Tagged: cybersecurity Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on August 18, 2022 Permalink | Reply
    Tags: cybersecurity, , , Office, ,   

    Free Microsoft Office flash drives are a scam 

    By Greg Collier

    If you use a computer at home or at work, there’s a pretty good chance you’ve used the Microsoft Office suite. It’s the software package that contains Word, Excel, and PowerPoint among others. While you don’t have to pay for Office at your job, you do have to pay for it if you want to use it at home after the limited free trial is over? Currently, Microsoft is charging $100 a year to home users, but what if a free version was shipped to your home? Would you install it on your computer? You may want to think before installing Office if you received it in the mail.

    According to cybersecurity experts, residents in the UK have been receiving USB drives in the mail that appear to be coming from Microsoft. The box that the flash drives come in even looks like an official Microsoft product. However, if you plug the flash drive to your computer, you won’t get Microsoft Office. Instead, you’ll get a virus warning pop up on your computer, along with a phone number to call Microsoft at, so you can resolve your issue. Except, the number doesn’t really go to Microsoft. It goes to a phone bank of scammers instead.

    If someone were to call the phone number, the scammer will ask you to download a program that would give them remote access to your computer. From there, a number of scams can be perpetrated, such as stealing your financial login credentials, among others.

    Just in general, you should never plug strange USB drives into your computer. Whether you find one in a parking lot or get one in the mail, plugging strange drives into your computer can cause any number of problems, from scams to ransomware and more. If you put a strange USB drive into your computer, you’re risking not only compromising your computer, but potentially other computers in your home or business network as well. USB drives that you didn’t buy personally should be seen as suspicious and should be disposed of.

    And while this is currently happening in the UK, it could be only a matter of time before we see these flash drives being sent to US citizens.

     

  • Geebo 8:00 am on June 23, 2022 Permalink | Reply
    Tags: cybersecurity, , , , , ,   

    Marketplace scam could send angry strangers to your home 

    Marketplace scam could send angry strangers to your home

    By Greg Collier

    Typically, when we discuss scams carried out through Facebook Marketplace, they’re the ones that plague a lot of online marketplace platforms. Of course, there’s the fake check/overpayment scam. Lately, the Google Voice verification scam has been popular on Marketplace. There have also been a number of rental scams, just to name a few. Now, a new scam has been reported that could have unintended consequences for all victims involved.

    According to a report out of Tulsa, Oklahoma, scammers are hijacking the Facebook accounts of their victims through phishing attacks. The report states specifically that the scammers are posing as old friends that you may not have heard from in a while. However, the scammers use the hijacked accounts to place items for sale on Marketplace that didn’t actually exist. While some of the items have been mundane, like furniture, other listings have been advertising purebred puppies.

    As we have seen with previous puppy scams, scammers will often list a fake address to make their scam seem more legitimate. This has led to victims showing up to homes where they think they’re about to get a puppy, only to be turned away in disappointment. While some victims understood the situation, others have become angry at the people living at the address listed, thinking that the residents are part of the scam.

    If scammers are collecting money through apps like Venmo, Cash App, or Zelle, they could be sending their victims to the address of a person with a hijacked Facebook account. This scam could potentially lead to a violent encounter.

    The best way to protect yourself is to keep your Facebook account secure. Consider making your account private to your friends and family only. Use a password that can’t be guessed easily. For that, you can use a password generator service. Even most modern web browsers have a password manager built in. Lastly, you should enable two-factor authentication on your Facebook account. This means there would be a two-step process into signing in to your Facebook account.

    While none of these methods are foolproof, they do go a long way in keeping your digital life secure.

    Video: Stolen Facebook account posts fake ads, sends strangers to woman’s doorstep

     

  • Geebo 9:00 am on January 14, 2022 Permalink | Reply
    Tags: cybersecurity, , ,   

    Grandchildren are huge security risks 

    By Greg Collier

    The grandparent scam is one of the worst scams that continues to plague seniors in our country. For those who may be unfamiliar with the grandparent scam, it’s when a scammer calls an elderly victim posing as one of the victim’s grandchildren. Typically, the scammer will say that they’re in some kind of legal trouble and need money for bail or some other legal fee. They’ll then instruct the victim not to tell anyone else in the family because they’re embarrassed, but what they’re really doing is making sure the victim’s family is unaware of the scam. This scam has cost seniors thousands of dollars at a time and has put the victim’s safety at risk.

    Grandparent scammers often possess very detailed information about the person they’re claiming to be. According to the Better Business Bureau, this is because younger generations tend to overshare information on social media. This leads the scammers to all sorts of information about the victim’s family. The reason this is important is that it circumvents one of the ways usually used to detect this scam. Security experts typically advise seniors to ask the caller a question that only the grandchild would know. Now, that answer may actually be floating around on social media.

    However, there are still ways to help you or someone in your family from becoming a victim of this scam. The best way is for your family you to set up a secret phrase or word with each other to use in case of any actual emergency. But, if you ever receive a call like this, it’s not going to hurt anyone to hang up and try to contact your family to make sure the grandchild is actually ok. Nobody arrested ever got extra jail time because a grandparent wanted to verify their story.

    Again, we ask that if you have an older family member who may not be up on the latest technology, please share this blog post with them or show them any one of the many articles about this scam.

     

  • Geebo 8:00 am on August 27, 2020 Permalink | Reply
    Tags: cybersecurity, , ,   

    Package delivery update text is a scam 

    Package delivery update text is a scam

    We first discussed the delivery update scam back in January of this year. Now, with even more people receiving deliveries at home, the scam seems to have returned with a vengeance. Various law enforcement agencies and consumer protection groups from all over the country have issued warnings about this scam recently.

    The way the scam works is that you’ll receive an unsolicited text message like the one above. It may claim to be from a delivery service like FedEx, DHL, or UPS. Other times they’ll claim to be from Amazon directly but they’ll all tell you t6he same thing. The messages state that you have an undelivered package that needs your preferred delivery option. Then at the very end of the message, a link will be provided for you to click on.

    As I’m sure you’ve guessed by now, you should not click on the link. Doing so will take you to a page that is designed to look like it’s an Amazon page. The fake Amazon page will then ask you to fill out a customer service survey in order to claim a prize. After you win the prize, you’ll be asked to pay for shipping by providing your financial information. From there, the scammers can do pretty much what they want with your financial information. In some instances, victims have been signed up for subscription services related to their ‘prize’ that ended up costing them $100 a month.

    While delivery services do have text messaging services that notify you about the arrival of your package, you need to sign up with these services first before the delivery company will text you. So, if you have not signed up for this service and receive one of these text messages, there are a couple of things you can do. The first is to just ignore it and delete it. The other thing you can do is copy the text of the message, paste it into a new text message, and text it to the Federal Trade Commission at 7726 (SPAM).

    Whatever you do, don’t click on the link or respond to the text. Even if you respond, scammers will know that your number is a working one which will just invite more scams.

     

  • Geebo 8:00 am on April 15, 2020 Permalink | Reply
    Tags: cybersecurity, , virtual classrooms, virtual meetings, Zoom   

    Half a million Zoom accounts for sale 

    Half a million Zoom accounts for sale

    With so many of us now working from home, a great many of us have had to attend virtual meetings. The most popular app to accomplish these meetings has been Zoom. While Zoom has been a blessing to help keep many businesses running, it has not been without its problems. A slew of internet pranksters have been able to gain access to live Zoom meetings. While some of the pranks have been harmless, others have seen explicit or violent imagery shared. There have even been instances of hate speech being spouted during some of these meetings. Considering that Zoom has also been used for virtual classrooms, the potential for abuse becomes even more disturbing.

    [youtube https://www.youtube.com/watch?v=JaecW3jEBZk%5D

    To compound problems for Zoom, over 500,000 Zoom account credentials are being put up for sale on the dark web and in hacker forums. Hackers won’t be using them for just internet pranks as the credentials contain user email addresses and passwords. If the passwords are one a user has for multiple other accounts then that user can have their accounts on multiple platforms hacked. This could not only lead to the user’s identity being stolen but could also lead to financial losses if the user’s security isn’t stable enough.

    Thankfully, Zoom already has security measures in place that users can enable to better secure their meetings and information. A list of those features can be found here but the main ones you should enable for every meeting are the ‘waiting room’ feature and the ‘lockdown’ feature. The former will allow you to screen participants in the meeting before you allow them to enter the meeting while the latter will allow you to eject unwelcome visitors. However, the best way to keep unwanted guests out of your meetings or classrooms is to not share the meeting information publicly.

