Tagged: cybersecurity Toggle Comment Threads | Keyboard Shortcuts

  • Greg Collier 8:00 am on March 31, 2023 Permalink | Reply
    Tags: , , cybersecurity, , ,   

    BBB warns of Smart TV scam 

    By Greg Collier

    With our homes having more and more internet-connected devices, many of these devices can be vulnerable to cyberattacks. This includes your smart TV or any internet-connected device you may have connected to your TV, like a Roku or Amazon Fire Stick. And whenever someone is vulnerable to a cyberattack, scammers are sure to follow. The Better Business Bureau has issued an urgent warning about smart TV attacks, which can cause the victim to lose money.

    Hackers can hijack smart TVs through various methods, including exploiting vulnerabilities in the software, using phishing scams to gain access to the TV’s credentials, or exploiting weaknesses in the network that the TV is connected to.

    One common method is to use malware to exploit vulnerabilities in the TV’s software, such as outdated firmware or unpatched security holes. Once the malware gains access to the TV, it can be used to control the TV remotely and perform a variety of malicious actions, such as displaying fake messages, installing additional malware, or even spying on the user through the TV’s camera and microphone.

    What we’re concerned with today is smart TVs that display fake messages. If a smart TV has been exploited, scammers will prevent the user from setting up their TV properly. A pop-up message will appear on the TV claiming there is an issue with setting up the TV or possibly a streaming service. A phone number is typically displayed within the pop-up.

    If someone were to call the number listed on the screen, they would be connected with scammers posing as a customer service department. The scammers will try to convince the user that a fee is required in order to obtain TV service. More often than not, the scammers will ask for payment in the usual scammer ways, such as gift cards or cryptocurrency.

    To prevent smart TV hijacking, it is important to keep the TV’s software updated, use strong passwords for the TV and network, and avoid clicking on suspicious links or downloading unknown apps. Additionally, users should be wary of giving unnecessary permissions to apps installed on the TV, such as access to the camera and microphone.

    Also, be suspicious of any pop-up messages that come across your TV asking you to call a customer service department. A Google search for the number could turn up if it’s a scam calling center. If you do need to call a manufacturer or service provider, make sure to get their official phone number of the company’s website.

     
  • Greg Collier 9:01 am on January 23, 2023 Permalink | Reply
    Tags: cybersecurity, , , , ,   

    Inactive Facebook account leads to puppy scam 

    By Greg Collier

    A woman from Long Island recently had people showing up at her home looking to pick up the puppies they had bought online. The only problem was, the Long Island woman wasn’t selling any puppies. The people showing up at her door were victims of a puppy scam. In this instance, puppy scammers were advertising puppies for sale that didn’t exist. The scammers would ask for hundreds of dollars in deposits from victims and had them pay through the much maligned payment app Zelle. Undoubtedly, the woman started to be concerned for her safety. In the past, we have seen reports of puppy scam victims becoming belligerent when they’ve been sent to a random address.

    However, the woman’s address wasn’t exactly random. She had a Facebook account, which she hadn’t used in years. Scammers were able to hijack her Facebook account, and used it to advertise the fictitious puppies. Since they were using the woman’s Facebook account, the scammers decided to send their victims to the woman’s address. When the woman discovered her Facebook account was being used, she tried to reclaim the account, but the scammers had changed the email address and password. She even contacted Facebook, who allegedly said they couldn’t take the account down because it didn’t violate their terms of service.

    So, we have two scams at work here, the aforementioned puppy scam and a type of identity theft. If you have an old social media account you haven’t used in years, it’s a good idea to just delete the account. This will prevent the account from being hijacked by scammers and other bad actors. However, if you want to keep the account around just in case, make sure you’re not using the same password for multiple online accounts. This is one of the leading ways social media accounts get stolen. You should also routinely change the passwords on your accounts. And definitely enable two-factor authentication on your accounts. These aren’t guarantees that your accounts will be 100% secure, but they will go a long way in discouraging con artists from hijacking your accounts.

    As far as the puppy scam goes, you should never buy a puppy or any other animal without seeing it in person first. Many puppy scammers just steal pictures of puppies off the internet to use in their advertisements. Even if you’re shown a puppy on Zoom or FaceTime, it doesn’t necessarily mean you won’t be scammed. Shop for a puppy within driving distance and never order from out of state, and never make any payment over apps like Zelle, Venmo, or Cash App, since they’re preferred by scammers. Instead of trying to buy a puppy online, think about adopting one from your local shelter.

