Don’t Call Back One-ring Calls

It’s Murphy’s Law: The landline will always, always ring when you’re clear across thewoman with a baby holding a phone house. You leap over furniture and make a grab for it, only to find the caller has already hung up-after just one ring. You thumb through the Caller ID, poised to give your mysterious caller a ring back when you note the strange area code. You hesitate. Should you, or shouldn’t you, make this call?

Let’s play out the end of this story in two different ways:

In Scenario 1, you flippantly hit the Call Back button and wait until someone on the other end of the line answers the phone. However, instead of a live person picking up, you get a recorded message that says something like, “Hello? Can you hear me? Hello?”

Or, you might hear a recording like this: “You’ve received a song from someone who loves you. After listening to this song you will find out who sent this song as a gift.”

Both recordings are designed to keep you on the phone for as long as possible. Unfortunately, you’ve just called a foreign country and you’ll be hit with a sky-high phone bill for your overseas call. Worse, the bad guy who conned you into making this call will walk away with most of that money.

In Scenario 2, you stand with the receiver in hand, deliberating. After a moment, you shrug and return the phone to its base. You walk away, mildly curious about who has just called you, and blissfully unaware that you’ve only narrowly missed being targeted by an ugly scam.

The FTC is warning of a recent surge in one-ring scams. As detailed above, scammers lure victims into placing overseas calls by targeting them with one-ring phone calls. When the victim returns the call, the scammer will employ any of a number of means to keep them on the phone for a while, thereby extending the length of the call. Sadly, the victim will be hit with sky-high international rates and other connection fees, much of which will end up in the scammer’s hands.

Here’s how to spot these scams and protect yourself if you’re targeted.

Red flags

The primary clue that you’re being targeted by a one-ring scam is, quite obviously, a phone call that only rings once. If you get a call like this, by all means do not call back.

You can also be on the lookout for foreign area codes, particularly those of countries in the Caribbean, including the following: 284, 473, 664, 649, 767, 809, 829, 849 and 876.

Sometimes, scammers will spoof a local number, including those of recognized businesses, to get you to place a return call to foreign shores. They may even get your own name and number to appear on your Caller ID screen. Ignore these calls, as well. If you unknowingly return a scammer’s phone call, look for a plus sign to appear ahead of the area code. This is your clue that you’re placing an international call.

If you see a plus sign, hang up immediately.

If you’re targeted

If your phone rings once and then stops, follow these steps to protect yourself from this scam and help the authorities close in on the bad guys.

  • Don’t call back.
  • Ask your phone provider to block outgoing calls to international numbers. This way, you won’t be conned into thinking an overseas number is a domestic call. You’ll also be protected from accidental phone calls in which a simple mistake can end up costing you a pretty penny.
  • File a complaint with the FTC at www.donotcall.gov and to the FCC at www.fcc.gov/complaints.
  • Check your phone bill for suspicious charges. If you see a charge that has likely been incurred through one of these scams, speak to your phone carrier about resolving it.

Scammers are always looking for new ways to con people out of their money. Do your part in bringing an end to these nefarious schemes by arming yourself with the latest information about prevalent scams and reporting all scam attempts to the proper authorities. Together, we can put the bad guys out of business!

Your Turn: Have you been targeted by a one-ring call scam? Tell us about it in the comments.

SOURCES:
https://www.consumer.ftc.gov/blog/2019/05/get-one-ring-call-dont-call-back

https://about.att.com/pages/cyberaware/ar/wangiri?source=ESCyCy4cy0000000P&wtExtndSource=ad_camp3_one_ring
https://www.telecalmprotects.com/2019/05/07/one-ring-caribbean-scam/

What’s Up With WhatsApp?

A cybersecurity breach in Facebook’s WhatsApp app last month left users vulnerable to WhatsApp Iconspyware attacks via voice calls. An undetermined number of the 1.5 billion users of the popular messaging app may have had malicious spyware installed on their devices.

Let’s take a closer look at the security breach and the steps you can take to protect yourself, both now and in the future.

What happened?

Security breaches are old news in the app world, but a breach of extremely high magnitude and reach is something new and fairly frightening. The fact that the breach hit WhatsApp is especially alarming. WhatsApp utilizes strong encryption for both voice and text messaging and is used as a communication platform for government and security officials around the world.

Here’s how it went down: A government-grade intelligence collection tool was employed to target WhatsApp users via voice calls. The spyware has been endowed with the ability to seize control of the affected smartphones and to access any private information stored on the device.

The spyware utilized in the attack was allegedly created by the NSO Group, an Israeli cyber surveillance company that has developed this advanced technology for the express purpose of allowing government agencies to infiltrate terrorist groups and to fight crime.

Unfortunately, when the spyware fell into the wrong hands, it helped scammers pull off one of the greatest cybersecurity breaches of all time.

The Financial Times reported that the WhatsApp breach was made possible because of a loophole in the app’s code that allowed hackers to transmit spyware onto smartphones by calling targets through the app. The malicious code could be injected into the device whether the user picked up the call or ignored it.

According to WhatsApp, the cyber breach was first discovered in early May and had been used to target an undisclosed number of WhatsApp users. The Facebook-owned messaging company claimed it briefed human rights organizations about the breach and also asked U.S. law enforcement agencies to assist it in conducting an investigation. When WhatsApp had more definite information, it notified the public about the breach.

Who was affected?

It doesn’t matter what kind of phone you have; the security vulnerability affects both iPhone and Android devices. The good news is that not every version of WhatsApp was affected. To check whether the version you have on your phone was part of those impacted by the breach, check out Facebook’s official advisory confirming the vulnerability, which outlines which versions were affected.

The messaging giant has not confirmed a specific number of targeted victims. Rather, it has only shared that a “select number of users were targeted through this vulnerability by an advanced cyber actor.”

What do I need to do now?

Since the vulnerability that caused the breach lies in the makeup of the app and not in an unsafe or negligent practice in the hands of a user, there is no way you could have prevented your device from being affected. However, now that the facts are on the table, you can take the recommended steps to keep your device safe from this vulnerability.

Since the breach was discovered, WhatsApp engineers have been working hard to close the app’s security vulnerability. The company has started installing a fix to servers and to private customers. It has also created an updated, safer version of the app that it has urged all users to employ on their devices as soon as possible.

Here’s a quick guide for updating your WhatsApp.

For iPhone users: Open the App Store, choose updates, select WhatsApp and then click Update.

For Android users: Open the Play Store, click the three lines in the upper left-hand corner, choose My Apps & Games, select WhatsApp and then hit Update.

If you haven’t yet updated your device, do it now. It only takes a few seconds of your time to make sure your WhatsApp is operating at its safest level.

You never know when those scammers are going to hit next. Practice safe measures by always using the latest version of any application or operating system, keeping yourself in the know about recent security breaches and never sharing sensitive information online.

Stay safe!

Your Turn: How do you keep yourself safe from security breaches? Share your tips with us in the comments.

SOURCES:
https://www.iol.co.za/news/south-africa/gauteng/consumerwatch-what-you-should-know-about-whatsapp-breach-23607175

https://www.people.com/human-interest/whatsapp-security-breach-update-app/amp/
https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/amp/

8 Ways To Avoid Getting Scammed On Craigslist

The arrival of spring and the deep house cleaning it inspires means more people are woman on cell phone looking upsetputting their old furniture, devices, sports equipment and clothing up for sale. That’s why the amount of items like these on sites like Craigslist swells considerably during this season. If you have the time and patience to sift through the offerings, there are wonderful treasures to be found. Conversely, if your own spring cleaning unveils hordes of sellable stuff you don’t use anymore, you can make good money selling them online.

Unfortunately, though, when there’s money to be made, the scammers are never far behind. Craigslist is riddled with scammers looking to make a quick buck off people’s naivety. Stay one step ahead of scammers and keep your money safe by following these eight tips when using Craigslist.

1.) Be familiar with Craigslist and the services it offers

Lots of Craigslist scams can be avoided by knowing basic information about the site. Before using Craigslist, make sure you know the following:

  • The Craigslist URL is http://www.craigslist.org. Scammers often use fake sites to lure buyers into paying for items that don’t exist. Always check the URL before finalizing a purchase.
  • Craigslist does not back any transaction on its site. If you receive an email or text trying to sell you purchase protection, you’re looking at a scam.
  • There is no such thing as a Craigslist voicemail service. If a contact asks you to access or check your “Craigslist voicemails,” you’re dealing with a scammer.

2.) Deal locally.

The “barely used” couch that’s up for sale a couple of states over might be better-priced than the one being sold just a 10-minute drive away, but it’s always safer to deal with locals on Craigslist. According to the site’s advice on avoiding scams on their platform, you’ll avoid 99% of the scams on Craigslist by following this rule.

Keeping your transaction local will enable you to finalize a sale in person. Plus, there’s less of a chance of there being a language barrier blurring the details of the deal.

3.) Examine the product(s) before finalizing a sale.

Never rely solely on pictures to get the full scope on what you’re buying. Ask to look at the item in person. If you’re purchasing an electronic device or something else that needs to work in order to be valuable, ask to try it out as well.

4.) Don’t accept or send a cashier’s check, certified check or money order as payment.

Fraudulent checks can be impossible to fight. Also, a bad check can seem to clear on sight, so you’ll agree to the sale and use the money that’s supposedly in your account. A few days later, though, you’ll realize the check bounced. By that time, the buyer has vanished with your goods, leaving you responsible for covering the funds you used while presuming it cleared.

On the flip side, if you pay for an item with a money order or wire transfer, you’ll have no way of recouping your loss if the seller fails to come through with the goods.

5.) Use cash-safely.

The most secure way to pay or collect funds for a Craigslist transaction is with cold cash. If the idea of handing over a large sum of money to a stranger scares you, you can make the exchange of money and goods in a safe place like your local police station or even at Destinations Credit Union.

When accepting cash for a sale, bring along a counterfeit detector pen (which can be found at most office supply stores and online) to be certain you’re not getting scammed with bogus bills. These retail for as little as $5, but they can save you from big losses.

6.) Never share your personal information with a buyer or seller.

As always, when online, keep your personal information to yourself. There’s no reason a buyer or seller needs to know your checking account number, your date of birth or even your mother’s maiden name. If a contact is asking too many questions, back out of the deal.

7.) Be wary of fake escrow service sites.

Escrow services, in which a company holds onto a large sum of money for two parties in the middle of a transaction, can be super-convenient when buying and selling things online. However, they can also be a clever trap for unsuspecting victims. Scammers often create bogus escrow service sites to lure victims into dropping their money right into the scammers’ hands. The site will be a copycat of a reputable escrow service site, with some slight deviations you wouldn’t notice unless you looked for them.

When using an escrow service site, it’s best to find the site yourself instead of following a pop-up ad or a link. Check the site carefully for spelling mistakes and poor syntax. Also, make sure the URL is secure and matches the site of the service you intend to use.

8.) Create a disposable number.

When conducting business on Craigslist, you may need to share a working phone number. You can create a cost-free, disposable number on Google Voice instead of giving out your real number. Your Google Voice number will be untraceable and will expire within 30 days of non-use.

Your Turn: Have you ever been targeted by a Craigslist scam? Share your experience with us in the comments.

SOURCES:
https://www.fraudguides.com/internet/craigslist/

https://www.craigslist.org/about/scams
https://www.thestreet.com/amp/personal-finance/craigslist-scams-14707309
https://www.efraudprevention.net/home/templates/?a=96

Are P2P Payment Systems Safe?

P2P payment services, like Venmo, Zelle and Square’s Cash App, are aiming to make cash4 sets of hands holding phones obsolete – and some would contend they’re succeeding! Just a few quick swipes, and you can transfer funds to a friend, pay for an item you bought online or collect money that’s owed to you.

Convenient as they are, P2P payment systems have unfortunately become a breeding ground for scams and hacks. From compromised accounts to fraudulent transactions, using a P2P service opens you to some risk of losing your money to a scammer.

Read on to learn how to better protect yourself from a P2P payment scam.

How do P2P payment scams happen?

There are lots of ways using a P2P payment system can put you at risk, but the following two vulnerabilities are most common:

1.) The bogus buyer

In most cash-transfer apps, when you receive a payment, the money goes into your P2P system balance and stays there until you transfer it to an external account or use it to pay for another transaction. This transfer usually takes one to three business days to clear. Crooked scammers are taking advantage of that “float” in the transfer process to con you out of your money.

Here’s how it works:

A scammer will contact you about an item you’ve put up for sale or tickets to an event. Together, you’ll arrange for an exchange of funds and goods. You may even take precautions against a possible scam by insisting on an in-person meeting for the exchange or refusing to send out the item until you see the money in your P2P account. Things proceed according to plan. You’re notified that the money has been sent to your account and you hand over your item. Sadly, you won’t realize you’ve been ripped off until a few days later when the money transfer does not clear and the contact has disappeared with your goods. Unfortunately, there’s no way you can get your money back, because most P2P providers will not offer compensation for a fraudulent sale. Similarly, your linked financial institution bears no responsibility for the scam and can’t help you recoup the loss.

2.) Publicized payments

PayPal’s Venmo is the only P2P app with a built-in social networking component. This feature has led to a host of privacy issues that have been brought to the attention of the Federal Trade Commission (FTC).

In short, every Venmo transaction you make is up for public scrutiny. No one can access the payment amounts, but anyone who is interested can track the restaurants where you like to eat, the clothing stores you most frequent and check out when you last filled your gas tank. Creepiness factor aside, all that information going public makes Venmo users super-vulnerable to scammers and identity thieves.

Venmo allows you to tweak your privacy settings to keep your information from going public, but most people are unaware of the issue and/or neglect to take this measure. Recently, the FTC ruled that Venmo must make this detail clearer to users. Venmo has since created a popup tutorial for all new users demonstrating how to adjust your privacy settings to keep your transactions from going public. If you choose to use Venmo, check your settings to be sure your money habits aren’t being broadcast for the world to see.

Protecting yourself

You can keep your money safe and still enjoy the convenience of cash-transfer apps with these simple steps:

  • Only send money to people you know and trust.
  • Never use a P2P service for business-related transactions.
  • When using Venmo, adjust your privacy settings and opt-out of public tracking.
  • Carefully read the terms and conditions of a P2P service before using.
  • Always choose two-factor identification and use a PIN when possible. If your app and phone allows, choose fingerprint recognition and/or touch ID for added protection.
  • Accept any security updates offered by the P2P app you use.
  • Check your recipient’s information carefully before completing a money transfer.
  • Choose to be notified about every transaction.
  • Link an external account instead of keeping your funds in the P2P account.

Your Turn: Do you think P2P systems are safe? Why, or why not? Share your take with us in the comments.

SOURCES:
https://triblive.com/business/technology/13358843-74/peer-to-peer-apps-come-with-risks-ftc-warns

https://www.consumer.ftc.gov/blog/2018/02/tips-using-peer-peer-payment-systems-and-apps
https://paymentweek.com/2018-3-30-problems-p2p-mobile-payments/
https://www.ftc.gov/news-events/events-calendar/2016/10/fintech-series-crowdfunding-peer-peer-payments
https://www.lexology.com/library/detail.aspx?g=9efa141a-40d2-4773-b930-bb395111d226
https://www.consumerreports.org/scams-fraud/how-to-protect-yourself-from-p2p-payment-scams/

Student Loan Scams

College students, take note! If keeping up with your coursework, acing your exams andPiggy bank with the words student loan written on it scrambling to hand in every term paper before the deadline weren’t enough, you now have something else to worry about: Student loan scams are on the rise. Scammers know you hate owing tens of thousands of dollars, so they’re quick to offer you an easy — but completely bogus — way to free yourself from that debt. Or, they might falsely claim you owe the feds taxes on your debt. If you’re already stressed about your student loans, that makes you an easy target.

Don’t get scammed! All it takes is a lack of knowledge and a small blunder to be out thousands of dollars.

Here’s what you need to know about the three most popular student loan scams.

1.) Student loan forgiveness scam

In this scam, a student loan debt company will reach out to you and offer to completely forgive your student loan for a relatively small fee.

Your student loan, gone? Sounds like a dream! Unfortunately, it’s more like a nightmare. No student loan company would completely forgive your loan, even for a fee. The company is likely bogus and you’ve been targeted for a scam.

This scam attempts authenticity by sounding like Public Service Loan Forgiveness, a legitimate federal government program for public servants with federal student loans. They may even claim to be connected to the U.S. Department of Education, but that is also false. If you fall for the scam, you’ll still need to pay off your loan, plus you’ll lose the money you just shelled out.

If you’re looking for student loan debt relief for your federal student loan, consider enrolling in a no-cost student loan repayment plan through the federal government. This plan might offer student loan forgiveness after 20-25 years. Unfortunately, there is no other way for a student loan to be dismissed.

2.) Student loan consolidation scam

In a scenario similar to the above scam, a student loan company will contact you promising to consolidate your loan and lower your monthly payments, all for a modest fee.

Right off the bat, you can peg this as a scam. While many institutions can refinance student loan debt, the federal government is the only entity with the power to consolidate it. And they won’t charge a fee for this service.

If you’re looking to consolidate your student loans, check out Studentloans.gov or call 1-800-557-7394.

3.) Student loan tax scam

Those tax scammers will try everything to hook a victim! In this con, a scammer will spoof the IRS’s toll-free number and call a college student, claiming they owe thousands of dollars for a “federal student loan tax.” The scammer will demand immediate payment upon threat of arrest or a lawsuit. They’ll also claim to only accept specific forms of payment, like a wire transfer or prepaid debit card.

If you’re on the receiving end of a phone call like this and you’re starting to panic, here’s a newsflash for you: the “federal student loan tax” does not exist. It is nothing more than a not-so-clever trick dreamed up by a crooked scammer.

Also, the IRS will never reach out to you by phone without first notifying you via snail mail. Nor will they demand payment over the phone or insist on a specific payment method – especially a prepaid gift card.

If you’re targeted

If you’re targeted by a student loan scam, it’s crucial that you don’t engage with the scammer. Hang up as soon as you recognize a scam and delete any suspicious emails about your student loan that land in your inbox.

It’s equally important for you to bring the scam to the attention of the authorities to help them capture those scammers. You can file a complaint with the FTC at ftc.gov, alert the local law enforcement agencies, and report any tax-related scams to the IRS at 1-800-829-1040 or at IRS.gov. Finally, be sure to warn your friends about a circulating scam so they know to be super-careful.

Practicing caution and knowing what to expect will protect you from scammers who are out to make a buck off anyone they can bamboozle. You work hard in school; you deserve to keep your money and your sanity, too!

Your Turn: Have you been targeted by a student loan scam? Share the pointers you picked up from your experience with us in the comments.

SOURCES:
https://typicalstudent.org/hot/your-money/3-popular-student-loan-scams-2019

https://thecollegeinvestor.com/317/top-student-loan-scams/
https://www.google.com/amp/s/www.forbes.com/sites/zackfriedman/2019/01/21/student-loans-scams/amp/

Don’t Get Caught In A Crowdfunding Scam

The days of handouts and begging loans off wealthy relatives are fast becoming extinct.Woman sitting on sofa with a laptop Today, if you need boatloads of money-whether it’s to help you cover an expensive emergency or to fund a new business idea-you only need to appeal to the vast audience of the internet and wait for the money to start rolling in.

Crowdfunding platforms like GoFundMe, Kickstarter and IndieGoGo are packed with eager would-be entrepreneurs and desperately needy individuals alike.

But, they’re also packed with scammers.

For instance, an Iowa woman raised thousands of dollars on GoFundMe for her daughter’s terminal cancer-which would be heartwarming were it not for the fact that her daughter is perfectly healthy.

In a second example, an American company called Triton claimed to have created a device enabling people to breathe underwater. The IndieGoGo page they set up to raise funds for production pulled in $850,000 in just a few days. Sounds inspiring until you realize their supposed invention is more like something out of a sci-fi movie. In reality, Triton fooled many people with an invention that only existed in their imagination.

In yet another incident that garnered national attention, a New Jersey couple teamed up with a homeless veteran from Philadelphia to start a bogus GoFundMe page. The couple claimed the veteran had used his last $20 to buy gas for the wife when she was stranded on Interstate 95. It was the perfect feel-good story, with just enough pathos and emotion to get people to part with their money-to the tune of $400,000, in fact.

Later, when the veteran accused the couple of withholding his money, the case went to court. Proceedings are currently ongoing, but authorities believe the campaign was a scam and that the couple allegedly burned through a whopping $350,000 of donated funds in just a few months.

While some crowdfunding platforms will refund your money if a cause turns out to be a scam, most of them will keep a portion of it for themselves, so don’t plan to get back every penny if you get caught up in a scam. There’s also the possibilityof a crowdfunding scam remaining undetected, allowing the scammers to live it up on everyone else’s dimes. Even if your money does land back in your wallet, it’s never a good feeling to know you’ve been conned.

So, don’t let the scammers out there ruin it for everyone else! You should be able to share your money with any cause you believe in. Here are some tips to help ensure you’re chipping in for something genuine.

How to check a campaign for legitimacy

Whether it’s a heartbreaking story or a brilliant business venture you want to support, you’ll first want to research the campaign’s creator. Google their name to see what the internet has to say about them. Also, look up their street address and phone number to verify they’re using their real name, and check whether they’ve started any crowdfunding campaigns in the past.

If you’re looking at a charity campaign, your next step is to take emotion out of the picture. Charity crowdfunding scams succeed by playing with people’s heartstrings. Take the time to study the campaign with pure logic. Does the story really make sense? If you still think it’s legitimate and everything seems to check out, you can choose to donate. Or, you can take your caution one step further by contacting the campaign’s creator and asking for verification of their cause. If they’re genuinely in need, they’ll gladly supply you with names of doctors or references. But if they sound hesitant, or refuse to answer your questions, opt out.

If you’re looking at a crowdfunding campaign for a new business idea, ask yourself if the project is realistic. There are currently several GoFundMe pages set up by individuals with the goal of fighting ISIS. Sounds good until you realize how impossible it is for a single person to achieve such a goal. Lots of inventions or other business ideas also sound incredible until you realize they’re only possible in a fantasy world. Don’t help a business venture get off the ground until you can verify that it’s actually legitimate.

Do your due diligence with crowdfunding campaigns, and you can donate with confidence.

Your Turn: Do you have a crowdfunding horror story? Tell us all about it in the comments.

SOURCES:
https://www.google.com/amp/s/www.nj.com/news/2019/01/inspired-by-viral-gofundme-fraud-this-nj-bill-would-mean-harsher-punishment-for-scammers.html%3FoutputType%3Damp

https://www.daveramsey.com/blog/how-to-avoid-crowdfunding-scams
https://www.google.com/amp/s/www.nbcnews.com/news/amp/ncna936941
http://www.cracked.com/blog/6-incredibly-obvious-crowdfunding-scams-people-fell-for/

Beware The Blackmailing Scam!

In a fresh twist on this age-old crime, scammers have taken to the internet. Online Man looking at computer worriedblackmail is nothing new, but a fresh wave of these scams hit the web last month, and it’s already ensnared dozens. Learn how to spot these blackmailing scams and you’ll get to keep your privacy, and your money, too.

Here’s what you need to know about the most recent blackmailing scams.

How it works

The victim gets an email from an alleged hacker claiming to have cracked their passwords, broken into their computer and used their webcam to watch their online activity. They may threaten to reveal that the victim has been visiting disreputable sites or to use their personal information to empty their financial accounts. The scammer then shares a willingness to back off-for the right price, of course.

As proof that they are “legitimate” hackers, the scammers will share an actual password that the victim has used many years ago. They may even include the password in the subject line of the email to grab the victim’s attention and ensure they actually open the email. Often, they’ll also include other bits of stolen data in their message to appear authentic.

If you receive an email like this, don’t panic. There’s no professional hacker behind the scam, no one has watched your online activity, and there’s not much the scammer can do with the information they may have.

The inclusion of the password might give you a scare, but there’s a simple explanation for how the scammer got hold of it. Over the last decade or so, there have been lots of massive database breaches within major corporations, sites and retail stores like Yahoo, eBay, Target, Macy’s, Sony PlayStation and dozens more.

Thanks to these breaches, there are now huge amounts of personal data and passwords floating around the internet. This data can be easily nabbed by a partially skilled hacker or bought on the black market. Once a scammer gets their hands on a password, they’re free to exhort the victim to pay a steep price in exchange for their privacy or security.

How to spot the scam

Many potential victims recognize this scam for what it is as soon as the hacker claims to have dirt on them. For many others, though, the outdated password is their clue. However, for victims who have been using the same passwords for years, this old code might still be in use and the scam can seem legit.

Now that you are armed with the knowledge that this scam is making its way around the internet and may contain an actual password you once used, or that you may still use, you are already a step ahead. If you receive an email with your password in the subject line, stay calm. Simply ignore the message. Better yet, delete it from your inbox and give it no further thought.

How to protect yourself

There’s not much you can do about any bits of your sensitive data that may be loose on the internet. However, you can do your part to protect yourself from falling prey to this, or a similar scam.

Here’s how:

  1. Update your passwords frequently and use strong, unique codes for each site you visit. You can use a password generator like 1password or LastPass to make this simpler.
  2. Choose two-factor authentication when possible.
  3. Never open emails from suspicious or unknown sources.
  4. If you are targeted, alert the FTC at ftc.gov.

Don’t let those scammers fool you! Be alert, be aware, and learn how to spot these scams for what they are.

Your Turn: Have you been targeted by a blackmailing scam? How did you spot the ruse? Share your experience with us in the comments!

SOURCES:
https://www.nytimes.com/2018/07/23/technology/personaltech/phishing-password-email.html

https://tech.co/online-scams-to-watch-out-for-2018-07
https://www.theguardian.com/money/scamsandfraud

Don’t Get Caught In A Free Trial Scam!

You know what they say: “If it’s too good to be true, it probably isn’t.” And yet, dozens ofFingers pointing to computer key labeled Free Trial people fall for scams that promise them the moon – and they don’t realize they’ve been played until it’s too late.

Because of this truism, the Federal Trade Commission (FTC) is warning of an uptick in free trial scams. The scams come in several shapes and sizes, but most will look something like this:

You see an ad from Netflix or a cosmetic company saying you’ve been granted a temporary subscription to their service or product. They say it’s absolutely free. The only catch? There is none. They say that, anyway. That is until you’re asked to pay for hidden fees in addition to shipping and handling at a time when it’s too late to back out. Or, you might be asked to share all of your financial information even though you’re officially not obligated to pay anything.

In other words, there’s hardly a “free trial” that won’t cost you big.

In one such scam, a company aggressively advertised “free trials” for skin care products, dietary supplements and e-cigarettes on various popular websites. The lucky consumer would only need to cover the cost of shipping and handling and the product would be delivered – absolutely free!

Of course, the product wasn’t free and the unlucky victims sometimes paid close to $100 in fees before the first shipment was sent out. Worse yet, they were charged this same fee each month for the next year, with no way to back out of their contract until the 12 months were up.

In another scam with a similar setup, consumers were asked to share payment information for the $1.03 to cover shipping and handling for the “free” products. After their order was placed, another screen with a “Complete Checkout” button appeared. Shoppers who clicked that button unwittingly agreed to pay for monthly shipments of the product to the tune of $94.31 each month. And when that button was clicked, yet another “Complete Checkout” button appeared.

Again, those who clicked this button were subjected to a $94.31 charge each month. Consumers who’d taken the bait twice ended up with a total monthly charge of $188.62 – plus shipping.

In a third “free trial” scam, shoppers were lured into signing up for a 12-month trial subscription to a popular service, like Netflix, absolutely free. Unfortunately, though, the company advertising for the free trial wasn’t Netflix at all; it was a group of scammers. Victims were redirected to a new webpage where they were asked to share their sensitive information to qualify for the trial.

You can probably guess the ending: The scammer made off with the consumer’s information and emptied their accounts, went on a wild shopping spree or stole their identity.

Don’t let this happen to you! Here’s how to steer clear of free trial scams:

  • Do your research. A quick online search of the company name with words like “scam” or “negative review” should give you a basic idea of what the business is all about.
  • Read the fine print. Too often, there’s no way to refute charges relating to this scam because the consumer agreed to pay them. Don’t click anything without reading all of the terms and conditions attached to the offer. If you can’t find any, or you can’t understand them, opt out of the offer immediately.
  • Look for an exit strategy. Is there a way to cancel the offer? Can you change your mind about the product? If you only have a small pocket of time to cancel the trial, you might be looking at a scam.
  • Always review your credit card and checking account statements. This way, you’ll immediately spot anything suspicious and you’ll be able to determine if you can back out of a shady deal.
  • Never share sensitive information online. Unless you’re absolutely sure you know who you’re dealing with, it’s difficult to know if a website is 100% secure.
  • Check URLs. When signing up for a free trial, you’ll usually be redirected to a new site. Check the URL of the webpage and determine if it matches the company you are allegedly dealing with.
  • Ignore urgent calls to action. If an ad urges you to “Act now!” or claims an offer will expire momentarily, it’s likely a scam.

Read the fine print and only sign up for free trials that won’t cost you in more ways than you’d imagined.

Your Turn: Have you ever been duped by a free-trial, or similar, scam? Share your experience with us in the comments.

SOURCES:
https://www.google.com/amp/s/www.lovemoney.com/news/amp/69117/netflix-free-trial-subscription-scam-warning-fake-1-year-offer-email

https://www.consumer.ftc.gov/taxonomy/term/858
https://www.consumer.ftc.gov/blog/2018/07/dont-let-free-cost-you

Beware Tech Support Scams!

You’re always putting yourself out on a limb when you call tech support. You dial the man touching computer screen with words "Access Granted"number the company gives you, and perhaps after a while of waiting, you’re connected to someone who may be working on the other side of the world in a completely different time zone. Then you’re asked to give this anonymous person identifying details about your phone or computer and the technical problems you’re experiencing.

Of course, you’re fairly certain the speaker works for your device’s company and you believe it’s perfectly safe to share this information. At the very least, they have contracted with this individual and are tracking their service.

All of that gets a little riskier when you’re asked to allow the tech support agent to have remote access to your device. This step is sometimes necessary to fix the glitch, but it can also be unnerving. Suddenly, it’s as if an invisible person has taken over your screen. Letters you haven’t typed are showing up on the display and the cursor is flying all over the screen, even though you haven’t touched the mouse.

You’re essentially letting someone have free access to a device that houses some of your most personal information. Yikes!

And that’s exactly what tech support scammers are looking for with their nefarious hacks. It’s truly as awful as it sounds: In these scams, fraudsters contact victims and trick them into granting the scammer access to their computers. The crooks may reach out to people through a phone call, insisting the victims have a virus or another problem they’ve somehow detected from the company’s headquarters. Alternatively, they’ll send a popup to the victim’s computer which will flash dire warnings about an impending or existing virus that can be “fixed” by clicking on a link.

There are several outcomes of such tech support scams, none of them good. Sometimes, a scammer will trick you into installing malware on your computer, claiming you have to click on a link in order to heal your computer of its ills. Other times, they might sell you expensive “software” by making the same false claims. Still other times, they’ll direct you to a bogus tech support website where you’ll be asked to input your credit card information. And they’ll oftentimes simply help themselves to the sensitive data they find on your computer and then wreak havoc on your financial life.

Federal Trade Commission (FTC) Scams

Tech support scams are nothing new, but a recent wave of these scams has taken on an ironic twist. The very organization that leads the battle in taking down scammers is being exploited for a particularly heinous hack.

Scammers posing as FTC employees are calling victims, asking for remote access to their computers. They assure victims they can help restore any affected devices to their previous working conditions. Many of them are claiming to represent the FTC’s Advanced Tech Support Refund program.

This program was created to help victims of previous scams collect their refund money from the FTC. The scammers will convince the victims that they are moments away from seeing their money – they just need to provide the alleged FTC employee with remote access to their computer. They may also ask for an upfront payment before the refund can be issued or for checking account information, claiming it’s necessary for the refund to clear.

Of course, none of this is true and the caller has never worked for the FTC. In fact, the FTC will never request remote access to your device or ask you to pay to receive a refund. Also, their refunds are sent in check form via snail mail, and do not require any checking account information at all.

The FTC has alerted the public that the only genuine number to call for information about the Advanced Tech Support Refund program is 877-793-0908. If someone calls you on their own, assume it’s a scam. End the call immediately and report the incident to the FTC.

Recognizing Tech Support Scams

As mentioned, the wave of tech support scams in which fraudsters impersonate the FTC are easy to spot if you know this basic information about the FTC: They will never request remote access to your computer, ask for payment in exchange for a refund, or reach out to you on the phone.

Here’s how to prevent other variations of tech support scams:

  • Never click on a pop-up box that claims your computer has a virus and offers to clean it. This will only infect your computer or grant a scammer remote access to your device.
  • Always call tech support on your own; if they call you, especially if you’re not aware of any problem with your computer, hang up as quickly as you can.
  • Never agree to purchase expensive software online to fix an alleged virus.

If you think you’ve been scammed, tell everyone you know about it and be sure to alert the FTC. Let’s do our part to put those crooks out of business for good!

Your Turn: Have you ever been targeted by a tech support scam? Share your experience with us in the comments!

SOURCES:
https://www.ftc.gov/news-events/press-releases/2018/03/ftc-begin-mailing-checks-victims-tech-support-scam
https://www.idtheftcenter.org/Current-Scam-Alerts/ftc-tech-support-scam.html
https://www.consumer.ftc.gov/blog/2018/04/ftc-asking-access-your-computer-its-scam

ATM Jackpotting Scam

Hitting the jackpot in an arcade game is enormous fun. You stand there grinning as theMan at ATM machine tickets keep pouring out. And then you get to choose a cool prize to take home.

Recently, though, scammers have given this awesome kind of win a sinister twist by bringing the jackpotting mechanism to Automatic Teller Machines (ATM). This doesn’t mean you can ask for a $20 and the machine will start spitting out hundreds instead. But it does spell trouble for ATMs and their owners throughout the country.

Jackpotting attacks on ATMs have been spreading through Europe and Asia for quite some time.  Recently, though, the Secret Service sent out an alert warning that jackpotting has reached the United States.

The alert was reported by Brian Krebs, who quotes several sources for this warning and cautions the public to be aware and careful of these attacks.

Here’s what to know about the ATM jackpotting attacks.

How does it work?

First, an attacker performs some basic scouting to figure out a way into the ATM. They usually target models with front-facing panels because they’re easier to access. To avoid detection and gain easy access to the machines, thieves have been posing as ATM technicians. They’ve also been using medical endoscopes to reach the insides of the ATMs.

Once the vulnerable area within the ATM is determined, the scammers attach their own computers to mirror the ATM’s software. The thieves will now install malware, which conveniently places the ATM under their control. At this point, the ATM will appear to be out of service for users and so scammers can force the machine to do their bidding from a remote location.

The criminals’ final step in this hack is to program the ATMs to spit out piles of cash and to send “money mules” to go and collect the cash for them.

Alternately, scammers may quietly bide their time and only take action a few days, or even a week, later. They will then return to the compromised ATM and program it to dispense all of its cash at once – which they will promptly pocket, of course.

What malware is at play?

Krebs’ report suggests that the malware being used in these attacks is Ploutus D, a malware that has been widely used in ATM hacks since 2013. However, this claim has not been verified.

Just this past spring, researchers working in Kaspersky Lab wrote about three relatively simple ways fraudsters can hack and remotely control ATMs. The scammers can use any of these methods, or they may be using Ploutus D, as Krebs believes.

Which ATMs are Vulnerable?

While every ATM in the country is at risk of being attacked, the fraudsters appear to be particularly targeting Diebold Nixdorf-made ATMs.

The Secret Service alert also warns that ATMs running Windows XP are “particularly vulnerable” and should be updated as soon as possible. Unfortunately, though the Windows XP Embedded support ended more than two years ago, many ATM owners neglect to install updates as advised, therefore placing their machines at greater risk for hacks.

What you can do?

ATM jackpotting targets the machine’s owners and generally does not affect the common citizen. However, you can do your part to stop these crooks by reporting any suspicious activity you see near an ATM.

Did you spot a technician who looks out of place? Is an ATM that worked just fine yesterday suddenly out of service? If so, alert the local authorities so they can take appropriate action.

ATM Safety

While jackpotting might be relatively new to the U.S. and it’s not yet clear how widespread these attacks are, it’s always a good idea to exercise caution when using an ATM in a public setting.

Here are some tips to remember the next time you use an ATM:

  1. Always cover the keypad with your free hand when inputting your PIN.
  2. If someone is lurking near the ATM for no apparent reason, do not use it.
  3. Be wary of signs that the ATM may have been tampered with, such as a new-looking keypad, a card reader that looks different than the rest of the machine, or an out-of-place security camera.
  4. Don’t use ATMs that are in unfamiliar neighborhoods or in stores you never frequent.
  5. If you’re withdrawing cash, be sure to secure your money in a wallet immediately after it’s dispensed. Don’t dawdle near the machine.

While the full impact of these jackpotting attacks is not yet evident, they are definitely not something the Secret Service is taking lightly. Do your due diligence to help stop the attacks, and always use caution when using an ATM in a public area.

Your Turn: Do you still use ATMs in public places? Have you ever had a less-than-perfect experience?

SOURCES:
https://www.google.com/amp/mobile.reuters.com/article/amp/idUSKBN1FI2QF  

http://money.cnn.com/2018/01/29/technology/business/jackpotting-us-atm-hack/index.html  
https://www.google.com/amp/s/www.theverge.com/platform/amp/2018/1/29/16947832/jackpotting-atm-machine-hack-cash-malware
https://www.google.com/amp/s/nakedsecurity.sophos.com/2018/01/30/secret-service-warning-jackpotting-atm-attacks-reach-the-us/amp/