     

  • Geebo 8:00 am on March 20, 2020 Permalink | Reply
    Tags: , cybersecurity, , e-skimming, ,   

    FBI warning about shopping scam 

    FBI warning about shopping scam

    With many of us staying home these days while practicing social distancing, a lot of us will be ordering items online so we can avoid the crowds at stores. As can be expected, scammers are trying to take advantage of this situation too. The most concerning part is that this particular scam can affect legitimate retail sites and gives no indication that your information is at risk. This is why the FBI is warning consumers to keep an eye on their billing statements to make sure there are no unwarranted charges on your statements.

    According to the FBI, in an attack known as e-skimming, cybercriminals are injecting code into the websites of retailers. This code then allows the scammers to copy the information on your credit or debit card. With the way e-skimming works, neither the retailer not the customer will know that they’ve been scammed until it’s too late. The scammers will then sell the card information online to the highest bidder. Unfortunately, there is no way to detect if the retail site you’re using has been infected by the e-skimming code.

    [youtube https://www.youtube.com/watch?v=jb5aML–Mik%5D

    While these types of attacks are usually caught by retailers within a few days there are steps you can take to protect your information. One of the ways is only using a credit card online as credit cards have better fraud protection than most debit cards. Your bank may also be able to provide you with temporary one-time card numbers that you can use once and won’t work when copied. If your bank does not provide this service there are legitimate online platforms that can provide this service.

    While the odds of e-skimming happening to you are small, they’re not zero. It’s better to have the protection and not need it than needing it and not having it.

     

  • Geebo 8:01 am on March 16, 2020 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Are new remote workers a security threat? 

    Are new remote workers a security threat?

    With the new coronavirus recommendations designed to try to prevent the virus from spreading any further, many companies are requiring their employees to work at home. For many, this will be the first time that they will be working remotely. All these new remote workers could also mean new security risks that their employers may not be prepared for.

    One of these threats is phishing attacks. We’ve discussed phishing attacks many times before and they’re nothing new for most companies. In short, hackers or scammers will send fake emails trying to get the recipient to click on a link or download an attachment. Usually, these links or attachments contain malware that can infect a corporation’s entire system. In the corporate world, these emails often look like legitimate emails from your employer. If you receive an email like this, hover your cursor over the link to make sure it goes someplace safe. If it has an attachment, verify the sender exists within your company and then verify with them that the attachment is legitimate.

    For example in the UK, an email was sent to all the employees of several healthcare organizations asking employees to click on a link so they could register for a coronavirus safety seminar. The link went to a website that appeared to be an Outlook Web App and when the user would enter their contact information that information would then be stolen.

    Another corporate phishing attack that has been on the rise is the impersonation scam. This when an employee receives an email from a company executive’s email address but wasn’t sent from the executive. Often this scam targets payroll or other financial employees. These emails will often ask for large sums of money to be wired or to change the bank account from where the money is normally held. If you receive one of these emails it never hurts to contact the executive directly by phone to verify the transaction being requested.

    While working at home can be distracting to some, take a moment to verify questionable emails. A few minutes out of your schedule is better than bring an entire company to a halt.

     

  • Geebo 8:00 am on March 13, 2020 Permalink | Reply
    Tags: , , cybersecurity, , ,   

    Phony coronavirus websites are on the rise 

    Phony coronavirus websites are on the rise

    Previously when we discussed coronavirus related phishing attacks, we mentioned that emails sent by scammers will try to disguise themselves as being from organizations like the CDC or WHO by using similar email addresses to the actual ones. For example, if the CDC were to send an email the address would be from cdc.gov. Scammers may try to use an address like CDC-gov.com. Not being satisfied with just posing as life-saving aid organizations, scammers are now registering coronavirus related domains in droves. These are the addresses that use to go to a website such as geebo.com.

    According to cybersecurity experts, scammers are registering domains such as coronavirusstatus[.]space, coronavirus[.]zone and survivecoronavirus[.]org just to name a few. A more comprehensive list can be found at this link. Scammers are registering these domain names either to use in phishing emails or to inject malware on your device. For the foreseeable future, if you get an email with a domain name that contains the word ‘coronavirus’ or other related terms, consider it to be harmful. Any links or attachments that these emails contain should not be clicked on as they could lead to malware which could potentially steal your personal or financial information. You could then unwittingly infect all devices connected to your network.

    [youtube https://www.youtube.com/watch?v=WPPaybzkHtw%5D

    And again, you should be on the lookout for other coronavirus scams as well. Like we’ve mentioned before, as of the time of this posting, there is no cure or vaccine for the coronavirus. Anyone promising you otherwise is trying to rip you off. Testing is limited in the US right now, anyone who is not a government agency or medical professional cannot test you for coronavirus and is either pushing snake oil or trying to steal your financial information.

    While the coronavirus, or covid-19 if you prefer, is a real danger and something we should be concerned about, don’t allow fear to get the better of you. In a crisis like this, panic helps no one. Look to your local media and state government about how the virus is affecting your area and heed those warnings. If we all work together, we can get through this.

     

  • Geebo 8:00 am on March 12, 2020 Permalink | Reply
    Tags: , cybersecurity, , ,   

    Scary scammer targets 10-year-old on TikTok 

    Scary scammer targets 10-year-old on TikTok

    Children love social media. If they’re not messaging their friends they’re either interacting with celebrities and personalities or even creating their own content. One of the most popular social media apps among children is TikTok. It allows its users to create short videos or they can follow and watch the videos of other creators. As with most social media, users can interact with each other through comments and messages. If these interactions are not monitored it could lead to inappropriate contact and other potentially dangerous situations.

    A 10-year-old girl from Idaho was on TikTok and was recently contacted by a stranger through the app. The person who contacted her said they were looking for a ‘sugar baby’ that they could spoil with gifts and money. While this sounds like the actions of an online predator’s attempt to groom a child, this interaction took a different turn. The person who approached the girl said that in order to ‘spoil’ the girl they would need her parents’ ATM and bank card information. Thankfully, the girl was smart enough to tell her parents about the messages who in turn called local police. However, the alleged scammer could be from anywhere and no apprehension has been made and the suspect may never be caught.

    [youtube https://youtu.be/jqTn90l7urI%5D

    While most children love apps like TokTok that doesn’t mean they should be on them unattended. Most platforms including TikTok set the minimum age of users to 13 in their terms of service. Even if children meet the minimum age requirement that still shouldn’t mean they can be left on any social platform without having some form of monitoring. A good rule in helping keep children safe online is to instill a no devices after bedtime rule. If your children are using iPhones or iPads, iOS has parental controls that you can learn to use here. If your children are on Android phones and tablets parental control instructions can be found here. You can also find tips and tricks to keep your children safe online at the US Attorney’s Office website and NetSmartz.org.

     

  • Geebo 9:00 am on February 7, 2020 Permalink | Reply
    Tags: cybersecurity, , Google Docs, ,   

    Google Docs used in phishing attack 

    Google Docs used in phishing attack

    It’s difficult to accomplish anything online without using one of Google’s many products. Whether your work uses Gmail as its email service or just conducting a simple web search, the majority of us will use a Google product on a daily basis. With most web users using Google’s Chrome browser, many users are entrenched into the Google ecosystem by default. Because of Google’s reach across the internet, it should come as no surprise that opportunistic cybercriminals will use Google’s familiarity to try to compromise your device and information. Once such instance of these tactics has been recently reported.

    Scammers are sending out emails that appear to be from someone on your contacts list who is sharing a document with you from Google Docs. The email will have logos attached from Google and Norton Security. The email will also say that the email has been scanned for viruses. Then there will be a link leading you to the supposed document. If you click on the link, malware could be installed on your device that not only could steal your information but it could also send out similar phishing emails to everyone on your contact list further spreading this latest attack. This is similar to an attack that happened back in 2017.

    [youtube https://www.youtube.com/watch?v=DybcrJyqvAA%5D

    The best way to protect yourself from this attack is to verify with the sender to make sure if this is a legitimate email or not. Enabling two-factor authentication on your email service will also go a long way in preventing your email from being hijacked. If the scammers can’t access your email remotely then they won’t be able to gain control of your outgoing emails. Most email providers offer two-factor authentication protection. While 2FA is not a 100% guarantee of protection, it does prevent a great number of attacks.

     

← Older posts

Newer posts →

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel