The Real Cost of Cyber Love?

Are you looking for love or friendship and perusing online sites to find it? Have you met someone with a sad story who asks you for money to help him or her out of a situation, to help buy needed supplies while in the military and overseas, or to buy a plane ticket so you can meet in person? Unfortunately, there are many scams where this happens. They are all some variation of what is often referred to as the “sweetheart scam.”

One that has been gaining steam lately combines the sweetheart scam and mobile banking. A lonely heart, let’s call her Eva, falls for someone far away. Let’s call this person Sam. Sam would love to meet Eva face to face. So he asks Eva to make a reservation on an airline so he can visit. He will deposit the money for the fare into her banking account directly, for efficiency. All Sam needs is her bank name and her mobile banking credentials and he will deposit a check directly into the account after he downloads the app. After all, love just can’t wait.

Unfortunately, right after he does it, something goes amiss and he cannot visit after all. He wants that money back, immediately via some type of money transfer service. Eva checks her account and it shows the money he deposit is indeed in her account, so she sends the money right away.

Unfortunately, Eva just got scammed. Sam never intended to meet her. He just wanted cash. You see, when you use mobile deposit with your financial institution, there is a period of time before the deposit is actually approved and funds are available. That time period differs for each financial institution and can range from 24 hours to several days, depending on circumstances. So, even if the mobile deposit says it was successful, the money may not actually be available right away. The check that Sam deposited bounced, of course and Eva was out the cost of a plane ticket.

It’s easy to get caught up in the moment when first meeting someone new. We want to trust people, but no one needs your mobile banking credentials. So keep those a secret no matter how hard a person tugs at your heartstrings. Unfortunately, there are a lot of people out there in the world with bad intentions. Don’t give them information that can be used to steal from you.

In some cases with this scam, if the victim refuses, the scammer threatens to sue or otherwise scare them out of money. Don’t let it happen to you. Keep your money close to your heart and let the scams of the world go.

© Copyright 2017 Stickley on Security

Movie Fans Targeted in iTunes Scam

Movies are a big business and it’s more popular than ever to grab your popcorn and Milk Duds and sit back on the sofa to stream them from iTunes. A recently found scam targets Canadian movie fans by sending a fake Apple invoice for movie rentals, counting on the user to request a refund.

In this case, the invoice purports to have charge for a list of movies that can add up to a rather large sum of money. The movies on the invoice are often those that were released somewhat recently, such as Jack Reacher: Never Go Back and Arrival, making it a bit more believable to potential victims. After the initial shock wears off of the amount on the invoice and the fact that the charges do not belong to the targeted victims, the next reaction is to scan the form for a way to get a refund or dispute charges.


Conveniently, the phishers put a link at the bottom of the document. It supposedly can be clicked to claim a full refund. However, it doesn’t go to Apple. It goes to a website registered in Norway. The information requested in the form that appears wants a lot of personal information, including date of birth, mother’s maiden name, and a social insurance number. Canadians need this last number to access government services. It is not needed to get a refund from Apple or most any other company. These should raise big red flags to the recipients.

The scam was spotted by researchers at security company Fortinet. The fake invoice arrives in an email message that at first glance appears to come from Apple, but if it’s expanded, it shows a strange email address from a Norwegian site. By using the mouse to hover over the link, it looks like a bunch of randomly generated characters, but definitely doesn’t look like an Apple link.

Remember that by taking a minute to check the link destination before clicking it, you can avoid being a victim of phishing. Hovering over them with the mouse pointer works for this, as does holding your finger on the link for a few seconds if you’re using a touch screen device. If the link destination doesn’t make sense to you, it’s probably a fake one.

If you receive something like this that claims false charges to any of your accounts, it’s even better to go directly into your accounts from previously bookmarked links than clicking anything. It’s getting more and more difficult to detect phishing messages, so try to get into a habit of not clicking them and going into accounts separately to avoid becoming the next victim. If all is clear in your account when you check that way, then you can be sure the message you received is indeed phishing.

Apple users are often the targets of phishing these days and not only in email. Smishing is on the rise as well. This is when the scammers use SMS/text messages to trick users (also called “smishing”). So watch for those fake links too.

Another tip for avoiding scams like this is to set charge alerts on your payment cards. You will get a message each time a charge is placed on your card for a limit you set. If you didn’t get an alert for the charges, it’s a clear signal that a phishing attack is at play.

© Copyright 2017 Stickley on Security

Ten Great Ways to Spend an Income Tax Refund

Expecting a substantial income tax refund this year? If so, you are in the majority; over 80 percent of Americans get money back at the end of the tax year, with the average refund being close to $3,100. Rather than having those precious dollars being absorbed into your normal spending routine, get the most out of your cash.

Pay down high interest loans and lines of credit. With average annual interest rates for credit cards and personal loans hovering around fifteen percent, paying off that credit card before making other investment decisions makes good sense.

Fund Your Retirement Account. About 32 percent of all working Americans have no money invested for their retirement. If you are one of them, seriously consider making a contribution to a retirement account right away.

Invest it. Instead of just working for money, let money work for you. If you invested one lump sum of $1,500 in the stock market, over thirty years, assuming a 12 percent return, you’d have $ 53,924! (Of course, do your research first before making any investment decisions and talk to licensed investment professionals)

Open an emergency account. Most Americans don’t have money set aside for those financial emergencies that always seem to happen when there is no cash in the coffer. A large tax refund is a great start for an emergency account. Experts recommend that it should eventually total between three to six months’ worth of essential living expenses.

Pay for repairs. Maintaining expensive possessions now will result in dollars saved tomorrow. Use the money to repair that leaky roof before it develops into a bigger problem; replace those dangerous bald tires with new, safe ones.

Start a personal endowment. Investing in your emotional, physical, intellectual, and career growth is a wise use of money. Whether it’s paying for a gym membership or a cooking class, you’ll feel effects of this type of investment fast.

Make an extra home mortgage payment (or two). Though you won’t feel the benefit immediately, doubling up on a mortgage payment now can save you months of mortgage payments later.

Donate to a charity. Giving back to the community is a wonderful way of supporting a cause that you are passionate about. Even better – in many cases at least a portion of your donation is tax-deductible too.

Open a College Savings Plan for your child. A four-year college education can cost upwards of $100,000. Save for your child’s college education with a college saving plan. For the most part, withdrawals are completely tax-free when used for higher education purposes. Talk to a licensed investment professional about your different options.

Plan a vacation. If you are in a fluid financial position, and can truly afford a bit of luxury, do something you’ve been dreaming of. Money is to be enjoyed as well as earned, saved, and invested. Go ahead. Book that cruise!

Although all the preceding ideas are excellent uses for a lump-sum amount of cash, remember that instead of planning for a refund, it could be more beneficial to come out even. A tax refund is an interest-free loan to the government, and money that is not in your pocket every month. If you have been getting a refund back each year, consider changing your withholding exemptions so less tax is withheld from each paycheck. While a tax refund may feel like a gift from Uncle Sam, it’s not—it’s money that you have overpaid on your income taxes. That said, some people use this as a form of saving.

Revised January 2016

What Can We Learn from the Tiny House Phenomenon?

You may not have seen one in your neighborhood yet, but the tiny house phenomenon has spread across the country. For some, the move is driven by a desire to downsize and live a minimalist lifestyle. Others see it as a way to decrease their impact on the environment.

Economics are often a large part of the equation. Buying and maintaining a tiny home is relatively inexpensive, and the savings can help many people on their path towards financial freedom.

Tiny-home living (often shortened to tiny living) isn’t for everyone. However, tiny living requires ingenuity and resourcefulness and we can all learn something from those who choose tiny.

Freedom from debt is priceless. Living within one’s means is a foundational belief to many within the tiny living community. Between labor and materials, a tiny home could cost about $20,000 to $60,000 to build. By contrast, the U.S. Census Bureau found the median sale price for a new home in December 2016 was $322,500.

The relatively low price gives you a chance to own a tiny home without having a mortgage that’ll take three decades to pay off. The ongoing savings in the form of lower utility, tax and maintenance bills also make it easier to pay off non-housing debts, such as student loans, and live a debt-free life.

That being said, you can live in a larger home and still look for ways to lower your monthly expenses and fight lifestyle inflation (spending more as you make more money). A common tip is to allocate half of your next raise or bonus to your savings or use it to pay down debts. But why not challenge yourself and use your entire raise or bonus to build your net worth?

Make room for things that are important. Moving into a tiny home can require major downsizing, but some view that as a feature rather than a disadvantage. It’s not about getting rid of things that aren’t absolutely necessary, after all sometimes “unnecessary” decorations turn a house into a home. Rather, from furniture to clothing, you have to decide what’s important to you and leave the rest behind.

It’s easy to fill a large home with clutter and then attempt to clean every spring. Perhaps a better approach would be to take a tiny-home mindset to the store with you. Don’t get bogged down by asking yourself if you can live without something – you can live without many things – instead, try to only spend money on things that add meaning and joy to your life.

You have more space than meets the eye. Watch a tour of a tiny home, and you’ll see that great organization skills and original storage ideas are a must. Tables turn into benches and chairs double as shelves – everything seems to have at least two purposes.

How could a little imagination transform your home? Might a new shelving system and selling items that aren’t important to you anymore give you more room? Inventiveness and thinking outside the box are keys to making the most of what you have.

High-quality products are worth the investment. Many tiny-home owners are keenly aware of the waste they’re putting back into the world. Some even choose to live in a tiny home because it’ll reduce their ecological footprint. The savings that come from tiny living and this approach to life often lead to investments in long-lasting products rather than cheaper alternatives.

Quality over quantity is certainly a worthwhile mentality to adopt. Put it into practice by looking for companies that offer lifetime warranties on their products. You might be surprised to find that from socks to power tools there are dozens of manufacturers that uphold this promise.

How will you make use of these lessons? Simple living and conscious buying aren’t exclusive traits of tiny-home owners. Regardless of the size of your home, you may find that incorporating these principles and practices save you time and money. Two valuable resources that should never be wasted.

by Nathaniel Sillin

Storage Limit Reached Scam Tricks Users Out of Email Credentials

There is a lot of data to store these days. The average user gets somewhere between 50 and 100 email messages per day and that takes up storage space somewhere. It might be stored in the cloud, but it may also be stored on a server in the cold room of the IT department. Wherever it is stored, the servers have limited space. Therefore, most organizations set a limit on how much of a hard drive each person can use. When that limit is reached, it’s time to do a clear out of messages. Scammers are using this tidbit to trick people into giving up email login credentials.

The Better Business Bureau (BBB) reported that its users were receiving an email message that claimed their storage was full and they needed to click an included link to validate the account and add storage. When the link was clicked, a form appeared that requested email address and password. Once the information was entered, the form disappeared and a dialogue box appeared stating that all is well.

Unfortunately, those users gave up their information to someone who could use it to send spam, distribute malware, or to commit some other type of fraud.

There are ways to identify potentially harmful messages.

-Don’t just believe what you see. Scammers can fake anything from a company logo to the sender’s email address with relative ease.

-If an email arrives unexpectedly or by an unknown sender, do not click on links or open files that may be attached to them.

-Use your sixth sense. If something appears to be suspicious, confirm it first. Contact the sender directly from a number you know is accurate or by starting a new email message. Don’t reply to the original one. Walking to the sender’s desk or office may be another option.

-If something is generic, it should be met with suspicion.

-Always be wary of messages that don’t contain your name or other personalized information or references.

-Use unique passwords for each online account you create. This will reduce your risk of password reuse being successful for a cybercriminal.

The subject line reported by the BBB was “[name]@[] update required” and appeared to come from a webmaster domain account. If you receive something similar, confirm its legitimacy with your IT department before taking any action.

© Copyright 2017 Stickley on Security

Study Finds Our Personal Information May be Leaked to Anyone Who Wants It

A company that provides a mobile device gateway product, Wandera, has found that the apps we install on our devices leak a surprising amount of information to anyone who chooses to capture it. It doesn’t take an experienced hacker either, but merely someone who may be sitting in the corner of a café logging traffic crossing an unsecured WiFi connection.

The study found that 200 popular apps were exposing sensitive information, mostly user names and passwords unbeknownst to the users. However, any information that was entered into the apps was subject to being leaked. Nearly 60% of the apps giving away the information were news, sports, or shopping apps; the apps many of us use every day without a second thought.

It’s worth thinking about, however, what information we enter when we download the apps and what apps we do indeed install on our devices. Think about what is asked for in order to put it on the device. A free news app, for example, doesn’t need your social security number or payment card information. It also doesn’t need your age or address. If it doesn’t allow use of the product without it, perhaps it’s wise to choose a different one.

In addition, pay attention to the reviews and number of downloads for any application. If there are very few of them, have a bit of patience and wait for the kinks to be worked out first. When Wandera contacted the developers of the vulnerable apps, some of them did fix them right away. Others didn’t even acknowledge the communication attempts. Reviewers usually will indicate any problems that are found in initial releases and if they are not on the positive side, reconsider if you want to be an early adopter.

Also, because most of the time it was a user name and password that was leaked, don’t re-use passwords across multiple sites and applications. Each one deserves its very own password. Then, if a hacker does get ahold of that information for one app, it doesn’t have it for any others. Password reuse was blamed for some rather high profile incidents such as the “naked celebrity” leak a few years ago. Spotify also accused this as the cause for strange activity on some users’ accounts in 2016.

News, sports, and shopping weren’t the only apps to leak information. Thirty percent (30%) came from travel, entertainment, lifestyle, and technology apps. The biggest offenders were adult sites. Of the top 50 of these types of sites, 80% exposed personal information.

These types of issues with mobile apps likely occur for a variety of reasons. One is possibly the rushed timelines under which developers are often asked to work. It may also be due to bugs in the code or general ignorance of how to make code secure. Whatever it is, it puts user data at risk of being stolen.

© Copyright 2017 Stickley on Security