Tagged: cybersecurity Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on November 1, 2024 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Florida Warning Travelers of Wi-Fi Scam 

    Florida Warning Travelers of Wi-Fi Scam

    By Greg Collier

    Connecting to free Wi-Fi has become second nature for many of us. Airports, coffee shops, and even auto repair shops offer Wi-Fi as a convenience. But beneath the convenience, cyber experts are issuing warnings. These open networks may be prime hunting grounds for hackers. In fact, the State of Florida has, once again, recently spotlighted a particularly insidious type of cyber scam known as the ‘evil twin’ attack, bringing to light just how easily criminals can turn public Wi-Fi networks against users.

    The allure of free Wi-Fi is clear, but as more places provide it, cybercriminals are getting creative in exploiting it. Hackers can create evil twin networks, which are Wi-Fi connections that look like familiar and trusted networks but are impostors set up to deceive unsuspecting users. Hackers will make their phony network names to match those of common public spaces. As soon as users connect to one of these evil twin networks, they open the door for attackers to access their devices and data.

    Many people’s smartphones and laptops remember networks they’ve previously connected to and will automatically reconnect to them. When a device sees a network with a familiar name, it connects without asking the user, assuming it’s safe. Hackers exploit this feature, setting up networks with identical names to those commonly found in airports or popular venues, tricking devices into connecting automatically. Once connected, the hacker has a direct line to the user’s device, allowing them to redirect traffic to fraudulent sites, install spyware, or even steal passwords and other personal information.

    With incidents of this scam occurring globally, law enforcement agencies and cybersecurity experts are urging the public to exercise extreme caution when connecting to public Wi-Fi networks. For those who need internet access on the go, using a personal mobile hotspot or a trusted VPN connection is a safer alternative. As tempting as it may be to tap into that free Wi-Fi, it’s important to weigh the risks. Accessing a network without verifying its authenticity could lead to significant compromises in privacy and data security.

     

  • Geebo 8:00 am on September 17, 2024 Permalink | Reply
    Tags: , cybersecurity, , , , ,   

    What Is the Evil Twin Attack Targeting Travelers? 

    What Is the Evil Twin Attack Targeting Travelers?

    By Greg Collier

    You might feel safe and relaxed while cruising at 35,000 feet, but there’s something you should be on the lookout for, even mid-flight. It’s a sneaky Wi-Fi scam known as the Evil Twin Attack. This old trick has resurfaced, now targeting airline passengers.

    Recently, news outlets in Australia reported an arrest involving this very scam. Authorities claim that a man stole passengers’ personal information using a fake Wi-Fi network while they were on a flight. How did this happen? Let’s break it down.

    Evil Twin Wi-Fi is a fake network that copies the name of a Wi-Fi you’ve used before and trust. Think of places like airports, hotels, or coffee shops where your phone or laptop automatically reconnects to the Wi-Fi without you even thinking about it. Scammers take advantage of this by creating a Wi-Fi network with the same name to trick your phone into connecting to their network instead.

    In the Australian case, the alleged scammer took it a step further. He boarded multiple flights with a portable Wi-Fi hotspot that mimicked the name of the airport’s Wi-Fi. When the plane took off and passengers switched to airplane mode, their phones unknowingly connected to the imposter Wi-Fi, thinking they were back on the airport’s trusted network.

    Once passengers connected, they were asked to log in using their social media or email passwords. If they did, they handed over sensitive information like usernames and passwords, which could easily be used for identity theft. Essentially, the scammer could pretend to be them online and access their accounts.

    This may sound alarming, but there are simple ways to avoid falling victim to an Evil Twin Wi-Fi attack. One effective method is to delete any public networks your phone automatically reconnects to, such as those from airports, cafes, or libraries. By going into your Wi-Fi settings and removing these unnecessary networks, you can prevent your phone from connecting to potentially fake ones in the future.

    Another smart precaution is to keep your Wi-Fi turned off when you’re not using it. Rather than leaving it on by default, only activate it when you are certain you’re connecting to a trusted network. This small habit can greatly reduce your risk.

    Adding security software, like a virtual private network (VPN), is another protective measure. A VPN will encrypt your data, helping to ensure that even if you accidentally connect to a rogue network, your personal information most likely remains secure.

