Free Travel Coming Your Way Via Airlines. Or Is It Really?

The airline industry has a lot of information on passengers. That’s why using them for phishing attacks is useful to cyber criminals. In response to a warning from Delta Airlines, the U.S. Computer Emergency Readiness Team (US-CERT) issued an alert recently warning airlines consumers to be on the lookout for email messages attempting to gain access to personal and sensitive information.

Delta recently put a notice on its website warning its passengers of attempts to access personal data in email messages claiming to be from the airline. In these, are promises of free travel or prizes, invoices, or other documents, which Delta makes clear are fraudulent and may contain malware. The criminals go to great lengths to copy the company’s website making it difficult to tell it’s fake.

If you receive a message in email, social media, or any other way promising free travel or prizes from any airline, you should consider it suspicious. Before clicking any links or attachments, go directly to the airline’s website to verify contests or giveaways. Most likely, these are phony. If it seems too good to be true, it really is.

The Delta notice also warns consumers that they do not market to them using giveaways and prizes.

Although Delta issued this particular notice, other airlines are not immune to similar scams and phishing attacks. Southwest has been used often in scams seen on Facebook and United experienced a breach of its systems in 2015. Loyalty programs for airlines, hotels, and others are frequently targeted by scammers.

When signing up for programs like these, always use strong passwords that include:

At least eight characters
Upper and lower case letters
At least one number
At least one special character

Passwords also should not contain personal or sensitive information such as birthdates, names, or addresses. Remember to change passwords regularly, even for loyalty programs and that each password used on a site is unique to that site.

There is one last thing. If you are entering sensitive information into any website, such as payment card details, be sure to confirm that the site is secure. Look for the lock icon or the “https://” preceding the address and that the spelling of the URL is correct before hitting the “enter” or “return” key. When in doubt, don’t enter any information.

© Copyright 2017 Stickley on Security

Paying for College: Dealing With the Student Loan Crunch

In this current financial climate potential home-buyers are not the only ones struggling to find loans. The mortgage crisis has spilled over into other areas of lending as well, such as student loans. Media reports about possible student loan shortages have left many students wondering about how hard it will be to find financing for school.

Finding financing

Due to the high cost of college tuition many families are unable to pay for college with savings alone. Traditionally, the availability of student loans has provided an important avenue in allowing students to be able to go to college. However, many lenders have stopped offering public or private student loans. Many lenders that are still offering loans are charging higher interest rates and/or fees. Even though paying for school may seem like a daunting task there are several steps you can take to find financing:

Talk to your school’s financial aid office. Employees at financial aid offices are trained to help people find financing for school and have dealt with many others in the same situation as you. Ask them what lenders still offer student loans and what your other options for funding are.

Look for scholarships and grants. It is a good idea to look for scholarships and grants regardless of how easy it is for you to find student loans. Why borrow when you do not need to? High school guidance counselors and college financial aid offices usually have information on available scholarships and grants. Information is also available at

Consider a home equity line of credit or loan. For parents with a significant amount of equity in their homes this may be a good way to help finance college. Interest rates are usually fairly low, and the interest is tax deductible as well. However, it is important for those considering this option to remember that home equity lines and loans are secured debt. You could lose your home if you do not make payments.

Stay informed. Congress is working on ways to ensure that student loans remain available. Watching or reading relevant stories in the media will help you to be better aware of what your options are and what new opportunities are created.

Preparing for the future

For parents, the current student loan crunch demonstrates why it is a good idea to save for college. Even if student loans are readily available when your children go to college, saving allows them to rely less on loans, which they will need to pay back after they graduate. If you are saving for college take advantage of available tax-saving vehicles. For example 529 Plans, Coverdell Educational Savings Accounts, and Series EE Savings Bonds (issued by the Department of the Treasury) allow you to invest savings for college and not pay taxes on earnings, as long as the funds are used for qualified education expenses.

