Tagged: security Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on October 8, 2021 Permalink | Reply
    Tags: , , , , , , security, ,   

    Scam Round Up: Don’t let strangers use your phone and more 

    Scam Round Up: Don't let strangers use your phone and more

    By Greg Collier

    We’re closing out the week again with another trio of scams that have popped up around the country.

    ***

    Our first scam comes to us from Charlotte, North Carolina. Residents there have been complaining about a bold scam that takes advantage of your kindness. The scam involves people coming up to you asking to use your phone. The scammers will have some kind of story like hey’re car broke down and can they use your phone to call someone. Once they have your phone, they’ll open up whatever payment app you have on your phone and send all your money to the scammers account. In Charlotte, residents there have said that Venmo was specifically targeted, but this scam could be used on any payment app. The best way to prevent this from happening, outside of letting no one use your phone, is to enable the security features on your accounts. Usually, you can secure your accounts with a PIN or have them require your fingerprint or facial recognition.

    ***

    Speaking of North Carolina, the Better Business Bureau of Eastern North Carolina is warning consumers about phony lenders who are really looking to pull off an old scam. In this scam, the lender promise an easy loan, and will deposit a check in your bank account. The scammers will then demand you to buy loan insurance before the check even clears. However, the check never clears as it’s a fake, leaving the victim responsible for the check’s amount to their bank. These phony lenders usually promise you won’t have to undergo a credit check. This should be your red flag, as all legitimate lenders will have you undergo a credit check. Also, no one seeking a loan should respond to unsolicited offers they may receive through text or email.

    ***

    Lastly, the Better Business Bureau of Tulsa is warning their residents about a text messaging scam that threatens to lock their phone. Consumers there have been getting texts that appear to come from their cell phone providers telling them that their phone will be locked if they don’t make a payment. The text also contains a link that should never be clicked on. The link will either inject malware into your phone or it will ask you for your financial information. If you receive one of these texts or one like it, call the customer service number that appears on your bill or on the provider’s website.

    ***

    Please keep in mind that scams like this aren’t confined to the area where they are being reported on in the news. They could just as easily be happening in your area.

     
  • Geebo 8:00 am on October 1, 2020 Permalink | Reply
    Tags: , security, , Synthetic ID, Synthetic ID Theft, Synthetic Identity Theft   

    Identity theft trick could be undetectable for years 

    Identity theft trick could be undetectable for years

    Even if we’ve never experienced it personally, just about everyone is aware of identity theft. Over the years, victims of identity theft have found their lives thrown into turmoil over charges and expenses that they never applied before. However, since all the charges are in the victim’s name, it can take victims years before restoring their credit to a reasonable state it was in before the theft. Now, consumer advocacy groups are warning consumers about a different form of identity theft that could go unrecognized for potentially decades.

    The Better Business Bureau calls it Synthetic Identity Theft. It varies from usual forms of identity theft because it doesn’t steal the whole of your identity. In Synthetic Identity Theft, the thieves will only need your Social Security number. With just that, they can use a fake name, address, and date of birth to create a ‘synthetic’ person. That person won’t have any credit history at first so the thieves will initially be denied for any credit application. However, that will start a credit history for this synthetic ID and eventually, the thieves will be able to open some form of credit. Eventually, they’ll get a high enough line of credit where they’ll extend the credit to their limits before discarding the synthetic ID.

    Eventually, debt collectors will trace the original Social Security number back to its rightful owner and the nightmare of identity theft really begins. Young children are especially vulnerable to Synthetic Identity Theft as the thieves are looking for Social Security numbers that have no credit at all attached to them.

    Unfortunately, there’s not a lot consumers can do to protect themselves from Synthetic Identity Theft. Due to the way ID thieves use a hodge-podge of identity elements to create synthetic IDs normal precautions like credit freezes won’t work. The best way to protect yourself and your child is to keep your Social Security numbers closely guarded. You can also keep an eye out by monitoring your mail, phone calls, and email for strange communications that may be regarding your children.

     
  • Geebo 8:00 am on July 9, 2020 Permalink | Reply
    Tags: , , security, ,   

    Burglars don’t have to hack your camera to see if you’re home 

    Burglars don't have to hack your camera to see if you're home

    We’re pretty sure that we’ve all seen the stories of homeowners and families getting their home security cameras hacked. Usually, it was done by an internet prankster or troll who posed no real danger to the people in the home although some of the pranksters took the joke too far by scaring some of the families. The cameras are normally hacked when the residents use weak passwords for their wifi or the cameras themselves. Now some security experts say that crooks don’t even need to hack your camera to tell when you’re not home.

    According to security researchers from a British university, home security cameras that are connected to the internet send out different rates of data depending on the amount of movement being recorded. To keep down the price of the cameras, the data is unencrypted. However, a potential burglar could be able to tell when no one is home by the amount of data the camera is sending out. The higher the amount of data that’s sent out, the greater the likelihood is that someone is home.

    Thankfully, for right now anyway, this is all theoretical. There are no records of anyone using this exploit to rob a home. A thief would have to have intricate computing knowledge to be able to find the exploit. Not just anyone with a phone or a laptop can come up to your home and easily determine your camera’s data output, yet. The researchers are quick to add that there is potential for someone to make software to make the operation easier.

    This does show yet another flaw in smart devices connected to the internet known as the internet of things. IoT devices aren’t always as reliable as their manufacturers claim they are. If any device is connected to the internet, there is always a chance that it could be hijacked, hacked, or attacked.

     
  • Geebo 9:04 am on January 15, 2020 Permalink | Reply
    Tags: 401k, , , retirement fund, security   

    Are thieves targeting your 401k? 

    Are thieves targeting your 401k?

    We’ve discussed several different forms of bank fraud before. Whether it’s text message scams or phishing attacks to gain your account information, we’ve talked about the myriad of ways that scammers try to empty your bank account. Now, because of all the news that has gotten out about these scams thieves and cyber-crooks have started targeting a new source of income, retirement funds and 401ks. Is your retirement nest egg vulnerable to being cleaned out? Let’s take a look at how the thieves are targeting 401ks and what can be done about them.

    According to USA Today, since so many consumers and banks have become wary of the typical scams that are used to attack bank accounts the thieves have turned to attack 401ks. The reasoning behind this is because a lot of people don’t pay close attention to their 401k. In too many cases, consumers will either ignore or discard the statements they receive from their retirement fund broker. Then when they need to check their 401k balance they discover that their fund has been slowly drained. Unlike banks, retirement funds aren’t always willing to help you get your money back.

    While the target may be new, the attacks are roughly the same. The thieves use old standards like phishing attacks and weak passwords to gain access to your 401k. In order to prevent these attacks from happening it’s recommended that you review the mailed statements you receive from your fund manager for any suspicious behavior. It’s also recommended that you use a strong password to secure your account with a password that’s not used on any of your other online accounts. Lastly, never click on any links in emails that you receive purporting to be from your 401k manager as they can be used to steal your login information. Instead, always go directly to the 401k website and log in from there to check your account.

     
  • Geebo 9:00 am on January 9, 2020 Permalink | Reply
    Tags: , , , security,   

    Was Ring caught looking at customer cameras? 

    Was Ring caught looking at customer cameras?

    Amazon-owned Ring Cameras did not have the best 2019. If customer camera feeds weren’t being hacked then user information was allegedly being exposed in a data breach. Unfortunately for Ring, it doesn’t look like their 2020 is shaping up to be any better. In previous gaffes made by Ring, there was a kernel of truth in their claim that some of these privacy invasions could have been prevented by better user security. For example, by enabling two-factor authentication and not using the same password on all online accounts. But what happens when the security company is the one invading your privacy.

    Motherboard is reporting that Ring had to fire a number of employees who were caught accessing customer data that was not part of their jobs. In short, they were looking at customer video that they should not have been. While it can be expected for a company to monitor some of the user data for quality control purposes, it’s alleged that this was not the reason that certain employees were viewing customer videos. Considering that many Ring customers use the cameras inside their homes this can be especially off-putting knowing that Ring employees may be watching you at home.

    [youtube https://www.youtube.com/watch?v=CWg85eJDFu4%5D

    Depending on how this story gets picked up by the media, this could be a devastating blow to Ring’s reputation. How are consumers supposed to trust a company to help keep us safe when their employees are violating the privacy of the consumers? Granted, the number of people who were said to be doing this at Ring was low and they’ve all been relieved from their positions. But still, this seems to be yet another black eye for the security company that used to be the darling of families everywhere.

     
  • Geebo 9:00 am on December 24, 2019 Permalink | Reply
    Tags: , , , , , security   

    Ring denies massive data breach 

    Ring denies massive data breach

    Ring’s cameras have been in the news a lot lately. Sometimes it’s for good reasons like footage from a Ring camera led to the arrest or conviction of a criminal. However, most of the news seems to have been bad for Ring. Throughout 2019, there was a rash of news stories where hackers and internet pranksters would access someone’s Ring security camera to try to harass or scare a random family. Ring keeps claiming that these security breaches happen due to two-factor authentication not being enabled. But how can that explain close to 4,000 Ring account credentials being exposed on the web?

    [youtube https://www.youtube.com/watch?v=XxcYimzcTik%5D

    BuzzFeed News reported on the alleged breach after they were contacted by a security researcher who found the exposed credentials online. When Ring was asked about the breach, they claimed that there was no breach at all. A Ring spokesperson claims that the credentials were harvested from other data breaches outside of Ring and that Ring customers were just using the same passwords and logins as their Ring service. While that’s statistically improbable, it could be true. Except, BuzzFeed showed the customer credentials to more security experts who noted that the credentials contained Ring specific data such as camera names that customers use. Reportedly, this kind of information can’t be gleaned from outside of Ring’s network.

    If you are a Ring customer, we would recommend changing your login and password as soon as possible and to enact two-factor authentication. With 2FA enabled, it will make it more difficult for someone to access your home cameras. Also, if you’re using the same login and password for other online accounts as you do with your Ring setup, you change them immediately as well. And never use the same password across multiple online accounts. Once one of those accounts become compromised, then they all do.

     
  • Geebo 9:00 am on November 8, 2019 Permalink | Reply
    Tags: , , , , , security   

    Is your Ring doorbell at risk of attack? 

    Is your Ring doorbell at risk of attack?

    Ring Doorbells have become very popular over the past few years. Not only does it offer the convenience of knowing who’s at your door while you’re not home, but it also records any interaction that occurs at your front door. With the assistance of Ring Doorbells, all sorts of interlopers have been caught ranging from porch pirates to home intruders. They’ve become so popular and ubiquitous that police stations around the country are recommending residents install one and become part of a police network of cameras. So, it should come as no surprise that bad actors may want access to your camera.

    [youtube https://www.youtube.com/watch?v=Bf3wLc0giZI%5D

    Amazon, owners of Ring, recently announced that there was a vulnerability in Ring Doorbells that could have exposed your wifi password to attackers. During the authentication process, the communication between your doorbell and the was unencrypted leaving your wifi password open in plain text and potentially available to hackers. While any attack wouldn’t be able to control the camera itself, once your home wifi is vulnerable an attacker could compromise any number of systems especially if you have a number of smart home or internet of things (IoT) devices.

    Thankfully, Amazon patched this vulnerability before they made it public knowledge. That’s not even taking into account that any attack against the doorbell would have to happen at the precise moment of authentication and the attacker would need to be in range of your home wifi. The chances of a hacker being on your property at the time of authentication are very slim. However, this does show that no smart home or internet-enabled security device is foolproof. When purchasing such a device, do your research in finding out which ones are the most secure and which ones receive regular updates from the manufacturer. Otherwise, you could be as secure as leaving your front door unlocked.

     
  • Geebo 8:04 am on October 21, 2019 Permalink | Reply
    Tags: , , , , security, ,   

    Smart home camera hacked in baby’s room 

    Smart home camera hacked in baby's room

    A California CEO has written a column for The Mercury News where he relays the tale about how his smart home camera system was hacked. It is quite a rather harrowing tale as the digital vandals used the speaker on the camera in the baby’s room to harass the family’s nanny. The anonymous voice on the other end of the camera was using profanity and even threatened to come take the baby at one point. It wasn’t until all the cameras were disconnected did the harassment stop. The father later found out that this is a fairly common occurrence with internet-connected cameras, specifically the brand that he was using.

    The father then tried contacting the technical support arm of the corporation that manufactures the cameras and was on hold for over an hour. He also received emails that continued to push the idea of two-factor authentication to keep out would-be pranksters. The father was not satisfied with this response and has vowed not to use this brand of camera ever again. His outrage can be understood especially for parents with young children because you can never truly know who is watching your home while you’re unaware. A more sophisticated criminal could use such information gleaned from home cameras to tell when a home may be vulnerable to being robbed.

    [youtube https://www.youtube.com/watch?v=Tgfg4Dv2B2M%5D

    While the camera maker’s customer service may sound a little tone-deaf as far as the father’s mistrust is concerned, their advice about two-factor authentication is not wrong. 2FA, as it’s known, can go a long way in preventing these cameras from being hijacked. Also if you use the same password across multiple services you could be compromising your security greatly by making it easy for hackers to gain access to your devices. In this case, you may want to try some of the more reliable password managers out there. As we have said before, if you don’t take your internet security more seriously, it’s like having the most expensive lock that you just leave the key in.

     
  • Geebo 8:00 am on October 15, 2019 Permalink | Reply
    Tags: , , , security, , ,   

    SIM Swapping can cost you thousands if you’re not careful 

    SIM Swapping can cost you thousands if you're not careful

    Freelance British food writer Jack Monroe recently made news when she found out that someone stole the phone number to her smartphone. They were then able to transfer the number to another phone where they had access to some of her financial information and were able to steal £5,000 from her personal account. That amount equates to close to $6,300 in the U.S. This is a trick known as SIM_Swapping or SIM-Jacking named after the SIM cards in most smartphones that contain your calling information including your phone number. Unfortunately, there’s not a lot you can do to protect yourself against the attack.

    SIM Swapping works when the victim is targeted by someone with knowledge of how the attack works. First, they get your name, address, and date of birth, then they contact your cell phone carrier to try and convince them that they are you. If the attacker is successful, he can get the carrier to switch your number to their phone. The attacker can then receive all your calls, texts, emails and the like. That way they can receive the two-factor authentication texts that would allow them to access any of your sensitive online accounts including banking.

    [youtube https://www.youtube.com/watch?v=6occS3PyOss%5D

    While most victims of SIM Swapping don’t notice the attack until it’s too late, there are some steps you can take to try to protect yourself although nothing is a guarantee of preventing such an attack. You can instruct your cell phone carrier to require a PIN number if anyone calls to try and have any portion of your service changed. As with most PINs, don’t make it something obvious that an attacker can guess like your birthdate. You can also sign up for a Google Voice number which is much more secure and tougher to attack than a traditional cell phone number but work just like a traditional phone number and they are also free to get.

     
  • Geebo 8:00 am on October 9, 2019 Permalink | Reply
    Tags: , , , , security, ,   

    Twitter leaks phone numbers to advertisers 

    Twitter leaks phone numbers to advertisers

    We’ve mentioned two-factor authentication, or 2FA as it’s known, a few times lately. It’s the security protocol that has two or more layers of authentication that better secures your online accounts. The most common form of 2FA is through text messaging. For example, if you have 2FA enabled, when you sign in to an online account not only would you have to provide your password but you’d also have to provide a code that had been texted to you. While authentication sent through SMS texts isn’t the most secure form of 2FA it is better than nothing. However, thanks to so many platforms using SMS texting for 2FA it has led one platform to issue an apology recently.

    [youtube https://www.youtube.com/watch?v=07mRDyydCNY%5D

    Twitter recently announced phone numbers that users had registered with them for two-factor authentication were used for targeted advertising. The numbers were used to match users to marketing lists provided by advertisers. In some people’s eyes, that goes against everything that 2FA is supposed to stand for. One security expert even compared Twitter’s practice to that of trying to secure a tent against bears by using raw meat.

    Like we said, While SMS text messages are the most common form of 2FA, they’re not the most secure. There are alternatives that you can use that are more secure. There are hardware keys that act as authenticators that can be used on both computers and mobile devices. There are also software alternatives that are free, that create something along the lines of a temporary secondary password that can be used for the second layer of authentication. This way, you won’t have to worry about even more robocalls from advertisers and other bad actors from plaguing your phone.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel