Watch Out for These Scams as the Country Moves Toward Reopening

Woman in Mask Using Laptop.

As the coronavirus continues spreading across the country in waves and peaks, every state is making bold moves toward reopening under a strange new set of circumstances dubbed the “New Normal.” Face coverings are de rigueur. Floor markings have been slapped down exactly 6 feet apart near checkout counters in retail stores. Shoppers are weary, cautious and careful. And, as the country moves forward and adapts to the new realities, scammers aren’t far behind.

Watch out for these trending scams as the country reopens:

Account Takeovers

Even as retailers work toward reopening, shorter hours and percentage-capacity rules mean many consumers are still shopping remotely. Retailers are also busier than ever now as they comply with new rules and work to meet customers’ changing demands. This leads to an increase in online retail scams, like account takeovers, in which scammers hack a company’s database and break into a customer’s account. Using the customer’s remembered payment information, the scammer goes on to place large orders to their own address — all on the client’s dime.

Protect yourself:

Account takeovers are most commonly pulled off on dormant accounts. The scammer assumes these accountholders won’t notice this activity, but you can outsmart them by checking your retail accounts for sudden orders or deleting the remembered information from accounts you rarely use.

Business owners can spot these scams by looking out for sudden large orders from customers who haven’t purchased anything in months, or even years.

Job Scams

“Help Wanted” signs and ads are a welcome sight for the more than 40 million workers who have filed for unemployment since the pandemic hit American shores. Unfortunately, though, the flood of unemployed people looking for work has led to a rise in job scams. The FBI is warning against a surge in scams where cybercriminals pose as employers by spoofing websites and posting bogus job openings on online job boards. They may even go as far as conducting interviews with applicants. The scammers ask for personal information, and sometimes demand payment, before the “application” can be processed. Of course, there is no job waiting for the applicant, their information is now in danger of being abused and they’ll never see that money again.

In a variation of this scam, “employees” are given work to do remotely, and then paid with an inflated paycheck. They’re told they had been overpaid and instructed to cash the check and reimburse the employer for the surplus funds via money order or prepaid debit card. The check will appear to clear, but in a few days, it will bounce and the victim will never be able to reclaim the lost funds.

Protect yourself:

Beware of outrageous job claims that promise big money for little work; they’re likely bogus. As always, never share sensitive information online with an unverified source. Don’t accept a job that overpays and asks you to refund the extra money; it’s likely a scam. Finally, before agreeing to an interview, research an alleged employer and company on the BBB website.

The Contact Tracer Scam

Many states have hired armies of contact tracers to track the movements of individuals who may have been exposed to COVID-19. The FTC is warning of a new ruse in which scammers impersonate a contact tracer and reach out to people via phone call or text message. They’ll ask for the victim’s personal information, including their Social Security number, claiming they need this information for their work as a contact tracer. Of course, they’ll use this information to pull off identity theft or hack the victim’s accounts. The scammer will sometimes ask the victim to click on an embedded link, which will grant them access to the victim’s phone.

Protect yourself:

Contact tracers will always identify themselves and the department where they work. If a contact tracer reaches out to you, you can easily determine their authenticity by researching this information. The tracer will also have a basic understanding of COVID-19 and how it spreads. Most importantly, they have no need for your Social Security number nor will they ask you to share it.

As the country moves into a new period of healing and recovery, scammers are doing all they can to continue disrupting daily life. Stay aware and stay safe!

Your Turn: Have you been targeted by a reopening scam? Tell us about it in the comments.

Sources:
https://www.news5cleveland.com/news/continuing-coverage/coronavirus/scammers-aim-to-target-small-businesses-during-reopening-efforts

https://www.idtheftcenter.org/consumers-should-watch-out-for-covid-19-reopening-job-scams/

https://camdencountypros.org/paying-attention-to-potential-scams-as-new-jersey-moves-toward-reopening

https://www.consumer.ftc.gov/blog/2020/05/covid-19-contact-tracing-text-message-scams

Beware Of Banking Scams

Scammers never take a break. They’re always dreaming up ways to con you out of yourImage of man using computer money. Recently, there’s been a significant uptick in scams involving checking accounts at many financial institutions.

In these scams, criminals will utilize social media to connect with the victim.

They usually pose as representatives of a bank or credit union and milk the victim for sensitive information, like account numbers and passwords. Since the scammers are using the credit union’s social media accounts, the victims often won’t hesitate to share this information. When the scammers have what they need, they will proceed to empty the victim’s accounts and then disappear.

Often, when the scammers receive a response from the victim on social media, they will redirect the victim to what appears to be the financial institution’s website. The victim, thinking they are on the site they frequently use, will quickly input their username and ID, which the scammers will then use to empty their accounts or open credit cards in the victim’s name.

Sometimes, the scammers will impersonate helpful member representatives who are seemingly looking to answer your questions. You’re used to our representatives being helpful and always on call to assist you, so you won’t see anything strange with the scenario.

Other times, the scammer may claim your account has been compromised and you need to immediately update your information. They’ll be oh-so-helpful with this step. Until you share your information with them, that is.

Still other times, scammers will pose as representatives of a sweepstakes or some other contest that you’ve “won.” All you need to do is share your account information and your passwords to be made into an instant millionaire! Except that, of course, you won’t.

Don’t be the next victim! Be aware and be alert. Here’s what you need to know about this scam:

1.) Check URLs

Scammers are becoming increasingly more suave at posing as companies their victims are familiar with. You can check a site’s authenticity by double-checking the URL on the web address. Make sure it matches Destinations Credit Union’s site exactly. You can also check a site’s security by looking for the “S” after the “http” on the web address.

2.) Be suspicious

Awareness can be your best protection. It’s easy for a scammer to pose as a member representative on social media, but if you’re on guard, you’ll spot these fakers. Is a representative claiming there are problems with your account when everything seems to be in order? Are they asking you to share sensitive information through insecure channels? Is someone promising you’ve won a contest you’ve never entered? If things don’t add up, it’s best to opt out.

3.) Reach out to your credit union

It may be difficult to determine whether the people you’re talking to are the real thing. If you think you’re dealing with Destinations Credit Union but things suddenly start looking fishy, there’s a simple solution. Hang up or log out of whatever medium you’re engaged in and call Destinations Credit Union yourself. You can always reach out to us at 410-663-2500. This way, you’ll know you’ve really reached us and you’re not being scammed. Be sure to call this number and never use another number suggested by a suspicious-acting “member representative.”

4.) In case of fraud, take action

If you suspect you’ve been taken for a ride, let us know as soon as possible. The sooner you catch a scam, the better off you’ll be. We’ll also be able to alert our other members and work on catching the crooks who’ve conned you.

It’s also a good idea to let the Federal Trade Commission (FTC) know about the scam. The more information you share, the easier it will be for the feds to nail those scumbags. Contact the FTC at FTC.gov.

5.) Protect yourself

It’s a good idea to practice basic safety and protective measures with your accounts.

Here’s how:

  1. Safeguard account details: Never share account information without being certain about who you are talking to.
  2. Use good password hygiene: Use complex passwords and change them often. Be sure to use different passwords for each of your accounts.
  3. Choose extra protection: Opt in for two-factor identification when logging into your accounts. That’s an extra level of protection for you and another hurdle for scammers to scale.
  4. Set up alerts: Choose to receive an email or a text message when transactions on your account exceed your typical level of spending.
  5. Monitor your accounts: It’s a good idea to check your accounts on a regular basis, and with our mobile app, this is now easier than ever. In most cases, you will be responsible for fraudulent charges on your account if you report them more than 60 days after your monthly statement is delivered.

SOURCES:
https://www.google.com/amp/amp.timeinc.net/fortune/2016/11/11/social-media-cyber-scam 

https://money.usnews.com/money/blogs/my-money/2015/01/23/5-scams-that-target-your-bank-account 
https://www.cnbc.com/2017/05/12/this-growing-fraud-will-drain-your-bank-account.html 
https://www.infosecurity-magazine.com/news/social-media-phishing-attacks-soar/ 
https://www.advantiscu.org/fraud-prevention/beware-of-phishing-scams-in-social-media.html

The Story Behind the Sonic Breach

It’s been a rough go of things when it comes to the security of debit and credit card as sonicwell as personal information. The massive Equifax breach has already left many Americans feeling unprotected and insecure while Yahoo experienced yet another breach soon afterward. To top it all off, the popular burger chain Sonic Drive-in announced in late September that its payment portals had been compromised.

Experts estimate that information for millions of cards was hacked from the nearly 3,600 Sonic locations across 45 states. The card numbers and details are now up for sale on the darknet.

Here’s what you need to know about the latest in a long line of nationwide security breaches:

What happened?

The breach became a reality when Sonic’s card processing company reported “unusual activity” on a large number of cards that had been recently used at Sonic. Further investigation uncovered a tremendous data breach with the potential to affect millions of consumers.

Sonic utilizes a single point-of-sale system that is deployed at the majority of its locations. Using sophisticated malware, hackers were able to access the system. The malware copied the information on every card that was swiped in the payment terminal, and then sent it back to the hackers.

The hackers then put this information up for sale online, where buyers can use the card details to rack up huge bills, empty accounts or even steal victims’ identities.

While Sonic was quick to share this basic information with the public, it can be months before more details are known and shared with concerned customers.

This breach is similar to the one that hit Wendy’s last year, lasting nine months and affecting 300 restaurants. It took that long to determine the issue and resolve it because many of Wendy’s locations are franchises. Approximately 90% of Sonic’s joints are franchises as well, thus adding to the delay.

Who was affected?

Anyone who’s used a debit or credit card at any of Sonic’s locations during the last year may have been a victim in the breach. It is still unclear exactly how many customers were affected by the breach, though it is estimated that there may be as many as five million victims in this malware attack.

While most cards with compromised info were linked to activity at one of Sonic’s locations, it is possible that other companies’ security systems were also breached.

How did Sonic react to the attack?

Sonic has announced that it will offer all customers 24 months of complimentary fraud protection through Experian’s IdentityWorks program.

Sonic was also quick to hire third-party forensic experts to help investigate the attack and identify the hackers. They have also promised to research ways for improving their current system to better protect customers in the future.

How can you protect yourself from this and all future data breaches?

1.)   Find out if you were affected: If you’re a regular, or even an occasional, Sonic customer, find out if you were affected by the breach. Review your recent account information on all your cards. If you spot suspicious activity, alert your card issuer and place a freeze on your account. You can also place a fraud alert with the credit bureaus. This will warn creditors that you’ve recently been targeted in a hack, alerting them to verify that anyone seeking credit in your name is actually you. Lastly, accept Sonic’s offer of two years of free fraud protection.

2.)   Use fraud protection: Even if you haven’t been affected by this breach, it’s a good idea to sign up for fraud protection. These services don’t usually come free, although, in light of its recent data breach, Equifax is now offering a full year of protection with their TrustedID program, free of charge. Fraud protection services will ease the stress of monitoring your credit for fraudulent activity and unusual behavior.

3.)   Monitor your accounts: It’s always wise to keep a sharp eye on your money – and that means more than just checking that your wallet is safe. Review all checking account activity several times a week to determine whether your account information or debit card has been hacked or stolen. Also, never throw away a credit card statement without carefully reviewing it to be sure every transaction belongs to you. Additionally, it’s wise to shred such paperwork rather than throwing it in the trash. Finally, request a credit report from the three major credit reporting agencies once a year to see if anyone is using your name to rack up a huge bill or take out a generous loan.

4.)   Set up alerts: You can receive notice about suspicious activity almost as soon as they happen by signing up for alerts. Place a maximum transaction amount on your credit and debit card so a thief won’t get away with a huge purchase. You can also limit your transactions to a specific area or region of the country so long-distance hacking won’t work.

Your Turn: How do you protect yourself from data breaches? Share your best tips with us in the comments!

SOURCES:
https://thepointsguy.com/2017/09/credit-card-security-breach-sonic/ 

https://www.google.com/amp/s/amp.usatoday.com/story/708850001/  https://www.google.com/amp/s/www.cnbc.com/amp/2017/10/04/sonic-shares-dip-on-news-of-payment-breach.html 
https://www.google.com/amp/s/amp.businessinsider.com/report-sonic-security-breach-could-affect-millions-2017-9

Equifax Breach: What Happened And How Can You Protect Yourself?

On September 8, 2017, Equifax, one of the major credit reporting agencies, announced a 8480c-hackerbreach from mid-May through July 2017.  During this period, hackers accessed people’s names, social security numbers, birth dates, addresses, drivers license numbers, and credit card numbers.

Equifax has set up a Web site — https://www.equifaxsecurity2017.com — that anyone concerned can visit to see if they may be impacted by the breach. The site also lets consumers enroll in TrustedID Premier, a 3-bureau credit monitoring service (Equifax, Experian and Trans Union) which also is operated by Equifax.

According to Equifax, when you begin, you will be asked to provide your last name and the last six digits of your Social Security number. Based on that information, you will receive a message indicating whether your personal information may have been impacted by this incident. Regardless of whether your information may have been impacted, the company says it will provide everyone the option to enroll in TrustedID Premier. The offer ends Nov. 21, 2017.

In addition, you should closely monitor your accounts with financial institutions.  At Destinations, you can set up a “code” word that you will be asked whenever you call in to perform a transaction.  To do that, log into your Online Banking and go to “Info Center” –> “Personal Information” and click the Edit button.  This will allow you to add a code word.  As an additional security measure, you will receive a message in the e-mail you have on record with Destinations to notify you that personal information has been changed.

As always, you should get your free credit reports from all three credit bureaus at least annually.  You can get them all at once or request each at different times of the year.  To get your free credit reports, go to annualcreditreport.com to get yours.

How To Spot A Credit Repair Scam

Repairing your credit can be an uphill battle. You’re looking at months of hard work, headache billsnegotiating with creditors, reworking your budget and identifying the factors that are making your credit score lag. In short, it’s a hassle and it takes lots of time.

Those two aspects are what makes credit repair scams so successful. They know you’re looking for a quick way out, and they’re offering it to you on a silver platter. Unfortunately, when they’re done with you, not only will your credit score be just as low as when you started, but you’ll also be out hundreds or thousands of dollars, and may even be facing criminal charges.

There are legitimate credit repair companies, but without educating yourself, finding them instead of the scammers who only want your money can be tricky.

Here are the most common warning signs of a credit repair scam:

1.) Demands upfront payment

Know your rights. Under the federal Credit Repair Organizations Act, credit repair companies are forbidden to request or receive payment until they’ve completed the services they’ve promised. If a company is demanding upfront payment, it’s surely a scam.

2.) Makes big promises

To lure you into their trap, many scammers make wild promises about your credit score. They may assure you that they can remove negative information from your credit report, even if that information is accurate and current. Don’t believe them; no one can do this.

They might also promise to boost your score a huge amount in just a few weeks or less. This, too, is absolute hogwash. You will never see an improvement on your score until at least 30 days has passed since you’ve taken action.

3.) Promises to help you create a “new credit identity”

This red flag should alert you to one of the most devastating credit repair scams possible. In these scams, companies promise to create a new credit identity for you in exchange for a fee. After you cough up the money, the company will provide you with a nine-digit number that’s similar to a Social Security Number. They may refer to this number as a CPN – a credit profile number or a credit privacy number. Alternatively, they may direct you to apply for an EIN – an Employer Identification Number – from the IRS.

Once you have your new number, the company will instruct you to use this form of ID to apply for credit. They assure you that the process is legal. In reality, though, it’s not – and you’ve just been scammed.

These companies are actually selling you a stolen SSN, often one belonging to a child. They walk away with the money you paid them, while you are stuck in a far deeper hole than when you first contacted them. It is a federal crime to misrepresent your Social Security number, to obtain an EIN from the IRS under false pretenses and to lie on a credit application.

Falling for a credit identity scam could mean facing fines or prison time. If you come across a credit repair company offering you a new identity, run the other way and don’t look back (and report them to the authorities)!

4.) Tells you not to contact the credit reporting agencies

Every U.S. citizen has the right to a complimentary report from the three major credit reporting agencies every year. If a company advises you not to contact these agencies directly, they will probably charge you for obtaining the report on their own. In other words, you will be paying for a free service.

5.) Tells you to dispute accurate information on your credit report

Disputing accurate information on your credit report is dishonest and illegal.

6.) Is evasive about your legal rights and their services

The Credit Repair Organization Act made it illegal for credit repair companies to lie about your legal rights and about their services. This law is enforced by the Federal Trade Commission (FTC). To comply with this law, credit repair companies are required to explain:

  • Your legal rights and clear details in a written contract of the services they’ll perform
  • Your three-day right to cancel the contract without charge
  • The anticipated amount of time it will take until results are evident
  • The total cost you will need to pay for their services
  • Their guarantee

If you’ve already hired a credit repair company and they haven’t lived up to their promise, you still have options.

You can choose to sue the company for your losses in federal court or seek punitive damages – money to punish the company for violating the law. You can also find other victims so you can band together and file a class action lawsuit against the company.

To protect others from falling prey to the same scam, it’s best to report it to your local consumer affairs office or to your state Attorney General.

It’s also advisable to file a complaint with the Federal Trade Commission. The FTC cannot resolve individual credit disputes, but it can take action against a company for multiple law violations. You can file your complaint online at ftc.gov/complaint or call 1-877-FTC-HELP.

Finally, if you’re in financial trouble of any kind, we can help! Stop by today to ask about our free credit counseling services and assistance with creating and sticking to a budget. [We even offer debt consolidation loans, providing you with the opportunity to transfer your debt to one low-interest loan, making the prospect of paying down your debt a lot more manageable.]

Your Turn: Have you been targeted by a credit repair scam? How did you spot the scam? Share your experience with us in the comments!

SOURCES:
https://www.consumerfinance.gov/ask-cfpb/how-can-i-tell-a-credit-repair-scam-from-a-reputable-credit-counselor-en-1343/
https://www.consumer.ftc.gov/articles/0225-credit-repair-scams
https://www.thesimpledollar.com/dont-fall-for-these-credit-repair-scams/
https://www.lexingtonlaw.com/blog/credit-repair/is-credit-repair-a-scam.html 

Beware Of Phishing Scams!

Scammers never take a break! Just when you think they’ve run out of steam, another *scam surfaces in which fraudsters try to quietly take both your money and information.

The Federal Trade Commission (FTC) has warned of a recent upsurge in phishing scams involving credit unions. With just a bit of online digging, scammers lure victims into forking over thousands of dollars or divulging confidential information.

Like all phishing scams, the scammer contacts the victim, posing as a legitimate business or service provider that the victim is familiar with. In this case, the scammers claim to be a representative of your credit union.

The fraudsters use social engineering to trap their victims. This means they take advantage of social norms to inspire trust and manipulate people into clicking on their links or answering their emails. It’s almost impulsive for people to download attachments that look like they’re from friends or a familiar business.

The scammers most commonly reach out via email, but they may also use mediums like phone calls, text messages or social media sites. They convince the victims of their legitimacy by providing some personal details about the victim – which they easily pull off the internet.

Victims are lured into providing information with the promise of compensation for a survey or by claiming the victim needs to verify or update an account. Once the scammer has the information, they can empty the victim’s accounts, track their online activity and/or steal their identity.

Alternately, the scammer may lead a victim to click on links that are embedded with spyware. The links lead to a website that may look just like the credit union’s site, but is actually bogus. In such instances, the victim is probably certain they’re browsing their credit union’s website, and won’t hesitate to share information or input usernames and passwords.

The biggest clue that these transactions are scams is their means of communication. Your credit union will never ask for sensitive information through insecure channels. We also won’t ask you to verify your account number – we already have that information!

Despite this red flag, hundreds of people are falling prey to phishing scams. Don’t be the next victim! Here are four tips to help you protect yourself from phishing scams:

1.) Ignore suspicious emails

When online, be on guard. If you receive an email from an unidentifiable source, ignore it. Don’t reply to the email, click on any embedded links or open attachments. If you suspect an email is from a scammer, delete it and add the domain and email address to your spam filter to prevent a recurrence.

Similarly, never “friend” or otherwise accept communications from a stranger via social media. Facebook and Snapchat are for real buddies only!

As a general rule, it’s best not to share any personal information over the internet. If you do need to provide financial information over the web for completing a transaction, only use a secured site. You can verify a site’s security by looking for a lock icon on the browser’s status bar or by finding a URL that begins with “https.” The “s” signifies that this is a secure site. Remember, though, that these indicators are not foolproof in any way. Even a secure site can be hacked.

2.) Alert Destinations Credit Union

The best way to stop scammers in their tracks is to report every attempt they make. If you have reason to believe you’ve been contacted by a scammer impersonating [credit union], let us know! Send us an email with all the details of the scam attempt so we can catch those crooks. It’s best to forward the exact email you received. If you’ve already deleted the email, report the date, time of day and all other details you can recall. The more we have to work with, the easier our hunt will be.

3.) Report all suspicious activity

While we will do all we can to stop these phishing scams, we can use all the help we can get. That’s why it’s important to file your complaint at www.ftc.gov. You can also visit the FTC’s Identity Theft website at www.consumer.gov/idtheft to learn how to minimize the fallout of a possible identity theft.

4.) Strengthen your computer’s protection

It’s always a good idea to beef up your computer’s border control. Equipping yourself with sufficient antivirus software will protect it from accepting these emails in the first place. If your software doesn’t update automatically, be sure to update it manually on a frequent basis so it will recognize and reject the most current viruses and scams.

A strong firewall will prevent scams and viruses by making you invisible on the internet and blocking all communication from foreign, unauthorized sources. It’s especially prudent to run a firewall if you use a broadband connection.

If you’re a genuine social media junkie, be sure to make your settings as private as possible. Don’t lay out your life for just anyone to see. Having another few hundred “friends” or “likes” is not worth the risk of a stolen identity!

Finally, as mentioned above, all suspicious email addresses should be added to your email’s blacklist as quickly as possible. Remember: Your spam filter is only as strong as you allow it to be.

With precaution, alertness and the proper steps toward prevention, you can keep yourself safe from phishing scams!

Your Turn: Have you ever reported suspicious emails or other messages? What made you flag it as a scam? Share your experience with us in the comments!

SOURCES:
https://www.navyfederal.org/security/phishing-scams.php 

https://www.mycreditunion.gov/protect/fraud/pages/default.aspx 
https://insightcreditunion.com/tools/fraud_prevention/how_not_to_get_hooked_by_a_phishing_scam.aspx 
https://www.mccoyfcu.org/security-center/fraud-and-scams.html 

All You Need to Know About Ransomware

This past year has seen some of the worst cyberattacks in history. From the WannaCryransomware attack in May to the Petya attack in June, thousands of people have lost thousands of dollars and valuable data to criminals using ransomware.

Ransomware has been tagged as an “epidemic” by major security companies. Like a virus that keeps evolving, new strains of ransomware are constantly emerging, many of them using new and original techniques that haven’t been tried before.

You probably already know the intended goal of ransomware is to kidnap a victim’s data and demand payment for safe return. Educating yourself about the workings of ransomware will help you remain alert, aware, and keep your money and data safe.

Here’s all you need to know about ransomware:

What is ransomware?

Ransomware is a subset of malware. However, instead of trying to steal user credentials and interrupt key processes like most forms of malware, it tries isolating a victim’s data and then demanding payment for the data’s release.

Ransomware is often embedded inside harmless-looking software and applications. It activates as soon as the user launches the program. Devices can also be infected through email links or malicious websites. Victims may not know they’re under attack until they find that their files are locked and a ransom demand is asking for money for the return of those files.

How does a ransomware attack work?

There are two primary types of ransomware: locker and crypto.

Locker ransomware locks victims from using important device functions like accessing a desktop or browsing the internet.

Crypto is the more common form of ransomware. It encrypts files and demands a ransom payment for their return.

In a crypto ransomware attack, a user’s device is infected with a malicious code which will select certain files and encrypt them using a unique algorithm. Victims will then receive a warning screen accusing them of breaking the law or simply informing them that they’re under attack. The cybercrooks will demand a ransom payment, usually in bitcoins. Then, a countdown timer begins, forecasting the files’ deletion if no payment is made.

What is bitcoin?

Bitcoin is a form of digital currency that allows you to pay for goods or services easily, remotely and anonymously. You can send bitcoins digitally using a mobile app or a computer.

This currency is stored in a digital wallet, which resides in the cloud or on your computer. It’s almost like a checking account, only it’s not insured by the FDIC nor is it subject to any regulations. Also, bitcoins aren’t tied to any country and have no credit card fees.

Each bitcoin transaction is available on a public log. However, only wallet IDs are revealed – the names of buyers and sellers are anonymous. This assured anonymity is the reason bitcoin payments have become the payment method of choice for cybercriminals.

To make a bitcoin payment, victims are usually instructed to download anonymous browsers for visiting a URL hosted on anonymous servers.

To pay or not to pay?

Should the victim of an attack pay the ransom for their files’ return? That is the million-dollar question!

While many are quick to give a blanket “no,” other experts say it may be worthwhile to pay the ransom.

Joseph Bonavolonta, the assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program, claims that the FBI often advises people to pay the ransom.

He explains that when more people pay the ransom, it keeps the ransoms low. He also believes that most scammers will keep their word and decrypt the victim’s files.

However, other FBI officials disagree with Mr. Bonavolonta’s remarks and urge victims not to pay ransoms. They say there is never a guarantee of the files’ return, and that agreeing to the cybercrooks’ demands encourages more attacks.

One thing everyone agrees on, though, is that victims should seek assistance from law enforcement agencies. When victims share the names of their attackers or the details of their attack, the law enforcement agents will be able to tell them whether they’ve seen this group attack before and whether the group tends to return encrypted files.

If your computer’s been infected and you decide to pay the ransom, you may be looking at a payment that falls anywhere between $200 and $10,000.

Before you pay, though, find out if there’s a decryption tool online. You may be able to find the keys to decrypt your files on your own.

If you decide not to pay the ransom, shut down your computer and disconnect from your network. Scan your computer with an anti-virus or anti-malware program and let it remove everything on your device.

Prevention

It’s always best to be proactive. Ward off strangers by strengthening your email’s spam filter. Also, don’t ever click on suspicious links or download mobile apps from unfamiliar application stores.

Make sure your operating system (OS) is protected with a strong firewall, spyware and sufficient, updated anti-virus software.

It’s equally important to back up your files on an external hard drive or on a USB every few weeks.

Despite your best efforts, you may be the victim of a ransomware attack. If the unthinkable happens, keep your cool, contact a law enforcement agency to get info about your attacker, and check for a decryption tool online. If you do decide to pay, make sure to take preventive measures against future attacks.

Your Turn: Have you been the victim of a ransomware attack? Share your experience with us in the comments!

SOURCES:
http://links.ismgcorp.com/dc/zw7oNi_TweRxxDXp2CfOI676ee7YeNA5vLpZhs7Qp1nFj4hUFQbjnMysWYK-R50E8_CM-mB1LJAZBwY9hTVltvqCj0VhFFbDvHChOElx17O-x_DgGFHYFeL0osgs-vdGLy4MbBnkVtaKUNAxkZWT3dZ-_QU4yWgF7U0GEFM29DI=/x0Z0040D0nI0pkX0xd3U2Ic  

 https://www.columnit.com/what-you-need-to-know-about-ransomware.html

Beware Of WannaCry Ransomware

On Friday, May 12, an unprecedented Trojan virus spread like wildfire through the 8480c-hackerinternet, creating enormous damage and loss.

The WannaCry ransomware attacked 57,000 computers in more than 150 countries in less than a day.

As its name implies, ransomware works by holding a victim’s data under “ransom.” The virus encrypts the files on an infected computer and holds those files hostage unless the victim pays a ransom, in which case the files are promised to be returned, unharmed.

The WannaCry virus demands a payment of $300 in exchange for decrypting infected files. If the victim doesn’t cough up the money within three days, though, the ransom doubles to $600. If a full week goes by without payment, WannaCry deletes all of the files and they are gone forever.

On Saturday, 22-year-old security researcher Marcus Hutchins became an instant hero when he registered a domain name within the virus’ code in an attempt to track its spread, unintentionally slowing its progress.

Unfortunately, though, Hutchins’s actions did not completely halt the virus. By Monday morning, more than 200,000 systems across the globe were reportedly infected. European countries were hit the hardest. Many large companies were forced to close their doors for several days, as were banks, hospitals and government agencies.

As of now, no one is sure who’s behind the virus. However, most experts believe a group known as “The Equation Group” is utilizing a code written by the National Security Agency to exploit flaws in Microsoft Windows and create the virus.

There is no fix for WannaCry, though cyber-security experts are hard at work trying to decrypt infected files. If your computer is infected, it’s best not to pay the ransom. Instead, restore backup files to your computer or seek help from a professional who specializes in restoring lost data. Paying the ransom doesn’t guarantee the return of your files, and it encourages attackers to infect your computer again.

As always, the best way to protect yourself is to be proactive. Here are 5 steps you can take to keep your computer safe from WannaCry and other ransomware:

1.) Create a backup of your files

If you haven’t already done so, invest in an external hard drive and get into the habit of making regular backups of your data. This will protect your files in case anything happens to your computer, saving you lots of time, money and stress.

You can also subscribe to a cloud backup service and regularly upload your most important data. There are multiple free cloud services you can use, such as Google Drive, Apple iCloud or Dropbox. All of them will store your valuable data (to a size limit) without charging you a penny.

2.) Patch your Windows with Microsoft’s fix

Upon discovering that WannaCry spread through a weakness in Microsoft Windows, the software giant released a fix for the vulnerability. Protect your computer from this virus and other ransomware by using the fix to strengthen your computer’s code.

3.) Update your operating system

While the discovered weakness in Windows now has an appropriate band-aid, no one knows if there are any other flaws that can be exploited for another virus. It’s important to update your OS to the most recent version, preferably to Windows 10, as soon as possible. The more updated your software, the less likely it is that it contains vulnerabilities that can be abused.

4.) Use a firewall

A strong firewall will prevent ransomware from accessing your computer and will guard your online activity. No program or malware will be able to enter your system without your full consent.

Since malware is always evolving, it’s important to update your firewall on a regular basis to ensure protection from the most recent viruses and malware. You can purchase your own firewall or utilize available security measures offered by Windows, being sure to check regularly for updated versions.

5.) Avoid suspicious websites and emails

It’s too easy for hackers to infect your computer. All they need is for you to click on a flashing banner ad on your favorite shopping site and – oops! Malware is installed and it now has access to your entire computer and all your files.

Alternatively, following a link on a random email can infect your computer and destroy all your data. When browsing and checking your emails, always be on guard. Never visit suspicious-looking sites or click on any ads that look shady. Don’t download anything you can’t explain, and never click on links found in emails from people or companies you’re not familiar with. A little bit of caution goes a long way toward protecting your computer.

No one knows when WannaCry will stop circulating the web, but it always pays to be careful. Once you’re infected, restoring your data can be stressful, time-consuming, and costly. Taking steps to protect yourself, though, is painless and simple. By implementing the ideas detailed above, you’ll help keep your computer safe from this and any other ransomwares looking to make a buck off your carelessness. Better to be smart and safe than sloppy and sorry!

Your Turn:What security measures do you take to protect your computer from viruses? Share your best tips with us in the comments!

SOURCES:

http://bgr.com/2017/05/15/wanna-cry-ransomware-virus-windows-wannacry-explainer/ 
http://money.cnn.com/2017/05/13/technology/ransomware-attack-protect-yourself/ 
https://www.google.com/amp/s/www.purevpn.com/blog/how-to-protect-from-ransomware/amp/ 
https://www.google.com/amp/www.bbc.co.uk/news/amp/39920141 
https://www.google.com/amp/amp.usatoday.com/story/101690214/  

Beware Of Fake Checks! Protect Yourself From The Latest Scam

Despite a rapidly changing economy and a constantly evolving banking system, personal checks don’t look all that iStock_000000199568XSmall checkdifferent from the way they looked 50 years ago. They represent a system of trust and goodwill. Recently, though, they’ve been used as the means for pulling off some nasty scams.

The National Credit Union Administration (NCUA) has recently cautioned consumers to be extra wary of an uptick in the circulation of fake check scams. The Federal Trade Commission (FTC) also recently issued an alert regarding a fake check scam.

There are several variations of the fake check scam, but they all end with the victim losing thousands of dollars.

The scam may be done under the pretext of a work-at-home job, an online sale or a sweepstakes that you’ve miraculously “won.” You’ll be asked to deposit a check or money order worth several thousands of dollars more than the amount you’re supposedly owed and then wire the difference to your contact. They’ll always have a story to explain why that process is necessary – such as they’re avoiding complicated overseas tax laws, an error on their part or they need you to cover fees. If they’ve “employed” you, they may claim that these checks are from their “clients” and need to be processed after you’ve deducted your portion.

Of course, these checks are completely phony. Unfortunately, it can take several weeks for a financial institution to recognize a fake check. By that time, you may have already sent the requested amount to the scammer, and by the time you realize the check was fraudulent, it’s too late to reclaim your money. Worse yet, you’ll be responsible to pay the fee for the bounced check. If you didn’t have sufficient funds to pay the amount you sent to the scammers and you were relying on their check to cover the amount, you’ll also need to reimburse the financial institution for that money.

If you think you’re too smart to fall for this scam, think again. Fake checks can be extremely hard to recognize, as they often bear the name and logo of legitimate financial institutions. In fact, the Council of Better Business Bureaus recently released list of the most risky scams, fake check scams rated number two.

Keep yourself safe by following these tips:

1.) Wait for clearance
It’s hard to tell if an online job is bogus until your first paycheck clears. Wait several weeks until you can verify that the funds from a deposited check are completely available before making any wire transfers with that money. Never use the funds from a deposited check from an unknown source until you are absolutely certain it has cleared.

2.) Ask questions
If an online sale or job sounds suspicious, don’t be afraid to be curious. Ask about the over-payment and the inflated checks. When you’re told a long, rambling tale about overseas charges and company errors, ask more questions. Demand a new check and some sound answers. If you don’t receive what you ask for, rip up the check and shut down any communication you might have had with them.

3.) Play hard to get
Scammers find your information by buying lists of potential victims from other scammers, randomly calling thousands of numbers and reviewing your online activity to see if you’re a good target. They’ll check if you click on enticing but unbelievable offers, and determine whether you’re looking for a job. They’ll check whether you open every email you receive and answer every phone call.

Stay one step ahead of their game by being as anonymous as possible. Make sure your number is on the FTC’s Do Not Call List. You can add your number to the list at donotcall.gov. Strengthen your spam filter and never answer emails that sound too incredible to be true. Be wary of answering calls from unknown numbers – just picking up the phone makes you a credible target.

Lastly, if you or someone you know has been victimized by a fake check scam, be sure to report the scam to your local law enforcement agency and to contact your state’s attorney general. It’s also important to file a complaint with the FTC, where it will be filed in a secure online database used to help international law enforcement agencies track down the criminals responsible for these reprehensible scams.

Remember: the best protection against scams is to be informed and to be aware. Always be on the alert for those low-down scammers who are trying to take advantage of your trust and goodwill.

Stay in the know, and stay safe!

Your Turn: Have you ever been targeted by a fake check scam or connected events to scam attempts ? Share your experience with us in the comments!

SOURCES:
https://www.ncua.gov/newsroom/Pages/news-2017-april-check-scams.aspx
https://www.consumer.ftc.gov/blog/dont-bank-check

http://www.fraud.org/fake_check_scams