Tagged: two factor authentication Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on July 28, 2021 Permalink | Reply
    Tags: , , , red light camera, , traffic tickets, , TSA PreCheck, two factor authentication   

    Scam Round Up: Red Lights, the TSA, and Google Voice 

    Scam Round Up: Red Lights, the TSA, and Google Voice

    By Greg Collier

    Every so often, we come across scams that may not warrant an entire blog post. So here are three scams that caught our attention this week that be briefly summed up.

    In Renton, Washington, scammers are sending emails to victims claiming that the victim ran a red light and was caught on one of the city’s red light cameras. The email contains a link where you’re supposed to pay your fine but, of course, goes to the scammer instead. What makes this scam effective is that many jurisdictions use a third party online platform to collect some traffic fines. However, you can tell that this is a scam since most, if not all, cities send their red light tickets through the postal mail and not by email. Most states don’t even have your email address connected to your license plate number.

    ***

    If you travel a lot for business or leisure, you may have thought of signing up for TSA PreCheck. This program allows low-risk individuals to pay for a service where they can have an expedited security check when flying. As with a lot of government services, scammers are trying to trick PreCheck seekers into giving up their personal info by creating phony websites that claim they can register you with PreCheck. Again, there is a simple solution to this scam, but not everyone is aware of it. Only websites that have a .gov address can register you for PreCheck. Some of these scam websites may even have a .us address. Anybody can purchase a .us domain name, and it is not under the authority of the US Government. You can apply for TSA PreCheck at the TSA website.

    ***

    Our last scam for today is one we’ve previously discussed and also affects Geebo’s industry. If you’re selling something online, whether it’s with Geebo or someone else, be wary if someone says they want to prove ‘you’re real’. An authorization code will be sent to you and the buyer will ask for that code number. Do not give it to them. They’re trying to set up a Google Voice number that would be tied to your phone number. This way, they could continue scamming people using the Google Voice number, but would be traced back to you. This recently happened to a woman from New Hampshire who was selling her items on Facebook Marketplace.

    ***

    Please keep in mind that even though these scams may not be happening in your area, that doesn’t mean that it soon won’t be.

     
  • Geebo 8:00 am on July 26, 2021 Permalink | Reply
    Tags: , , , , , two factor authentication   

    Bank scam targets gig economy workers 

    Bank scam targets gig economy workers

    By Greg Collier

    For better or worse, millions of people have turned to work in the gig economy either as their primary income or as a secondary source of revenue. The gig economy is where people work for non-traditional companies as independent contractors. For example, if you drive for Uber or Lyft, or deliver for Grubhub or DoorDash, you’re part of the gig economy. Working as an independent contractor for any one of these types of companies already comes with its own pitfalls. Many say that the companies are already taking advantage of their workers by removing protections that many traditional jobs have. If that wasn’t bad enough, scammers are now targeting gig workers’ bank accounts.

    A DoorDash driver from North Carolina was recently a victim of this scam, where he ended up losing $1,000. While making his rounds, he received a phone call from someone claiming to be from DoorDash. They told him to pull over somewhere safe and then said that the driver’s DoorDash account had been compromised. The scammers were even able to give him details from his own account. The scammers then instructed the man that they were going to send him an authorization code to save his account. All he had to do was tell them the code, which the driver did. When he went to get his payment from his DoorDash account, he discovered that the scammers had directed his payment away from his bank account and into theirs.

    Authorization codes are usually sent to customers of whatever service if they need to make a change to their account. This is part of what’s known as two-factor authentication. If someone is claiming to be a representative of that company, they won’t need an authorization code to make changes or protect your account, as they already have your information. This affects everyone too, not just gig workers, as many of the services we rely on every day require authorization codes to access them.

     
  • Geebo 9:01 am on February 8, 2021 Permalink | Reply
    Tags: , , , two factor authentication,   

    Payment app scam preys on your kindness 

    Payment app scam preys on your kindness

    Most of us have some form of banking or payment app on our phones. Whether they’re through our local bank or one of the many mobile payment services available, a lot of us make payments or transactions through these platforms. But how many of us really have these apps secured on our devices? You may have your phone locked using a PIN or fingerprint check, but what if someone was able to bypass your phone lock?

    A woman in Charlotte, North Carolina recently found out the hard way what happens if you don’t secure your apps. She was working at home when a man knocked on her door and asked if he could use her phone. He claimed he had locked his possessions in his car and needed to text a relative. Being a kind person, she allowed the man to use her phone to get help. After using the phone, the man handed the phone back to the woman. That’s when she noticed the emails from Venmo. In that short amount of time, the man is said to have sent close to $1000 to himself through Venmo. The problem with many of these apps like Venmo is that once payment goes through, the victim of a scam can be blocked by the scammer making retrieval of your money almost impossible.

    If you’re the type of person who tends to be a good Samaritan you should be commended for being willing to help others that you may not even know. There is still a way for you to lend someone your phone without exposing your financial apps. Most financial apps have some form of two-factor authentication available to you. A PIN or biometric scan like a fingerprint or face unlock can be enabled. This means that even if your phone is unlocked for someone to use, your financial apps will still be secure. If they don’t offer this service, you may want to consider using an app that does. While you may think that enacting these measures may make it more inconvenient for you, in a short time you’ll hardly even notice the small amount of extra time it takes you.

     
  • Geebo 8:00 am on October 21, 2020 Permalink | Reply
    Tags: , , , , , two factor authentication,   

    A Cash App scam that could happen on the street 

    A Cash App scam that could happen on the street

    Most scams that happen on payment apps like Cash App happen online. However, we just came across one that happens on the street.

    The report we found about this scam comes out of Nashville, Tennessee but could happen in any city. In Nashville, the city is known for its music scene so there are a number of street musicians looking to get their name out there. There are also a number of scammers looking to take advantage of those interested in the music scene.

    The scammers will pose as a street musician and will approach a victim. The scammer will ask for the victim’s phone so they can pull up their music video on YouTube. Instead, the scammer accesses one of the victim’s payment apps like Cash App, Venmo, or PayPal and sends the victim’s money to themselves before fleeing the scene.

    While this particular approach may be exclusive to Nashville or any other city with a vibrant music scene, this scam could happen anywhere. You could be approached by someone asking to use your phone for an emergency where instead of calling someone they could be draining one of your payment app accounts.

    There are several ways to protect yourself against a scam like this. First off, it’s generally a good idea to never hand your phone over to someone you don’t know. Secondly, most of the leading payment apps have security features that prevent other people from accessing your account on your phone. Known as two-factor authentication, you can have a PIN set up to open the payment app or you could use your phone’s fingerprint reader to access your account. When these features are enabled, it goes a long way in preventing others from accessing your accounts on your phone.

     
  • Geebo 8:04 am on October 21, 2019 Permalink | Reply
    Tags: , , , , , , two factor authentication   

    Smart home camera hacked in baby’s room 

    Smart home camera hacked in baby's room

    A California CEO has written a column for The Mercury News where he relays the tale about how his smart home camera system was hacked. It is quite a rather harrowing tale as the digital vandals used the speaker on the camera in the baby’s room to harass the family’s nanny. The anonymous voice on the other end of the camera was using profanity and even threatened to come take the baby at one point. It wasn’t until all the cameras were disconnected did the harassment stop. The father later found out that this is a fairly common occurrence with internet-connected cameras, specifically the brand that he was using.

    The father then tried contacting the technical support arm of the corporation that manufactures the cameras and was on hold for over an hour. He also received emails that continued to push the idea of two-factor authentication to keep out would-be pranksters. The father was not satisfied with this response and has vowed not to use this brand of camera ever again. His outrage can be understood especially for parents with young children because you can never truly know who is watching your home while you’re unaware. A more sophisticated criminal could use such information gleaned from home cameras to tell when a home may be vulnerable to being robbed.

    While the camera maker’s customer service may sound a little tone-deaf as far as the father’s mistrust is concerned, their advice about two-factor authentication is not wrong. 2FA, as it’s known, can go a long way in preventing these cameras from being hijacked. Also if you use the same password across multiple services you could be compromising your security greatly by making it easy for hackers to gain access to your devices. In this case, you may want to try some of the more reliable password managers out there. As we have said before, if you don’t take your internet security more seriously, it’s like having the most expensive lock that you just leave the key in.

     
  • Geebo 8:00 am on October 9, 2019 Permalink | Reply
    Tags: , , , , , , two factor authentication   

    Twitter leaks phone numbers to advertisers 

    Twitter leaks phone numbers to advertisers

    We’ve mentioned two-factor authentication, or 2FA as it’s known, a few times lately. It’s the security protocol that has two or more layers of authentication that better secures your online accounts. The most common form of 2FA is through text messaging. For example, if you have 2FA enabled, when you sign in to an online account not only would you have to provide your password but you’d also have to provide a code that had been texted to you. While authentication sent through SMS texts isn’t the most secure form of 2FA it is better than nothing. However, thanks to so many platforms using SMS texting for 2FA it has led one platform to issue an apology recently.

    Twitter recently announced phone numbers that users had registered with them for two-factor authentication were used for targeted advertising. The numbers were used to match users to marketing lists provided by advertisers. In some people’s eyes, that goes against everything that 2FA is supposed to stand for. One security expert even compared Twitter’s practice to that of trying to secure a tent against bears by using raw meat.

    Like we said, While SMS text messages are the most common form of 2FA, they’re not the most secure. There are alternatives that you can use that are more secure. There are hardware keys that act as authenticators that can be used on both computers and mobile devices. There are also software alternatives that are free, that create something along the lines of a temporary secondary password that can be used for the second layer of authentication. This way, you won’t have to worry about even more robocalls from advertisers and other bad actors from plaguing your phone.

     
  • Geebo 8:00 am on September 26, 2019 Permalink | Reply
    Tags: , , , , , , two factor authentication   

    When a smart home isn’t so smart 

    When a smart home isn't so smart

    Many people think that they are better securing their home by installing smart devices. These devices can range from anything from cameras to door locks and anything in between. These classes of smart devices are known as the internet of things or IoT for short. That means that these devices are connected to the internet so the user can control them from just about anywhere. The major drawback to IoT devices is that they can also be controlled by bad actors if the user isn’t careful.

    A couple in Milwaukee found that the hard way this week when someone was able to take control of some of their smart devices. The couple had a nest camera and thermostat installed. When one of them came home they found that the thermostat was set at 90 degrees. After that, someone started verbally harassing them through the speaker on their security camera. Even after the couple changed all their passwords the abuse continued until the devices were disconnected. The couple lays the blame at Nest, which is owned by Google, but the fault may lie elsewhere.

    It’s not hard to hack into IoT devices if the users are using the same password or weak passwords to secure their network and devices. Also, as we discussed with the recent YouTube hack, two-factor authentication (2FA) should also be enabled on these devices. While 2FA has its own flaws, it’s more secure than using an easily guessed password. These devices are designed to help protect your home, but if you’re not using 2FA it’s like having the most expensive lock that you just leave the key in.

     
  • Geebo 8:00 am on September 24, 2019 Permalink | Reply
    Tags: , , , two factor authentication,   

    What you can learn from the massive YouTube hack 

    What you can learn from the massive YouTube hack

    Recently, a large number of YouTube channels with substantial subscriber counts had been hijacked by hackers. This way the hackers can sell the accounts to bad actors who can then potentially claim a channel with a large built-in subscriber base. It’s not easy to cultivate a successful YouTube channel. Some creators have spent years carefully growing their audience in a highly competitive market. To possibly see it all disappear in an instant could be a devastating blow to any moderately successful channel.

    The plot against some of YouTube’s creators was a coordinated phishing attack. Authentic looking emails were sent to creators asking them to log into their accounts. Like most phishing attacks, the creators were then directed to phony login pages where the hackers could steal their login credentials. The hackers could then assign the channels to new owners, locking the creators out of their channels. What’s particularly troubling about this attack is that it allegedly bypassed what’s known as two-factor authentication. 2FA, as it’s known, is the process of requiring a user to securely log in to their accounts using a two-step process that usually involves signing in with their log-in credentials then verifying their access request by replying to a text message. it’s believed that the hackers were able to intercept the 2FA messages.

    If you’re not using 2FA, you should be. While it’s not unhackable it does go a long way in stopping someone from accessing your sensitive accounts. While SMS text messages are the most common form of 2FA, they’re not the most secure, however, there are alternatives. One way of protecting yourself is by purchasing a hardware key that works on both your computer or phone that you have to have in your possession to access your accounts. There are also software approaches to 2FA like Google Authenticator or Microsoft Authenticator, both of which are free.

    Some of these YouTube creators may have lost their life’s work. With a more secure 2FA option you may not have to worry about losing anything important that you access online.

     
  • Geebo 10:00 am on June 28, 2016 Permalink | Reply
    Tags: , two factor authentication   

    Are your online accounts secure enough? 

    Are your online accounts secure enough?

    What are your most important online accounts? Probably your bank, your email and your social network of choice in that order. Now you may have those accounts protected with a strong password, but is that enough? You may have a password that contains alphanumeric characters both upper and lowercase among non-alphanumeric characters and that is 12 characters long. That’s all well and good but it’s not perfect. Having your accounts protected by a strong password is only one layer of protection but it is also one level of failure.

    Most online services today offer a feature that’s known as two factor authentication. When you activate two factor authentication your username and password is only one step to logging into your account. The second part to the authentication, in most cases, is that the service you’re trying to access sends you a personal one-time code, usually through a text message. That means that if you activate two factor authentication, if someone were to ascertain your username and password they still wouldn’t be able to access your account without having your cell phone.

    While two factor authentication isn’t perfect it can go a long way in keeping your online life secure.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel