Keep a Lookout for these Top Scams

Scam Meaning Fraud Scheme to Rip-off or Deceive

Go ahead and admit it. You were just wondering what the top scams are right now. Thankfully, we have a list.

To stay safe, remember to NEVER give out personal information like your social security number, online banking user name/PIN, credit card number or debit card number/PIN. A reputable bank, credit union, business or government agency typically will not contact you and ask you for them over the phone or via email.

Online Loan Offers: Be wary of online postings promising quick loans or too-good-to-be-true approvals. Be sure to verify that the company is a legitimate lender, as well as determine up front what the actual interest rate will be.

Watch out for alleged lenders that claim to need your online banking credentials to post your loan to your account, and/or that demand a certain percentage of your loan advance be sent back to them via MoneyGram or Western Union. Often these are fraudsters trying to trick you into allowing them to deposit worthless check(s) into your account so that you can then send them the money and suffer the loss when the check(s) are returned as invalid.

Apple Store Payment: This is a simple scam these days as the number of people transacting with Apple is immense. Because people are so accustom to these transactions, they may not look twice when this scam hits their email. To avoid all financial institution or transaction scams including Apple Store, never respond to any email asking for personal or financial information. Instead, log directly into the account from your phone app or web browser. This will ensure that if your account does have an issue or needs your attention, you are working with the good guys.

Job Scams: They’re in the classified sections wherever classifieds may be found. They say no experience required, start right now, it’s full time, and the pay is great! Sounds too good to be true, right? It is. The scam comes when they ask for a “training fee” and/or your social security number. Trust your senses and walk away from these.

Recover Your Unclaimed Property: Scammers will graciously help you recover property or funds, even when you didn’t know you were owed any. Of course they charge a fee and of course, after you pay it you will never see your missing property or funds.

Human Resources Needs Your Information for Direct Deposit Setup: The email is fake and once the information is provided, your direct deposit no longer is in your account. Verify any emails asking for this information by phone, separate email, or by talking to the HR rep in person. It is extremely unlikely that any legitimate company or service will ever ask for this information via email.

Pet Adoptions: Online is a photo and sob story about a pet that really needs a good home. Once you pay for the adoption fee, shots, and crating for travel, you have less cash and no pet. Consider staying local for pet adoptions and pick up the pet in person.

Healthcare Open Enrollment: This has gotten even more confusing lately with the implementation of the Affordable Care Act (ACA or commonly referred to as Obamacare). Scammers will pretend to offer their services to help you wade through the complicated processes for a fee. However, once you pay it, you are still confused and likely still don’t have healthcare. Seek out authorized representatives to help you navigate this process.

IRS Scams: Frauds of this type come in many forms. Sometimes it’s a phone call saying you owe money or even are due a refund and thankfully, this company has come to your rescues to help you get it back from the evil IRS or keep you out of jail. Sometimes they send email claiming the same or something equally fraudulent. The IRS doesn’t work this way. They will send a physical letter first.

Get a Free Gift Card or Prize: In order to collect it, you have to give out sensitive information or money. This one takes many forms and may be a phone call or email version exploiting popular and well-known brands. Keep sensitive information private. You shouldn’t have to give out this information for a free prize.

You’re Pre-Qualified for a Loan: And you didn’t even ask for that! In order to get it, just send all of your sensitive data or give it to them on the phone and the money is yours. Except it isn’t. If you didn’t initiate the loan qualification, it’s likely a scam.

Online Purchases: The product you are so excited to get just never arrives. Alternatively, it is nothing like advertised. This risk always exists, so try to use verified online retailers.

Accidental Overpayment for Items Online: If you sell online, watch for scammers who will send overpayment and request the difference wired back. Typically, they send a bad check, but before you figure it out, the cash is sent. Avoid accepting checks when possible and if you must take them, make sure they clear before issuing any refunds.


© Copyright 2015 Stickley on Security

It’s Not a New Dinosaur, It’s A New Way to Phish

Dinosaur on the shore of the island.It’s not a newly discovered dinosaur. It is another new trick for hackers to use. The term being used to describe it is a Stegosploit and it involves images rather than documents or websites to perform exploits.

The practice is real and is called Steganography. It’s been around for a while. Some records indicate since 1499 AD. It is a legitimate way of hiding a message inside an image or text that makes it undetectable to those who don’t know to look for it. Think invisible ink. However, it is now being used by hackers to spread malware.

The malicious code is hidden inside a picture’s pixels, but when the link associated to one of these messages is clicked, information on the victim’s machine is sent off to a cybercriminal. The victim gets a “You are hacked!” message so that there is no doubt about what just happened.

Of course the message with the link is likely to come in a phishing email message. So remember not to click on any links or attachments from senders that you don’t know. Even if you do recognize the name, use caution and if you are not completely sure that what you are about to see is harmless, don’t do it. It is best to contact the sender in a separate email message (do not reply to the original one) and make sure it was intended and is safe.

Information security can seem daunting, but the fundamentals do not change. You may find it challenging to determine if an email message is phishing for something, but most of the time there are indicators making it easier to detect.

• Watch for misspellings, incorrect grammar and punctuation, and incorrect use of the language.
• Hover over links with the mouse to see where that address really is taking you. Often times, it’s just a bunch of random characters and that is a flag it’s phishing.
• The sender’s name is missing, is a bunch of garbled characters, or is someone unfamiliar to you. Even if the name is familiar, you can expand it to see the actual address. Often times, it is spoofed just to make it look like someone you know.
• Make sure anti-malware software is installed, updated, and active and that it scans attachments upon receipt in your inbox and before you see them.

What is inside these bad images? It is likely a picture of cute little puppies or kittens or perhaps a photo of a celebrity. You can probably get plenty of photos of these in other ways without putting your computer, mobile device, or company’s network at risk if you really just have to see them.

© Copyright 2015 Stickley on Security

Scammers Pose as Sheriff’s Officers to Scare Victims Out of Their Money

lying scammer with growing noseThere is a scam going around right now intended to scare you out of some cash and it uses law enforcement to make it seem more realistic. A caller spoofs the phone number of the Sheriff’s Department and tells the potential victim there is a warrant out for his or her arrest.

The most important piece of information to know is that no deputy or employee of the Sheriff’s Department or law enforcement in general will call members of the public to demand payment for an outstanding warrant. In fact, an arrest warrant authorizes the arrest and detention of someone. It does not involve the arrest and detention of your money.

Scammers will use any means possible to try to trick people into giving them cash, credit card details, or send wire transfers or pre-paid debit cards. There are some indicators to listen for to determine if it is a scam and in this particular case, the caller will give reasons for the warrant as failure to appear for jury duty or failure to pay taxes. Some flags to listen for include:

• The caller is overly pushy or aggressive
• You are threatened with jail time or will have your driver’s license taken away if you don’t pay
• The caller gets very angry if you refuse to believe the story he or she is giving
• The form of payment is pre-paid card and they ask you to give them the card number via phone or they request payment by wire transfer
• They attempt to prevent you from verifying their information
• And the number one indicator is that you have not done anything against the law

Some tactics the callers are using to try to be more convincing are to use the name of an actual Sheriff’s Department employee, give the phone number of an actual Sheriff’s station, and/or have some information about you such as your birthdate or a former address. Due to all the breaches lately, most people have personal information currently for sale on the darkweb.

If you get this type of call, don’t linger or give them any information. Just hang up the phone and report it to your local law enforcement and file a complaint with the Federal Trade Commission (FTC). There is a form on the FTC site.


© Copyright 2015 Stickley on Security

Do You Know Where Your Kids Are Playing Online?

surprised faceKeeping up with kids is difficult and keeping up with changing technology that affects them can really leave you feeling overwhelmed. A study by Intel Security lets us know that now, we even perceive what kids are doing is better than what actually may be.

We know no kid is better behaved and honest than yours. But they are a curious lot and no matter how great they may be, they still are likely going to go poking around online when given the opportunity. The three misperceptions found in the study come down to trust, online safety methods, and thinking kids know more than parents about technology.

You may be able to trust the kids, but you can be sure that you should not trust the Internet. There are a lot of scary things out there and malware is probably one of the least to worry about. Online predators are real and dangerous. They are sneaky and can take advantage of the fact that a kid’s brain does not fully form until he or she is into the 20s. Decision making is a learning process. Scammers are lurking around every corner trying to get any information that may lead them to a payoff and malware hides behind all sorts of links, including advertisements that seem harmless. Teach them how to make the right choices.

Be sure to have a frank conversation with kids about online security. Start as soon as they start using computers or smartphones. Explain that they should never reveal their names or address, any sensitive data or otherwise without asking permission from a parent first.

Learn the sites they like to visit and what they are all about. Make their social networks your hangout too and create a “village” to help keep an eye on them. No matter how trustworthy they are, you still need to monitor the roads they go down. It’s just like making them clean their rooms. If you aren’t there, they will probably take the other fork.

Take the time to learn new technologies that are all the rage with the kids these days. Don’t assume that you can’t figure it out. If you truly cannot, ask for help. This includes learning how to use their mobile devices.

The physical and virtual worlds are dangerous places. Just as you help them understand stranger danger, teach them online safety too.


© Copyright 2015 Stickley on Security

Android Bug Sends Video Malware Via Text

video malwareFor all the smartphone and tablet users out there, another bug has been reported in the Android operating system. Before you panic, it is not suspected to be currently exploited by hackers and there is already a patch available, but there is some not so good news.

The researcher, Joshua Drake, who discovered it in his lab, sent the patches along with the issue to Google a few months ago. Google also released it. The problem is that the manufacturers of the devices and the service carriers may not have pushed it out to their customers.

The vulnerability may allow an attacker to perform functions on Android devices without the end user doing a single thing. If a video is created with malware inserted and sent in the form of a text, as soon as it is received by the device, it can perform functions. The user doesn’t have to view it or open it.

Issues like these underscore the importance of applying patches and updates as soon as they are made available. Also make sure you are running some type of anti-malware on mobile devices and that is always kept updated. It is recommended that you configure the settings to update the files automatically. Then, you don’t have to worry about that.

One of the criticisms security professionals and others have about patches for mobile devices running on the Android operating system is that it is ultimately up to the manufacturers and carriers as to when to release patches for vulnerabilities such as this one and for the most part, that does not appear to be a priority because they would rather users buy new devices than patch them. So, you can also try lobbying your mobile service providers and device manufacturers to push out the updates in a timely manner.

In addition, since this affects the default messaging programming on Android, consider using another one for the time being; as long as it isn’t Google Hangouts. That program processes videos right away so the user does not have to spend time searching for them.

According to researchers, only about 20% of the Android devices will get updated with an upper optimistic estimate of 50%. Another fun statistic from security firm F-Secure, is that in the first quarter of 2014, 99% of mobile malware threats were designed to run on Android devices.

© Copyright 2015 Stickley on Security

ATM Skimming, What You Need to Know

skimmingA thief stealing from unsuspecting ATM users is not new. However, it no longer means they hang out until the money is withdrawn and then rob the customers. The current trend is ATM Skimming. A crime ring in New York compromised over 26,000 transactions of 1,400 issuers in this manner. Losses were in the range of $3.5 million. Recently Wichita, Kansas’ police found seven card skimmers at various financial institutions in the city.

You may be asking what is an ATM card skimmer. It is a device that is placed over the actual machine’s card reader, often using double-sided tape. In some cases, the machines are tampered with and noticeable damage can be found. The skimmer reads the information off of the magnetic stripe on the card. Complementing that, a camera may be found nearby aimed at the keypad capturing PIN numbers.

How can you protect your information?

• The first rule is don’t use an ATM that is in a low traffic or low light area. It is typically considered more secure to use ATMs at banking locations as opposed to standalone machines. Not only for the safety of your money, but for physical safety as well. The thieves run a higher risk of being seen in these areas, so they tend to not use them as often.

• Identity thieves will often even construct their own machines in an attempt to steal data. To that point, use a machine with which you are already familiar whenever possible. It will be easier to detect anything different when you approach it. If it looks different from what you expect, and you are uncomfortable, use another one.

• Protect your PIN number by placing your hand or a piece of paper over the keypad when entering your number. This will prevent any cameras that may be installed from seeing what you pushed.

• Since tape is often used to attach the skimming devices, if something looks odd, wiggle it to make sure it doesn’t come loose.

• Don’t necessarily believe the instructions on a sign that looks unusual. Financial institutions will not ask you to swipe your card on a separate reader before putting it into the ATM, for example. Yet scammers will try this and it often works.

• Make sure you check bank statements for fraudulent charges and report anything suspicious to your financial institution in a timely manner. This is general good practice, regardless of whether or not you feel you may have been scammed.

• If anything makes you feel uncomfortable about a particular ATM, don’t feel bad about walking away and finding another one. The machines feelings will not be hurt.

• If someone offers to “help” you use the ATM, immediately decline and leave.

• If the machine doesn’t give you money, or gives you an immediate message that the machine malfunctioned, call the financial institution and let them know.

Criminals are getting smarter about using skimmers and often it is nearly impossible to detect the device. However, take a few moments to look around before putting your card into the machine. If anything strikes you as odd, report it to the financial institution.

Thieves use the information gained from these devices to create duplicate cards. Then they use them to make purchases or withdraw cash. They can steal a lot of money in a very short period this way.

Fortunately, there hasn’t been a skimmer that transmits wirelessly found, yet. So the criminals have to return to the machine to retrieve the data. An investigation regarding the Wichita scams is ongoing, and the police have released photos of the alleged perpetrators, possibly as they returned to do just that.

ATM skimming has become so popular among criminals that a task force has been created to get all segments of the ATM industry as well as the U.S. Secret Service involved in skimming investigations. As a result, some of the technology of ATMs is improving to a level making it more difficult to tamper with them. However, because of our 24-hour desire to have access to our money, and the sheer number of ATMs required to meet this, it will be a while before skimming is a thing of the past. It is getting there. For now, don’t avoid the machines. Just be aware and report anything suspicious.

© Copyright 2015 Stickley on Security