RANSOMWARE-Always Update & Backup Your Devices

In May, two world-wide Ransomware attacks infected 200,000 computers in over 150 countries. This was a problem that should never have even happened at all. So, how did it happen? Ransomeware Screenshot

The infected computers were not ‘updated’ quickly enough. Both strains of Ransomware, known as “Petya” and “WannaCry”, were developed to take advantage of a Microsoft Windows Operating System flaw. A timely update would have easily patched this vulnerability.

In fact, Microsoft had already issued a patch to eliminate this flaw. But only those who timely updated their devices, as soon as the security patch became available, were safe. The lesson learned here is to always, always keep your devices updated. All your devices should be set to automatically do these updates, as soon as they become available.

Additionally, many of the infected computers were using outdated operating systems. Microsoft no longer issues security patches or updates for Windows XP, Vista and Windows Server 2003. If you are still using an outdated operating system, it is imperative that you upgrade to a newer one, so your computer is protected from dangerous exploits.

Go here for Microsoft’s free security updates for older operating systems: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

TIPS TO AVOID FALLING VICTIM:

First: Ransomware is easily spread via phishing emails. Phishing emails include an urgent link or an attachment. Unsuspecting victims are lured into clicking on or opening them. Never click on links or open an attachment in an email or text message, unless you are 110% sure it’s safe to do so! You must always first verify that the email or text message is legitimate.

Second: To help prevent losing your files from Ransomware, you must regularly back up your files, either in the cloud or copy important files to a separate external hard drive or flash drive that is not connected to your device.

Third: You should never pay the ransom! There is no guarantee that you will ever get your files back by simply paying the ransom! In fact, paying the ransom simply puts you on a “Sucker List”.

Here is a great resource website: https://www.nomoreransom/org/  The website provides free decryption tools that have proven to be effective against many, but not all, strains of Ransomware.

 

Verizon Data Breach

Verizon Logo

This most recent Verizon Data Breach affected between 6 to 14 million of its customers. The compromised data included names, addresses, email addresses and PINS. Fortunately, only those who called customer support in the past six months were affected.

How It Happened:

The privacy of your personal data is only as good as the company that is responsible to protect it. In this most recent Verizon Data Breach, the culprit was a third party vendor, Nice Systems, who handles their customer service. Customer data was inadvertently stored in a misconfigured security setting. It was available on a cloud storage area – that anyone could access.

What You Should Know:

The worst thing about this breach is that PIN numbers were compromised. Armed with a PIN number, a hacker can easily gain access to a customer’s account. As a result, a miscreant can change the password and other settings in the breached account. They would also likely cut off access to the real account holder.

Furthermore, just like passwords, people tend to use the same PIN number for more than one account. Consequently, anytime the same PIN number is used on another account, those accounts could also become compromised.

TIPS – If you were affected by this Verizon Data Breach…

First: Immediately change your PIN number on your Verizon account.

Second: If you used the same PIN number on any other account, change it and be sure to assign a unique different PIN number for each of them.

Third: Watch out for emails, that although they may appear to be originating from Verizon. They may be fake emails that Phish for further information about you. Many of these emails contain a link that you are enticed to click on. Always ignore and delete any emails with seemingly urgent messages – that lure you into clicking on a link. Always remember, that no legitimate company will provide a link that asks for personal information in an email.

Warning: Never click on any links in unsolicited emails, unless you are 110% sure the email is legitimate. Always verify, verify, verify.

CHECK SCAM – Know the Warning Signs

Signs of a Check Scam –You receive a Cashier’s check that the sender asks you to deposit and wire most of the money back. Just keep a small portion of the money for yourself – as “Payment” for helping them out. In fact, the check will be 100% counterfeit and you’ll be out any money you wire back.

In the Check Scam the ‘pitch’ usually stays the same, but the scenarios of the scam appears in these typical disguises:

  • You’re overpaid for an item you sold on the internet and are asked to wire-transfer back the extra dollars.
  • You receive a notification that you’ve won a foreign lottery or sweepstakes. The scammer sends you a partial-payment of your winnings and tells you to deposit it and wire-transfer back a percentage of the money back to them to “cover the taxes owed”. Then, “you’ll receive the balance of your winnings, once they receive the tax money you wired”.
  • You apply for and are hired for a work-at-home job that promises you that “in return for depositing their check, you can keep a percentage of the money, but you need to wire the rest of it back to them”.

Regardless of the ‘pitch’ the result of a check scam is the same. The check you received for deposit – is a fake. Eventually, it will be returned by the bank “Unpaid” and the full amount will be deducted from your account. You will be out the money you wired because once you wire money, you can never get it back!

You are responsible for any check you deposit to your account. So, you are fully responsible for the loss, even though you were a victim of this scam!

Why? Federal law requires banks to make deposited funds available within 1-5 business days. Just because you withdraw cash from your account, after making the deposit, doesn’t mean the item you deposited is valid.

It can be weeks later before a check is discovered to be counterfeit. Bank employees are unable to immediately determine whether an item you deposited is invalid.

If you believe you’ve been a victimized by a Check Scam, report it immediately to your Postal Inspection office by calling 877-876-2455 or by visiting their website at https://postalinspectors.uspis.gov/

 

MEDICARE CARD SCAMS

Finally, there is a new law that requires Medicare to start using a unique randomly assigned 11 digit ID number on their cards and begin phasing out the use of social security numbers. Medicare Card Scams will be in full swing. Be aware that Scammers, of course, are already taking advantage of the confusion about this transition to the new numbers. Scam Warning Sign

Scammers are now beginning to call Medicare recipients, posing as Medicare employees and telling them they’re required to register over the phone, if they want to receive their new cards. Recipients are told that they will lose their benefits if they don’t register. The caller then asks for their medical ID number, which the scammer knows full well, is the recipient’s social security number. Once the scammer is given the social security number, the recipient will likely become a victim of identity theft.

In another variation of this scam, intended victims are told that they need to pay a fee for the new card and are asked to pay for it with a credit card or pay by giving the caller their checking account number.

The truth is that is there is nothing you need to do to receive your new card with the new number. You will not need to register or pay for the new cards. So anyone telling you that this is a requirement is a fraudster. Do not provide your ID number, bank account or credit card to anyone who calls you claiming to be from Medicare!

So be on the lookout for Medicare Imposters calling or emailing you about the new cards. Employees from the Centers for Medicare, do NOT contact you in this way.