If you’re unfamiliar with .zip files, they can be one large file or several smaller files that are compressed into a .zip file to make the space they take up on your device smaller. These .zip packages can be decompressed, or unzipped, by using programs like Win-Zip, 7-Zip, or the built-in compression utilities provided by operating systems such as Windows and macOS.
Many software applications and operating systems are distributed in the form of .zip files. This allows developers to package all the necessary files and folders into a single archive, simplifying the installation process for users.
Earlier this month, Google started offering .zip internet domains. That means anyone who wants to buy a web address can purchase a .zip domain instead of .com or .net. Many tech enthusiasts chided Google for making .zip available for domains, as they could be abused by scammers. Now, according to tech reports, the scams have already begun.
A victim could be thinking they’re downloading legitimate software, but are then directed to a .zip website that could infect their device with malware, among other things. The website will mimic a .zip file being extracted, along with a fake pop-up that says the .zip file has been scanned and no viruses were found.
Unfortunately, there’s no hard and fast rule to protect yourself from such a scam. If you do download a .zip file, make sure it’s from a trusted source. Anything else that has .zip at the end of it, you may want to avoid it.
Recently, an iPhone user was locked out of her new iPhone. On her husband’s phone, she did a Google search for ‘Apple Customer Service’ and called the number she found. The person on the other end of the call said they’d be happy to help her out. Except, the woman hadn’t really called Apple. Instead, she had called a phony customer support number run by scammers. These scammers had accessed her iPhone and were able to use her Zelle app to steal $1500. However, this scam is not exclusive to either Apple or Google.
This scam is a version of the tech support scam. Instead of trying to trick victims into believing there’s a virus on their device, this scam waits for someone with a tech problem to call the scammers. In these cases, the scammers take out ads on popular search engines. Not just Google, but Bing and Duck Duck Go as well. The scammers will submit a flurry of ads to these companies in hopes just a handful get through the vetting process. If the ads get approved, they can be listed at the top of the search engine rankings. While the search engine companies claim to be on top of the problem, scammers continue to have their ads for phony customer services approved.
There are ways to protect yourself from this scam. The first is when you’re doing a web search, make sure the listing you’re about to click on doesn’t have a tiny ad indicator near it. These are usually little text boxes that say ‘Ad’, but sometimes have a color that’s similar to the page’s background. Another way to protect yourself is by going to the manufacturer’s website directly. For example, instead of doing a web search for Apple Customer Service, just go directly to apple.com in your device’s web browser. From there you should be able to find the customer support number if the company has one.
Today in the Scam Round up, we’re bringing you one scam you definitely should be aware of, a new twist on an old scam, and a kind of strange scam.
***
First, we have the new twist on the old scam, the rental scam to be specific. Typically, in a rental scam, the scammers post a home or apartment for rent online they don’t own. They’ll then start collecting security deposits, or rent money, from their victims. This is usually all done without ever meeting face to face. However, a woman from Cleveland, Ohio, is accused of allegedly collecting $20,000 from dozens of victims at the apartment complex she worked at. The scammer would tell victims that their application was approved before taking their money. This included payments in money order, cash, and, of course, Cash App.
It’s difficult to protect yourself from a scam like this when it’s being perpetrated by an employee of a legitimate apartment complex. While we imagine the odds of this scam happening again are low, if you feel like you’re not receiving enough communication from the property management as you get closer to your move-in date, consider talking to another employee at that complex. If you’ve been scammed like this, don’t hesitate to contact your local police.
***
In our strange scam story, restaurants from across the country are being extorted. A rash of scammers is threatening to review-bomb the restaurants with one-star reviews on Google, if the restaurant doesn’t send a $75 Google Play gift card to the scammer electronically. We’re not just talking about your local Applebee’s, these scammers are also threatening restaurants that have been awarded the much lauded Michelin Stars.
What makes matters worse, Google isn’t the easiest company to get a hold of when you need an issue like this resolved. Google has even refused to recognize some of the reviews as fake and have refused to remove them from their platform.
While not a lot of people own restaurants compared to the rest of us, a scam like this can potentially threaten any industry and any business.
***
Lastly, we have the scam that everyone should be aware of. Today starts Amazon Prime Day, one of the online retail giant’s biggest sales event. Cybersecurity experts call Prime Day the Super Bowl for scammers. The biggest threats are said to be phony websites that imitate Amazon and messages that appear to come from Amazon but don’t. If a shopper ends up going to one of these phony Amazon clones, they could be subject to malware, identity theft, and lost funds. Always check the URL, or web address, to make sure you’re on the website you want to be. Scam sites will often have a URL that is spelled like the site they’re imitating, but be one letter off or have left a letter out. They could also have the Amazon name in their URL, but have it direct you to their scam site instead.
Consumers should also be wary of deals that sound too good to be true. That could also be the indicator of a scam. If you will be shopping online during Prime Day, try to use a credit card whenever possible because they offer more protection than a standard bank debit card.
