Equifax Settlement after Massive Data Breach

An Equifax settlement has finally been reached – nearly two years after their massive data breach. The company has agreed to a global settlement with the Federal Trade Commission and the Consumer Financial Protection Bureau. The settlement includes a Consumer Restitution Fund totaling up to $425 million to help people affected by the data breach and another $175 million going to all 50 U.S. states and territories.

Padlock with Identity Theft Theme
Nearly 148 Million Records Exposed!

TOTAL INEPTNESS

It was in September of 2017 that Equifax, one of the largest consumer reporting agencies in the world, suffered a data breach that affected roughly 148 million consumers – nearly half the U.S. population.

Equifax’s failure to maintain and update their security system is what caused this preventable breach. Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems. The breach went unnoticed for 76 days.

This epic breach enabled hackers to penetrate Equifax’s systems and exposed the private data of 56% of American adults. Breached information included Social Security numbers, names, addresses, birthdates, credit card numbers and some driver’s license numbers too.  It was, and still is, the largest and most damaging breach of highly sensitive consumer data.

RESTITUTION FUND – JUST A MERE $2.87 – PER VICTIM!
Equifax Settlement
Barely A Slap On The Wrist!

The Equifax Settlement includes a Consumer Restitution Fund totaling up to $425 million that will go to consumers who can demonstrate that they were financially harmed by the breach.  $300 million is dedicated to addressing consumer redress. However, if the $300 million is exhausted, the fund can increase by up to an additional $125 million. The company must also offer up to 10 years of credit monitoring services to those affected by the breach. If you don’t want the credit monitoring service, you may be able to opt for a $125 cash payment, unless they run out of funds. You can’t get both!

Furthermore, Equifax has agreed to take several additional steps to assist consumers who are either facing ID Theft issues, or who have already had their identities stolen. It includes making it easier for consumers to freeze and thaw their credit and making it easier for consumers to dispute inaccurate information contained in their credit reports.

Additionally, the Equifax settlement requires the company to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft. For at least seven years, Equifax will provide free assistance to victims via their Identity Restoration Services. In other words, if you discover there was misuse of your personal information, call the settlement administrator at 1-833-759-2982 and you will be given instructions for how to access Equifax’s free Identity Restoration Services.

WHAT DO I NEED TO DO NOW?

Equifax is offering FREE Credit Reports for ALL U.S. Consumers. Starting in January 2020, all U.S. consumers can get 6 free credit reports per year for 7 years from the Equifax website. That is in addition to the mandatory free credit report everyone is entitled to each year from each of the three credit bureaus that you get from going to www.AnnualCreditReport.com

To find out if you were one of the over 147 million victims of Equifax’s data breach and an eligible class member, call 1-833-759-2982 or you can click here

*NOTE: If you wish to file a claim, you must file your claim by January 22, 2020.

Visit the Federal Trade Commission’s website for info on How to File a Claim

Read a previous article I wrote about the Equifax Breach to learn how it all came about. And Here for Part Two of that article.

PUBLIC WIFI IS NOTORIOUSLY RISKY

Public WiFi is Notoriously Risky!

If you intend to bring your internet devices with you when you travel, you must consider the inherent dangers of Public WiFi.

Public Wi-Fi Is Not Safe
Public Wi-Fi You Must Protect Your Data

Pubic WiFi is Not a Private Secure Internet Connection

Therefore anyone can access the network and anyone can eavesdrop on what’s being transmitted via Public WiFi. People tend to let their guard down while traveling. Security is put on the back burner and we tend to do things that increase our chances of getting hacked.

According to a survey conducted by Morning Consult for IBM Security, 70% of travelers take unnecessary risks while on the road. They connect to public WiFi, charge a device on a public USB station, or enable auto-connect on their wireless devices.

Hackers Set Up Fake Public WiFi Hot Spots

A skilled Hacker will typically give their fake WiFi Network a name that’s similar to an authentic connection. If it’s a hotel, they will choose a name with the hotel’s name in it or if it’s the airport, they will choose a network name that includes the airport’s name or the name of the airlines. The same goes for coffee shops or other internet hubs.

