Scam of the day – July 26, 2017 – Staying safe on your phone while on vacation

As the great song from Porgy and Bess proclaims, “summertime and the living is easy.”  Many people take vacations to take a break from the responsibilities of work and running a household, however few of us seem to want to take a break from being connected to the world through our cellphones and that poses a particular threat to our security when we use public Wi-Fi in coffee shops, airports, hotels and other places while on vacation.  Whenever you use public Wi-Fi, there are two problems.  First, you can’t be sure that you are actually using the public Wi-Fi and not a phony Wi-Fi readily set up by a hacker sitting near you who is stealing your information and second, someone may be able to hack into your device while you are on the legitimate public Wi-Fi.

TIPS

Whatever electronic device you are using to connect to a Wi-Fi network, whether it is a computer, laptop, tablet or smartphone should be equipped with up to date security software.  In addition, you should have encryption software so that your communications are encoded.  You also should go to your settings and turn off sharing.  In addition, you should make sure that your firewall is current and turned on.  Finally, and perhaps most importantly, you should consider using a Virtual Private Network (VPN) which enables you to send your communications through a separate and secure private network even while you are on a public network.  Here is a link to an article that lists ten good VPNs that you can get for free.  http://www.techradar.com/news/the-best-free-vpn

Scam of the day – Mary 19, 2017 – WiFi networks at Mar-a-Lago vulnerable

A recent report by ProPublica and Gizmodo has found security vulnerabilities in the WiFi networks at Mar-a-Lago, the resort often visited by President Trump as well as a number of other Trump destinations including the Trump National Golf Club in New Jersey, Trump International Hotel in Washington D.C. and Trump National Golf Club in Virginia.  According to the report, “Our inspections found weak and open WiFi networks, wireless printers without passwords, servers with outdated and vulnerable software and unencrypted login pages to back-end databases containing sensitive information.”  As would be expected the White House is not commenting on this report other than to indicate that these locations follow cybersecurity best practices.  However, the important lesson to us all is to remind us that public WiFi is never secure. However, with some precautions it can be made safer.

TIPS

Whatever electronic device you are using to connect to a WiFi network, whether it is a computer, laptop, tablet or smartphone should be equipped with security software.  In addition, you should use encryption software so that your communications are encoded.  You also should go to your settings and turn off sharing.  In addition, you should make sure that your firewall is current and turned on.  Finally, and perhaps most importantly, you should consider using a Virtual Private Network (VPN) which enables you to send your communications through a separate and secure private network even while you are on a public network.

Scam of the day – April 3, 2017 – Scary email scam

Scammers are always finding ways to take what is in the news and make it the basis of a scam.  The reasons for doing so are obvious.  If you are aware or even concerned about something in the news, you are more likely to fall victim to a scam related to that newsworthy matter.  Such is the case now with a scam related to the recent Congressional passage of a bill that would overturn  Internet Service Provider privacy regulations enacted last year.  With the imminent overturning of these regulations, Internet Service Providers will be able without your specific knowledge to maintain records of everything you do online and sell that information to companies who may wish to use that information.  In its more benign form, you may find yourself receiving online advertisements for products that you may have searched for online, however, the threat to your privacy presented by the rescinding of the previously enacted privacy protection regulations cannot be overstated.

Now scammers are taking advantage of this concern and are sending out carefully crafted spear phishing emails directed to you personally by name that indicate that you have been found to have committed fraudulent conduct online by a company monitoring your online usage and that the information is going to be sent to law enforcement.  The email purports to provide the incriminating evidence in an attachment for you to see.  It is easy to imagine how someone confronted with such an email would immediately download the attachment to find out details. Unfortunately, anyone downloading the attachment would only succeed in downloading keystroke logging malware that would enable the scammer to steal all of the information in your computer and use it to make you a victim of identity theft.

TIPS

Never click on links in emails or download attachments unless you have absolutely confirmed that they are legitimate.  In this instance, a little research would have shown that the email was a scam.

It is also important to remember that the privacy regulations recently rescinded only related to Internet Service Providers.  Companies like Google, Facebook and Amazon have been gathering and selling information about you for a long time.  Unknown to many people, every time you click “like” on Facebook, that information is stored and used by Facebook.

For enhanced privacy online you should go to Facebook,  YouTube, Google and every other website you use and see what privacy rights you have and how you can set your preferences to a level with which you would be comfortable.

You also should consider using a Virtual Private Network while doing online browsing.  This will enable you to maintain your anonymity online. Here is a link to information about some free VPNs.  http://top5-vpn.com/free-vpn-services/

Scam of the day – July 26, 2016 – Real estate closing scam

On January 20th’s Scam of the day, I first told you about an intricate email scam targeting people involved in the sales of residential real estate that has increased over the past year both in the United States and the UK.  I mention it again today because of recent reports of this scam occurring in the small town of Dewey Oklahoma where Lacey Monday became a victim of the scam.  The scam begins with the hacking into the email account of one of the parties involved with a residential real estate conveyance.  This can be either the buyer, seller, lawyers, title company, real estate agent or banker.  In Lacey Monday’s case it was her title company whose email was hacked.  Unfortunately, hacking into email accounts is a relatively easy thing for a skilled identity thief to do.  The hackers then monitor the communications regarding the progress of the sale of a particular piece of real estate and when the time is right,  generally posing as one of the lawyers, title company or bank mortgage officer, the scammer will email the buyer, telling him or her that funds necessary to complete the sale need to be wired to the phony lawyer’s, title company’s or banker’s account provided in the email.  Everything appears normal so unsuspecting buyers too often are wiring the money to the cyberthieves who then move the funds from account to account to make it difficult to trace the funds.  In Lacey Monday’s case, she lost $25,000 to this scam.  The fact that this scam can occur in small towns as well as large cities show how these types of scams are a threat to you regardless of where you live.

TIPS

Even if you are not involved in buying or selling a home, it is always a good idea to protect your email account from being hacked.  This means having a strong password and security question.  You can find information about how to pick strong passwords and security questions here in the Scamicide archives as well as in my book “Identity Theft Alert.”  Maintain good anti-virus and anti-malware software on all of your electronic devices including your computer as well as your smartphone and keep your security software up to date with the latest security patches as soon as they are made available.  Don’t click on links in emails or text messages that may contain malware that can steal your personal information from your electronic devices and remember, your security software is always at least thirty days behind the latest malware.

Don’t use public wifi for any financial or business purposes.  Use a virtual private network to encrypt your data when using your electronic devices in public.  Never provide personal information in response to an email regardless of how legitimate it may appear until you have independently confirmed that the email is legitimate.  Finally, whenever you are asked through an email or text message to wire funds as a part of a real estate or other business transaction, don’t do so until you have confirmed that the request and the account to which you are being asked to wire the funds are legitimate.  Appearances can be deceiving so always confirm.  It may seem a bit paranoid, but remember, even paranoids have enemies.

Scam of the day – February 27, 2016 – Dangers of public Wi-Fi

Recently, USA Today journalist Steven Petrow wrote about his using in-flight Wi-Fi to send emails while flying on an American Airlines flight. Upon landing, Petrow was approached by one of the other passengers who informed him that during the flight he had hacked into Petrow’s laptop as he had done to other passengers as well.  The hacker proved his assertion by recounting to Petrow the contents of the emails he sent and received. The lesson here is one that too many of us forget, namely that public Wi-Fi is not secure.  However, with some precautions it can be made safer.

TIPS

Whatever electronic device you are using to connect to a Wi-Fi network, whether it is a computer, laptop, tablet or smartphone should be equipped with security software.  In addition, you should have encryption software so that your communications are encoded.  You also should go to your settings and turn off sharing.  In addition, you should make sure that your firewall is current and turned on.  Finally, and perhaps most importantly, you should consider using a Virtual Private Network (VPN) which enables you to send your communications through a separate and secure private network even while you are on a public network.  A good VPN that you can use for free is CyberGhost which you can get by clicking on this link.  http://www.cyberghostvpn.com/en_us

Scam of the day – January 26, 2015 – 7 Year old child hacks into public WiFi in under 11 minutes

The famous comic, Groucho Marx once remarked that a four year old child could understand a report he started to look at, but as he read further and found he couldn’t understand it, he said, “run out and find me  four year old child.”  Well, Betsy Davis isn’t four.  She is seven, but it is still pretty impressive that a computer savvy seven year old could find the instructional information she needed to hack into a Wi-Fi system and then hack into a public Wi-Fi system all in a mere ten minutes and fifty-four seconds.  Fortunately, Betsy is not a criminal hacker, but was enlisted as a part of a security experiment to see how easy it was to hack into a public Wi-Fi network and steal information from people using the network.  All of this begs the question as to how safe are you when you use public Wi-Fi?  The bad news is that most people are not pretty safe.  The good news is that by following a few precautions, you can enhance your safety significantly.

TIPS

Whatever electronic device you are using connect to a Wi-Fi network, whether it is a computer, laptop, tablet or smartphone should be equipped with security software.  In addition, you should have encryption software so that your communications are encoded.  You also should go to your settings and turn off sharing.  In addition, you should make sure that your firewall is current and turned on.  Finally, you may wish to consider using a Virtual Private Network (VPN) which enables you to send your communications through a separate and secure private network while you are on a public network.  A good VPN that you can use for free is CyberGhost which you can go to by clicking on this link.  http://www.cyberghostvpn.com/en_us

Scam of the day – November 28, 2014 – Hotel Wifi threat

A targeted threat against high level government and business leaders while staying in upscale hotels was exposed by security company Kaspersky Lab recently.  The attack starts with a breach of the particular hotel’s Wifi network and the installation of malware even before the targeted guest arrives at the hotel.  When the hotel guest connects to the hotel’s Wifi system by logging in using his last name and room number, the hackers are alerted and then send a pop-up alert regarding a necessary software update that needs to be clicked on and downloaded.   The pop-up looks legitimate.  In this particular group of targeted attacks, which Kaspersky has deemed “Darkhotel” the pop-up was for an update to Adobe Flash player, although it could be an update for any other program.  The pop-up of course is phony and when the unwary victim clicks on the link, he downloads malware that enables the hacker to steal information from the victim’s laptop or other device.  In this case, the information sought is for corporate espionage, but others using the same tactic could just as well use the technique to gather personal information for purposes of identity theft.

TIPS

You can never be sure of the security of Wifi whether it is at a coffee shop or a hotel.  A good option is to use a Virtual Private Network (VPN) to get an encrypted communication mode whenever you use Wifi.  It is important to be skeptical of any prompt to click on anything when you are on Wifi or anywhere else for that matter.  Don’t click on links in emails, text messages or pop-ups unless you have confirmed that they are legitimate.  In the case of software updates, it is a simple matter to check with the particular company at its website rather than click on a pop-up if you want to make sure that the update is legitimate.  Even if an update is being offered by the company, you are better off accessing it through their website rather than a pop-up which may be just a counterfeit pop-up sent to you by an identity thief.