     
  • Greg Collier 8:00 am on August 18, 2022 Permalink | Reply
    Tags: cybersecurity, , , Office, ,   

    Free Microsoft Office flash drives are a scam 

    By Greg Collier

    If you use a computer at home or at work, there’s a pretty good chance you’ve used the Microsoft Office suite. It’s the software package that contains Word, Excel, and PowerPoint among others. While you don’t have to pay for Office at your job, you do have to pay for it if you want to use it at home after the limited free trial is over? Currently, Microsoft is charging $100 a year to home users, but what if a free version was shipped to your home? Would you install it on your computer? You may want to think before installing Office if you received it in the mail.

    According to cybersecurity experts, residents in the UK have been receiving USB drives in the mail that appear to be coming from Microsoft. The box that the flash drives come in even looks like an official Microsoft product. However, if you plug the flash drive to your computer, you won’t get Microsoft Office. Instead, you’ll get a virus warning pop up on your computer, along with a phone number to call Microsoft at, so you can resolve your issue. Except, the number doesn’t really go to Microsoft. It goes to a phone bank of scammers instead.

    If someone were to call the phone number, the scammer will ask you to download a program that would give them remote access to your computer. From there, a number of scams can be perpetrated, such as stealing your financial login credentials, among others.

    Just in general, you should never plug strange USB drives into your computer. Whether you find one in a parking lot or get one in the mail, plugging strange drives into your computer can cause any number of problems, from scams to ransomware and more. If you put a strange USB drive into your computer, you’re risking not only compromising your computer, but potentially other computers in your home or business network as well. USB drives that you didn’t buy personally should be seen as suspicious and should be disposed of.

    And while this is currently happening in the UK, it could be only a matter of time before we see these flash drives being sent to US citizens.

     
  • Greg Collier 8:00 am on June 23, 2022 Permalink | Reply
    Tags: cybersecurity, , , , , ,   

    Marketplace scam could send angry strangers to your home 

    Marketplace scam could send angry strangers to your home

    By Greg Collier

    Typically, when we discuss scams carried out through Facebook Marketplace, they’re the ones that plague a lot of online marketplace platforms. Of course, there’s the fake check/overpayment scam. Lately, the Google Voice verification scam has been popular on Marketplace. There have also been a number of rental scams, just to name a few. Now, a new scam has been reported that could have unintended consequences for all victims involved.

    According to a report out of Tulsa, Oklahoma, scammers are hijacking the Facebook accounts of their victims through phishing attacks. The report states specifically that the scammers are posing as old friends that you may not have heard from in a while. However, the scammers use the hijacked accounts to place items for sale on Marketplace that didn’t actually exist. While some of the items have been mundane, like furniture, other listings have been advertising purebred puppies.

    As we have seen with previous puppy scams, scammers will often list a fake address to make their scam seem more legitimate. This has led to victims showing up to homes where they think they’re about to get a puppy, only to be turned away in disappointment. While some victims understood the situation, others have become angry at the people living at the address listed, thinking that the residents are part of the scam.

    If scammers are collecting money through apps like Venmo, Cash App, or Zelle, they could be sending their victims to the address of a person with a hijacked Facebook account. This scam could potentially lead to a violent encounter.

    The best way to protect yourself is to keep your Facebook account secure. Consider making your account private to your friends and family only. Use a password that can’t be guessed easily. For that, you can use a password generator service. Even most modern web browsers have a password manager built in. Lastly, you should enable two-factor authentication on your Facebook account. This means there would be a two-step process into signing in to your Facebook account.

    While none of these methods are foolproof, they do go a long way in keeping your digital life secure.

    Video: Stolen Facebook account posts fake ads, sends strangers to woman’s doorstep

     
  • Greg Collier 9:00 am on January 14, 2022 Permalink | Reply
    Tags: cybersecurity, , ,   

    Grandchildren are huge security risks 

    By Greg Collier

    The grandparent scam is one of the worst scams that continues to plague seniors in our country. For those who may be unfamiliar with the grandparent scam, it’s when a scammer calls an elderly victim posing as one of the victim’s grandchildren. Typically, the scammer will say that they’re in some kind of legal trouble and need money for bail or some other legal fee. They’ll then instruct the victim not to tell anyone else in the family because they’re embarrassed, but what they’re really doing is making sure the victim’s family is unaware of the scam. This scam has cost seniors thousands of dollars at a time and has put the victim’s safety at risk.

    Grandparent scammers often possess very detailed information about the person they’re claiming to be. According to the Better Business Bureau, this is because younger generations tend to overshare information on social media. This leads the scammers to all sorts of information about the victim’s family. The reason this is important is that it circumvents one of the ways usually used to detect this scam. Security experts typically advise seniors to ask the caller a question that only the grandchild would know. Now, that answer may actually be floating around on social media.

    However, there are still ways to help you or someone in your family from becoming a victim of this scam. The best way is for your family you to set up a secret phrase or word with each other to use in case of any actual emergency. But, if you ever receive a call like this, it’s not going to hurt anyone to hang up and try to contact your family to make sure the grandchild is actually ok. Nobody arrested ever got extra jail time because a grandparent wanted to verify their story.

    Again, we ask that if you have an older family member who may not be up on the latest technology, please share this blog post with them or show them any one of the many articles about this scam.

     
  • Greg Collier 8:00 am on August 27, 2020 Permalink | Reply
    Tags: cybersecurity, , ,   

    Package delivery update text is a scam 

    Package delivery update text is a scam

    We first discussed the delivery update scam back in January of this year. Now, with even more people receiving deliveries at home, the scam seems to have returned with a vengeance. Various law enforcement agencies and consumer protection groups from all over the country have issued warnings about this scam recently.

    The way the scam works is that you’ll receive an unsolicited text message like the one above. It may claim to be from a delivery service like FedEx, DHL, or UPS. Other times they’ll claim to be from Amazon directly but they’ll all tell you t6he same thing. The messages state that you have an undelivered package that needs your preferred delivery option. Then at the very end of the message, a link will be provided for you to click on.

    As I’m sure you’ve guessed by now, you should not click on the link. Doing so will take you to a page that is designed to look like it’s an Amazon page. The fake Amazon page will then ask you to fill out a customer service survey in order to claim a prize. After you win the prize, you’ll be asked to pay for shipping by providing your financial information. From there, the scammers can do pretty much what they want with your financial information. In some instances, victims have been signed up for subscription services related to their ‘prize’ that ended up costing them $100 a month.

    While delivery services do have text messaging services that notify you about the arrival of your package, you need to sign up with these services first before the delivery company will text you. So, if you have not signed up for this service and receive one of these text messages, there are a couple of things you can do. The first is to just ignore it and delete it. The other thing you can do is copy the text of the message, paste it into a new text message, and text it to the Federal Trade Commission at 7726 (SPAM).

    Whatever you do, don’t click on the link or respond to the text. Even if you respond, scammers will know that your number is a working one which will just invite more scams.

     
  • Greg Collier 8:00 am on April 15, 2020 Permalink | Reply
    Tags: cybersecurity, , virtual classrooms, virtual meetings, Zoom   

    Half a million Zoom accounts for sale 

    Half a million Zoom accounts for sale

    With so many of us now working from home, a great many of us have had to attend virtual meetings. The most popular app to accomplish these meetings has been Zoom. While Zoom has been a blessing to help keep many businesses running, it has not been without its problems. A slew of internet pranksters have been able to gain access to live Zoom meetings. While some of the pranks have been harmless, others have seen explicit or violent imagery shared. There have even been instances of hate speech being spouted during some of these meetings. Considering that Zoom has also been used for virtual classrooms, the potential for abuse becomes even more disturbing.

    [youtube https://www.youtube.com/watch?v=JaecW3jEBZk%5D

    To compound problems for Zoom, over 500,000 Zoom account credentials are being put up for sale on the dark web and in hacker forums. Hackers won’t be using them for just internet pranks as the credentials contain user email addresses and passwords. If the passwords are one a user has for multiple other accounts then that user can have their accounts on multiple platforms hacked. This could not only lead to the user’s identity being stolen but could also lead to financial losses if the user’s security isn’t stable enough.

    Thankfully, Zoom already has security measures in place that users can enable to better secure their meetings and information. A list of those features can be found here but the main ones you should enable for every meeting are the ‘waiting room’ feature and the ‘lockdown’ feature. The former will allow you to screen participants in the meeting before you allow them to enter the meeting while the latter will allow you to eject unwelcome visitors. However, the best way to keep unwanted guests out of your meetings or classrooms is to not share the meeting information publicly.

     
  • Greg Collier 8:00 am on March 20, 2020 Permalink | Reply
    Tags: , cybersecurity, , e-skimming, ,   

    FBI warning about shopping scam 

    FBI warning about shopping scam

    With many of us staying home these days while practicing social distancing, a lot of us will be ordering items online so we can avoid the crowds at stores. As can be expected, scammers are trying to take advantage of this situation too. The most concerning part is that this particular scam can affect legitimate retail sites and gives no indication that your information is at risk. This is why the FBI is warning consumers to keep an eye on their billing statements to make sure there are no unwarranted charges on your statements.

    According to the FBI, in an attack known as e-skimming, cybercriminals are injecting code into the websites of retailers. This code then allows the scammers to copy the information on your credit or debit card. With the way e-skimming works, neither the retailer not the customer will know that they’ve been scammed until it’s too late. The scammers will then sell the card information online to the highest bidder. Unfortunately, there is no way to detect if the retail site you’re using has been infected by the e-skimming code.

    [youtube https://www.youtube.com/watch?v=jb5aML–Mik%5D

    While these types of attacks are usually caught by retailers within a few days there are steps you can take to protect your information. One of the ways is only using a credit card online as credit cards have better fraud protection than most debit cards. Your bank may also be able to provide you with temporary one-time card numbers that you can use once and won’t work when copied. If your bank does not provide this service there are legitimate online platforms that can provide this service.

    While the odds of e-skimming happening to you are small, they’re not zero. It’s better to have the protection and not need it than needing it and not having it.

     
  • Greg Collier 8:01 am on March 16, 2020 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Are new remote workers a security threat? 

    Are new remote workers a security threat?

    With the new coronavirus recommendations designed to try to prevent the virus from spreading any further, many companies are requiring their employees to work at home. For many, this will be the first time that they will be working remotely. All these new remote workers could also mean new security risks that their employers may not be prepared for.

    One of these threats is phishing attacks. We’ve discussed phishing attacks many times before and they’re nothing new for most companies. In short, hackers or scammers will send fake emails trying to get the recipient to click on a link or download an attachment. Usually, these links or attachments contain malware that can infect a corporation’s entire system. In the corporate world, these emails often look like legitimate emails from your employer. If you receive an email like this, hover your cursor over the link to make sure it goes someplace safe. If it has an attachment, verify the sender exists within your company and then verify with them that the attachment is legitimate.

    For example in the UK, an email was sent to all the employees of several healthcare organizations asking employees to click on a link so they could register for a coronavirus safety seminar. The link went to a website that appeared to be an Outlook Web App and when the user would enter their contact information that information would then be stolen.

    Another corporate phishing attack that has been on the rise is the impersonation scam. This when an employee receives an email from a company executive’s email address but wasn’t sent from the executive. Often this scam targets payroll or other financial employees. These emails will often ask for large sums of money to be wired or to change the bank account from where the money is normally held. If you receive one of these emails it never hurts to contact the executive directly by phone to verify the transaction being requested.

    While working at home can be distracting to some, take a moment to verify questionable emails. A few minutes out of your schedule is better than bring an entire company to a halt.

     
  • Greg Collier 8:00 am on March 13, 2020 Permalink | Reply
    Tags: , , cybersecurity, , ,   

    Phony coronavirus websites are on the rise 

    Phony coronavirus websites are on the rise

    Previously when we discussed coronavirus related phishing attacks, we mentioned that emails sent by scammers will try to disguise themselves as being from organizations like the CDC or WHO by using similar email addresses to the actual ones. For example, if the CDC were to send an email the address would be from cdc.gov. Scammers may try to use an address like CDC-gov.com. Not being satisfied with just posing as life-saving aid organizations, scammers are now registering coronavirus related domains in droves. These are the addresses that use to go to a website such as geebo.com.

    According to cybersecurity experts, scammers are registering domains such as coronavirusstatus[.]space, coronavirus[.]zone and survivecoronavirus[.]org just to name a few. A more comprehensive list can be found at this link. Scammers are registering these domain names either to use in phishing emails or to inject malware on your device. For the foreseeable future, if you get an email with a domain name that contains the word ‘coronavirus’ or other related terms, consider it to be harmful. Any links or attachments that these emails contain should not be clicked on as they could lead to malware which could potentially steal your personal or financial information. You could then unwittingly infect all devices connected to your network.

    [youtube https://www.youtube.com/watch?v=WPPaybzkHtw%5D

    And again, you should be on the lookout for other coronavirus scams as well. Like we’ve mentioned before, as of the time of this posting, there is no cure or vaccine for the coronavirus. Anyone promising you otherwise is trying to rip you off. Testing is limited in the US right now, anyone who is not a government agency or medical professional cannot test you for coronavirus and is either pushing snake oil or trying to steal your financial information.

    While the coronavirus, or covid-19 if you prefer, is a real danger and something we should be concerned about, don’t allow fear to get the better of you. In a crisis like this, panic helps no one. Look to your local media and state government about how the virus is affecting your area and heed those warnings. If we all work together, we can get through this.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel