, to respond to the claim. The response must contain a final rebuttal and be no more than 5 pages in totality.

The full compliant [sic] filed as well as the response form and instructions for submitting your response have been attached to this email. Due to the privacy of the claim the file is password protected.

The password is located below. You can download the file at the link below.

Complaint Notification: Click to Download

Password: 56673637

Your reply must be sent to us as instructed within the reply form. If we have not received notification from you within the allotted time the claim will awarded to the party filing the claim and they may take further action if they choose to do so, depending on the severity of the claim.

Waiting for your reply,

Office of Consumer Protection

Anyone receiving this email should not click any links associated with it nor download any attachments. Neither the Department of Commerce and Consumer Affairs nor the Office of Consumer Protection has anything to do with this email. The Office of Consumer Protection never requests a business to download a password protected file through a link, like the one referenced in the email.

Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day—and they’re often successful.

The Takeaway

Do not click on any links listed in the email message, and do not open any attachments contained in a suspicious email.

Do not enter personal information in a pop-up screen. Legitimate companies, agencies, and organizations don’t ask for personal information via pop-up screens.

Install a phishing filter on your email application and also on your web browser. These filters will not keep out all phishing messages, but they will reduce the number of phishing attempts.

If you aren’t 100 percent certain of the sender’s authenticity, don’t click on attachments or embedded links; both are likely to result in malware being installed. Instead, open a new browser window and type the URL directly into the address bar. Often a phishing website will look identical to the original, so check the address bar to confirm the address.

Similarly, never submit confidential information via forms embedded in or attached to email messages. Senders are often able to track all of the information you enter.

Be wary of emails asking for financial information. Emails reminding you to update your account, requesting you to send a wire transfer, or alerting you about a failed transaction are compelling. However, scammers count on the urgency of the message to blind you to the potential for fraud.

Don’t fall for scare tactics. Phishers often try to pressure you into providing sensitive information by threatening to disable an account or delay services until you update certain information. Contact the merchant directly to confirm the authenticity of the request.

Be suspicious of social media invitations from people you don’t know. Phishers rely on your natural curiosity to click on the person’s profile “just to find out who it is.” However, in a phishing email, every link can trigger malware, including links that appear to be images or even legal boilerplate; scammers use your hijacked account to send spam to your friends, because spam from real accounts is more believable than spam from a fake account.

Watch out for generic-looking requests for information. Many phishing emails begin with “Dear Sir/Madam.” Some come from a bank with which you don’t even have an account.

Ignore emails with typos and misspellings. Recent real examples targeting TurboTax include ”Your Change Request is Completeed” and “User Peofile Updates!!!”

Update and maintain effective software to combat phishing. Reliable anti-virus software should also automatically detect and block fake websites, as well as authenticating the major legitimate banking and shopping sites.

Stay safe out there.

New $75 Costco cash card scam
By in

New $75 Costco cash card scam

The Costco Cash Card scam is back. Don’t fall for it!

If something on social media sounds too good to be true, then it may just be a scam. Costco is warning consumers that a $75 coupon being shared on Facebook is actually a hoax. The company is not giving away coupons for purchases at its stores after graphics of fake coupons purporting to be honoring Costco’s 50th anniversary started circulated on Facebook earlier this month.

The hoax resurfaced this month after occurring around the same time last year. The company posted an almost identical message on Facebook in November of 2018 saying it was not giving away $75 coupons and that it was not celebrating its 50th anniversary.

The coupons prompt users to click on a link that will supposedly allow them to collect a $75 deal. The links, which are visible under various URLs, are not affiliated with Costco.

Users are also asked to input information like their name, email address, birthday and phone number as well as fill out a series of surveys.

Some of the coupons also have red flags like grammatical and spelling errors, including “Coupon” being capitalized and ad copy that reads “for it’s anniversary” instead of “for its anniversary.” Spelling and grammatical errors in the advertisements and poor quality images are usually signs of scams. The link also has copy at the bottom that states it has nothing to do with Costco.

Stay safe out there.

Do you have a Yahoo account? You can get up to $358
By in

Do you have a Yahoo account? You can get up to $358

Do you have a Yahoo account? You may bay be able to get up to $358 from their data breach settlement

If you’ve had an active Yahoo account such as Yahoo email, Yahoo Fantasy Sports, Yahoo Finance, Tumblr and Flickr between 2012 and 2016, you can now file to receive up to $358 or two years of free credit monitoring as part of the $117.5 million class-action settlement. Are you wondering how this happened? It’s because Yahoo had multiple data breaches that leaked out your personal information. Those of you affected by the breach may also be eligible for up to $25,000 in reimbursement for out-of-pocket losses suffered due to having your information stolen.

