ANTI-ROBOCALL BILL

Finally, an Anti-Robocall Bill

As we celebrate the New Year, we can add another thing that is cause for celebration. Last Thursday, lawmakers passed the Anti-Robocall Bill!  It now awaits the President’s signature to become law.

“The U.S. Senate today sent Americans a holiday gift on everyone’s list: stopping the plague of robocalls,” said Sen. Ed Markey, a Massachusetts Democrat who introduced the legislation with Sen. John Thune, a South Dakota Republican.

All I can say is: Its About Time!!!

Americans received a staggering amount of robocalls in 2019. There were 49 billion calls placed. More robocalls have been placed in the first 10 months of 2019, than in all of 2018!

Anti-Robocall Bill

It’s been a five year battle to take back our phones from these incessant robocallers. The new law will hopefully put a larger dent in the number of calls received. It will decrease millions of ‘spoofed’ robocalls and crack down on spammers who intentionally violate the rules against calling us.

The organization, Consumer Reports (read more here) played a big role in the movement to make the Anti-Robocall Bill finally become a reality. They were instrumental in rallying millions of consumers to send emails, sign petitions, initiated letter writing campaigns and they even held a consumer lobby day.

Consumer Reports Anti-Robocalls Bills

GOOD NEWS & BAD NEWS

The Good News: The bill will make it easier for consumers to identity robocalls using a number-authentication system. The Bad News: It will still take awhile for the number of intrusive calls to decline.

The Anti-Robocall bill requires all telephone systems in the U.S implement a coordinated authentication methodology to improve the accuracy of the caller-ID displayed on our phones. In other words, the bill requires phone companies to offer free call-blocking apps that will verify that the number calling you is real. That’s been an issue, because fraudsters now use fake ‘spoofed’ numbers to look as though they’re coming from the IRS or others to trick you.

Robocaller
DON’T ANSWER IT! SEND IT TO VOICEMAIL

The Federal Communications Commission (FCC) said that phone companies can now block unwanted calls without getting customers’ permission first, which could help increase the use of phone-blocking apps. The agency has said it expected the deployment of a new phone-number system to begin this year. Many major phone companies have already begun rolling it out, but to work well, all carriers must adopt it.

The Anti-Robocall bill also strengthens enforcement tools against robocallers, by giving the FCC more opportunities to fine them. It also brings together different government agencies and state attorneys general to help combat the problem.

The phone industry trade group, USTelecom, applauded the bill’s passage, saying it “will supercharge” the fight against robocallers.

I have written prior articles about Robocalls that you can read here and another one here.  My advice is simple. Never believe what you see on your caller-ID, only answer calls from numbers you recognize, hang up on robocalls or let them go to voicemail.

Wishing a Happy 2020 to all my readers.

ROBOCALLS AND PHONE SCAMS

The US Senate and the FCC has finally taken up the battle against Robocalls and Phone Scams. This federal intervention should provide much needed relief to consumers. Estimates of robocalls and phone scams have grown from 29% of all calls in 2018 to as much as 45% of all phone calls in 2019.

THE TRACED ACT

In May the US Senate approved the Telephone Robocall Abuse Criminal Enforcement and Deterrance (TRACED) Act by a 97-1 vote.  Don’t you just love how they come up with these nifty names?  Also, I wonder which Senator was the only one who didn’t think this legislation should be passed. The TRACED Act grants the Federal Communications Commission (FCC) stepped-up enforcement power to levy heavy penalties and fines against violators.

Additionally, the FCC voted unanimously to finally grant telecommunications companies the authority to use technology to proactively identify and block Robocallers.  A summit was held in July with carriers to identify a framework for implementing these new guidelines. The FCC says it is committed to pursuing “aggressive enforcement action” against Robocallers.

Robocalls and Phone Scams
STOP CALLING ME!!!

MOST ALL ROBOCALLS ARE ILLEGAL

Robocallers often place their calls using internet technology that hides their location. When these calls come in, your Caller ID usually displays a “spoofed” (fake) phone number. Tens of millions of these calls are blasted out each day. Most robocalls and phone scams are automated voice messages.

Industry stakeholders are working to implement a caller ID authentication system. Once implemented, it should help the accuracy of caller ID information and help consumers determine which calls are authenticated.

EXAMPLES OF 2 NEW ROBOCALL TACTICS

‘Neighborhood Spoofing’ and the ‘One Ring Scam’ are two of the newest tactics being used to get you to pick up or call back. Neighborhood Spoofing is when a fraudster alters their phone # to look like a phone number with the same area code as yours. The One Ring Scam involves a Robocaller hanging up after only one phone ring, hoping you’ll be curious enough to call back.

THWART ROBOCALLS AND PHONE SCAMS

  • Don’t Engage: Don’t pick up if it’s a number you don’t recognize. Let it go to voicemail.
  • Don’t Answer: Don’t pick up or return any calls you don’t recognize
  • Don’t Encourage Them: If you are instructed to press a “key” to be taken off their list or to speak to an operator you are, in essence, logging your number as a working number. You will be targeted for even more annoying calls. Hang up without pressing any keys!
  • Block Them: Block Robocall phone numbers on your phone, but realize that telemarketers change phone numbers often.
  • Use Technology: Use call blocking options for your cellphone
  • List: Add your number on the Do Not Call Registry  If your number is already registered and you still get unwanted calls, report them  to help expose and catch these fraudulent callers.
  • Forward: SPAM text messages to 7726 (or SPAM)
  • Report: File a Complaint to help investigators detect and track patterns in Robocalls. Call the Federal Trade Commission at 888-382-1222.

Read my prior article about Robocalls here.

FCC Consumer Resources

PUBLIC WIFI IS NOTORIOUSLY RISKY

Public WiFi is Notoriously Risky!

If you intend to bring your internet devices with you when you travel, you must consider the inherent dangers of Public WiFi.

Public Wi-Fi Is Not Safe
Public Wi-Fi You Must Protect Your Data

Pubic WiFi is Not a Private Secure Internet Connection

Therefore anyone can access the network and anyone can eavesdrop on what’s being transmitted via Public WiFi. People tend to let their guard down while traveling. Security is put on the back burner and we tend to do things that increase our chances of getting hacked.

According to a survey conducted by Morning Consult for IBM Security, 70% of travelers take unnecessary risks while on the road. They connect to public WiFi, charge a device on a public USB station, or enable auto-connect on their wireless devices.

Hackers Set Up Fake Public WiFi Hot Spots

A skilled Hacker will typically give their fake WiFi Network a name that’s similar to an authentic connection. If it’s a hotel, they will choose a name with the hotel’s name in it or if it’s the airport, they will choose a network name that includes the airport’s name or the name of the airlines. The same goes for coffee shops or other internet hubs.

If you are inadvertently fooled by a hacker’s fake WiFi Network, you’re now giving that network permission to start taking data off your device. Furthermore, if your device is set to auto-connect, you might be leaking your personal data and not even know it.

You can’t eliminate all digital threats when you’re on vacation, but you can significantly reduce your chances of having a problem by following these tips.

TIPS TO KEEP YOU SAFE

  • Any device you use, outside your own home network, including your smartphone, laptop or tablet should have a VPN (Virtual Private Network) installed. A VPN encrypts the data leaving your device.
  • Before turning the VPN on, be sure to shut off WiFi and close all apps. After connecting to Wi-Fi, via your VPN, it’s safe to open up any app.
  • Never have your devices set to auto-connect. If your device automatically connects to a free WiFi Hotspot, your device is vulnerable to hacking.
  • Keep the WiFi on your smartphone turned off until you need it. Cellphone data is encrypted when it travels via your phone’s mobile network.
  • Never bring your business laptop with you when on vacation. Bring a spare one that has no corporate data on it. If you need to access corporate data or your company email, do it through the cloud.

Remember, we’re more vulnerable to digital security intrusions when we travel. Don’t opt for convenience over security.

Here is the link to the IBM Survey

Read a previous article of mine about how to keep your online data safe

 

VOICE ACTIVATED ASSISTANTS

VOICE ACTIVATED ASSISTANTS POSE PRIVACY CONCERNS

Voice Activated Assistants, aka Digital Assistants, like “Alexa” and “OK Google” have become very popular. Over 20 million homes already have a voice activated assistant installed in their homes.

These digital assistants may be the latest rave in cool technology, but the devices have created new privacy concerns and security vulnerabilities. They could potentially expose personal data like your bank account info and your contact list. So, while it may be fun to own one, be aware that voice activated assistants pose a risk, if a cyber-criminal is able to hack into it.

The digital security firm Symantec released a report about voice activated assistants. The report states that “The range of activities that can be carried out by these speakers, means that a hacker or even a mischief-minded friend could create havoc, if they were able to gain access”.

Voice Activated Assistants
THEY’RE LISTENING!

WHY? IT’S ALWAYS LISTENING!

The user must first use a wake-up command such as “Alexa” or “OK Google” to activate the digital assistant. Therefore, the device must always be listening, waiting to be activated by that command. This can cause unintentional or accidental triggering. Even a radio, TV or streaming video, playing in the background, might inadvertently set it off.

Once the device is awake, it will record what is said and then sends that recording to a server, where it is stored. However, you do have the option to listen back to these recordings and delete them if you wish.

Symantec’s threat researcher sees a potential danger from these ‘always listening’ digital assistants. He states, “Someone could hack into these devices remotely and then turn them into a listening device”. “Some of them even come with cameras, so they can also see what you are doing”.

Pam Dixon, executive director of the World Privacy Forum, cautions against allowing your digital assistants to store passwords, your contact info or credit card data. Additional dangers include the fact that the device may come with a purchasing option, which is usually turned ON by default. You should set a security PIN or disable the feature.

CRIMINALS CAN TAKE CONTROL

Voice Activated Assistants are designed to be hubs that can control other devices or appliances in your home. These other external devices are referred to as the “Internet of Things” (IoT). Gadgets like lights, cameras, thermostats, coffee makers, alarm systems and door locks are all part of the Internet of Things.

Be aware that the convenience of these IoTs, may create new vulnerabilities. For example: if you connect your door locks or alarm system to your digital hub, then a burglar could command your digital assistant to “open the door and turn off the alarm”.  Additionally, any device connected to the internet is vulnerable to Malware. Always be sure to change the default password and assign a stealth password to each of them.

TIPS TO KEEP YOU SAFE

  • Be careful which accounts you connect. Don’t connect things you don’t need to use, like your address book or calendar.
  • Always use long strong passwords and enable 2-step authentication if it’s available. Remember that anyone with access to your account can listen in remotely, play back recordings, change settings and access personal information.
  • Be sure that your voice activated assistant is linked to your private home or office Wi-Fi network. Password protect your Router.
  • Devices made by Amazon and Google both offer voice recognition, so use that feature. But realize it’s not foolproof.
  • Remember to put the device on Mute when you go on vacation.

To learn more about the danger posed by these gadgets, read my prior article about the Internet of Things.

Apple iPhone Scam – Very Convincing

I did not write this article, but I copied the important main parts of it here. It was written by Brian Krebs who is a security news and investigator. His website is called KrebsonSecurity.  Here is the link to his original article:  https://krebsonsecurity.com/2019/01/apple-phone-phishing-scams-getting-better/

I thought it was important enough to alert you to this new Apple iPhone scam – Read on…

Apple Phone Phishing Scams Getting Better

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.

Jody Westby is the CEO of Global Cyber Risk LLC, a security consulting firm based in Washington, D.C. Here is an account of what happened to her. Earlier in the day she received an automated call on her iPhone warning that multiple servers containing Apple user IDs had been compromised (the same scammers had called her at 4:34 p.m. the day before, but she didn’t answer that call). The message said she needed to call a 1-866 number before doing anything else with her phone.

Here’s what her iPhone displayed about the identity of the caller when they first tried her number at 4:34 p.m. on Jan. 2, 2019:

Apple iPhone Scam

Note in the above screen shot that it lists Apple’s actual street address, their real customer support number, and the real Apple.com domain (albeit without the “s” at the end of “http://”). The same caller ID information showed up when she answered the scammers’ call this morning.

Westby said she immediately went to the Apple.com support page (https://www.support.apple.com) and requested to have a customer support person call her back. The page displayed a “case ID” to track her inquiry, and just a few minutes later someone from the real Apple Inc. called her and referenced that case ID number at the start of the call.

Westby said the Apple agent told her that Apple had not contacted her and that the call was almost certainly a scam. Apple said they would never do that — all of which she already knew. But when Westby looked at her iPhone’s recent calls list, she saw the legitimate call from Apple had been lumped together with the scam call that spoofed Apple.

“I told the Apple representative that they ought to be telling people about this, and he said that was a good point,” Westby said. “This was so convincing I’d think a lot of other people will be falling for it.”

KrebsOnSecurity called the number that the scam message asked Westby to contact (866-277-7794). An automated system answered and said I’d reached Apple Support, and that my expected wait time was about one minute and thirty seconds. About a minute later, a man with an Indian accent answered and inquired as to the reason for my call.

Playing the part of someone who had received the scam call, I told him I’d been alerted about a breach at Apple and that I needed to call this number. After asking me to hold for a brief moment, our call was disconnected.

No doubt this is just another scheme to separate the unwary from their personal and financial details, and to extract some kind of payment (for supposed tech support services or some such). But it is remarkable that Apple’s own devices (or AT&T, which sold her the phone) can’t tell the difference between a call from Apple and someone trying to spoof Apple.

Phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. If a call has you worried that there might be something wrong and you wish to call them back, don’t call the number offered to you by the caller. If you want to reach your bank, for example, call the number on the back of your card. If it’s another company you do business with, go to the company’s Web site and look up their main customer support number.

Relying on anything other than a number obtained directly from the company in question — such as a number obtained from a direct search on Google or another search engine — is also extremely risky. In many cases, the scammers are polluting top search engine results with phony 800-numbers for customer support lines that lead directly to fraudsters.

These days, scam calls happen on my mobile so often that I almost never answer my phone unless it appears to come from someone in my contact list. But as this scam shows, even that’s not always a great strategy.

It’s a good idea to advise your friends and loved ones to ignore calls unless they appear to come from a friend or family member, and most importantly to just hang up the moment the caller starts asking for personal information.

AGAIN, I DID NOT WRITE THIS ARTICLE. IT WAS COPIED HERE FROM AN ARTICLE WRITTEN BY BRIAN KREBS.  HERE IS HIS HOME PAGE LINK:

https://krebsonsecurity.com/

MALWARE – Malicious Software

You’ve probably heard the term Malware, but do you really know what it is and how it gets onto your devices?

Malware refers to malicious software that is unwittingly downloaded on your computer or other devices. Once downloaded, you will more-than-likely become a victim of identity theft.

Malware
My Malware Protection Recommendation

Malware Infections Happen in Several Ways: 

Links or Attachments in Emails & Text Messages: You may open an attachment or click on a link in a phishing email or text message. Fraudsters will include links with an urgent message to entice or require you to click on them. In other words, the message is crafted to convince you that there is a need for you to take action or suffer the consequences of your inaction.

Fake Websites: Scammers often create authentic-looking, but fake websites, to trick you into entering your personal information. You may think you’re purchasing merchandise at a great price, or applying for a job, or perhaps you clicked on an article that caught your interest. Oftentimes, you just landed on a fake website because you typed the website address incorrectly by misspelling it or clicked on the wrong website during an internet search.

E-cards: These electronic cards are a fun and inexpensive way to celebrate a special occasion or holiday. But e-cards can be dangerous if they do not originate from a well-known e-card website. If someone sends one of these to you and it originated from a fake website, you may download Malware instead of an e-card.

Scammers: The “Tech Support Scam” is a good example of how it’s done.  An imposter, claiming to be from Microsoft, contacts you. They manage to convince you that your computer is infected with a virus. Next they ask you to give them control of your device, so as to assist you with getting rid of the virus. Alternatively, the imposter may convince you to download a program from their fake website to help erase the virus. Just realize that whichever of these options you choose, you will instead, be actually infecting your computer with Malware.

Once Malware is installed – you have opened yourself up to identity theft.

The malicious program will allow a criminal to have access to all the files on your computer. If you have any files that have personal information, such as copies of your credit report, tax return, bank or financial statements, the criminal will then be able to view all of these files.

Additionally, all the email addresses of those in your contact list will be readily available to exploit. The criminal will use the Malware program to send SPAM emails to everyone in your contact list – which will include tainted malicious links or attachments. Recipients of these SPAM emails, will think it is safe to open them, because the email came from you. As a result, everyone in your contact list can easily be infected with the same Malware.

Worst of all, the Malware program gives the criminal the ability to log (read) your keystrokes. This keystroke-logging program allows them to capture the pins, passwords, credit card or other personal information whenever you type them, via your keypad.

Moral of the story: 
  • NEVER click on links or open attachments in email or text messages.
  • Be wary of emails containing links or attachments even IF they appear to come from someone you know.
  • Type all website addresses very carefully.  Take notice how easy it is to misspell a web address or add or miss a letter. For example: ammazon.com or amzon.com or amazon.cm
  • Be careful what you click on when browsing the internet, including Ads, surveys or discount coupons – even on legitimate websites.
  • Don’t open e-cards unless you’re sure it’s legitimate. Do not open it if the sender is unknown to you.
  • Never give control of your computer to anyone you don’t know or trust.

FBI Warns of Router Vulnerabilities

Router Vulnerabilities

The FBI is sounding the alarm and giving an official warning about router vulnerabilities. Apparently, foreign hackers are using a type of malware called “VPN-Filter” to target routers around the world. These router security vulnerabilities were present in many of the most popular router brands.

Your router is often one of the most overlooked of all your computer devices. Realize that hackers can and often do break in to a router, just as easily as any other device on your computer.

Router Vulnerabilitles
Check for updates every 90 days

 

SO WHAT IS A ROUTER ANYWAY?

A router is defined as a hardware networking device that routes data from one computer network connection to another, on the internet. It performs traffic directing functions that allow authorized machines to connect to other computer systems. They are in essence electronic devices that join multiple computer networks together.

If your router becomes compromised, the security of all the devices that utilize that router, are in jeopardy. Once infected, Malware causes the router to block all network communications, thus rendering your router inoperable.

ADVICE FROM THE F.B.I.

According to the FBI, this Malware is difficult to detect and defend against. Therefore, the FBI is recommending that owners of home offices and small office routers should immediately reboot their routers. By doing so, it can disrupt this newly discovered Malware. The FBI is also recommending that, if you have not already done so, immediately change the “default” password and choose a new strong and long password.

Lastly, the FBI is also advising everyone to upgrade to the latest version of their router’s firmware.  Unfortunately, the companies that produce routers don’t automatically notify you when an update is available. So, it is up to you to look for them and download them yourself.

In order to do so, you need to use your internet browser to log into your router, using your router’s IP address. By default, most router manufacturers use 192.168.0.1 or 192.168.1.1 as the IP address.

Alternatively, using Windows 10 you can find your IP address by going to your Settings and choose the Network and Internet icon. Next choose Ethernet and click on your network. Then scroll down to Properties to find it.

It is recommended that you check for updates every 90 days. Below are the links to more information for updating the most popular brands of routers.

Apple:   https://support.apple.com/en-us/HT201519

Asus:  https://www.asus.com/microsite/2014/networks/routerfirmware_update/

D-Link:  http://support.dlink.com/

Linksys:  https://www.linksys.com/us/support-article?articleNum=135561

Netgear https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-firmware-using-the-Check-button-in-the-router-s-web-interface

SCAN YOUR ROUTER FOR ANY BREAK-INS

Using the link below will enable you to check your router for any break-ins.  It is a safe and free service that is specially designed to scan your router to make sure there are no hackers lurking in your router.

Here is the link:

https://www.f-secure.com/en_US/web/home_us/router-checker

Just click the “Check Your Router” icon and you’ll receive an instantaneous report.

ROBOCALLS Telemarketing Phone Calls

ABOUT THOSE PESKY ROBOCALLS

Robocalls are designed to bait you into giving up your personal or financial information. Telemarketing fraud often begins with a Robocall. Unwanted calls are more than a mere annoyance – they are an invasion of privacy and a breeding ground for fraud and identity theft.

Robocalls broke a national record in March of this year (2018). Youmail.com reports that 3.15 billion Robocalls were placed in just the month of March alone. This is a 15% increase from the month before. This increase was driven by a big jump in telemarketing (up 19%) and scam calls (up 13%).

Consumer Reports estimates that Americans lose $350 million a year to scams involving Robocalls. Using today’s technology, tens of millions of Robocalls can be blasted out each day. We’ve all received these telemarketing pitches – like ‘Rachel from Cardholder Services’ or ‘Microsoft’ Imposters calling to warn you that you have a computer virus.

Robocalls
File a complaint with the FTC

MOST ROBOCALLS ARE ILLEGAL!

Only about 10% of Robocalls are actually legal and useful. Airlines can call to give flight updates. Schools can call to alert parents about closures. Doctors can call about appointment reminders. Also, non-profits, political and charitable organizations are allowed to call you too. Just beware of imposters!

Robocalls are usually autodialed or pre-recorded telemarketing calls. The scammers usually don’t know who they are calling and simply ignore the Do-Not-Call List. They oftentimes use prefixes that are the same area code that you live in and even use a phone number similar to yours – in the hopes that you’ll pick up the phone.

Don’t  believe what you see on Caller ID!

When these calls come in, your Caller ID usually displays “spoofed” (fake) phone numbers and/or “spoofed” names of legitimate organizations – like the IRS or a bank, or utility company.  Or, the Caller ID may show as “Unknown”. Robocallers often place their calls using internet technology that hides their location. From here on, you must never rely on what your Caller ID displays on your phone.

Robocalls Aren’t Going Away

Follow these tips to protect yourself from those pesky calls:

  • Don’t Encourage Them: If you are instructed to press a “key” to be taken off their list or to speak to an operator you are, in essence, logging your number as a working number. You will be targeted for even more annoying calls. Hang up without pressing any keys!
  • Don’t Engage: Don’t pick up if it’s a number you don’t recognize. Let it go to voicemail.
  • Block Robocall Numbers: Try contacting your phone service provider, but don’t pay extra for this type of service – since telemarketers change phone numbers often.
  • Forward any SPAM text messages to 7726 (or SPAM)
  • File a Complaint: This helps investigators detect & track patterns in Robocalls. Although most Caller IDs display numbers that are spoofed, report them anyway by calling the Federal Trade Commission at 888-382-1222 or go to ftc.gov/complaint
  • Sign the petition: at Consumers Union to help pressure Telephone Carriers to offer free call-blocking technology by going to: endrobocalls.org

 

ADDITIONALLY –  There’s an App for that

There are a number of apps that are free or for a small fee, will help prevent most, but not all Robocalls.

Here is the link for Android Phones: https://www.ctia.org/consumer-tips/robocalls/android-robocall-blocking

Here is the link for iPhones: https://www.ctia.org/consumer-tips/robocalls/ios-robocall-blocking

Here is a link for Landlines, that offers call blocking for free: https://www.nomorobo.com/

Interesting Factoids:

iPhone users get more robocalls than Android users. They received 29% more Robocalls than Android users, during the month of March. Also, AT&T users get more Robocalls than Verizon users.

Crooks who commit phone fraud are clever. They have to be – as this is the way they make their living. So, don’t engage with them. Instead – ALWAYS HANG UP ON ROBOCALLS OR LET YOUR CALLS GO TO VOICEMAIL!

SKIMMING DEVICES AT GAS STATIONS

SKIMMING DEVICES – ON THE RISE!

Security experts say that skimming devices, could be netting crooks as much as $3 billion a year in the US.  YES, you read that right – $3 billion!

Skimming devices are tiny electronic devices, installed by crooks, that read the personal information from a credit or debit card’s magnetic strip. The ones installed at a bank ATM machine, may also have a hidden camera that picks up the keypad clicks to steal debit card PIN numbers. The stolen information is then transmitted wirelessly to the thieves.

Most skimming devices are placed inside bank ATMs, where crooks insert the tiny devices to steal card data. Investigators are presently seeing a dramatic spike in skimmers being inserted into pay-at-the-pump panels at gas stations. A major contributing factor to this problem is that most gas stations apparently use the same master key codes on their pumps, making them easy prey for skimmer thieves.

In the past, crooks had to return to the ATM or gas pump to retrieve the skimming devices. Now they use Bluetooth technology. Known as blue-snarfing or blue skimming, crooks can sit 100 yards away while card info is transmitted right to their laptop. A single compromised pump can capture data from 30-100 cards a day.

Skimming Devices
REPORT IF SEAL IS BROKEN

WHAT TO LOOK OUT FOR:

Many of the compromised stations are those without proper security cameras and/or tamper-evident seals on their pumps. Off-brand filling stations and pumps closest to major streets or highways are the most targeted. Be on the lookout for an area wrapped in black or gray electrical tape. This type of electrical tape seems to be found in nearly all of the pay-at-the-pump skimming attacks. Some stations are placing security seals with a message saying “Please Report If Seal Is Broken”.

NOW THERE’S AN APP FOR THAT

Skimming Devices are detected with a new app
This app will help detect them

The app is called “Skimmer Scammer”. It’s currently available for Android. You can download it on Google Play by clicking here: https://play.google.com/store/apps/details?id=skimmerscammer.skimmerscammer

The “Skimmer Scammer” app is a FREE open source gas pump skimmer detection app developed by SparkX. It detects common Bluetooth based skimmers – found mostly in gas pumps.  According to SparkX, “This app does not obtain or download data from a given skimmer, nor does it report any information to local authorities”.

Google Play’s description of the app says, “This app uses your phone’s Bluetooth radio to detect a common radio component in modern fuel pump skimmers (HC-05) and warn you if you’re about to get scammed”.

AVOID USING YOUR DEBIT CARD!

You should never use your debit card at a pay-at-the-pump panel at a gas station. Here’s why. If you use your credit card to buy gas and the credit card gets skimmed, the issuer will make good on most fraudulent purchases. However, if you use your debit card to buy gas and your debit card gets skimmed, the thief will use that information to gain access to your checking account.

Remember, your debit card is directly tied to the money in your checking account. Therefore, each transaction made, via your debit card, is withdrawn from the funds in your checking account.

Skimming thieves will use stolen debit card data and load that data onto a ‘white’ card (a counterfeit copy of the card). Then the ‘white’ card is used at bank ATMs to drain cash from the victim’s checking account.

You could suffer large losses if your card is skimmed and you fail to report the incident to your bank promptly. Additionally, while the bank is investigating your issue, you will not have access to any of the money in your checking account.

So, I repeat: Never ever use your debit card at a pay-at-the-pump panel at a gas station. It’s definitely not worth the risk of having your checking account completely cleaned out!

ONE MORE BAD PIECE OF NEWS:

Originally, new credit and debit card rules required all retailers to install EMV smart chip equipment to process card transactions by October, 2015, in order to avoid liability. Unfortunately, that requirement has been delayed until October 2020, for gas station pumps. That gives skimmer thieves almost 3 more years to steal card data from their victims.

EQUIFAX SOFTWARE UPDATES

What does Equifax Software Updates have to do with the Equifax breach?  EVERYTHING! Credit Bureau Equifax actually allowed Hackers into their system, by NOT timely updating one of their software programs.

To begin with – the number of those affected by the Equifax Breach has been revised upward to 145.5 million, up from 143 million. The social security numbers of more than 60% of the U.S. adult population has been exposed.  Mind you, this breach occurred sometime between May and July, 2017, but Equifax didn’t publicly announce it until early September. This gave the bad guys plenty of time to amass all that data and do some serious damage, before most of us were even aware of the breach.

Recently fired Equifax CEO Richard Smith, testified before Congress last week explaining how the company got hacked in the first place. It seems the company failed to update a patch, which would have fixed a security flaw, in a program, called Apache Struts. This security flaw, in the Apache software, is how Hackers were able to steal all that data.

Had Equifax been prompt in updating the program, this epic breach would have been completely avoided!

In March, Apache had issued a patch to fix the problem in their Apache program. The patch was made available for users to update. The patch was available to update two months before the Equifax breach. It is inexcusable for any company that controls huge amounts of sensitive data, to fail to update their software in a timely manner.

CEO Richard Smith told Congress that the “person responsible for updating the software, did not properly do their job”. The fact that only ONE person at Equifax was responsible to handle this job, without any other oversight or backup, is reprehensible!

Equifax Software Updates not done
SHAME ON YOU EQUIFAX!

The important lesson, which should be learned from this story, is to always be sure to update your software. Set these programs to automatically update whenever one becomes available.  Setting them to automatically update eliminates the need for you to have to take any specific action yourself.  It ensures that you’lll always be operating the most safe-and- secure versions of your software at all times.

Finally, it is most important to discontinue the use of outdated software, which is no longer being updated with the latest security patches. The WannaCry Ransomware attack was easily spread around the world, because so many companies were still using the outdated Windows XP operating system.  Microsoft had long ago stopped supporting XP, Vista and other previous software versions with security updates.

Equifax had an obligation to protect the sensitive data of millions of U.S. citizens and failed miserably!  The fact that they made such an avoidable mistake is truly frightening!  Those affected will have to be constantly vigilant about identity theft – for the rest of their lives.

Read a previous article about Equifax Breach