    These adjustments are simple but can go a long way in keeping your data safe. As scams like this one become more common, especially in places like airports, staying alert and taking these precautions will help protect you, even at 35,000 feet!

     

  • Geebo 8:00 am on June 4, 2024 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Protect your Facebook account from latest phishing scam 

    By Greg Collier

    Social media scams are constantly evolving, and the latest phishing scheme is a new threat targeting Facebook users. It’s designed to trick you into revealing your login credentials by exploiting your fear of losing access to your account. The Better Business Bureau has issued a warning about this scam, emphasizing the importance of recognizing and avoiding it. Here’s how you can identify this scam and safeguard your account from hackers.

    You might receive an email that seems to be from Facebook, warning about a breach of Community Standards on your page. The message might look like this: “Recently, we discovered a breach of our Community Standards on your page. Your page has been disabled for violating our Terms. If you believe this decision is incorrect, you can request a review and file an appeal at the link below.” The email could also state that if you don’t act within 24 hours, your account will be permanently deleted. The email includes a link that appears to lead to Facebook’s website.

    When faced with such a message, it’s essential to remain calm and scrutinize it closely. You will likely find telltale signs of a scam, such as, typos and grammatical errors in the message, an email sender’s address that doesn’t match Facebook’s official addresses, or you might notice that the link doesn’t actually point to Facebook’s website.

    Another variant of this phishing scam targets business pages, threatening deactivation due to a Terms of Service or Community Standards violation. This message pretends to be from Meta Business Support and asks the administrator to confirm the account by clicking a link, or face permanent deletion. Clicking the link typically leads to a fake but official-looking page that prompts you to fill out a form with your login email, phone number, name, and other details. Once submitted, you are asked to confirm your password, providing scammers the information needed to hijack your account. We have to clear out messages like this from our inbox daily just because we’re a business with a Facebook page.

    There are steps you can take to protect yourself from this scam, such as reading suspicious emails and messages carefully, looking for signs of a scam before taking any action. Remember, fake alerts are common as scammers frequently target social media accounts.

    If you receive a message similar to the one’s mentioned, you should verify its claims by logging into your Facebook account directly to check if there is an actual problem. Do not rely on the information provided in the message to make any decisions.

    Also, even if an alert seems legitimate, use the Facebook app to log in or type the URL into the browser bar yourself. Avoid clicking on links sent via email or messages.

    Lastly, never enter your login information on a third-party website or any page other than the official Facebook website. Do not send your login details via email or Facebook Messenger. If you suspect you’ve entered your credentials on a fake form, change your password immediately.

    By staying informed and cautious, you can protect your Facebook account from phishing scams and other online threats. The Better Business Bureau’s warning serves as a reminder that your security starts with a proactive approach to recognizing and avoiding these scams.

     

  • Geebo 9:00 am on January 26, 2024 Permalink | Reply
    Tags: , cybersecurity, , , ,   

    Is two-factor authentication to blame for SIM-swapping scam? 

    By Greg Collier

    A SIM-swapping scam, also known as SIM hijacking or SIM card swapping, is a type of fraud in which attackers take control of an individual’s mobile phone number by tricking the mobile carrier into transferring the phone number to a new SIM card. The goal of the scam is to gain access to the victim’s sensitive information, such as personal data, financial accounts, and online accounts tied to the phone number. For this scam to take place, a scammer does not need physical possession of your phone or its SIM card.

    With control of the victim’s phone number and possibly access to their email or other accounts, the attacker can reset passwords, access sensitive information, and potentially engage in identity theft or financial fraud. What makes the SIM-swapping scam so appealing to scammers is the fact that little to no interaction with the victim is required.

    Recently, a woman from Maryland lost $17,000 to a SIM-swapping scam. Someone in California walked into a Verizon store and activated a new phone on a new SIM card using the victim’s phone number and information. Once that transaction took place, the victim’s phone was no longer active. From there, the scammers were able to use the victim’s phone account to access her bank account and empty it of $17,000.

    The news report about the victim’s financial loss makes it a point to show the victim had two-factor authentication enabled on most of her online accounts. Unfortunately, the SIM-swapping scam is specifically designed to circumvent two-factor authentication.

    Two-factor authentication (2FA) is a security process that requires users to provide two different authentication factors to verify their identity before gaining access to an account, system, or application. The purpose of 2FA is to add an extra layer of security beyond just a username and password. Most people who enact 2FA on their accounts use text messaging to receive their one-time 2FA code. If a SIM-swap is enacted on a phone where 2FA codes are bing sent to the phone, the scammers not only have control of your phone account, but can also receive your 2FA authorization codes.

    While any 2FA is better than having none, it’s not recommended to use text messaging to receive your authorization codes. Instead, it’s recommended you use an authenticator app along with a biometric authentication such as a fingerprint scanner. This way, your 2FA information is tied to your device and not your phone number.

    To better protect yourself from a SIM-swapping attack, set a unique personal identification number (PIN) or password with your mobile carrier to add an extra layer of security.

     

  • Geebo 8:00 am on September 25, 2023 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Facebook Account Hijacking: How Scammers Exploit Lost Control 

    By Greg Collier

    For some, losing control of your Facebook account may not seem like a big deal. You may only use Facebook sparingly to keep in touch with a handful of friends and relatives. If you lose access to your account, you can just open a new one and send new friend requests while telling your friends list you got hacked. However, letting your Facebook account remain in the hands of hackers can not only leave your friends and family vulnerable to scams, it could also lead to frustrated strangers showing up at your door.

    For example, a woman from Alabama lost control of her Facebook account. Before she knew it, hackers took over her account and changed the password, locking her out of her own account. Then, the hackers posed as the woman and listed several items for sale on Facebook Marketplace. Once other Facebook users started responding to the listings, the hacker told the other users they were out of town, but would hold the item for them if they paid a deposit.

    As you can probably guess, the Facebook users who paid deposits never received the items they thought they were purchasing. Victims of this scam started showing up at the home of the woman who had her account hacked. Thankfully, those who did show up at her home were reasonable when they found out they were scammed. However, it’s no stretch of the imagination to think things may have taken a wrong turn if the wrong person got scammed.

    The woman stated that she’s trying to get Facebook to suspend her original account, but the hacked account is still active.

    Scammers like this love to get their hands on existing Facebook accounts because it makes their Marketplace scams appear legitimate since an active and older account is attached to the listings.

    In conclusion, safeguarding your Facebook account from potential hackers is not only crucial for your personal data but also for your online security. By following these tips and staying vigilant, you can significantly reduce the risk of falling victim to malicious activities. Remember to regularly update your password, enable two-factor authentication, review your privacy settings, and be cautious about the information you share online. Your Facebook account holds a treasure trove of personal information, and taking these proactive steps will help ensure that it remains secure.

     

  • Geebo 8:34 am on September 18, 2023 Permalink | Reply
    Tags: cyberattack, cybersecurity, MGM Resorts, , ,   

    What does the MGM casino cyberattack mean to you? 

    What does the MGM casino cyberattack mean to you?

    By Greg Collier

    When we think of someone stealing from a casino, we may think of someone cheating at the tables. Or we may think of one of the famous heist movies like Ocean’s Eleven, whether it’s the Frank Sinatra or the George Clooney version. What we probably don’t think about is a chain of Las Vegas casinos being held hostage by hackers after a ten-minute phone call. Unfortunately, that’s what appears to have happened to the casinos owned by MGM Resorts this past week.

    While MGM themselves are being tight-lipped about the situation, it seems that a hacker collective found an upper management employee of MGM Resorts on LinkedIn. The hackers then posed as this employee and called MGM’s IT help desk. While speaking with the person at the help desk for only ten minutes, the hackers were able to obtain the information needed to access MGM Resorts’ internal computer systems.

    Once the hackers had the keys to the kingdom, so to speak, they infected MGM’s systems with ransomware. For the next few days, MGM Resorts had to shut down many of its systems, which greatly affected their business. Slot machines were inoperable, and the hotels could not issue electronic room keys to guests, just to name a few of the problems. The casinos even had to revert to giving out handwritten receipts to some of its winners.

    MGM has stated they will not give in to the hackers’ demands.

    So what does MGM’s trouble’s mean to the average consumer? Well, this kind of impersonation attack is known as social engineering and can be used in a multitude of scams. Social engineering is a form of manipulation and psychological persuasion that is often used for malicious purposes. It involves exploiting human psychology and social interactions to trick individuals or groups into divulging confidential information, granting access to restricted areas, or performing actions that may compromise security.

    If social engineering can be used against a multi-billion dollar corporation, it can be used and be successful against anyone. Protecting oneself from social engineering attacks involves a combination of awareness, skepticism, and proactive measures.

    Always verify requests for sensitive information, access, or actions, especially if they come via email, phone calls, or in-person interactions. Use trusted contact information to confirm the legitimacy of the request with the supposed authority or organization.

    Be cautious of unsolicited communications from unknown or unexpected sources. Verify the identity of the person or organization before sharing sensitive information or complying with their requests.

    By adopting these practices and fostering a security-conscious mindset, individuals can significantly reduce their vulnerability to social engineering attacks and help protect their personal and organizational assets.

     

  • Geebo 8:00 am on September 15, 2023 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Is it safe to shop on TEMU? 

    Is it safe to shop on TEMU?

    By Greg Collier

    In case you haven’t heard, TEMU is the latest online shopping sensation. Thanks to their glitzy advertising campaigns, TEMU has taken off in popularity. Social media is flush with posts of people posting their hauls from TEMU. So, is TEMU any good and is it reliable? If we were pushed to give a yes or no answer, we would side with no.

    TEMU is the latest in a string of direct retailers based in China. You may have heard of some of their competitors, such as AliExpress or Wish. Rather than selling items themselves, TEMU allows companies and distributors to sell Chinese-made goods through their portal to customers in the West.

    TEMU’s predecessors, the aforementioned AliExpress and Wish, have garnered a reputation of selling shoddily made or counterfeit goods, along with long shipping times if the item is shipped at all. TEMU seems to be following in their footsteps, but those aren’t the only drawbacks to using TEMU.

    According to the Better Business Bureau (BBB), TEMU is harvesting customer data like there’s no tomorrow. The BBB says that TEMU is collecting such information as the customer’s name, phone number, address, birthdate, social media photos, and even social security numbers. So how is that different from the major U.S. retailers?

    The BBB is concerned that since TEMU is based in China, scammers, identity thieves, and other bad actors may have easier access to that data. While data leaks do happen in the U.S., there are laws to try to protect those affected by the leaks and admonish the leakers. Many other countries do not have such laws, especially when the victims of such leaks are from another country from the other side of the world.

    In a world where personal information is more valuable than ever, it’s essential to tread carefully when navigating the digital marketplace. While TEMU offers enticing deals and a wide range of products, it’s crucial to remember that convenience shouldn’t come at the cost of your personal data security.

     

  • Geebo 8:00 am on May 30, 2023 Permalink | Reply
    Tags: cybersecurity, , , , ,   

    Vacation scams are on their way 

    Vacation scams are on their way

    By Greg Collier

    With Memorial Day weekend behind us, many of use will be looking to book our summer vacations. Unfortunately, dream vacations can often turn to nightmares thanks to scammers. The Better Business Bureau has issued a warning about various scams vacation-goers may encounter if they’re not careful.

    One of the more common scams that could ruin a vacation is the rental scam. It works in the same way as a long-term rental scam works. Scammers will list properties online for short-term rental they don’t actually own. More often than not, the listing is copied from a legitimate listing, although the scammers are advertising the rental at below-market prices. Research is key when looking to rent a home for your vacation. Do a web search of the property’s address, and you might find multiple listings online that show different owners, different rental agencies, and different prices. If the listing you found is the one with the lowest price, there is a very good chance that is the scam listing.

    If you decide to go down the motel/hotel route, be wary of calls to your room from the front desk. A scam that has become popular over the last few years is when scammers call your room. They’ll call late at night while posing as the front desk. The caller will say your credit card didn’t go through and will ask for your credit card information again. The scammers are hoping that you’ll give them your credit card information instead of going down to the front desk. If you didn’t use a credit card, you’ll know you’re being scammed. If you did book your room with a credit card, always go to the front desk if there is a supposed problem with it.

    Lastly, you may want to be careful when using the wifi at your lodgings. Using public wifi in general can open you up to a number of security risks, such as exposing your financial information. While travelling, think about purchasing a plan with a virtual private network (VPN). VPNs can block your information from being seen on public wifi. However, when choosing a VPN, always go with a paid plan, as free VPNs are often just a disguise for more security risks.

     

  • Geebo 8:00 am on March 31, 2023 Permalink | Reply
    Tags: , , cybersecurity, , ,   

    BBB warns of Smart TV scam 

    By Greg Collier

    With our homes having more and more internet-connected devices, many of these devices can be vulnerable to cyberattacks. This includes your smart TV or any internet-connected device you may have connected to your TV, like a Roku or Amazon Fire Stick. And whenever someone is vulnerable to a cyberattack, scammers are sure to follow. The Better Business Bureau has issued an urgent warning about smart TV attacks, which can cause the victim to lose money.

    Hackers can hijack smart TVs through various methods, including exploiting vulnerabilities in the software, using phishing scams to gain access to the TV’s credentials, or exploiting weaknesses in the network that the TV is connected to.

    One common method is to use malware to exploit vulnerabilities in the TV’s software, such as outdated firmware or unpatched security holes. Once the malware gains access to the TV, it can be used to control the TV remotely and perform a variety of malicious actions, such as displaying fake messages, installing additional malware, or even spying on the user through the TV’s camera and microphone.

    What we’re concerned with today is smart TVs that display fake messages. If a smart TV has been exploited, scammers will prevent the user from setting up their TV properly. A pop-up message will appear on the TV claiming there is an issue with setting up the TV or possibly a streaming service. A phone number is typically displayed within the pop-up.

    If someone were to call the number listed on the screen, they would be connected with scammers posing as a customer service department. The scammers will try to convince the user that a fee is required in order to obtain TV service. More often than not, the scammers will ask for payment in the usual scammer ways, such as gift cards or cryptocurrency.

    To prevent smart TV hijacking, it is important to keep the TV’s software updated, use strong passwords for the TV and network, and avoid clicking on suspicious links or downloading unknown apps. Additionally, users should be wary of giving unnecessary permissions to apps installed on the TV, such as access to the camera and microphone.

    Also, be suspicious of any pop-up messages that come across your TV asking you to call a customer service department. A Google search for the number could turn up if it’s a scam calling center. If you do need to call a manufacturer or service provider, make sure to get their official phone number of the company’s website.

     

  • Geebo 9:01 am on January 23, 2023 Permalink | Reply
    Tags: cybersecurity, , , , ,   

    Inactive Facebook account leads to puppy scam 

    By Greg Collier

    A woman from Long Island recently had people showing up at her home looking to pick up the puppies they had bought online. The only problem was, the Long Island woman wasn’t selling any puppies. The people showing up at her door were victims of a puppy scam. In this instance, puppy scammers were advertising puppies for sale that didn’t exist. The scammers would ask for hundreds of dollars in deposits from victims and had them pay through the much maligned payment app Zelle. Undoubtedly, the woman started to be concerned for her safety. In the past, we have seen reports of puppy scam victims becoming belligerent when they’ve been sent to a random address.

    However, the woman’s address wasn’t exactly random. She had a Facebook account, which she hadn’t used in years. Scammers were able to hijack her Facebook account, and used it to advertise the fictitious puppies. Since they were using the woman’s Facebook account, the scammers decided to send their victims to the woman’s address. When the woman discovered her Facebook account was being used, she tried to reclaim the account, but the scammers had changed the email address and password. She even contacted Facebook, who allegedly said they couldn’t take the account down because it didn’t violate their terms of service.

    So, we have two scams at work here, the aforementioned puppy scam and a type of identity theft. If you have an old social media account you haven’t used in years, it’s a good idea to just delete the account. This will prevent the account from being hijacked by scammers and other bad actors. However, if you want to keep the account around just in case, make sure you’re not using the same password for multiple online accounts. This is one of the leading ways social media accounts get stolen. You should also routinely change the passwords on your accounts. And definitely enable two-factor authentication on your accounts. These aren’t guarantees that your accounts will be 100% secure, but they will go a long way in discouraging con artists from hijacking your accounts.

    As far as the puppy scam goes, you should never buy a puppy or any other animal without seeing it in person first. Many puppy scammers just steal pictures of puppies off the internet to use in their advertisements. Even if you’re shown a puppy on Zoom or FaceTime, it doesn’t necessarily mean you won’t be scammed. Shop for a puppy within driving distance and never order from out of state, and never make any payment over apps like Zelle, Venmo, or Cash App, since they’re preferred by scammers. Instead of trying to buy a puppy online, think about adopting one from your local shelter.

     

← Older posts

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel