Scam of the day – October 17, 2017 – New report discloses all wifi networks vulnerable to hacking

Yesterday, a Belgian researcher, Mathy Vanhoef made public his discovery from this past summer that the security protocol used to protect most wifi connections is vulnerable to hacking such that data formerly thought to be encrypted and protected could be hacked and that it was also possible for a cybercriminal to inject ransomware and other malware into websites visited through  compromised wifi connections.  If your device supports wifi, it is most likely affected.

The United States Computer Emergency Readiness team issued a warning yesterday that lists all of the systems affected.  Here is a link to that warning.

http://www.kb.cert.org/vuls/id/228519

As is often the case when discoveries of computer vulnerabilities are made, researchers notify the technology companies first to allow them time to come up with patches.  In this case, the technology companies were notified on August 28th about this problem.  Google has indicated that it expects to have a patch available “in the coming weeks.”  Microsoft has said, “we have released a security update to address this issue.  Customers who apply the update, or have automatic updates enabled, will be protected.”

TIPS

This is one instance where things may not be as bad as they initially appear.  Hackers exploiting the vulnerability would need to be physically close to the attacked device to accomplish an attack and connections to secure websites using HTTPS will still be safe.  Online banking and online shopping websites will generally use https technology which you can confirm by looking at the address line for the letter “s” after the initial http in the website address.  In addition, as I have long advised you, if you are going to use public wifi you should use Virtual Private Network (VPN) which is not affected by this vulnerability.

This discovery also emphasizes the importance of having your security patches and updates installed automatically or as soon as they are available.  I will update you on this situation as new information becomes available.

Scam of the day – March 17, 2016 – Political donation scams

The 2016 presidential campaigns are in full swing and scammers are taking advantage of interest in the various candidates by making telephone calls posing as campaign workers seeking political donations from their unsuspecting victims who are lured into providing their credit card information over the phone.  This particular scam can easily seem legitimate.  Caller ID can be tricked through a technique called “spoofing” to make it appear that the call is coming from a candidate and recordings of the candidate can also be used as a part of the scam.  Furthermore, calls from political candidates are exempt even from the federal Do-Not-Call List, so it would be legal for someone to get a call from a political campaign seeking donations.

TIPS

Whenever you receive a telephone call, you can never be sure as to who is really contacting you, so you should never give personal or financial information to anyone over the phone who you have not called.  If you do wish to contribute to a political candidate’s campaign, the best way to do this is by going to the candidate’s official website and make your contribution.  Even then, make sure that when you are giving your donation online that the website address begins with https instead of just http.  Https indicates that your communication is being encrypted for better security.

 

Scam of the day – June 25, 2015 – Online hotel booking scams

Booking a hotel room online for a vacation can be an easy and cost-effective way to start a vacation.  It can also be an easy way to be scammed. It has been estimated that as many as 2.5 million annual hotel bookings end up being scams.  The scam starts when you go online to search for a good deal on a hotel room in a popular vacation location.  Often people start their search using a search engine, such as Google and type in words like “discount hotel in Orlando.”  Merely because a website comes up high in a Google search does not mean that it is legitimate. It only means that the scammer knows how to manipulate the algorithms used by Google to get a good position in a search.  Sometimes the scam website uses the logos of well-known hotel chains although they are not connected to the hotel chain.  When you make a reservation with these scam websites, you run the risk of one of two problems.  The first is that you will end up paying more than you would have at a legitimate website because of hidden charges or second and worst, you many not get anything other than your credit card number stolen and used to make you a victim of identity theft.

So how do you recognize a scam travel website?

TIPS

Probably the best thing to do is to stick with well-established discount travel sites such as Kayak, Expedia, Trivago or Orbitz.  You also may get a good deal by going directly to the website of the hotel chain in which you are interested.  You should also not use your debit card for a reservation.  Using a credit card will make it easier for you to dispute and have removed any fraudulent charges.  Finally, make sure whenever you transmit personal information such as a credit card online that the URL is preceded by “https” rather than just “http.”  The “s” means that your data is being protected by encryption while being transmitted.

Scam of the day – December 1, 2014 – How to protect yourself on CyberMonday

Every year, the number of people shopping online and the money spent through online shopping grows significantly.  And why not?  The convenience alone of being able to shop from the comfort and privacy of your home is reason enough for many of us to shop online and when you couple that with often lower prices and, in many instances, the sales not being subject to sales taxes, online shopping is a winner.  But how safe is it?  We all know from last year’s data breach at Target, how risky shopping in brick and mortar stores is, but shopping online can also be risky.  However, if you follow a few simple rules, you can dramatically improve the safety and security of your online shopping.

TIPS
Here is a list of some online shopping tips:

1. Make sure that the computer, laptop, tablet or smartphone you use is equipped with the anti-virus and anti-malware software programs and that you have updated the programs with the latest security patches.

2.  As with shopping at brick and mortar stores, don’t use a debit card for online purchases, as well.  In the event of a data breach, the consumer protection laws in regard to fraudulent use of your debit card are not as protective as those that apply when your credit card is fraudulently used.

3.  Don’t supply your credit card number unless the address of the website is preceded by the letters “https.”  That additional letter “s” indicates that the transmission of your data is encrypted and secure.

4.  Don’t leave your credit card number on record with the online retailers you use for the sake of convenience.  Doing so only makes you more likely to become a victim of identity theft if the company suffers a data breach (and many of them will).

5.  Don’t click on coupons or ads that you may receive by way of an email or text message regardless of how good they appear.  They may be loaded with malware that will be downloaded on to your computer, tablet or smartphone if you click on the link.  That malware can steal all of your personal information and lead to your becoming a victim of identity theft.  Any legitimate coupon you might receive through an email or a text message will also be available on the website of the company where you want to shop.

6.  Limit your online shopping to companies that you know and trust.  Merely because a company comes up high on a Google search does not mean that the company is legitimate.  Any company offering a price that appears too good to be true, should be particularly suspect.

7.  Use distinct and complex passwords for each online company with which you shop and use dual factor authentication whenever possible.

Scam of the day – October 30, 2014 – Gallup poll shows hacking of retail stores is the crime most feared

A recent Gallup poll shows that the hacking of retail stores and the resulting theft of credit and debit card information is the crime that is feared most by Americans – and with good reason.  Identity theft, including the fraudulent use of credit cards by identity stealing hackers accounts for more dollars lost than all other property crimes combined.  Soon we will be heading into the holiday shopping season when credit card shopping both at brick and mortar stores and online will dramatically increase as will the attempts by hackers to steal credit card and debit card information so it is particularly important for everyone to be vigilant when using their credit and debit cards.  The bad news is that there is nothing that we, as individuals can do to reduce the chances of a major data breach at large and small retailers with which we do business, however, the good news is that there is a lot we can do to minimize our exposure.

TIPS

First and foremost, do not use your debit card for any purchases.  Limit its use to ATMs.  The consumer protection laws regarding fraudulent debit card use are not as strong as the laws pertaining to fraudulent use of credit cards.  Potentially, you could lose the entire bank account tied to your debit card if you are not carefully monitoring its use.  In addition, even if you do notify your bank immediately upon promptly noticing fraudulent use of your debit card, your access to your bank account will be frozen while your bank investigates the crime.

Also, when shopping in brick and mortar stores, you may wish to patronize those stores, such as Wall Mart which are ahead of the pack when it comes to transitioning from the old magnetic strip credit cards to the new smart cards with computer chips that would eliminate the risk of your credit card number being captured by a hacker and used for fraudulent purchases.  You also may wish to consider using the new Apple iPay system which also provides greater protection from hackers.

When shopping on line, limit your shopping to the websites of stores that you know are legitimate and make sure that your communications with the website including the providing of your credit card number is encrypted. You can confirm this by looking at the website address and making sure that it begins with “https” rather than merely “http.”  It is important to note that even if you are using a smart card with a computer chip you are not protected from hackers when shopping online because in this instance you are not generating a new number each time you shop.

As we get closer to the holiday season, I will providing you with more tips to avoid holiday scams and identity theft schemes.

Scam of the day – August 4, 2014 – Instagram hacking threat

Instagram is a great app for sharing photographs and videos, however, it has recently been discovered that it can be easily hacked when it is used with public WiFi.  The core of the problem is that Instagram accounts do not communicate over an encrypted program.  An easy way to see if you are communicating by way of an encrypted program is to look at the web address and see if it starts with “https.”  If it starts with “http” without the “s,” your communication is not being encrypted and is not protected.  Hackers can obtain personal information such as your username, password and photos by hacking into public WiFi, which is easily done.  Perhaps the most disturbing part of the recent revelation that this security flaw exists is that  Facebook, the owner of Instagram has been aware of this problem for two years.  Facebook officials say that they are still working on moving to “https,” but frankly this process should not take this long.

TIPS

Never communicate anything of importance online unless the data is encrypted.  Look for the “https” when communicating with any website with which you are sending personal information, particularly financial information such as a credit card.  You should avoid using Public WiFi for anything of a confidential nature since you cannot be sure if you are using the real Public WiFi or one that is set up by a hacker sitting close by who is capturing all of your data.  In addition, even if you are using the real Public WiFi, that system is easily hacked so, unless your communications are encrypted, you are in danger of identity theft.

Scam of the day – April 10, 2014 – Serious security danger on the Internet of Heartbleed

The term “Heartbleed” sounds serious and it is.  Heartbleed is the name of the recently discovered security flaw in the Open SSL encryption security technology that is used by up to 2/3 of websites on the Internet.  An indication that the website you are communicating with uses Open SSL is the presence of the tiny padlock icon next to the website address.  Another indication of the use of Open SSL being used is the letter “s” appearing after the initial “http” at the beginning of a website address.  The padlock and the “s” indicated to people communicating with websites that your communications were encrypted and safe from hackers.  Now we have discovered that this encryption technology had been cracked by attackers as long as two years ago.  This means that your communications online with your bank and retailers may have been compromised.  Many websites that have used the Open SSL encryption technology including Amazon and Facebook have fixed the problem or are working on it.  There are patches available.

TIPS

The first thing that you should do is to change your passwords at websites you have used that utilized the Open SSL encryption because your password may be in the possession of hackers.   However, do not change your password until you have confirmed with the Website that it has patched the security flaw.   Heartbleed is a good reminder to us all that we should change our passwords on a regular basis as well as have different passwords for every website where we use a password so that if one gets hacked, identity thieves would not have the passwords for all of our other accounts.  It doesn’t have to be a difficult task as just adding or changing a letter or two can do the trick if you have a good, complex password with letters both capital and small as well as figures and signs.  Also, again as we all should be doing, monitor all of your accounts regularly for evidence of fraudulent use.

Here is a helpful link you can go to in order to check and see if the websites you go to were among those affected by Heartbleed.  One word of caution, this is not guaranteed by its creator to be 100% accurate: http://filippo.io/Heartbleed/

For people who have websites that use Open SSL, here is a link to the notice from the Department of Homeland Security with the links to rectify the situation.https://www.us-cert.gov/ncas/alerts/TA14-098A

Scam of the day – November 15, 2012 – Twilight movie Facebook scam

The next movie installment in the popular “Twilight” series is tomorrow and already the scammers are taking advantage of the buzz surrounding the movie.  Messages are appearing on Facebook pages saying “To celebrate we’re giving away FREE Twilight Vampire contacts.”  Thousands upon thousands of people have already fallen for this scam in its first couple of days.  In fact, you won’t get tinted contact lenses if you click on the link.  If you do click on the link you are required to click on “like” and share the scam Facebook post thereby unknowingly snaring your friends into the scam. The next step is to click on a “consumer reward” link that in turn lead you to phony information forms that you must complete to get the free contact lenses that never come.  You keep being sent to fill out one form after another with the promise of free tickets to go with the free lenses.  Unfortunately, not only do you not get any free Twilight stuff, but you end up providing personal information that can lead to your becoming a victim of identity theft.

TIPS

Never trust posts on your Facebook page even if they come from your friends because you can never be sure that they are really coming from your friends and not from a scammer who has hacked your friend’s Facebook account.  Never provide personal information online unless you know both that the entity requesting it is legitimate, needs that information and that the website is secure.  One thing that is important in determining the security of the website can be ascertained by looking at the website address and making sure that it starts with “https” rather than “http.”  The extra “s” means that its data is encrypted.  A little common sense goes a long way.  Anything that is attractive and free should be suspect and if that same offer also requires personal information about you, the chances are it is a scam.