It’s difficult to live an online life without using some of Google’s services. For example, if you’re using an Android phone, you’re already entrenched in the Google ecosystem. Because of that, you’re probably using Google services that you might not be aware that you’re using. Google Photos is one of those services. If you use an Android phone you’re probably using Google Photos without even knowing it. In most Android phones, Google Photos will back up the pictures you take with your phone to the cloud. Due to the sheer number of people who use Google Photos, it has become an avenue for identity thieves.
According to reports, scammers are sending out phony emails that say someone has shared their Google Photos Album with you. These are phishing emails that are said to look authentic. If you click on the link to the supposed photo album you’re asked to enter your Google username and password. Except the website where you just entered your Google information isn’t a Google website. Instead, it’s a website set up by scammers to steal your Google login information.
Please take a moment to think how much your online life is contained in your Google account. In just your Gmail alone there is probably enough information to steal your identity easily. Between banking information and social media accounts, someone with access to your Google account could essentially take over your identity and ruin it for years to come.
As is the norm with most phishing emails, you should never click on the link any of these emails contain. On your computer, hover your cursor over the link to see where the link actually directs you. Check for misspellings of actual web addresses used by real companies. Also, don’t click on any links that have been shortened by a link shortening service as they can disguise the links true destination.
It’s difficult to accomplish anything online without using one of Google’s many products. Whether your work uses Gmail as its email service or just conducting a simple web search, the majority of us will use a Google product on a daily basis. With most web users using Google’s Chrome browser, many users are entrenched into the Google ecosystem by default. Because of Google’s reach across the internet, it should come as no surprise that opportunistic cybercriminals will use Google’s familiarity to try to compromise your device and information. Once such instance of these tactics has been recently reported.
Scammers are sending out emails that appear to be from someone on your contacts list who is sharing a document with you from Google Docs. The email will have logos attached from Google and Norton Security. The email will also say that the email has been scanned for viruses. Then there will be a link leading you to the supposed document. If you click on the link, malware could be installed on your device that not only could steal your information but it could also send out similar phishing emails to everyone on your contact list further spreading this latest attack. This is similar to an attack that happened back in 2017.
The best way to protect yourself from this attack is to verify with the sender to make sure if this is a legitimate email or not. Enabling two-factor authentication on your email service will also go a long way in preventing your email from being hijacked. If the scammers can’t access your email remotely then they won’t be able to gain control of your outgoing emails. Most email providers offer two-factor authentication protection. While 2FA is not a 100% guarantee of protection, it does prevent a great number of attacks.
Last week, The University of Chicago Medical Center and Google had a class action lawsuit filed against them. The suit contends that when the Medical Center entered into a partnership with Google it allegedly exposed hundreds of thousands of medical records to the search giant. At the heart of the lawsuit is the allegation that the medical records provided to Google contained identifiable patient information which violates the Health Insurance Portability and Accountability Act, or HIPAA as it’s better known.
According to reports, The University of Chicago Medical Center entered into this partnership with Google in order to assist with Google’s artificial intelligence researchers. The researchers are looking for a way to help doctors better diagnose patients with the help of AI. The medical records provided to Google were said to be stripped of all identifiable information which is permitted under HIPAA. However, the lawsuit claims that the dates of service the patients were seen at the medical center were contained within the medical records. The law firm that has filed the suit states that Google could easily identify a patient with just the dates they were seen because of their knowledge of their users’ search histories.
So is this a legitimate concern or is this a frivolous lawsuit filed by a paranoid patient? While theoretically, it could be possible for Google to determine a patient’s identity through the records received and their own resources it doesn’t make sense for them to do so. Google has an incalculable number of users and many of them don’t even sign into Google when using the service for search. It also makes no financial sense as Google would not only be open to lawsuits like this but the wrath of the government as well. HIPAA violators tend to be fined very heavily and right now, the government and Google aren’t exactly on the best of terms. So until there is better evidence that Google acted maliciously, it appears that your medical records are currently safe.
Last week, president Trump issued an executive order that claims foreign threats to communication networks are a national emergency. This order makes it extremely difficult for communication companies from China from doing business in the US. The Trump administration added Chinese phone manufacturer Huawei to a sort of blacklist that makes it almost impossible for the Chinese firm from purchasing hardware and software in the US that’s needed to make their devices.
In order to comply with the executive order, Google has suspended any business with Huawei. This means that in the immediate future, Huawei will not be able to use the Google-supported Android OS On any of their new devices. Huawei could use the open source version of Android, however, this would not include any technical support from Google or any Google apps such as Gmail or the Google Play Store. Huawei claims that they have made preparations for such an event but without support for Google apps sales outside of China could badly impact the world’s 2nd largest smartphone manufacturer.
Consumers in the US who may currently own a Huawei phone could see their devices no longer receiving security updates from Google. However, it is believed that apps like Gmail and YouTube will continue to be supported on already existing on current Huawei devices. The Trump Administration believes that Huawei is allegedly committing espionage for the Chinese government even though there has been no concrete evidence to prove such an allegation.
In the wake of the deadly mass shooting that took place in Christchurch, New Zealand by an alleged white nationalist, the US House Judiciary Committee held a hearing about hat speech online. If you’ll recall the gunman in the Christchurch shooting that left 50 victims dead not only livestreamed his attack on Facebook but also posted a hate-filled manifesto online. Facebook and Google were called before the committee to address what steps they were taking to combat the problem. Both Facebook and Google defended the practices they use in order to prevent online hate. However, Google, who owns YouTube, may have spoken too soon.
The hearing was being livestreamed on YouTube and about 30 minutes into the livesstream many YouTube users were leaving racist and anti-Semitic comments in the stream’s live chat and comment section. At that point, YouTube shut down the chat and closed the comments section but by then the damage had already been done. Committee chairman Rep. Jerrold Nadler, D-NY, was handed a sampling of the hateful comments and read them aloud during the hearing. “This just illustrates part of the problem we’re dealing with,” Nadler said.
Unfortunately, just because YouTube clamped down on one livestream doesn’t mean the hate speech went away. Instead, they just relocated to other livestreams of the hearing. At least one recognized hate group ran their own livestream of the hearing and even raised money for themselves through YouTube’s own platform. Because of social media, there hasn’t been a surge in hate groups like this since the days of the civil rights movement. According to the Southern Poverty Law Center, there are over 1,000 organized hate groups in the US alone. Violence committed by some of these groups has also been on a sharp rise in the past few years as well.
What remains to be seen is if these social media platforms can actually develop effective safeguards to screen for hate speech or will it just remain business as usual? Hate speech has been a problem since the early days of the internet and no major platform has been able to tackle it convincingly.
Earlier this week, Facebook was caught paying users including teens for complete access to their phones. Unhappy with this, Apple struck back by not only banning the app from iOS devices but also revoked Facebook’s enterprise access which hamstrung a number of internal apps that Facebook employees needed to use just to do their daily jobs. At least one report states that some Facebook employees were considering quitting their jobs if Apple did not restore Facebook’s enterprise certificate because they couldn’t do their jobs. However, since the original kerfuffle over user privacy, Apple has restored Facebook’s enterprise access. Facebook didn’t seem to learn their lesson though as Facebook COO Sheryl Sandberg has allegedly defended Facebook’s paid marketing research by claiming that its users consented to the program. But again, the question of consent needs to be reframed when it comes to paying minors.
Facebook wasn’t the only tech company who felt Apple’s wrath this week as Google admitted that they had a similar research program that was also being used on Apple devices. Google came clean about their program during the initial dust-up between Apple and Facebook, however, that didn’t stop Apple from temporarily revoking Google’s enterprise access as well. While you may think that Google would be an Android-only workplace they do have to develop their most popular apps for Apple’s iOS operating system as well. Without that access, Google could have potentially lost out on having their apps on Apple devices. However, Apple has since restored Google’s enterprise access as well.
With two of the top tech companies in the country being severely admonished by another one of the top tech companies in the country, will this be a turning point in the fight for user privacy? Unfortunately, it’s doubtful that it will be. Facebook has shown time and time again that they follow their own path when it comes to user privacy as they have continued to forge ahead with questionable privacy practices even in the face of past controversies. Meanwhile, Google has their own Android operating system that outnumbers Apple’s iOS. Consumers still demand products from Facebook and Google on their devices no matter which platform they use as there aren’t many alternatives to their services. So it still may be a while before we see Google or Facebook stop treating consumers as the actual product.
Today we bring you a few consumer protection stories that we think you should be aware of.
First up is the return of the Netflix phishing scam. This is not a new scam but it seems to be making the rounds again. Reports from all over the country are stating that people are receiving emails that appear to be from Netflix asking customers to update their payment information. If you receive one of these emails do not click any of the links contained in the email. Doing this will take you to either a malware infested site or will try to obtain your credit or debit card information. Anytime some service requests any kind of information change, go directly to the site in your web browser instead of clicking any links.
A former Microsoft intern is claiming that today’s Google is acting more like yesterday’s Microsoft. The intern used to work on Microsoft’s Edge Browser and claims that Google purposely tries to slow down other browsers than Chrome on some of their services such as YouTube. This is reminiscent of the browser wars of the early internet when Microsoft’s Internet Explorer gained the majority of the browser market by being included by default in Windows. The only difference this time is that Microsoft blinked and they are changing Edge to be a Chromium-based browser. Chromium is the engine that powers the Chrome browser and many of its offshoots like Opera and Vivaldi.
Lastly, the state of South Dakota is warning consumers to be wary of phony shipping companies that are claiming they reside in the state. The state’s Attorney General is saying that people are being tricked into sending money to phony shipping companies when buying cars off of craigslist. If you’re going to buy a car online we hope that you would purchase the vehicle through Geebo.com, however, we always recommend shopping local when looking for a vehicle and using a safe place to conduct the transaction. However, if you do need to deal with a shipping company for whatever reason, a quick Google Maps search using the company’s supposed address should be able to tell you if the company actually exists or not.
Leave a Reply