Tagged: cybersecurity Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:00 am on January 26, 2024 Permalink | Reply
    Tags: , cybersecurity, , , ,   

    Is two-factor authentication to blame for SIM-swapping scam? 

    By Greg Collier

    A SIM-swapping scam, also known as SIM hijacking or SIM card swapping, is a type of fraud in which attackers take control of an individual’s mobile phone number by tricking the mobile carrier into transferring the phone number to a new SIM card. The goal of the scam is to gain access to the victim’s sensitive information, such as personal data, financial accounts, and online accounts tied to the phone number. For this scam to take place, a scammer does not need physical possession of your phone or its SIM card.

    With control of the victim’s phone number and possibly access to their email or other accounts, the attacker can reset passwords, access sensitive information, and potentially engage in identity theft or financial fraud. What makes the SIM-swapping scam so appealing to scammers is the fact that little to no interaction with the victim is required.

    Recently, a woman from Maryland lost $17,000 to a SIM-swapping scam. Someone in California walked into a Verizon store and activated a new phone on a new SIM card using the victim’s phone number and information. Once that transaction took place, the victim’s phone was no longer active. From there, the scammers were able to use the victim’s phone account to access her bank account and empty it of $17,000.

    The news report about the victim’s financial loss makes it a point to show the victim had two-factor authentication enabled on most of her online accounts. Unfortunately, the SIM-swapping scam is specifically designed to circumvent two-factor authentication.

    Two-factor authentication (2FA) is a security process that requires users to provide two different authentication factors to verify their identity before gaining access to an account, system, or application. The purpose of 2FA is to add an extra layer of security beyond just a username and password. Most people who enact 2FA on their accounts use text messaging to receive their one-time 2FA code. If a SIM-swap is enacted on a phone where 2FA codes are bing sent to the phone, the scammers not only have control of your phone account, but can also receive your 2FA authorization codes.

    While any 2FA is better than having none, it’s not recommended to use text messaging to receive your authorization codes. Instead, it’s recommended you use an authenticator app along with a biometric authentication such as a fingerprint scanner. This way, your 2FA information is tied to your device and not your phone number.

    To better protect yourself from a SIM-swapping attack, set a unique personal identification number (PIN) or password with your mobile carrier to add an extra layer of security.

     
  • Geebo 8:00 am on September 25, 2023 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Facebook Account Hijacking: How Scammers Exploit Lost Control 

    By Greg Collier

    For some, losing control of your Facebook account may not seem like a big deal. You may only use Facebook sparingly to keep in touch with a handful of friends and relatives. If you lose access to your account, you can just open a new one and send new friend requests while telling your friends list you got hacked. However, letting your Facebook account remain in the hands of hackers can not only leave your friends and family vulnerable to scams, it could also lead to frustrated strangers showing up at your door.

    For example, a woman from Alabama lost control of her Facebook account. Before she knew it, hackers took over her account and changed the password, locking her out of her own account. Then, the hackers posed as the woman and listed several items for sale on Facebook Marketplace. Once other Facebook users started responding to the listings, the hacker told the other users they were out of town, but would hold the item for them if they paid a deposit.

    As you can probably guess, the Facebook users who paid deposits never received the items they thought they were purchasing. Victims of this scam started showing up at the home of the woman who had her account hacked. Thankfully, those who did show up at her home were reasonable when they found out they were scammed. However, it’s no stretch of the imagination to think things may have taken a wrong turn if the wrong person got scammed.

    The woman stated that she’s trying to get Facebook to suspend her original account, but the hacked account is still active.

    Scammers like this love to get their hands on existing Facebook accounts because it makes their Marketplace scams appear legitimate since an active and older account is attached to the listings.

    In conclusion, safeguarding your Facebook account from potential hackers is not only crucial for your personal data but also for your online security. By following these tips and staying vigilant, you can significantly reduce the risk of falling victim to malicious activities. Remember to regularly update your password, enable two-factor authentication, review your privacy settings, and be cautious about the information you share online. Your Facebook account holds a treasure trove of personal information, and taking these proactive steps will help ensure that it remains secure.

     
  • Geebo 8:34 am on September 18, 2023 Permalink | Reply
    Tags: cyberattack, cybersecurity, MGM Resorts, , ,   

    What does the MGM casino cyberattack mean to you? 

    What does the MGM casino cyberattack mean to you?

    By Greg Collier

    When we think of someone stealing from a casino, we may think of someone cheating at the tables. Or we may think of one of the famous heist movies like Ocean’s Eleven, whether it’s the Frank Sinatra or the George Clooney version. What we probably don’t think about is a chain of Las Vegas casinos being held hostage by hackers after a ten-minute phone call. Unfortunately, that’s what appears to have happened to the casinos owned by MGM Resorts this past week.

    While MGM themselves are being tight-lipped about the situation, it seems that a hacker collective found an upper management employee of MGM Resorts on LinkedIn. The hackers then posed as this employee and called MGM’s IT help desk. While speaking with the person at the help desk for only ten minutes, the hackers were able to obtain the information needed to access MGM Resorts’ internal computer systems.

    Once the hackers had the keys to the kingdom, so to speak, they infected MGM’s systems with ransomware. For the next few days, MGM Resorts had to shut down many of its systems, which greatly affected their business. Slot machines were inoperable, and the hotels could not issue electronic room keys to guests, just to name a few of the problems. The casinos even had to revert to giving out handwritten receipts to some of its winners.

    MGM has stated they will not give in to the hackers’ demands.

    So what does MGM’s trouble’s mean to the average consumer? Well, this kind of impersonation attack is known as social engineering and can be used in a multitude of scams. Social engineering is a form of manipulation and psychological persuasion that is often used for malicious purposes. It involves exploiting human psychology and social interactions to trick individuals or groups into divulging confidential information, granting access to restricted areas, or performing actions that may compromise security.

    If social engineering can be used against a multi-billion dollar corporation, it can be used and be successful against anyone. Protecting oneself from social engineering attacks involves a combination of awareness, skepticism, and proactive measures.

    Always verify requests for sensitive information, access, or actions, especially if they come via email, phone calls, or in-person interactions. Use trusted contact information to confirm the legitimacy of the request with the supposed authority or organization.

    Be cautious of unsolicited communications from unknown or unexpected sources. Verify the identity of the person or organization before sharing sensitive information or complying with their requests.

    By adopting these practices and fostering a security-conscious mindset, individuals can significantly reduce their vulnerability to social engineering attacks and help protect their personal and organizational assets.

     
  • Geebo 8:00 am on September 15, 2023 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Is it safe to shop on TEMU? 

    Is it safe to shop on TEMU?

    By Greg Collier

    In case you haven’t heard, TEMU is the latest online shopping sensation. Thanks to their glitzy advertising campaigns, TEMU has taken off in popularity. Social media is flush with posts of people posting their hauls from TEMU. So, is TEMU any good and is it reliable? If we were pushed to give a yes or no answer, we would side with no.

    TEMU is the latest in a string of direct retailers based in China. You may have heard of some of their competitors, such as AliExpress or Wish. Rather than selling items themselves, TEMU allows companies and distributors to sell Chinese-made goods through their portal to customers in the West.

    TEMU’s predecessors, the aforementioned AliExpress and Wish, have garnered a reputation of selling shoddily made or counterfeit goods, along with long shipping times if the item is shipped at all. TEMU seems to be following in their footsteps, but those aren’t the only drawbacks to using TEMU.

    According to the Better Business Bureau (BBB), TEMU is harvesting customer data like there’s no tomorrow. The BBB says that TEMU is collecting such information as the customer’s name, phone number, address, birthdate, social media photos, and even social security numbers. So how is that different from the major U.S. retailers?

    The BBB is concerned that since TEMU is based in China, scammers, identity thieves, and other bad actors may have easier access to that data. While data leaks do happen in the U.S., there are laws to try to protect those affected by the leaks and admonish the leakers. Many other countries do not have such laws, especially when the victims of such leaks are from another country from the other side of the world.

    In a world where personal information is more valuable than ever, it’s essential to tread carefully when navigating the digital marketplace. While TEMU offers enticing deals and a wide range of products, it’s crucial to remember that convenience shouldn’t come at the cost of your personal data security.

     
  • Geebo 8:00 am on May 30, 2023 Permalink | Reply
    Tags: cybersecurity, , , , ,   

    Vacation scams are on their way 

    Vacation scams are on their way

    By Greg Collier

    With Memorial Day weekend behind us, many of use will be looking to book our summer vacations. Unfortunately, dream vacations can often turn to nightmares thanks to scammers. The Better Business Bureau has issued a warning about various scams vacation-goers may encounter if they’re not careful.

    One of the more common scams that could ruin a vacation is the rental scam. It works in the same way as a long-term rental scam works. Scammers will list properties online for short-term rental they don’t actually own. More often than not, the listing is copied from a legitimate listing, although the scammers are advertising the rental at below-market prices. Research is key when looking to rent a home for your vacation. Do a web search of the property’s address, and you might find multiple listings online that show different owners, different rental agencies, and different prices. If the listing you found is the one with the lowest price, there is a very good chance that is the scam listing.

    If you decide to go down the motel/hotel route, be wary of calls to your room from the front desk. A scam that has become popular over the last few years is when scammers call your room. They’ll call late at night while posing as the front desk. The caller will say your credit card didn’t go through and will ask for your credit card information again. The scammers are hoping that you’ll give them your credit card information instead of going down to the front desk. If you didn’t use a credit card, you’ll know you’re being scammed. If you did book your room with a credit card, always go to the front desk if there is a supposed problem with it.

    Lastly, you may want to be careful when using the wifi at your lodgings. Using public wifi in general can open you up to a number of security risks, such as exposing your financial information. While travelling, think about purchasing a plan with a virtual private network (VPN). VPNs can block your information from being seen on public wifi. However, when choosing a VPN, always go with a paid plan, as free VPNs are often just a disguise for more security risks.

     
  • Geebo 8:00 am on March 31, 2023 Permalink | Reply
    Tags: , , cybersecurity, , ,   

    BBB warns of Smart TV scam 

    By Greg Collier

    With our homes having more and more internet-connected devices, many of these devices can be vulnerable to cyberattacks. This includes your smart TV or any internet-connected device you may have connected to your TV, like a Roku or Amazon Fire Stick. And whenever someone is vulnerable to a cyberattack, scammers are sure to follow. The Better Business Bureau has issued an urgent warning about smart TV attacks, which can cause the victim to lose money.

    Hackers can hijack smart TVs through various methods, including exploiting vulnerabilities in the software, using phishing scams to gain access to the TV’s credentials, or exploiting weaknesses in the network that the TV is connected to.

    One common method is to use malware to exploit vulnerabilities in the TV’s software, such as outdated firmware or unpatched security holes. Once the malware gains access to the TV, it can be used to control the TV remotely and perform a variety of malicious actions, such as displaying fake messages, installing additional malware, or even spying on the user through the TV’s camera and microphone.

    What we’re concerned with today is smart TVs that display fake messages. If a smart TV has been exploited, scammers will prevent the user from setting up their TV properly. A pop-up message will appear on the TV claiming there is an issue with setting up the TV or possibly a streaming service. A phone number is typically displayed within the pop-up.

    If someone were to call the number listed on the screen, they would be connected with scammers posing as a customer service department. The scammers will try to convince the user that a fee is required in order to obtain TV service. More often than not, the scammers will ask for payment in the usual scammer ways, such as gift cards or cryptocurrency.

    To prevent smart TV hijacking, it is important to keep the TV’s software updated, use strong passwords for the TV and network, and avoid clicking on suspicious links or downloading unknown apps. Additionally, users should be wary of giving unnecessary permissions to apps installed on the TV, such as access to the camera and microphone.

    Also, be suspicious of any pop-up messages that come across your TV asking you to call a customer service department. A Google search for the number could turn up if it’s a scam calling center. If you do need to call a manufacturer or service provider, make sure to get their official phone number of the company’s website.

     
  • Geebo 9:01 am on January 23, 2023 Permalink | Reply
    Tags: cybersecurity, , , , ,   

    Inactive Facebook account leads to puppy scam 

    By Greg Collier

    A woman from Long Island recently had people showing up at her home looking to pick up the puppies they had bought online. The only problem was, the Long Island woman wasn’t selling any puppies. The people showing up at her door were victims of a puppy scam. In this instance, puppy scammers were advertising puppies for sale that didn’t exist. The scammers would ask for hundreds of dollars in deposits from victims and had them pay through the much maligned payment app Zelle. Undoubtedly, the woman started to be concerned for her safety. In the past, we have seen reports of puppy scam victims becoming belligerent when they’ve been sent to a random address.

    However, the woman’s address wasn’t exactly random. She had a Facebook account, which she hadn’t used in years. Scammers were able to hijack her Facebook account, and used it to advertise the fictitious puppies. Since they were using the woman’s Facebook account, the scammers decided to send their victims to the woman’s address. When the woman discovered her Facebook account was being used, she tried to reclaim the account, but the scammers had changed the email address and password. She even contacted Facebook, who allegedly said they couldn’t take the account down because it didn’t violate their terms of service.

    So, we have two scams at work here, the aforementioned puppy scam and a type of identity theft. If you have an old social media account you haven’t used in years, it’s a good idea to just delete the account. This will prevent the account from being hijacked by scammers and other bad actors. However, if you want to keep the account around just in case, make sure you’re not using the same password for multiple online accounts. This is one of the leading ways social media accounts get stolen. You should also routinely change the passwords on your accounts. And definitely enable two-factor authentication on your accounts. These aren’t guarantees that your accounts will be 100% secure, but they will go a long way in discouraging con artists from hijacking your accounts.

    As far as the puppy scam goes, you should never buy a puppy or any other animal without seeing it in person first. Many puppy scammers just steal pictures of puppies off the internet to use in their advertisements. Even if you’re shown a puppy on Zoom or FaceTime, it doesn’t necessarily mean you won’t be scammed. Shop for a puppy within driving distance and never order from out of state, and never make any payment over apps like Zelle, Venmo, or Cash App, since they’re preferred by scammers. Instead of trying to buy a puppy online, think about adopting one from your local shelter.

     
  • Geebo 8:00 am on August 18, 2022 Permalink | Reply
    Tags: cybersecurity, , , Office, ,   

    Free Microsoft Office flash drives are a scam 

    By Greg Collier

    If you use a computer at home or at work, there’s a pretty good chance you’ve used the Microsoft Office suite. It’s the software package that contains Word, Excel, and PowerPoint among others. While you don’t have to pay for Office at your job, you do have to pay for it if you want to use it at home after the limited free trial is over? Currently, Microsoft is charging $100 a year to home users, but what if a free version was shipped to your home? Would you install it on your computer? You may want to think before installing Office if you received it in the mail.

    According to cybersecurity experts, residents in the UK have been receiving USB drives in the mail that appear to be coming from Microsoft. The box that the flash drives come in even looks like an official Microsoft product. However, if you plug the flash drive to your computer, you won’t get Microsoft Office. Instead, you’ll get a virus warning pop up on your computer, along with a phone number to call Microsoft at, so you can resolve your issue. Except, the number doesn’t really go to Microsoft. It goes to a phone bank of scammers instead.

    If someone were to call the phone number, the scammer will ask you to download a program that would give them remote access to your computer. From there, a number of scams can be perpetrated, such as stealing your financial login credentials, among others.

    Just in general, you should never plug strange USB drives into your computer. Whether you find one in a parking lot or get one in the mail, plugging strange drives into your computer can cause any number of problems, from scams to ransomware and more. If you put a strange USB drive into your computer, you’re risking not only compromising your computer, but potentially other computers in your home or business network as well. USB drives that you didn’t buy personally should be seen as suspicious and should be disposed of.

    And while this is currently happening in the UK, it could be only a matter of time before we see these flash drives being sent to US citizens.

     
  • Geebo 8:00 am on June 23, 2022 Permalink | Reply
    Tags: cybersecurity, , , , , ,   

    Marketplace scam could send angry strangers to your home 

    Marketplace scam could send angry strangers to your home

    By Greg Collier

    Typically, when we discuss scams carried out through Facebook Marketplace, they’re the ones that plague a lot of online marketplace platforms. Of course, there’s the fake check/overpayment scam. Lately, the Google Voice verification scam has been popular on Marketplace. There have also been a number of rental scams, just to name a few. Now, a new scam has been reported that could have unintended consequences for all victims involved.

    According to a report out of Tulsa, Oklahoma, scammers are hijacking the Facebook accounts of their victims through phishing attacks. The report states specifically that the scammers are posing as old friends that you may not have heard from in a while. However, the scammers use the hijacked accounts to place items for sale on Marketplace that didn’t actually exist. While some of the items have been mundane, like furniture, other listings have been advertising purebred puppies.

    As we have seen with previous puppy scams, scammers will often list a fake address to make their scam seem more legitimate. This has led to victims showing up to homes where they think they’re about to get a puppy, only to be turned away in disappointment. While some victims understood the situation, others have become angry at the people living at the address listed, thinking that the residents are part of the scam.

    If scammers are collecting money through apps like Venmo, Cash App, or Zelle, they could be sending their victims to the address of a person with a hijacked Facebook account. This scam could potentially lead to a violent encounter.

    The best way to protect yourself is to keep your Facebook account secure. Consider making your account private to your friends and family only. Use a password that can’t be guessed easily. For that, you can use a password generator service. Even most modern web browsers have a password manager built in. Lastly, you should enable two-factor authentication on your Facebook account. This means there would be a two-step process into signing in to your Facebook account.

    While none of these methods are foolproof, they do go a long way in keeping your digital life secure.

    Video: Stolen Facebook account posts fake ads, sends strangers to woman’s doorstep

     
  • Geebo 9:00 am on January 14, 2022 Permalink | Reply
    Tags: cybersecurity, , ,   

    Grandchildren are huge security risks 

    By Greg Collier

    The grandparent scam is one of the worst scams that continues to plague seniors in our country. For those who may be unfamiliar with the grandparent scam, it’s when a scammer calls an elderly victim posing as one of the victim’s grandchildren. Typically, the scammer will say that they’re in some kind of legal trouble and need money for bail or some other legal fee. They’ll then instruct the victim not to tell anyone else in the family because they’re embarrassed, but what they’re really doing is making sure the victim’s family is unaware of the scam. This scam has cost seniors thousands of dollars at a time and has put the victim’s safety at risk.

    Grandparent scammers often possess very detailed information about the person they’re claiming to be. According to the Better Business Bureau, this is because younger generations tend to overshare information on social media. This leads the scammers to all sorts of information about the victim’s family. The reason this is important is that it circumvents one of the ways usually used to detect this scam. Security experts typically advise seniors to ask the caller a question that only the grandchild would know. Now, that answer may actually be floating around on social media.

    However, there are still ways to help you or someone in your family from becoming a victim of this scam. The best way is for your family you to set up a secret phrase or word with each other to use in case of any actual emergency. But, if you ever receive a call like this, it’s not going to hurt anyone to hang up and try to contact your family to make sure the grandchild is actually ok. Nobody arrested ever got extra jail time because a grandparent wanted to verify their story.

    Again, we ask that if you have an older family member who may not be up on the latest technology, please share this blog post with them or show them any one of the many articles about this scam.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel