fraud

5 Steps To Take After Being Hacked

/ destinationscreditunion / Leave a comment

Uh oh — you’ve been hacked! Finding out someone has cracked open your accounts and helped themselves to your information can be alarming, but there are ways to mitigate the damage while jump-starting your recovery process.

Here are five steps to take after being hacked.

Step 1: Assess the damage

First, take a step back and determine how much damage was done. Unfortunately, one hacked password can often be the gateway to multiple hacked accounts and even complete identity theft. This is especially true if you use the same password for several accounts, or use the hacked account or device for password recovery on other accounts. So, first things first: Review your credit card and account statements for any suspicious activity.  Also, try accessing your email, social media accounts and mobile devices to see if they’ve been hacked.

Step 2: Change your passwords

Once you know which accounts and devices have been hacked, change the passwords and PINs on these accounts. For an added measure of protection, it’s a good idea to change the passwords on all of your accounts that may hold sensitive information. Remember to choose strong, unique passwords for every account. A strong password uses a combination of letters, numbers and symbols; varies the use of capital letters; and does not use a piece of personal information that can easily be scraped off the internet, such as your date of birth or home address. You may want to use a password service like LastPass  or  StickyPassword to make this step easier.

While completing this step, consider signing up for two-factor authentication for any accounts that do not already have it in place.

Step 3: Protect your credit

Now that you’ve blocked the hacker(s) from your accounts, it’s time for damage control.

First, dispute any fraudulent charges on your compromised account(s). If necessary, have the account(s) locked, or even shut and/or deleted.

Next, place a fraud alert on your credit reports. This serves as a red flag to potential lenders and creditors, making it more difficult for the scammer to open up additional lines of credit or to take out a loan in your name.

Consider a credit freeze as well. This blocks potential lenders from accessing your credit report, making it impossible for the hacker to open new credit accounts in your name. (Note, you will need to lift the freeze for any legitimate credit you are applying for).

Step 4: Alert the authorities

You can alert the Federal Trade Commission (FTC) about a possible or confirmed identity theft at identitytheft.gov.  You’ll also find a detailed recovery plan on the site to help you repair your credit and reclaim your identity.

Hacking is usually done remotely, but it’s still a good idea to let your local law enforcement agencies know about the breach. This way, they can be on the alert if the hacker decides to assume your identity and use your credit cards in stores near your hometown.

Also, if you haven’t already done so, don’t forget to let Destinations Credit Union know what’s happened! Whether it’s a credit card that’s been stolen, a checking account that’s been breached or a social media account that’s been broken into, we’ll do all we can to protect your accounts. If you’ve been hacked, give us a call at 410-663-2500 to see how we can help.

Take additional precautions with your Destinations Credit Union credit and debit cards by using card controls in our mobile app. You can set up an alert to get a message each time your card is used. You can also temporarily or permanently lock your card from the mobile app.

Step 5: Proceed with caution

Once you’ve taken all necessary steps toward damage control and mitigation, you can start thinking about the future.

It’s important to keep a close eye on your accounts for the next month. Look out for any suspicious activity on all accounts, including charges you don’t recall making, large withdrawals of cash and even new loans being opened in your name. If you find any fraudulent activity, be sure to let the account holders know and to follow the steps suggested above.

If you’ve opted to go with a credit freeze, it will generally lapse after 90 days. If your accounts are determined to be safe, consider opening new lines of credit now to jump-start the recovery of your credit health.

If the hacker went all out and stole your identity, it’s best to follow the recovery plan outlined by the FTC . This plan may include replacing your Social Security number, driver’s license and more.

Getting hacked is never fun, but taking immediate and decisive action can help mitigate the damage, as well as speed up the recovery process.

Your Turn: How have you dealt with your accounts being hacked? Tell us about it in the comments.

Sources:
https://www.allthingssecured.com/identity-protection/what-to-do-when-youve-been-hacked-step-by-step-guide/
https://digitalguardian.com/blog/data-breach-experts-share-most-important-next-step-you-should-take-after-data-breach-2014-2015

Beware Of Banking Scams

/ destinationscreditunion / Leave a comment

Scammers never take a break. They’re always dreaming up ways to con you out of yourImage of man using computer money. Recently, there’s been a significant uptick in scams involving checking accounts at many financial institutions.

In these scams, criminals will utilize social media to connect with the victim.

They usually pose as representatives of a bank or credit union and milk the victim for sensitive information, like account numbers and passwords. Since the scammers are using the credit union’s social media accounts, the victims often won’t hesitate to share this information. When the scammers have what they need, they will proceed to empty the victim’s accounts and then disappear.

Often, when the scammers receive a response from the victim on social media, they will redirect the victim to what appears to be the financial institution’s website. The victim, thinking they are on the site they frequently use, will quickly input their username and ID, which the scammers will then use to empty their accounts or open credit cards in the victim’s name.

Sometimes, the scammers will impersonate helpful member representatives who are seemingly looking to answer your questions. You’re used to our representatives being helpful and always on call to assist you, so you won’t see anything strange with the scenario.

Other times, the scammer may claim your account has been compromised and you need to immediately update your information. They’ll be oh-so-helpful with this step. Until you share your information with them, that is.

Still other times, scammers will pose as representatives of a sweepstakes or some other contest that you’ve “won.” All you need to do is share your account information and your passwords to be made into an instant millionaire! Except that, of course, you won’t.

Don’t be the next victim! Be aware and be alert. Here’s what you need to know about this scam:

1.) Check URLs

Scammers are becoming increasingly more suave at posing as companies their victims are familiar with. You can check a site’s authenticity by double-checking the URL on the web address. Make sure it matches Destinations Credit Union’s site exactly. You can also check a site’s security by looking for the “S” after the “http” on the web address.

2.) Be suspicious

Awareness can be your best protection. It’s easy for a scammer to pose as a member representative on social media, but if you’re on guard, you’ll spot these fakers. Is a representative claiming there are problems with your account when everything seems to be in order? Are they asking you to share sensitive information through insecure channels? Is someone promising you’ve won a contest you’ve never entered? If things don’t add up, it’s best to opt out.

3.) Reach out to your credit union

It may be difficult to determine whether the people you’re talking to are the real thing. If you think you’re dealing with Destinations Credit Union but things suddenly start looking fishy, there’s a simple solution. Hang up or log out of whatever medium you’re engaged in and call Destinations Credit Union yourself. You can always reach out to us at 410-663-2500. This way, you’ll know you’ve really reached us and you’re not being scammed. Be sure to call this number and never use another number suggested by a suspicious-acting “member representative.”

4.) In case of fraud, take action

If you suspect you’ve been taken for a ride, let us know as soon as possible. The sooner you catch a scam, the better off you’ll be. We’ll also be able to alert our other members and work on catching the crooks who’ve conned you.

It’s also a good idea to let the Federal Trade Commission (FTC) know about the scam. The more information you share, the easier it will be for the feds to nail those scumbags. Contact the FTC at FTC.gov.

5.) Protect yourself

It’s a good idea to practice basic safety and protective measures with your accounts.

Here’s how:

  1. Safeguard account details: Never share account information without being certain about who you are talking to.
  2. Use good password hygiene: Use complex passwords and change them often. Be sure to use different passwords for each of your accounts.
  3. Choose extra protection: Opt in for two-factor identification when logging into your accounts. That’s an extra level of protection for you and another hurdle for scammers to scale.
  4. Set up alerts: Choose to receive an email or a text message when transactions on your account exceed your typical level of spending.
  5. Monitor your accounts: It’s a good idea to check your accounts on a regular basis, and with our mobile app, this is now easier than ever. In most cases, you will be responsible for fraudulent charges on your account if you report them more than 60 days after your monthly statement is delivered.

SOURCES:
https://www.google.com/amp/amp.timeinc.net/fortune/2016/11/11/social-media-cyber-scam 
https://money.usnews.com/money/blogs/my-money/2015/01/23/5-scams-that-target-your-bank-account 
https://www.cnbc.com/2017/05/12/this-growing-fraud-will-drain-your-bank-account.html 
https://www.infosecurity-magazine.com/news/social-media-phishing-attacks-soar/ 
https://www.advantiscu.org/fraud-prevention/beware-of-phishing-scams-in-social-media.html

The Story Behind the Sonic Breach

/ destinationscreditunion / Leave a comment

It’s been a rough go of things when it comes to the security of debit and credit card as sonicwell as personal information. The massive Equifax breach has already left many Americans feeling unprotected and insecure while Yahoo experienced yet another breach soon afterward. To top it all off, the popular burger chain Sonic Drive-in announced in late September that its payment portals had been compromised.

Experts estimate that information for millions of cards was hacked from the nearly 3,600 Sonic locations across 45 states. The card numbers and details are now up for sale on the darknet.

Here’s what you need to know about the latest in a long line of nationwide security breaches:

What happened?

The breach became a reality when Sonic’s card processing company reported “unusual activity” on a large number of cards that had been recently used at Sonic. Further investigation uncovered a tremendous data breach with the potential to affect millions of consumers.

Sonic utilizes a single point-of-sale system that is deployed at the majority of its locations. Using sophisticated malware, hackers were able to access the system. The malware copied the information on every card that was swiped in the payment terminal, and then sent it back to the hackers.

The hackers then put this information up for sale online, where buyers can use the card details to rack up huge bills, empty accounts or even steal victims’ identities.

While Sonic was quick to share this basic information with the public, it can be months before more details are known and shared with concerned customers.

This breach is similar to the one that hit Wendy’s last year, lasting nine months and affecting 300 restaurants. It took that long to determine the issue and resolve it because many of Wendy’s locations are franchises. Approximately 90% of Sonic’s joints are franchises as well, thus adding to the delay.

Who was affected?

Anyone who’s used a debit or credit card at any of Sonic’s locations during the last year may have been a victim in the breach. It is still unclear exactly how many customers were affected by the breach, though it is estimated that there may be as many as five million victims in this malware attack.

While most cards with compromised info were linked to activity at one of Sonic’s locations, it is possible that other companies’ security systems were also breached.

How did Sonic react to the attack?

Sonic has announced that it will offer all customers 24 months of complimentary fraud protection through Experian’s IdentityWorks program.

Sonic was also quick to hire third-party forensic experts to help investigate the attack and identify the hackers. They have also promised to research ways for improving their current system to better protect customers in the future.

How can you protect yourself from this and all future data breaches?

1.)   Find out if you were affected: If you’re a regular, or even an occasional, Sonic customer, find out if you were affected by the breach. Review your recent account information on all your cards. If you spot suspicious activity, alert your card issuer and place a freeze on your account. You can also place a fraud alert with the credit bureaus. This will warn creditors that you’ve recently been targeted in a hack, alerting them to verify that anyone seeking credit in your name is actually you. Lastly, accept Sonic’s offer of two years of free fraud protection.

2.)   Use fraud protection: Even if you haven’t been affected by this breach, it’s a good idea to sign up for fraud protection. These services don’t usually come free, although, in light of its recent data breach, Equifax is now offering a full year of protection with their TrustedID program, free of charge. Fraud protection services will ease the stress of monitoring your credit for fraudulent activity and unusual behavior.

3.)   Monitor your accounts: It’s always wise to keep a sharp eye on your money – and that means more than just checking that your wallet is safe. Review all checking account activity several times a week to determine whether your account information or debit card has been hacked or stolen. Also, never throw away a credit card statement without carefully reviewing it to be sure every transaction belongs to you. Additionally, it’s wise to shred such paperwork rather than throwing it in the trash. Finally, request a credit report from the three major credit reporting agencies once a year to see if anyone is using your name to rack up a huge bill or take out a generous loan.

4.)   Set up alerts: You can receive notice about suspicious activity almost as soon as they happen by signing up for alerts. Place a maximum transaction amount on your credit and debit card so a thief won’t get away with a huge purchase. You can also limit your transactions to a specific area or region of the country so long-distance hacking won’t work.

Your Turn: How do you protect yourself from data breaches? Share your best tips with us in the comments!

SOURCES:
https://thepointsguy.com/2017/09/credit-card-security-breach-sonic/ 
https://www.google.com/amp/s/amp.usatoday.com/story/708850001/  https://www.google.com/amp/s/www.cnbc.com/amp/2017/10/04/sonic-shares-dip-on-news-of-payment-breach.html 
https://www.google.com/amp/s/amp.businessinsider.com/report-sonic-security-breach-could-affect-millions-2017-9

Equifax Breach: What Happened And How Can You Protect Yourself?

/ destinationscreditunion / Leave a comment

On September 8, 2017, Equifax, one of the major credit reporting agencies, announced a 8480c-hackerbreach from mid-May through July 2017.  During this period, hackers accessed people’s names, social security numbers, birth dates, addresses, drivers license numbers, and credit card numbers.

Equifax has set up a Web site — https://www.equifaxsecurity2017.com — that anyone concerned can visit to see if they may be impacted by the breach. The site also lets consumers enroll in TrustedID Premier, a 3-bureau credit monitoring service (Equifax, Experian and Trans Union) which also is operated by Equifax.

According to Equifax, when you begin, you will be asked to provide your last name and the last six digits of your Social Security number. Based on that information, you will receive a message indicating whether your personal information may have been impacted by this incident. Regardless of whether your information may have been impacted, the company says it will provide everyone the option to enroll in TrustedID Premier. The offer ends Nov. 21, 2017.

In addition, you should closely monitor your accounts with financial institutions.  At Destinations, you can set up a “code” word that you will be asked whenever you call in to perform a transaction.  To do that, log into your Online Banking and go to “Info Center” –> “Personal Information” and click the Edit button.  This will allow you to add a code word.  As an additional security measure, you will receive a message in the e-mail you have on record with Destinations to notify you that personal information has been changed.

As always, you should get your free credit reports from all three credit bureaus at least annually.  You can get them all at once or request each at different times of the year.  To get your free credit reports, go to annualcreditreport.com to get yours.

Beware Of Phishing Scams!

/ destinationscreditunion / Leave a comment

Scammers never take a break! Just when you think they’ve run out of steam, another *scam surfaces in which fraudsters try to quietly take both your money and information.

The Federal Trade Commission (FTC) has warned of a recent upsurge in phishing scams involving credit unions. With just a bit of online digging, scammers lure victims into forking over thousands of dollars or divulging confidential information.

Like all phishing scams, the scammer contacts the victim, posing as a legitimate business or service provider that the victim is familiar with. In this case, the scammers claim to be a representative of your credit union.

The fraudsters use social engineering to trap their victims. This means they take advantage of social norms to inspire trust and manipulate people into clicking on their links or answering their emails. It’s almost impulsive for people to download attachments that look like they’re from friends or a familiar business.

The scammers most commonly reach out via email, but they may also use mediums like phone calls, text messages or social media sites. They convince the victims of their legitimacy by providing some personal details about the victim – which they easily pull off the internet.

Victims are lured into providing information with the promise of compensation for a survey or by claiming the victim needs to verify or update an account. Once the scammer has the information, they can empty the victim’s accounts, track their online activity and/or steal their identity.

Alternately, the scammer may lead a victim to click on links that are embedded with spyware. The links lead to a website that may look just like the credit union’s site, but is actually bogus. In such instances, the victim is probably certain they’re browsing their credit union’s website, and won’t hesitate to share information or input usernames and passwords.

The biggest clue that these transactions are scams is their means of communication. Your credit union will never ask for sensitive information through insecure channels. We also won’t ask you to verify your account number – we already have that information!

Despite this red flag, hundreds of people are falling prey to phishing scams. Don’t be the next victim! Here are four tips to help you protect yourself from phishing scams:

1.) Ignore suspicious emails

When online, be on guard. If you receive an email from an unidentifiable source, ignore it. Don’t reply to the email, click on any embedded links or open attachments. If you suspect an email is from a scammer, delete it and add the domain and email address to your spam filter to prevent a recurrence.

Similarly, never “friend” or otherwise accept communications from a stranger via social media. Facebook and Snapchat are for real buddies only!

As a general rule, it’s best not to share any personal information over the internet. If you do need to provide financial information over the web for completing a transaction, only use a secured site. You can verify a site’s security by looking for a lock icon on the browser’s status bar or by finding a URL that begins with “https.” The “s” signifies that this is a secure site. Remember, though, that these indicators are not foolproof in any way. Even a secure site can be hacked.

2.) Alert Destinations Credit Union

The best way to stop scammers in their tracks is to report every attempt they make. If you have reason to believe you’ve been contacted by a scammer impersonating [credit union], let us know! Send us an email with all the details of the scam attempt so we can catch those crooks. It’s best to forward the exact email you received. If you’ve already deleted the email, report the date, time of day and all other details you can recall. The more we have to work with, the easier our hunt will be.

3.) Report all suspicious activity

While we will do all we can to stop these phishing scams, we can use all the help we can get. That’s why it’s important to file your complaint at www.ftc.gov. You can also visit the FTC’s Identity Theft website at www.consumer.gov/idtheft to learn how to minimize the fallout of a possible identity theft.

4.) Strengthen your computer’s protection

It’s always a good idea to beef up your computer’s border control. Equipping yourself with sufficient antivirus software will protect it from accepting these emails in the first place. If your software doesn’t update automatically, be sure to update it manually on a frequent basis so it will recognize and reject the most current viruses and scams.

A strong firewall will prevent scams and viruses by making you invisible on the internet and blocking all communication from foreign, unauthorized sources. It’s especially prudent to run a firewall if you use a broadband connection.

If you’re a genuine social media junkie, be sure to make your settings as private as possible. Don’t lay out your life for just anyone to see. Having another few hundred “friends” or “likes” is not worth the risk of a stolen identity!

Finally, as mentioned above, all suspicious email addresses should be added to your email’s blacklist as quickly as possible. Remember: Your spam filter is only as strong as you allow it to be.

With precaution, alertness and the proper steps toward prevention, you can keep yourself safe from phishing scams!

Your Turn: Have you ever reported suspicious emails or other messages? What made you flag it as a scam? Share your experience with us in the comments!

SOURCES:
https://www.navyfederal.org/security/phishing-scams.php 
https://www.mycreditunion.gov/protect/fraud/pages/default.aspx 
https://insightcreditunion.com/tools/fraud_prevention/how_not_to_get_hooked_by_a_phishing_scam.aspx 
https://www.mccoyfcu.org/security-center/fraud-and-scams.html 

All You Need to Know About Ransomware

/ destinationscreditunion / Leave a comment

This past year has seen some of the worst cyberattacks in history. From the WannaCryransomware attack in May to the Petya attack in June, thousands of people have lost thousands of dollars and valuable data to criminals using ransomware.

Ransomware has been tagged as an “epidemic” by major security companies. Like a virus that keeps evolving, new strains of ransomware are constantly emerging, many of them using new and original techniques that haven’t been tried before.

You probably already know the intended goal of ransomware is to kidnap a victim’s data and demand payment for safe return. Educating yourself about the workings of ransomware will help you remain alert, aware, and keep your money and data safe.

Here’s all you need to know about ransomware:

What is ransomware?

Ransomware is a subset of malware. However, instead of trying to steal user credentials and interrupt key processes like most forms of malware, it tries isolating a victim’s data and then demanding payment for the data’s release.

Ransomware is often embedded inside harmless-looking software and applications. It activates as soon as the user launches the program. Devices can also be infected through email links or malicious websites. Victims may not know they’re under attack until they find that their files are locked and a ransom demand is asking for money for the return of those files.

How does a ransomware attack work?

There are two primary types of ransomware: locker and crypto.

Locker ransomware locks victims from using important device functions like accessing a desktop or browsing the internet.

Crypto is the more common form of ransomware. It encrypts files and demands a ransom payment for their return.

In a crypto ransomware attack, a user’s device is infected with a malicious code which will select certain files and encrypt them using a unique algorithm. Victims will then receive a warning screen accusing them of breaking the law or simply informing them that they’re under attack. The cybercrooks will demand a ransom payment, usually in bitcoins. Then, a countdown timer begins, forecasting the files’ deletion if no payment is made.

What is bitcoin?

Bitcoin is a form of digital currency that allows you to pay for goods or services easily, remotely and anonymously. You can send bitcoins digitally using a mobile app or a computer.

This currency is stored in a digital wallet, which resides in the cloud or on your computer. It’s almost like a checking account, only it’s not insured by the FDIC nor is it subject to any regulations. Also, bitcoins aren’t tied to any country and have no credit card fees.

Each bitcoin transaction is available on a public log. However, only wallet IDs are revealed – the names of buyers and sellers are anonymous. This assured anonymity is the reason bitcoin payments have become the payment method of choice for cybercriminals.

To make a bitcoin payment, victims are usually instructed to download anonymous browsers for visiting a URL hosted on anonymous servers.

To pay or not to pay?

Should the victim of an attack pay the ransom for their files’ return? That is the million-dollar question!

While many are quick to give a blanket “no,” other experts say it may be worthwhile to pay the ransom.

Joseph Bonavolonta, the assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program, claims that the FBI often advises people to pay the ransom.

He explains that when more people pay the ransom, it keeps the ransoms low. He also believes that most scammers will keep their word and decrypt the victim’s files.

However, other FBI officials disagree with Mr. Bonavolonta’s remarks and urge victims not to pay ransoms. They say there is never a guarantee of the files’ return, and that agreeing to the cybercrooks’ demands encourages more attacks.

One thing everyone agrees on, though, is that victims should seek assistance from law enforcement agencies. When victims share the names of their attackers or the details of their attack, the law enforcement agents will be able to tell them whether they’ve seen this group attack before and whether the group tends to return encrypted files.

If your computer’s been infected and you decide to pay the ransom, you may be looking at a payment that falls anywhere between $200 and $10,000.

Before you pay, though, find out if there’s a decryption tool online. You may be able to find the keys to decrypt your files on your own.

If you decide not to pay the ransom, shut down your computer and disconnect from your network. Scan your computer with an anti-virus or anti-malware program and let it remove everything on your device.

Prevention

It’s always best to be proactive. Ward off strangers by strengthening your email’s spam filter. Also, don’t ever click on suspicious links or download mobile apps from unfamiliar application stores.

Make sure your operating system (OS) is protected with a strong firewall, spyware and sufficient, updated anti-virus software.

It’s equally important to back up your files on an external hard drive or on a USB every few weeks.

Despite your best efforts, you may be the victim of a ransomware attack. If the unthinkable happens, keep your cool, contact a law enforcement agency to get info about your attacker, and check for a decryption tool online. If you do decide to pay, make sure to take preventive measures against future attacks.

Your Turn: Have you been the victim of a ransomware attack? Share your experience with us in the comments!

SOURCES:
http://links.ismgcorp.com/dc/zw7oNi_TweRxxDXp2CfOI676ee7YeNA5vLpZhs7Qp1nFj4hUFQbjnMysWYK-R50E8_CM-mB1LJAZBwY9hTVltvqCj0VhFFbDvHChOElx17O-x_DgGFHYFeL0osgs-vdGLy4MbBnkVtaKUNAxkZWT3dZ-_QU4yWgF7U0GEFM29DI=/x0Z0040D0nI0pkX0xd3U2Ic  
 https://www.columnit.com/what-you-need-to-know-about-ransomware.html

Beware Of WannaCry Ransomware

/ destinationscreditunion / Leave a comment

On Friday, May 12, an unprecedented Trojan virus spread like wildfire through the 8480c-hackerinternet, creating enormous damage and loss.

The WannaCry ransomware attacked 57,000 computers in more than 150 countries in less than a day.

As its name implies, ransomware works by holding a victim’s data under “ransom.” The virus encrypts the files on an infected computer and holds those files hostage unless the victim pays a ransom, in which case the files are promised to be returned, unharmed.

The WannaCry virus demands a payment of $300 in exchange for decrypting infected files. If the victim doesn’t cough up the money within three days, though, the ransom doubles to $600. If a full week goes by without payment, WannaCry deletes all of the files and they are gone forever.

On Saturday, 22-year-old security researcher Marcus Hutchins became an instant hero when he registered a domain name within the virus’ code in an attempt to track its spread, unintentionally slowing its progress.

Unfortunately, though, Hutchins’s actions did not completely halt the virus. By Monday morning, more than 200,000 systems across the globe were reportedly infected. European countries were hit the hardest. Many large companies were forced to close their doors for several days, as were banks, hospitals and government agencies.

As of now, no one is sure who’s behind the virus. However, most experts believe a group known as “The Equation Group” is utilizing a code written by the National Security Agency to exploit flaws in Microsoft Windows and create the virus.

There is no fix for WannaCry, though cyber-security experts are hard at work trying to decrypt infected files. If your computer is infected, it’s best not to pay the ransom. Instead, restore backup files to your computer or seek help from a professional who specializes in restoring lost data. Paying the ransom doesn’t guarantee the return of your files, and it encourages attackers to infect your computer again.

As always, the best way to protect yourself is to be proactive. Here are 5 steps you can take to keep your computer safe from WannaCry and other ransomware:

1.) Create a backup of your files

If you haven’t already done so, invest in an external hard drive and get into the habit of making regular backups of your data. This will protect your files in case anything happens to your computer, saving you lots of time, money and stress.

You can also subscribe to a cloud backup service and regularly upload your most important data. There are multiple free cloud services you can use, such as Google Drive, Apple iCloud or Dropbox. All of them will store your valuable data (to a size limit) without charging you a penny.

2.) Patch your Windows with Microsoft’s fix

Upon discovering that WannaCry spread through a weakness in Microsoft Windows, the software giant released a fix for the vulnerability. Protect your computer from this virus and other ransomware by using the fix to strengthen your computer’s code.

3.) Update your operating system

While the discovered weakness in Windows now has an appropriate band-aid, no one knows if there are any other flaws that can be exploited for another virus. It’s important to update your OS to the most recent version, preferably to Windows 10, as soon as possible. The more updated your software, the less likely it is that it contains vulnerabilities that can be abused.

4.) Use a firewall

A strong firewall will prevent ransomware from accessing your computer and will guard your online activity. No program or malware will be able to enter your system without your full consent.

Since malware is always evolving, it’s important to update your firewall on a regular basis to ensure protection from the most recent viruses and malware. You can purchase your own firewall or utilize available security measures offered by Windows, being sure to check regularly for updated versions.

5.) Avoid suspicious websites and emails

It’s too easy for hackers to infect your computer. All they need is for you to click on a flashing banner ad on your favorite shopping site and – oops! Malware is installed and it now has access to your entire computer and all your files.

Alternatively, following a link on a random email can infect your computer and destroy all your data. When browsing and checking your emails, always be on guard. Never visit suspicious-looking sites or click on any ads that look shady. Don’t download anything you can’t explain, and never click on links found in emails from people or companies you’re not familiar with. A little bit of caution goes a long way toward protecting your computer.

No one knows when WannaCry will stop circulating the web, but it always pays to be careful. Once you’re infected, restoring your data can be stressful, time-consuming, and costly. Taking steps to protect yourself, though, is painless and simple. By implementing the ideas detailed above, you’ll help keep your computer safe from this and any other ransomwares looking to make a buck off your carelessness. Better to be smart and safe than sloppy and sorry!

Your Turn:What security measures do you take to protect your computer from viruses? Share your best tips with us in the comments!

SOURCES:

http://bgr.com/2017/05/15/wanna-cry-ransomware-virus-windows-wannacry-explainer/ 
http://money.cnn.com/2017/05/13/technology/ransomware-attack-protect-yourself/ 
https://www.google.com/amp/s/www.purevpn.com/blog/how-to-protect-from-ransomware/amp/ 
https://www.google.com/amp/www.bbc.co.uk/news/amp/39920141 
https://www.google.com/amp/amp.usatoday.com/story/101690214/  

Beware Of Inheritance Scams!

/ destinationscreditunion / Leave a comment


Who doesn’t dream of becoming an instant millionaire? You might even have some detailed plans for how you’d spend an unexpected windfall if it were to happen. Imagine if a distant relative who’d been rolling in the stuff suddenly passed on and left you as their sole heir. Your dreams could now become a reality! Wouldn’t you do anything to make that happen?
That’s what some underhanded scammers are counting on. Inheritance fraud has been around for a while, but scammers have recently made their ploy even more convincing.
If you’ve been targeted, you’ll receive a long-winded email from a foreign “lawyer” or “bank official” claiming that a long-distant relative of yours has just died intestate, making you the sole heir. You’ll be warned that immediate action is necessary to stop the government from seizing the money.
The letter will then go on to state that your inheritance is difficult to access due to government and bank restrictions, and that you’ll need to pay various fees as well as provide personal details for claiming it .
To make the email appear authentic, it will include identifying documents of the lawyer or bank official, such as a passport, along with legal documents, such as a power of attorney letter for you to sign. The scammer will also provide an overseas address for the bank in which the money is now being held. Recently, scammers have upped their game by using a local address for this step.
Unfortunately, there is no inheritance and the person contacting you is definitely not a lawyer or a bank official. If you respond to the fraudsters, they’ll start charging you various fees, which will gradually increase in size. They’ll remind you that this money will be small change for you once you receive the inheritance. They’ll also claim that all fees must be paid upfront before the inheritance money can be accessed.
Next, the scammers will ask you for your checking account information so they can finally transfer the millions of dollars that are supposedly coming to you. By this time, you may have already lost thousands of dollars to them. If you continue falling for their tricks and provide them with this information, you’ll open yourself to even more loss or identity theft. Of course, once they have this information, you’ll never hear from them again and all you’ll have left from the experience will be a massive loss.
Be on the lookout for these warning signs and protect yourself from becoming the next victim of inheritance fraud:
1.) The initial email
The email itself is your first clue that something is off. First, a bank official or a lawyer will never contact you via email over a matter of this magnitude. Second, if you take a close look at the wording, you’ll find many typos and grammatical errors. Third, if you’re asked to contact an email address using a public domain such as @yahoo.com or @gmail.com, that’s another alert. Banks and reputable law firms will use their own domains for security purposes.
2.) Personal documents
Is the “lawyer” overly eager to share their personal documents? Is the “bank official” willing to show you account statements from their institution? This is a huge red alert. Nobody, especially a bank official or lawyer, would ever share personal documents with a stranger. Surely they would not do so online or by email.
Never send money, give credit card information or copies of your personal documents to someone you don’t know, and especially not over the internet.
3.) Bogus bank
The scammer will always share the name and address of the bank where your supposed inheritance is being kept. You can do a quick Google search on the address provided to check its legitimacy. It will usually turn out to be a bogus address, or at least not an address at which a reputable financial institution exists.
Recently, a scam has been circulating in which the “Royal Bank” of Pittsburgh, Pennsylvania is the bank of choice. The address and bank do officially exist, but a bit of digging will reveal that the Better Business Bureau has rated this institution with an “F” because of its business practices.
4.) Overseas wire transfer
Never agree to an overseas payment with a stranger via money order, wire transfer, pre-paid debit card or electronic currency. Once these transactions have been made, it is nearly impossible to recover the funds.
Have you been scammed? If you suspect you’ve fallen victim, remember to contact Destinations Credit Union and your credit card companies immediately to minimize the damage. Also, be aware that you are now a likely target of other fraud, because fraudsters commonly share details of their victims.
Your Turn: How do you protect yourself from online and email fraud? Share your best tips with us in the comments!
SOURCES:
http://www.actionfraud.police.uk/protect-yourself/inheritance-fraud
https://scambuster.co.za/scams/nigerian-inheritance-scams-continue-unabated.html
http://www.bbb.org/pittsburgh/news-events/news-releases/2017/02/bbb-warns-of-local-advance-fee-inheritance-scam/
https://www.scamwatch.gov.au/types-of-scams/unexpected-money/inheritance-scams


Stay Safe From These AirBNB Scams

/ destinationscreditunion / Leave a comment


Going on vacation should mean more than waking up in a different bed. It should also mean getting to see and know a place more like a local does. That’s part of the appeal behind room-sharing sites like the incredibly popular AirBNB. AirBNB lets anyone with a spare room become a host. As a guest, you can stay with a local and get a real sense of what a location is all about. Also, you can save quite a bit of money! 

However, the system is based on trust. Any time there’s trust, there’s some opportunistic crook waiting to make a quick buck by exploiting it. That’s certainly been the case with AirBNB. The Australian Better Business Bureau reported a six-fold increase in scams related to the room-sharing service in 2016. The service recently expanded its offerings, allowing users to book independently-run guided tours or experiences in addition to rooms, and this expansion has been part of the drive behind the increase. Before you book at AirBNB, make sure you keep yourself safe from these scams!
 

1.) Fake websites
An AirBNB host you were interested in sends you an email to check out a few other properties they have for rent. These properties come complete with reviews, official logos and other hallmarks of authenticity. There’s even a live chat service reassuring you that everything’s official and on the level. So, you think nothing of wiring a fee to reserve your room.
Everything’s fine until you go to confirm your reservation with AirBNB. They have no record of your transaction and don’t even have the properties listed. What happened?
A scammer capitalized on your trust by directing you to a fake booking website that’s not hosted by AirBNB. These groups go to extreme lengths to create accurate reproductions of the official site and have even fooled several veteran AirBNB users.
There are two ways to avoid this tactic. First, always check the URLs of sites you visit. Make sure you’re visiting a site where the word AirBNB occurs right next to the .com. If there are words between the two, you may be visiting a phony site! Second, only pay through AirBNB’s official checkout platform. They use modern encryption technology to keep your financial information safe. It’s a whole lot more secure than paying outside the system.
2.) Phony excursions
A new feature of AirBNB is the ability to book “experiences,” or days out on the town with locals. The site claims to be encouraging entrepreneurs by bringing in new clients for small businesses. For example, one Los Angeles resident offers pottery classes and guided meditation retreats for visitors. Another Sydney, Australia AirBNB user offers yoga retreats for guests.
While the expanded line of services is likely a boon to many small business owners, it also creates a new opportunity for scammers. Instead of needing a real property to hook potential victims, scammers can offer phony tours. While the company vets the potential tours carefully, it’s difficult for one company to monitor a distributed network of service providers.
Experiences are a behind-the-scenes look at a city and may appeal to many visitors. However, it’s always worth proceeding with caution. This service is new and experimental. Always check reviews (on a legitimate AirBNB site) before agreeing to pay for anything!
3.) External payment
AirBNB charges a 3% commission on all bookings done through the website. This may encourage some enterprising landlords to offer a discount in exchange for direct payment through a third-party processing site. Travelers on a tight budget might be tempted to save a few bucks this way. Those travelers would be shocked to find themselves out of luck when they get to their destination.
Resist the temptation. Payments outside the website don’t have any conflict resolution procedures, so there’s no guarantee you’ll have a room at all if you use one. AirBNB earns its 3% by mediating disputes between renters and hosts, so there’s a good reason to use the website’s services.
Also, no legitimate business will ask you to wire funds directly to their account. Given the prevalence of services like Square and PayPal, even the smallest business has the capacity to accept credit or debit cards. When you use a card, you have some recourse if your transaction goes wrong for some reason. After you wire money, it’s gone. Always insist on using a secured form of payment. If your host won’t go along, just walk away.
Your Turn: Have you ever used AirBNB or a similar service? What was your experience like? Share safety and savings tips with us in the comments!
SOURCES:

http://mashable.com/2016/12/05/accc-airbnb-sharing-economy-scams/#5bMn1jVfVOqM
http://www.huffingtonpost.com/entry/beware-this-evil-genius-airbnb-scam_us_56a7bc08e4b0172c65944c92
https://www.theguardian.com/money/2016/jun/04/travellers-fake-airbnb-scam
https://www.theguardian.com/travel/2016/dec/04/airbnb-new-experiences-events

ATM Fraud On The Rise: Staying Safe While Getting Cash

/ destinationscreditunion / Leave a comment


Scammers seem like they’re in every part of the economy. If you make a purchase online, scammers are trying to get your credit or debit card number. If you check your email, scammers are trying to get you to download spyware. You might think you’re safe conducting all your business in cash, but scammers are waiting in one location you can’t get around: the ATM.
ATM fraud has long been a concern, but new advances in technology means consumers need to be more aware. Reports of ATM fraud saw a 5-fold increase between 2015 and 2016. In addition, industry experts report that nearly $2 billion is lost each year due to ATM skimming.
Through a variety of tactics, scammers are increasingly going after ATM-using consumers. Their targets are usually PINs, card numbers and account details. Watch out if you see any of the following at your ATM.
1.) ATMs in weird locations
The convenience of cash comes in handy in many situations. If you’re out at a bar, being able to pay for a round in cash is quick and easy. At a restaurant, leaving a tip in cash can make a server’s night much easier. Exchanging money between friends is a pain with credit or debit cards, but a breeze with cash. It can be tempting to use whatever ATM is handy when the need arises.
That temptation comes with some risks, though. ATMs in financial institutions are regularly monitored and maintained, not to mention covered by security cameras. A cash machine in a dimly lit corner of a bar, on the other hand, may not get that same kind of attention. Most of these machines are privately owned and the operators assume very little liability for their safety.
Whenever possible, use ATMs in secure locations, like financial institutions. They’re safer, better maintained and more reliable. If you must, choose ATMs in highly visible and public areas to minimize your chances of encountering a tampered machine. Only use machines inside private businesses as a last resort.
2.) Recent work
Two very common modifications are used in many ATM scam efforts. The first is a duplicate keypad on top of the existing one. This keypad relays PIN information to a third party, enabling fraud at a later time. The second is a phony card reader. This reader processes your card information, then sends it somewhere other than the machine you’re using. These scams have become both more common and harder to detect as 3D printing technology has improved and become more accessible. Molded plastic devices that fit like the original parts can be manufactured and purchased over the internet for a few hundred dollars.
There are a few telltale signs that you can use to tell the difference. First, keypads tend to wear over time. If a very old machine has bright, shiny keys, that’s a sign that something’s been modified. The same is true of card readers. Over time, from handling and use, card readers will develop scuffs and scratches. New-looking card readers should also be a red flag. Second, even the best molded plastic device will fit imperfectly. Scammers have to install devices in a hurry to avoid detection, so they may resort to quick fixes like electrical tape or plastic glue. Both of these will leave small signs of modification.
It’s better to be safe than sorry. If you have any suspicion that an ATM has been modified, don’t use it and report your suspicion to the machine owner if possible. Exposing yourself to fraud is a lot worse than the inconvenience of finding another machine.
3.) Nearby strangers
Rather than use a lot of high-tech machinery, some scammers rely on their own senses to rip you off. Getting in line behind you, the scammer will attempt to watch you enter your PIN. If successful, either the scammer or an accomplice will mark you for pickpocketing and then use your ATM card to clean out your account.
Even more insidious, some scammers use a distraction accomplice. Such a person might drop a bag right behind you just after you enter your PIN. They might also engage you in conversation, either offering help or asking for it. While you’re distracted, the scammer grabs your card and replaces it with a phony, or just takes the cash you’ve withdrawn and runs.
To protect yourself from these scammers, always cover your hand when entering your PIN. Get as close as possible to the machine to obstruct potential viewing of your transaction. Keep an eye out for anyone sitting by the machine on a laptop or tablet, as they may be monitoring a camera that’s designed to capture your PIN.
Most importantly, stay focused at the ATM. Ignore anyone who approaches you until you’ve finished your transaction and make sure you keep possession of all your belongings. They may think you’re rude, but that’s better than being robbed.
If you think you’ve been the victim of ATM fraud, it’s important you report it immediately. If you report the scam within two days, your liability is capped at $50. Waiting to report the scam could mean you’re responsible for all the bills the criminal racks up, so keep a close eye on your account and report any suspicious activity immediately.
YOUR TURN: How do you keep yourself safe at the ATM? What tips would you share about protecting your card and information?
SOURCES:

http://www.telegraph.co.uk/news/2016/07/24/a-bank-atm-scam-is-sweeping-the-nation–heres-how-to-avoid-it/
http://www.bankrate.com/finance/savings/4-tips-to-protect-you-from-atm-thieves-2.aspx

http://money.usnews.com/money/personal-finance/articles/2016-05-03/warning-atm-fraud-is-on-the-rise