If you are inadvertently fooled by a hacker’s fake WiFi Network, you’re now giving that network permission to start taking data off your device. Furthermore, if your device is set to auto-connect, you might be leaking your personal data and not even know it.

You can’t eliminate all digital threats when you’re on vacation, but you can significantly reduce your chances of having a problem by following these tips.

TIPS TO KEEP YOU SAFE

  • Any device you use, outside your own home network, including your smartphone, laptop or tablet should have a VPN (Virtual Private Network) installed. A VPN encrypts the data leaving your device.
  • Before turning the VPN on, be sure to shut off WiFi and close all apps. After connecting to Wi-Fi, via your VPN, it’s safe to open up any app.
  • Never have your devices set to auto-connect. If your device automatically connects to a free WiFi Hotspot, your device is vulnerable to hacking.
  • Keep the WiFi on your smartphone turned off until you need it. Cellphone data is encrypted when it travels via your phone’s mobile network.
  • Never bring your business laptop with you when on vacation. Bring a spare one that has no corporate data on it. If you need to access corporate data or your company email, do it through the cloud.

Remember, we’re more vulnerable to digital security intrusions when we travel. Don’t opt for convenience over security.

Here is the link to the IBM Survey

Read a previous article of mine about how to keep your online data safe

 

VOICE ACTIVATED ASSISTANTS

VOICE ACTIVATED ASSISTANTS POSE PRIVACY CONCERNS

Voice Activated Assistants, aka Digital Assistants, like “Alexa” and “OK Google” have become very popular. Over 20 million homes already have a voice activated assistant installed in their homes.

These digital assistants may be the latest rave in cool technology, but the devices have created new privacy concerns and security vulnerabilities. They could potentially expose personal data like your bank account info and your contact list. So, while it may be fun to own one, be aware that voice activated assistants pose a risk, if a cyber-criminal is able to hack into it.

The digital security firm Symantec released a report about voice activated assistants. The report states that “The range of activities that can be carried out by these speakers, means that a hacker or even a mischief-minded friend could create havoc, if they were able to gain access”.

Voice Activated Assistants
THEY’RE LISTENING!

WHY? IT’S ALWAYS LISTENING!

The user must first use a wake-up command such as “Alexa” or “OK Google” to activate the digital assistant. Therefore, the device must always be listening, waiting to be activated by that command. This can cause unintentional or accidental triggering. Even a radio, TV or streaming video, playing in the background, might inadvertently set it off.

Once the device is awake, it will record what is said and then sends that recording to a server, where it is stored. However, you do have the option to listen back to these recordings and delete them if you wish.

Symantec’s threat researcher sees a potential danger from these ‘always listening’ digital assistants. He states, “Someone could hack into these devices remotely and then turn them into a listening device”. “Some of them even come with cameras, so they can also see what you are doing”.

Pam Dixon, executive director of the World Privacy Forum, cautions against allowing your digital assistants to store passwords, your contact info or credit card data. Additional dangers include the fact that the device may come with a purchasing option, which is usually turned ON by default. You should set a security PIN or disable the feature.

CRIMINALS CAN TAKE CONTROL

Voice Activated Assistants are designed to be hubs that can control other devices or appliances in your home. These other external devices are referred to as the “Internet of Things” (IoT). Gadgets like lights, cameras, thermostats, coffee makers, alarm systems and door locks are all part of the Internet of Things.

Be aware that the convenience of these IoTs, may create new vulnerabilities. For example: if you connect your door locks or alarm system to your digital hub, then a burglar could command your digital assistant to “open the door and turn off the alarm”.  Additionally, any device connected to the internet is vulnerable to Malware. Always be sure to change the default password and assign a stealth password to each of them.

TIPS TO KEEP YOU SAFE

  • Be careful which accounts you connect. Don’t connect things you don’t need to use, like your address book or calendar.
  • Always use long strong passwords and enable 2-step authentication if it’s available. Remember that anyone with access to your account can listen in remotely, play back recordings, change settings and access personal information.
  • Be sure that your voice activated assistant is linked to your private home or office Wi-Fi network. Password protect your Router.
  • Devices made by Amazon and Google both offer voice recognition, so use that feature. But realize it’s not foolproof.
  • Remember to put the device on Mute when you go on vacation.

To learn more about the danger posed by these gadgets, read my prior article about the Internet of Things.

Deceased Identity Theft – Victimizing the Dead

Deceased Identity Theft is on the rise. Identity thieves will go to great lengths to steal personal information. But how low are they willing to go? They will steal information from the recently deceased.

Assuming the Identity of a Deceased Person Can be a Profitable Venture

Victimizing the dead by stealing their identity is often referred to as ‘Ghosting’. Understand that Identity Theft happens in a variety of ways – including Tax ID Theft, Medical ID Theft, Financial ID Theft and Employment Fraud. Ghosting can encompass any or all of these different types of ID theft.

Deceased Identity Theft
You Must Protect Your Loved Ones

Here are some examples of what these criminals can do with the information stolen from a recently deceased person. File phony tax returns, apply for loans, establish fraudulent credit accounts, create fake driver’s licenses, apply for employment and file false medical claims. Ghosting can also result in creditors coming after the heirs of a deceased loved one or create problems with their estate.

How Do Thieves Get the Information?

Identity Thieves often glean a deceased person’s information from the Social Security Administration’s Death Master File. The Social Security Administration (SSA) maintains a national file of reported deaths for the purpose of paying appropriate benefits. The Death Master File contains the following information: Social Security number, name, date of birth, date of death, State of last known residence, and zip code of last lump sum payment. This information is a virtual gold mine for an identity thief!

In addition, relatives and funeral directors also notify States of recent deaths and then the States notify the SSA. When the SSA receives a death notice, it will flag the deceased person’s Social Security number as “inactive.”

Keep in mind that thieves can also glean a deceased person’s information from hospitals, funeral homes, social media and obituaries.  Because it can take weeks or months to process a death, thieves have plenty of time to commit fraud before it is ever detected.

Signs of Deceased Identity Theft

Calls from a creditor or collection agency on an account opened or used in the deceased’s name after death. If you discover such signs, contact the affected creditor or collection agency in writing, explaining that the account was opened or used fraudulently. Surviving spouses and children can also be liable if they shared accounts with the deceased.

Deceased Identity Theft Stolen Info
Freeze Out the Thieves

Reduce the Risk of Deceased Identity Theft:  

  • Send copies of the death certificate to all three credit bureaus asking them to flag the person’s credit report with the following alert: “Deceased – Do Not Issue Credit”.
  • Request a copy of the credit report of the deceased person with all three credit bureaus. You’ll need to do this in writing. The report will list all active credit accounts. Be on the lookout for any questionable activity.
  • Place a credit freeze with each of the three credit bureaus to stop thieves from opening any new credit accounts in the name of the deceased.
  • Send the IRS a copy of the death certificate to prevent Tax ID Theft. The IRS will then flag the account to reflect that the person is now deceased. Go to irs.gov and enter “Deceased Taxpayers” in the search box.
  • Notify banks, credit card companies, loan holders, financial institutions and mortgage holders to close any accounts. Also notify medical professionals and health insurers too.
  • Notify the Motor Vehicle Department to take their Driver’s License out of circulation.
  • Avoid putting too much information in an obituary. Don’t give a birth date, current address, mother’s maiden name or other identifying information that could be useful to identity thieves. The same goes for social media.

It is devastating for a grieving family to have to go through the process of proving to various agencies that their loved one is indeed dead. The emotional impact of unwinding the mess, stalls the grieving process for the family. Therefore, once a loved ones passes away, it’s important to designate someone to take immediate action to help secure their personal information from these heinous criminals.

If you want to know more about how to place a credit freeze, read this

DARK WEB MONITORING

Dark Web Monitoring – Is It Worth The Cost?

Consumers are coughing up anywhere from $10 to $30 per month for identity theft protection. Credit monitoring companies usually include dark web monitoring to their list of services. But is dark web monitoring really worth its salt? Consumers are under the false assumption that they can rely on these credit monitoring companies to keep them protected. THEY CAN’T!

Results of a recent survey by Consumer Federation of America (CFA)

~ 36% of those who’d seen ads for dark web monitoring incorrectly believed identity theft services can remove their personal info from the dark web.

~ 37% mistakenly believe dark web monitoring services will prevent stolen information, sold on the dark web, from being used.

Dark Web Monitoring

What is the Dark Web?

It is the go-to place on the internet where criminals buy and sell stolen personal information. Well known, commonly used internet browsers such as Google Chrome, Firefox or Mozilla won’t get you there. You need a special browser such as Tor. Most of this stolen information is gleaned from criminals that hack into compromised businesses and personal computers. Here’s what these nefarious actors are after: social security numbers, credit card info, usernames & passwords, bank account info, medical info, birth dates, email addresses, names, addresses, phone numbers, etc., etc.

REALITY CHECK!

No one can erase any of the stolen data that ends up on the dark web. No one can prevent your stolen data from being sold or used. Therefore, credit monitoring companies are only able to ‘alert’ you (after the fact) once they discover that your personal info is up for sale on the dark web.

If you’re wondering whether or not your personal info is on the dark web, the answer is YES, of course it is. You don’t need to pay a credit monitoring service to learn that! Hackers stole nearly a half a billion records in 2018 alone!

The Equifax data breach exposed the social security numbers, birth dates and other personal info of 148 million Americans. About 6.4 million records are reported stolen every day. If you’re still not convinced, and want to see the raw data, go here for real time data breach statistics.

Odds are very high that your info has already been bought and sold to numerous criminals on the dark web. You can’t change your social security number or date of birth. With so much of everyone’s info already compromised, individuals must do everything they can to make it more difficult for criminals to use that stolen data.

Does Dark Web Monitoring Have Any Value?

Security experts say dark web monitoring is just a scare tactic used by credit monitoring companies. Fear of the unknown motivates people. Neal O’Farrell, executive director of the Identity Theft Council  says it’s all really “just a smoke and mirrors deal” created by credit monitoring services to justify the monthly fee. O’Farrell states “They keep adding on these extra services that are truly valueless and don’t go to the cause of the problem”.

6 Important Things To Protect Yourself

1.) Check your credit report regularly with all 3 credit bureaus. By law you are entitled to a free annual report from Equifax, Trans Union and Experian. All three companies must provide a free credit report to you, upon request. So, NO EXCUSES – It’s FREE!  Stagger your requests throughout the year by requesting one credit report from one company, three different months during the year.

2.) Place a “Freeze” on your credit file with all three credit bureaus. There is no cost to freeze your credit. So, again, no excuses! Placing a credit freeze prevents a fraudster from obtaining credit in your name. A credit freeze is much more secure than the credit monitoring packages being sold by the credit bureaus and other credit monitoring companies such as LifeLock. Also, don’t let the credit bureaus try to talk you into placing a “Credit Lock” instead of a Credit Freeze”. Credit Locks do not have the same consumer protections that a Credit Freeze provides.

3.) Use two-factor authentication as a secondary firewall to prevent criminals from impersonating you. Also referred to as “2FA” – Two-Factor Authentication is an extra layer of security that requires not only a username and password, but also something that the user has on them like an email address or a cellphone that a code can be sent to. This proves that you are who you claim to be before you can obtain full access to your account.

4.) Use stealth and long passwords (at least 12 or more characters) that are hard to crack. The best passwords are phrases mixed in with symbols, numbers and upper & lower case letters. Don’t use obvious things like, mother’s maiden name, birth dates, addresses, phone numbers or any info that can be gleaned from your social media account. NEVER use the same password for other log-ins. Why? If your password is compromised, a criminal will try using that password to log-in to other websites, like banks, PayPal, Amazon and other commonly frequented websites. Also, be sure to change passwords every so often, especially if you learn of a data breach that affects a website or an account you have with a company.

5.) Monitor your accounts whenever your bank and credit card statements arrive. Be sure to also check your Explanation of Benefits for medical services. Correct any errors you find and report any discrepancies.

6.) Keep your software updated and back up your data. Whenever there is an update available for your software programs, be sure to follow through and perform a timely update. Better yet, set your programs to update automatically. Make a habit of backing up your important files on a regular basis. Back up all files that you wouldn’t want to lose if your computer ever crashed.

There’s no 100% guarantee that following these steps will fully protect you from becoming a victim of identity theft, but it will certainly lower your chances.  Awareness and constant vigilance is paramount in this game of cat and mouse.

You can read a prior article I wrote about Credit Freezes here

INTERNET OF THINGS TICKING TIME BOMB

THE INTERNET OF THINGS – Could Be A Ticking Time Bomb

The “Internet of Things” is a term that describes any gadget, gizmo or tech equipment that is connected wirelessly and controlled over the internet. Some examples of the connected devices that make up the internet of things are webcams, refrigerators, smart TVs, thermostats, copiers, medical devices, automobiles, alarm systems, baby monitors, fitness bands, computers, modems, routers, digital recorders, etc.  For purposes of this article, I will refer to them as “IOT” devices.

Presently, the estimated number of IOT devices is approaching around 5 billion devices. That number is expected to rise to 25 billion by 2020. A study by HP Security Research concluded that 70% of the most commonly used IOT devices had serious security flaws. 90% of these IOT devices were using unencrypted network service and 70% were vulnerable through weak passwords.

Internet of Things
Change the username & passwords on these gadgets

THIS POSES A VERY BIG PROBLEM!

The security flaws common in so many of these contraptions allow any skilled hacker to easily take control of one or more of these devices. Therefore, hackers are constantly searching the web trying to break into one of these IOT devices. Once a hacker gains control of one of these devices, the hacker can then gain access to the other connected devices – that are also connected to your Wi-Fi network.

Many of these devices are really only unsecure because the user doesn’t bother to change the assigned factory settings. They forget or neglect to change the username and password when they connect the device to their home Wi-Fi network. Hackers know the factory default passwords assigned to these devices.

So, if the user doesn’t change the default settings to something long and complex, then that device will be an open invitation to any hacker. Consumers are usually unaware of this and may not know how to even begin to secure these poorly-secured IOT devices. Furthermore, it is often up to the consumer to check to see if the manufacturer has a firmware update available for them to download.

Worse yet, there is no current security standard required of the manufacturers of these devices. Additionally, a lot of these devices are designed and manufactured in foreign countries that really don’t care about security vulnerabilities.

The FTC is starting to take this problem seriously and urging businesses to build better security into their IOT devices. They are also preparing to regulate IOT devices in an effort to protect consumer’s privacy and security.  They specifically want to start by regulating automobiles and mobile-payment methods such as Apple Pay.

TIPS TO HELP PROTECT YOURSELF

  • Don’t store personal information on any device – including your real name.
  • Change the default username and passwords on all of your home network devices.
  • Periodically check the manufacturer’s website to see if a firmware update is available.
  • Use a different complex password for each one of your devices, so that if one device gets hacked, your other devices will not be jeopardized.
  • Use anti-virus and anti-malware software on your home computer network and set them to automatically download any new updates.
  • Keep your smartphone protected – it is the gateway to your car’s connectivity and many other IOT devices. Be sure your smartphone is password protected and has anti-virus and anti-malware installed on it.

For more in depth information about the internet of things, Brian Krebs of Krebs on Security, has an excellent article about this topic. Here’s the link to it:  https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-stuff/

ALSO, be sure to read a previous article I wrote about Router Security

Sweetheart Scams – Your Money Your Heart

Sweetheart Scams can hurt both your heart and your bank account.

The National Consumers League (NCL) is sounding the alarm about Sweetheart Scams. It is also referred to as the Romance or Friends Scam. Con Artists are swindling their victims out of millions of dollars. According to the NCL report, the average victim loses approximately $18,831. The group says that complaints to their organization about Sweetheart Scams have spiked upwards by 45%. That’s double the amount of complaints from 2017.

Sweetheart Scams
Don’t Let Someone You Love Get Duped

Con Artists are Masters of Persuasion

They prey on their intended victim’s powerful emotions. Examples of those powerful emotions are fear, greed, urgency, pride, loneliness and love. Realize that Love and Loneliness are two of the most powerful emotions on earth. Victims of Sweetheart Scams act on both of those emotions, rather than using reason. It’s as if the con artist has cast an impenetrable spell on their victim.

Con Artists are not looking for affection or a loving relationship

Their goal is to separate you from your money.  It’s also much easier now for them to pull off these romance scams because of the digital age.  Kindling a relationship with their victim can be a long drawn out process or it can happen fairly quickly.

It may begin with a phishing email, a contact on social media or when someone joins an online dating website such as Match.com.  The con artist will create a fake online profile that’s designed to lure you in. They will use a fake name and photo. They often falsely take on the identity of a trusted person such as a professional working abroad or someone in the military or perhaps an aid worker in a foreign country.

Realize that these con artists will strike up a relationship with not just you, but with hundreds of potential victims. Be especially wary if your new-found-friend or lover quickly asks you to move your conversations from the website’s messaging platform to your personal email or phone.

Eventually, that new special someone in your life will convince you to send them money to pay for some kind of emergency. They may even ask you for money so they can travel to visit you.  Either way it’s a trap!

Younger people claim they would never fall for this type of scam, but the statistics say otherwise. Con artists work to gain the victim’s trust and separate them from their support system. Victims are so convinced that they have found their true love, that they will even put themselves in harm’s way. One woman, a teacher, flew to Jamaica to meet her lover and was murdered in the process.

The elderly population also seems to be vulnerable to the Sweetheart Scam. Many of them have suffered a painful loss, like the death of a spouse or other family member. Many of them live alone and are yearning for companionship or love. Con artists easily manipulate and swindle people who are in such an emotional state of mind.

Keep in mind that when money is sent via a gift card, MoneyGram, or a prepaid debit card it is untraceable and you will never get your money back!

Scams-of-the-heart are especially egregious, because victims are hurt both emotionally and financially.  To read the National Consumers League article on this topic go to:  https://www.nclnet.org/romance_scams

Apple iPhone Scam – Very Convincing

I did not write this article, but I copied the important main parts of it here. It was written by Brian Krebs who is a security news and investigator. His website is called KrebsonSecurity.  Here is the link to his original article:  https://krebsonsecurity.com/2019/01/apple-phone-phishing-scams-getting-better/

I thought it was important enough to alert you to this new Apple iPhone scam – Read on…

Apple Phone Phishing Scams Getting Better

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.

Jody Westby is the CEO of Global Cyber Risk LLC, a security consulting firm based in Washington, D.C. Here is an account of what happened to her. Earlier in the day she received an automated call on her iPhone warning that multiple servers containing Apple user IDs had been compromised (the same scammers had called her at 4:34 p.m. the day before, but she didn’t answer that call). The message said she needed to call a 1-866 number before doing anything else with her phone.

Here’s what her iPhone displayed about the identity of the caller when they first tried her number at 4:34 p.m. on Jan. 2, 2019:

Apple iPhone Scam

Note in the above screen shot that it lists Apple’s actual street address, their real customer support number, and the real Apple.com domain (albeit without the “s” at the end of “http://”). The same caller ID information showed up when she answered the scammers’ call this morning.

Westby said she immediately went to the Apple.com support page (https://www.support.apple.com) and requested to have a customer support person call her back. The page displayed a “case ID” to track her inquiry, and just a few minutes later someone from the real Apple Inc. called her and referenced that case ID number at the start of the call.

Westby said the Apple agent told her that Apple had not contacted her and that the call was almost certainly a scam. Apple said they would never do that — all of which she already knew. But when Westby looked at her iPhone’s recent calls list, she saw the legitimate call from Apple had been lumped together with the scam call that spoofed Apple.

“I told the Apple representative that they ought to be telling people about this, and he said that was a good point,” Westby said. “This was so convincing I’d think a lot of other people will be falling for it.”

KrebsOnSecurity called the number that the scam message asked Westby to contact (866-277-7794). An automated system answered and said I’d reached Apple Support, and that my expected wait time was about one minute and thirty seconds. About a minute later, a man with an Indian accent answered and inquired as to the reason for my call.

Playing the part of someone who had received the scam call, I told him I’d been alerted about a breach at Apple and that I needed to call this number. After asking me to hold for a brief moment, our call was disconnected.

No doubt this is just another scheme to separate the unwary from their personal and financial details, and to extract some kind of payment (for supposed tech support services or some such). But it is remarkable that Apple’s own devices (or AT&T, which sold her the phone) can’t tell the difference between a call from Apple and someone trying to spoof Apple.

Phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. If a call has you worried that there might be something wrong and you wish to call them back, don’t call the number offered to you by the caller. If you want to reach your bank, for example, call the number on the back of your card. If it’s another company you do business with, go to the company’s Web site and look up their main customer support number.

Relying on anything other than a number obtained directly from the company in question — such as a number obtained from a direct search on Google or another search engine — is also extremely risky. In many cases, the scammers are polluting top search engine results with phony 800-numbers for customer support lines that lead directly to fraudsters.

These days, scam calls happen on my mobile so often that I almost never answer my phone unless it appears to come from someone in my contact list. But as this scam shows, even that’s not always a great strategy.

It’s a good idea to advise your friends and loved ones to ignore calls unless they appear to come from a friend or family member, and most importantly to just hang up the moment the caller starts asking for personal information.

AGAIN, I DID NOT WRITE THIS ARTICLE. IT WAS COPIED HERE FROM AN ARTICLE WRITTEN BY BRIAN KREBS.  HERE IS HIS HOME PAGE LINK:

https://krebsonsecurity.com/

CYBERSECURITY RESOLUTIONS

As 2018 comes to an end, I am putting together my recommended list of Cybersecurity Resolutions for 2019. Although the number of data breaches went down in 2018, the actual number of individuals affected by those breaches dramatically increased.  So, you must continue to remain ever vigilant if you want to protect yourself.

Cybersecurity Resolutions to head off Cyber disasters
Head Off Pending Disasters

Here are some important Cybersecurity Resolutions you should adhere to.

  1. I WILL USE STRONG, LONG, STEALTH PASSWORDS that are unique for each different website. A good password is one that uses a combination of upper and lower case letters, numbers and special characters. Don’t use the same password for different websites. Be creative and don’t use obvious things like your Mother’s Maiden name, your date of birth, street address, your pet’s names, etc. Your social media page will give any scammer clues of what you might use to create a password. So, don’t make it so easy for them to crack it.
  2. I WILL KEEP MY SOFTWARE UPDATED as soon as I am notified that an update is available. If you do so, in a timely manner, then you won’t have to worry about your devices getting compromised. Set your programs to perform updates automatically.
  3. I WILL BACK UP MY FILES REGULARLY. Backing up your files has become an essential security continuity practice. If you are a victim of Ransomware, a Malware infection or even Mother Nature, you’ll be glad you backed up your data to a separate hard drive or thumb drive. Always remove the backup device from your computer after doing the routine backup.
  4. I WILL USE 2 FACTOR AUTHENTICATION WHENEVER POSSIBLE. Also known as 2FAs, it adds a second layer of security onto your account access, by confirming that you are who you claim you are. It also protects you from those who unlawfully attempt to access your account. Not all businesses and online accounts offer this extra security, but take advantage of the companies that do.
  5. I WILL ONLY VISIT SITES THAT BEGIN WITH HTTPS. Not every website, even some popular ones, begin their web address with the more secure HTTPS. It is not safe to enter any of your personal information on a website that begins with HTTP instead of HTTPS. The “S” stands for secure. Security must go hand-in-hand with privacy. There are extensions that you can install to your browser that will only connect automatically to HTTPS versions of websites. For example, try installing “HTTPS Everywhere” on your google browser. It’s what I use.
  6. I WILL HANDLE MY EMAILS CAREFULLY. Repeat after me: I will never click on links or open up attachments in any email unless I am 150% sure that the email is legitimate. Emails are the easiest way a criminal can gain access to your system. Ask yourself, does the email seem fishy? Is the grammar and spelling correct? Does it sound too good to be true? OR does the email contain an urgent message that you must click on in order to solve a problem? These are all telltale signs of a phishing email. If you click on that link, or open that attachment, you will surely infect your computer. Hover your mouse over the sender’s email address and see if it appears legitimate. My advice is to go onto the business’ website by typing in the URL yourself rather than the provided link in the email. Don’t hesitate to call the business to verify that the email is legit. Most companies will never ask you for your personal information.  You’ve been warned!!!
  7. I WILL BE CAREFUL AND THINK BEFORE I POST. Privacy is dead. Whatever you post is open season for anyone who wants to exploit that information. Sharing details of a personal nature can be dangerous. Criminals can and will use your information against you. The information you so freely give away online, can be used to access your accounts or steal your identity. Tone down the stuff you post about yourself or people close to you.
  8. I WILL KEEP ABREAST OF THE LATEST CYBERSECURITY THREATS AND SCAMS. Knowledge is power! The more you know the more you’ll be able to protect yourself and your loved ones.
Cybersecurity Resolutions to help lprotect your data
Everyone is after your data! You must protect it.

So, there you have it.  If you follow these Cybersecurity Resolutions, you’ll be a whole lot safer from scammers, crooks and fraudsters in 2019.  Stay safe out there and Happy New Year to all.

MALWARE – Malicious Software

You’ve probably heard the term Malware, but do you really know what it is and how it gets onto your devices?

Malware refers to malicious software that is unwittingly downloaded on your computer or other devices. Once downloaded, you will more-than-likely become a victim of identity theft.

Malware
My Malware Protection Recommendation

Malware Infections Happen in Several Ways: 

Links or Attachments in Emails & Text Messages: You may open an attachment or click on a link in a phishing email or text message. Fraudsters will include links with an urgent message to entice or require you to click on them. In other words, the message is crafted to convince you that there is a need for you to take action or suffer the consequences of your inaction.

Fake Websites: Scammers often create authentic-looking, but fake websites, to trick you into entering your personal information. You may think you’re purchasing merchandise at a great price, or applying for a job, or perhaps you clicked on an article that caught your interest. Oftentimes, you just landed on a fake website because you typed the website address incorrectly by misspelling it or clicked on the wrong website during an internet search.

E-cards: These electronic cards are a fun and inexpensive way to celebrate a special occasion or holiday. But e-cards can be dangerous if they do not originate from a well-known e-card website. If someone sends one of these to you and it originated from a fake website, you may download Malware instead of an e-card.

Scammers: The “Tech Support Scam” is a good example of how it’s done.  An imposter, claiming to be from Microsoft, contacts you. They manage to convince you that your computer is infected with a virus. Next they ask you to give them control of your device, so as to assist you with getting rid of the virus. Alternatively, the imposter may convince you to download a program from their fake website to help erase the virus. Just realize that whichever of these options you choose, you will instead, be actually infecting your computer with Malware.

Once Malware is installed – you have opened yourself up to identity theft.

The malicious program will allow a criminal to have access to all the files on your computer. If you have any files that have personal information, such as copies of your credit report, tax return, bank or financial statements, the criminal will then be able to view all of these files.

Additionally, all the email addresses of those in your contact list will be readily available to exploit. The criminal will use the Malware program to send SPAM emails to everyone in your contact list – which will include tainted malicious links or attachments. Recipients of these SPAM emails, will think it is safe to open them, because the email came from you. As a result, everyone in your contact list can easily be infected with the same Malware.

Worst of all, the Malware program gives the criminal the ability to log (read) your keystrokes. This keystroke-logging program allows them to capture the pins, passwords, credit card or other personal information whenever you type them, via your keypad.

Moral of the story: 
  • NEVER click on links or open attachments in email or text messages.
  • Be wary of emails containing links or attachments even IF they appear to come from someone you know.
  • Type all website addresses very carefully.  Take notice how easy it is to misspell a web address or add or miss a letter. For example: ammazon.com or amzon.com or amazon.cm
  • Be careful what you click on when browsing the internet, including Ads, surveys or discount coupons – even on legitimate websites.
  • Don’t open e-cards unless you’re sure it’s legitimate. Do not open it if the sender is unknown to you.
  • Never give control of your computer to anyone you don’t know or trust.