The worst of the breaches happened in 2013 when 3 billion accounts worldwide were hacked. Names, emails, telephone numbers, birth dates, passwords and security questions and answers were accessed by “malicious actors.”

The details about what you can receive in compensation can be confusing, and while the $358 number may sound nice, now it’s pretty unlikely that’s what most people will get.

The Takeaway

Yahoo has encouraged victims of the breach to submit a claim to receive a minimum of two years of future Credit Monitoring Services. Now if you already have a Credit Monitoring Service, you can still sign up for this additional protection although it probably won’t help you all that much.

So here’s an alternative: if you can show that you already have a credit monitoring service that you will keep for at least one year, you can submit a claim for a cash payment. Now here’s where it gets vague. The amount they pay you for the claim may be up to but not exceed $358.80. It’s all going to depend on how many Settlement Class Members participate in the Settlement. In other words, the more people fill out the form on Yahoo’s data breach website requesting money, the less everyone will get.

But if you can prove that the breach affected you personally, you could receive up to $25,000 reimbursement for out-of-pocket costs. That being said, for that kind of money you’re probably going to need to hire an attorney. Either way, you have until July 20th of next year to fill out the form to let Yahoo know that you want to be a part of the settlement. The website is yahoodatabreachsettlement.com. I might recommend filling it out long before the deadline.

Stay safe out there.

Scam caller crackdown continues
By in

Scam caller crackdown continues

Hey guys, have you ever received a scam phone call? Well, if you haven’t then you probably don’t own a phone because I’ll tell you, in the United States we do receive billions of these calls every single year and unfortunately they are hard to stop. In fact, I just got one now while typing!

But, the Feds have recently stepped in. They just shut down three of the big alleged perpetrators based out of New York City and that’s good news because that cut down a little bit of this kind of phone traffic. Unfortunately we are still facing an uphill battle against these perpetrators who are usually hiding their operations overseas. For comparison, in the month of June alone 94 schemes were stopped by the Federal Trade Commission, resulting in a reduction of about 3 billion annoying phone calls. It sounds like a lot, but it’s a small number compared to the estimated 29 billion scam phone calls Americans receive each year, accounting for nearly half of total cell phone calls.

You can probably guess where these calls come from, places like the Philippines, Mexico, Guatemala, Nigeria, India – outside of U.S. jurisdiction which makes them difficult to trace. They’re easy to operate and extremely lucrative and sometimes setting up shop simply means some guys getting together in an apartment with laptops and making millions of calls for practically nothing, using scripts and methods that are easy to find and learn on the Internet.

The Take Away

The good news is that like most things, there’s an “App for that!”

One of the best is called NoMoRobo (short for “no more robocallers”) that automatically blocks telemarketing and scam callers on your cell phone. The App is free and available for Android and Apple devices.

Since it’s so easy and lucrative, phone scammers are not going away any time soon. Use common sense to keep these guys out of your life and bank account. 

Stay safe out there.

Just one of many bizarre Facebook scams out there
By in

Just one of many bizarre Facebook scams out there

 

Hey there, good news! According to the Federal Trade Commission, Americans reported losing only $143 million to shame and romance scams in 2018. Why is this good news you ask? Well, the numbers are down from $211 million in 2017 so the number of victims are dropping. So, as people get more wise, so do the scammers. With this latest bizarre Facebook scam however, it was political. Republican Representative Adam Kinzinger of Illinois, a lieutenant colonel in the Air National Guard is now speaking out, pressuring Facebook to do more to combat fake accounts. Mr. Kinzinger’s has been battling scammers for years as they have frequently used his image in their schemes. This latest scam however is something we can all learn from. Recently Representative Kinzinger had an unusual visitor at his constituent office inside a bus station in Rockford, Ill. A woman from India had flown to meet Mr. Kinzinger, claiming that she had developed a relationship with him on Facebook. She waited in that bus station for two weeks for him to show up, and he never did (because he didn’t know about her!). She was a poor lady too, so it had  taken all of her money to fly from India to Illinois. This episode was just one of many bizarre interactions Mr. Kinzinger has had over the past decade with women around the world who believed they were dating him. After getting fed up, he sent a letter to Mark Zuckerberg, Facebook’s chief executive, requesting more information and action about what the company was doing to prevent such fraud on its sites. Adam Kinzinger said that swindlers have posed as him to dupe women on Facebook and that the company should take steps to stop such scams. He feels that there needs to be accountability for this issue as it can destroy lives. Facebook has an immensely significant role to play in getting this situation under control as there are no signs of it slowing down. In an interview, Mr. Kinzinger said he is in the early stages of preparing legislation that would force social-media companies to do more to fight the problem.

 

The Take Away

Of course I don’t like telling you about a recent security issue without giving you some guidance. So here’s the deal: On-line scammers follow a pretty predictable 3-step process to get you to send them money.

 

Step 1: Get to know you

The first and most important step in the process is for the scammer to get to know their victim. I know this sounds obvious but I can tell you personally, from having interviewed countless people on the air, most people light up when talking about themselves and the kind of things that interest them. Scammers use this fundamental human trait to get people talking about themselves. Victims often don’t receive much attention from others, so you can see how just a little attention can make them easy prey.

 

Step 2: Get you to like them

So, after a victim has been sharing things about themselves, they’re going to naturally like the person listening on the other end of the line. After all, they listened to them. Who else listens to them like this mysterious person on Facebook? Add the fact that these fake profiles are often constructed with glamorous photos, achievements and interests, no wonder the victim is going to like them so much.

 

Step 3: Get you to trust them

Once the scammer has established knowing and liking, the last element is trust. The scammer can send messages personalized to the victim demonstrating empathy, information and guidance that are so enticing that the victim has no choice but to trust the person. Once trust is established, it’s when scammers usually start asking for money from the victim. It can be for school, a sick family member, to pay for an emergency trip, to fix a broken car they need to go to work – whatever they can think of, tailored to the information they have gathered about the victim. They will pull on the victims heart strings. If this sounds like you or someone you know, don’t fall for it. So now you know the secret formula scammers use every day to scam millions of Americans out of their hard earned money.

 

Stay safe out there.
New Venmo text message scam is out to get your money
By in

New Venmo text message scam is out to get your money

If you go out to dinner with friends, there is an app that I’m sure you’ve already heard of – it’s called VenmoVenmo is owned by PayPal and it allows you to send and receive money to others from your smartphone. So for instance, when you’re splitting a dinner bill with others at the table, you can Venmo whoever is paying the check your portion of the bill. It’s a great way to send money back and forth and as you probably guessed, whenever money is involved, scammers are there too. With this latest Venmo scam, here’s how it works:

You may receive a text message claiming to be from Venmo indicating that you’re about to be charged a service fee unless you log into your Venmo account and decline it. At the end of the message is a website url and if you click on it, you’ll be redirected to a very persuasive (but very phony) website that looks just like the real Venmo, same colors and everything else. If you enter your Venmo credentials into that phony website, the scammer will have your username and password that they can use to go into your real Venmo account and steal your money.

The Take Away

So, here’s the thing, Venmo and pretty much every other company on earth will not send you any sort of text message like this. If you do get one, it’s most definitely a scam. If you have received one (for Venmo or not) and want to be extra safe, feel free to contact to the company by phone and speak to a representative. They’ll probably tell you the same thing – that it’s a scam and not to fall for it!

Stay safe out there.

-A

PDF scanner app caught sneaking malware onto phones
By in

PDF scanner app caught sneaking malware onto phones

  If you’ve got a cell phone and frequently use an old scanner to digitally store documents and receipts, you’re missing out on a great opportunity. Smart phone cameras are great at scanning and saving those scraps of paper as pdf’s and it’s very convenient. However, a popular Pdf scanning app called CamScanner for Android devices has been caught sneaking malware onto customer phones and with over 100 million downloads, that’s a lot of people. The trojan, known as Necro.n, most likely snuck its way into the App under the guise of an advertising package and the developers of CamScanner may not have even been aware of the lurking, nasty code. However, users have noticed and posted a number of complaints in the reviews section of the Play store. Similar malware has been found in preinstalled on Chinese-made smartphones and the Necro.n trojan itself doesn’t actually perform any malicious activity on its own, such as spying on you or harvesting contact information. Rather, it’s simply a back door to your device, giving criminals access to your phone so they can do whatever dirty work they please.

The Take Away

I’m a fan of pdf scanning on smartphones – I think that it’s a great use of the device. What I’m not a fan of is no-name App developers worming their way into my phone! So, I recommend using tried and true apps from trusted names. The 2 Apps I recommend are Google Drive and Microsoft OneDrive. Both allow you to scan and crop documents, receipts, business cards, photos, or whatever directly into your cloud storage account. In Google Drive, simply hit the + button and select Scan and from OneDrive, tap the Lens icon in the bottom right hand corner. That’s it – scan away and best of all, it’s free! Stay safe out there. -A