What To Do If Your Income Is Reduced

It’s challenging enough to make a paycheck last when it comes on a regular basis – but what happens when you have to take mandatory leave, or are paid for some months out of the year but not others? With planning and a careful look at your finances, you can survive the times when the checks are on hold but the expenses march on.

What to do today

Not having enough money to pay for life’s necessities can be pretty scary, but there are a few things you can do to get you through this time with minimal hardship.
Your first task is to take a look at your monthly expenses and prioritize them. Decide what you need to pay for and what you can, at least for now, let go. Housing, food, transportation, and insurance should take top priority. Dining out, clothes, and entertainment may need to be sacrificed for the time being. Remember, this isn’t forever, when the cash is flowing again, they can be resumed.

When shopping, consider every purchase. Ask yourself if you really need it, and if you do, can it wait a while, or can you get it for less somewhere else. Getting in the habit of asking yourself these questions will help you become a savvy shopper in both flush and tough times. This will also help you avoid relying on credit cards during this difficult period. It might be hard, but you will be so much happier when that next paycheck comes in and it is not promised to high interest debt.

If you have credit card payments, and you simply don’t have the money, contact your creditors immediately. You may be eligible for special programs that will keep your accounts in good standing. Waiting until you are behind will not only increase your balance because of hiked up interest rates and fees, but will damage your credit as well.

If you really need to scare up some funds, consider every option:

  • Sell assets, from a garage sale to unloading securities (just beware capital gains taxes for next year).
  • Obtain temporary employment elsewhere.
  • If you have children who work, ask them to contribute to the household budget.
  • Make and sell things if you have a creative streak.
  • Ask a friend or family member for a loan. Chances are they won’t charge any or much interest, but be careful – these sorts of arrangements have damaged many a relationship.
  • Borrow from your retirement account or cash value life insurance plan. Be aware, though, that you are borrowing from an asset accumulated for a specific purpose. These come with their own set of problems if you can’t pay them back.

There are other sources of funds available, but beware: they may not be in your best interest in the long run.

  • Payday loans – Borrowing against future income can seem like a great short-term solution, but with average annual interest rates ranging from 390% to 871%, payday loans are no bargain.
  • Credit card cash advances – There is often an origination fee to take out cash from a credit card, and interest not only begins to accumulate immediately, but is often higher than for purchases.
  • Home equity loans or lines of credit – The equity in your home might be money that is readily available for you to borrow, however, if you can’t repay the loan, you put your home in danger of foreclosure.
  • Car note loans – These loans work by a borrower exchanging the title and set of keys for a loan based on the vehicle’s value. Interest rates range from 30 to 120 percent, and if a single payment is missed, the car can be repossessed.
  • High interest unsecured loans – Usually lent in increments of $5,000 or $10,000, interest rates for this new breed of high-risk, unsecured loans can be as much as 47 percent.
    Planning for Next Time

So what do you do to prevent a scramble for cash next time around? First, mark on your calendar the date that you will have to live on less, so it doesn’t come as a surprise.
The money you get today will have to be stretched to cover those times when there will be nothing (or less than normal) coming in. Resist the urge to spend it all each month. Develop a detailed budget to know what your monthly expenses are, and then prorate your income:

Example: Your monthly expenses total $2,000. You don’t get paid for two months out of the year, so will have to have $4,000 ($2,000 x 2 = $4,000) set aside for those non-income earning months. For each of the ten months that you do receive a paycheck, you’ll have to set aside $400 ($4,000/10 = $400) to cover the time you won’t get paid.

Once you know how much you will need to sock away, have the sum deducted monthly from your checking account and automatically deposited into a savings account.

Since you know you will be needing at least some of the money in a relatively short time frame, make sure you have the portion you need in an account that is easily accessible and penalty free (such as a savings account or money market account.)

Careful planning is the key to surviving a time when a paycheck is on hold. By doing so, you’ll avoid that dreadful feeling when the lean times are on your doorstep – and your account is bare.

BALANCE

Credential Stealing For Your Holiday Season

Phishing days of the week

The holidays are quickly creeping up on us. It’s a time for being thankful and giving, but it can also be a time to reflect on the scary cybersecurity term, phishing…just because holidays are often time for reflection. By now, nearly everyone has heard it and if you work in an office, you have hopefully received some sort of training or advice on how not to become your organization’s latest victim. However, no matter how often it’s mentioned or how much training received, even the most cybersecurity-aware can fall for it, if not careful.

Menlo Security released some research recently that pointed out the increasing incidents of credential phishing. This happens when an attacker sends phishing emails with the end goal to get login credentials…for something. One of the most “famous” examples of this occurred during the 2016 presidential election time when Hilary Clinton’s former campaign manager gave up his credentials when he clicked on a link in email he thought came from a colleague.

Phishing example

So while some worry most about their bank accounts being emptied, perhaps it is more important to worry about email credentials, or perhaps those social media logins. After all, there is a lot of valuable information in our social media accounts and those can be used to reach a lot of people, if they are taken over.

There isn’t a single group being targeted for credential phishing, according to the research. The attackers use a couple of methods and target everything from political campaigns to public agencies to anyone that may have valuable data. The methods seem to be either copying websites to make them very difficult to detect as fake, or websites that actually take over a login page. Either way, if you enter your login credentials, you give them to someone you don’t really want to have them.

Ultimately, these attacks begin with phishing email messages. These often have some specific characteristics…such as trying to scare you into doing something quickly, else suffer some consequence or simply make fabulous promises for a reward, if you just act fast. They induce fear, urgency, curiosity, or appeal to your emotions.

Phishing is getting more difficult to spot these days. The criminals are getting very good at mimicking websites and crafting messages that are so real, that even though you may not have a Netflix account, make you think you do because they are just that good.

Still, take some time to evaluate a message before clicking any link or attachment. If it comes from an unknown sender, is unexpected, tries to scare you, promises something free if you just click and enter details, or anything that has some sense of urgency or punishment claim, it’s very likely phishing.

Menlo Labs found in their research that the most popular time of day for phishing to arrive in your email box is Tuesday. Be particularly cautious on that day of the week. Popular targets were Office 365 and OneDrive. Probably because people are likely to go to those places from the workplace network; and that is where the attackers really want to be. Your home network is a small treat compared to the mother lode that is the corporate network.

Remember that these attacks are not the mass spam variety. They are targeted and individualized. They are trying to get those who have the credentials to get the information the criminals really want. Often, but not always, that means those in finance and human resources departments. Be careful what information is on social media about your role at work. This can be used to construct these attacks.

So yes, sorry to break it to you, but you really are the weakest link. Tools can be put in place to scan for malware and spam, but when a message is so specific, no tool will likely detect it. At that point, security is up to you.

Stickley on Security
Published December 3, 2018

Amazon Disclosed Technical Glitch That May Have Revealed Your Email Address

It’s not the news you want to hear, but it’s important nonetheless. Amazon revealed just before all of the Black Friday shopping hubbub that it has accidentally revealed the email addresses of some users. Unfortunately, there is not much else that we know about this, but anyone who received email from Amazon about this should take notice and not simply ignore it.

The number of users has not been disclosed and not much else about this has either. We don’t know how it happened. The only thing Amazon did say is that it was due to a technical error and that it has been fixed. They also wrote in a notice to affected customers that there is no need to change passwords, as those were not included in the revealed data.

However, they are being rather secretive about this whole issue, so it’s probably not a bad idea to change it anyway. Make sure to include:

– Upper and lowercase letters
– At least one number
– At least one special character

If you did or didn’t get a notification, watch for phishing emails. Phishers love a good reason to crank out a new campaign. If something like this hits the news, scammers are right there to capitalize. Remember never to click on links that come from unknown senders, are unexpected, no matter who the sender is, and that go to a location that doesn’t make sense. To determine this last bit, let the mouse pointer hover over the link for a couple of seconds and it’ll show where it’s headed. If you’re on a mobile device, hold down on the link for several seconds and it will bring up the entire link too. If you think you’re going to Amazon, but the link goes to some other place that you cannot be sure about, skip it. Either type in the address of where you think it should go (Amazon, in this case) or use a previously safely bookmarked link.

Remember to look for the telltale signs of phishing in your email messages:

– Typos and grammatical errors
– Misuse of the language in which the message is written
– Unprofessional verbiage
– Generic greetings such as “Dear User”
– A sense of urgency to click a link or something “bad” will happen

Because Amazon’s name is used in phishing email rather often, go directly into your account to verify details, change your password, or check on orders. Don’t click links in the messages that say they’re from Amazon. It’s just safer that way.

Stickley on Security
Published November 27, 2018

Good News! Recent Facebook Breach Merely Exposes Millions to Spam Email Attacks

In the biggest breach since it began 14 years ago, hackers once again struck the beleaguered Facebook and its users in September. This breach compromised millions of accounts. In hit after hit, the company once again faces criticism about how this latest breach happened. The only bright side Facebook had to report is that the hackers were not nation-state actors, but merely a group trying to make a buck. That’s an important point for Facebook to make, considering previous breaches by Cambridge Analytica and Russian-state actors.

Although it may be good news, it’s cold comfort to the millions affected by this latest hack. The Wall Street Journal reported the hackers behind the massive breach were a group of Facebook and Instagram spammers. The group was previously known to Facebook’s security team, hiding their identity as a digital marketing company. The data stolen can easily be used in targeted spam email attacks.

According to Barkley, email spam is still the number one delivery vehicle for most malware. When any breach happens, especially one the size of the latest Facebook hack, users need to be aware of increased spam email attacks. The information stolen from users gives hackers the personal data they need for targeted emails. They exploit specific user interests, contacts, and other information unique to a user. They easily masquerade as an email that is safe to open and follow links or download attached files. Once that happens, malware is on the loose, infecting devices and stealing even more sensitive data like passwords and financial information. After a data breach, users need to pay particular attention to emails catering to their personal lives, especially those with links or attachments. In these cases, curiosity is dangerous thing. Spammers know the easiest way to spread malware is through a socially engineered email attack. The more they know about a user, the more likely spam email will be successful.

If you are not expecting to receive a link, even if the message preceding it seems to have a very good handle on who you are, don’t click on it. That’s what these scammers and those like them want you to do. It doesn’t even matter who the sender may be, because if they have Facebook information, they may just know the information of a family member or good friend and pretend to be that person. So, instead of just clicking away, ask the sender in a text, completely new email message, or by phone call.

The extent of the hack, including just how many Facebook users were affected and how much personal information was compromised is still unknown. Although the estimates may vary, the true number of users affected may never really be known. Once data is compromised, it’s impossible to know where it goes, how many hackers have the information, and how long it will live in cyberspace–most likely on the Dark Web. For now, the responsibility for safety falls on the user. The need to be hyper-aware of spam email attacks needs to be an everyday way of cyber life and security. Enormous data breaches like the recent Facebook attack should be yet another warning to users that personal cybersecurity is more important now than ever.

Stickley on Security
Published November 30, 2018

It’s Time For Online Holiday Shopping And Tips To Avoid Fraud

If you haven’t noticed, it’s holiday time. It’s a time for cheer, giving thanks, and of course…shopping! And the season is starting earlier and earlier every year. The retailers, both online and brick and mortar, have been hawking their upcoming Black Friday sale information since Halloween…at least. So when you’re browsing online for great shopping deals, it’s always good to keep several things in mind so you don’t become a victim of cybercrime.

Malvertising

This is advertising that you see on the sides of your browser or in popups that is laced with malware. If you click on these, several things could happen. 1. You could download malware to your device. 2. You could be faced with a form asking for information such as login credentials, payment card details, or other identifying information that gets sent back to a criminal. 2. You could be redirected to another site asking for information. So avoid clicking on those ads unless you are 100% confident they are safe.

Even the well-known e-retailers can be used as bait in these scams, so just because the ad is one of them, doesn’t mean it’s safe. If you are intrigued by something you see in those ads, go directly to the store by typing the name in the address bar.

Phishing

This is a big deal. It can even be combined with malvertising to make your holidays blacker than that infamous shopping day. The cybercriminals can do many things to bait and hook you. They can send spam email to a mass list hoping someone will click a link or open an attachment that can get malware onto your device, or that can garner other information from you. That information could be additional personal details, but could also be information about your workplace. In addition to these spam messages, they may also be using information on your browsing habits to create targeted phishing emails, texts, or voice messages.

Remember that when you are browsing online, no matter what browser you’re using, like Roz from those whacky Monsters, Inc. movies, someone is “always watching you.” Information from your browser is usually collected and used by someone to show you more targeted ads, for example. If you click an ad, someone gets that information and you might be sent more ads of similar products or of other retailers. If the criminals get that information, they can use it against you for targeted phishing.

You should not only avoid clicking the ads you aren’t certain about, but don’t click links or attachments you are not 100% confident in either. Never click them if you don’t know the sender or even more importantly, are not expecting them. Even if they appear to come from your financial institution. Instead, contact them using a phone number you already know or have looked up on their official website and ask about it. You can also log into your account directly and check any details there.

Stored Payment Cards and Auto-fill

You’re probably already on high alert about payment card fraud during the holidays and you should be. But also consider whether or not you have payment card details stored in your favorite retailers’ websites. If you do, it’s better not to do that. If one of them experiences a data breach, that information is likely to be part of the stolen information.

And when your browser tries to auto-fill your payment information, don’t let it. Criminals have found ways to cause you grief using the auto-fill feature in Chrome…and likely the other browsers too. Either shut off the auto-fill function or remember to always type in your payment details manually. And never save this in your browser, no matter how convenient.

Setting charge limits on your cards is a good idea too. Most financial institutions allow you to set these and if a charge over the designated amount is made, you’ll get a notification. Perhaps set them a little lower during the holidays. When your card number gets stolen, the criminals will often charge smaller amounts hoping you won’t notice right away.

Of course always keep an eye on your charges, but try to be more diligent about it during the busy holidays. We often make even more charges than usual, so it can be tough to keep track of it all. However, it’s very easy to look at your purchases with the online services offered by financial institutions. If you can, check it every day. You would be better able to stay one step ahead of the thieves.

Stickley on Security
Published November 20, 2018

USPS Leaves User Account Data Exposed For A Year

For better or worse, we tend to trust organizations within or associated to the federal government. The United States Postal Service (USPS) is one of those agencies we usually count on to deliver our mail and packages safely and “Neither snow, nor rain, nor heat, nor gloom of night, stays these couriers from the swift completion of their appointed rounds.” That said, in the age of technology, sometimes trust is tested and recently, the USPS has done just that for users who have accounts on the website.

A cybersecurity researcher, who has asked to remain anonymous, found a vulnerability in the software that runs the “Informed Visibility” program. This is a program that helps business customers track mail in real-time. Not only did it expose this real-time tracking information, but it also allowed any user that was logged in to search for account details belonging to other users. Data they could have queried included email address, account number, phone number, street address, username, and other data.

Those who do have accounts on the usps.com website are strongly encouraged to change passwords. Do this by logging directly into the account and going to the “My Profile” page, then “Preferences.” Click on “PASSWORD,” and Voila! Easy as that.

The page even gives you the guidelines for creating a strong password. Click on the little question mark icon next to “New Password” and it says “Passwords need 8 characters, including an uppercase and lowercase letter, a number, and a special character. They are case-sensitive and cannot include your username or more than two repeat characters in a row. Your password can include special characters – ( ) . & @ ? ‘ # / “ + !” Those are pretty good tips from the post office. Include in that not to use dictionary words, personal information, or other easy to guess words and you’ve got a strong password.

If you stored payment information in your account, you should watch for suspicious charges on those accounts for at least one year or until the account numbers are replaced with new ones.

Unfortunately, the post office held onto this flaw for over a year, although the researcher claims to have told them at that time and yet, the organization didn’t react to it. After journalist, Brian Krebs contacted it, it was addressed with 48 hours.

It’s unclear that anyone actually exploited the flaw, but just to be safe, change your password for your usps.com account. The Postal Service is investigating it further.

 

Stickley on Security
Published November 25, 2018