College tuition is high, and paying for college is often not an easy task. However, there are several options for funding available, and being well informed can help you prepare for and manage this cost.

Revised January 2016

Secrets to Saving on Your Summer City Vacation

Cities attract people for different reasons, which is partly why cities are such popular vacation destinations. Summer is one of the best times to visit, as the long days give you extra hours of sunlight for exploration and many cities host a variety of free activities. The busy season can mean rising prices, but there are a few city-specific savings tactics that can take some of the strain off your budget.

Look for insiders’ knowledge about the city. Many major cities are covered by bloggers who focus on how to enjoy the city on the cheap. You could start your planning by researching online with the keywords “free or cheap” and the city’s name. Some of the well-organized websites will even let you filter events by date, cost and your interests.

Also check the city’s local newspaper sites for lists of free or cheap events. During the summer, many cities have free outdoor concerts and movie screenings; you can pack a picnic dinner and enjoy the warm weather and show.

Get around the city like a local. It might make sense to take an occasional cab, but some cities have robust public transportation systems. Take a few minutes to study the city’s layout before arriving and don’t be afraid to ask locals for advice or directions.

If you’re in town for more than a few days, look into time-based public transportation passes. For example, you can get a seven-day Unlimited Ride MetroCard for subway and bus rides in New York City for $32. (There’s $1 new-card fee if you’re not refilling an existing card.) You can even use it on the crosstown buses that can quickly get you from one side of Central Park to the other.

Explore new cuisine. One of my favorite parts about visiting a city is trying the restaurants. Whether you save up and enjoy one of the city’s finest eateries or find a hole-in-the-wall hidden gem, there’s something for everyone.

Luckily, many cities’ must-try foods are on the inexpensive side. Chicago’s hot dogs, Portland’s doughnuts and Austin’s tacos all often cost less than $5. You can also look for lists of cheap and delicious eats alongside the free-entertainment tips from frugal bloggers and local papers.

High-end restaurants will inevitably be pricey, but if it’s on your “must-do” list, there could be ways to save. Some restaurants offer less expensive brunches or early evening tasting menus, or you might be able to grab a small bite and a drink at the bar rather than a full meal.

Find the deals if you’re going to shop. Some people see shopping as an intrinsic part of a vacation, and cities are often home to chains’ flagship stores, boutiques and specialty shops. The wide variety of options could tempt you to overspend, but it also means there are plenty of opportunities to save.

If you’re in the luxury market, look for sample sales where high-end brands might be charging (relatively) less for products formerly on runways or showroom floors. Trying to stick to a tight budget? Look for large retailers’ clearance sales, particularly if you’re visiting when stores are clearing seasonal items off their shelves.

Think outside the box when it comes to lodging. Most people know that hotels in the heart of tourist areas are often the most expensive, and many turn to home-sharing sites as cheaper alternatives.

Another trick is to look for availability at hotels in the city’s financial district. Holidays and weekends can bring vacancies at these properties, which may mean lower rates. Hotels right outside the main city, but accessible by public transportation, can also cost less.

Bottom line: Cities can be expensive, particularly during the busy summer, but there’s a reason they’re such popular vacation destinations. Whether you’re interested in museums, shows, food, historic sites or all of the above, there are ways to save and make the most out of your summer in the city.

by Nathaniel Sillin

Surfing the Web and Social Media at Work Adds Risk to Your Company’s Security

Let’s say you’re at work and doing what so many of us do and eating your lunch at your desk. You decide to do a little bit of browsing or peruse your social media accounts. What you are doing is putting your company at risk of malware attack.

Cybercriminals actively use social media and social networking sites for phishing and to distribute malware. Passwords for accounts are regularly stolen and reused. Personal blogs, entertainment sites, and file sharing services are all potential entry points for various types of malware onto a company’s network. Drive-by malware downloads are a popular tool for cybercriminals and these can happen without anyone knowing and can be completed in a mere fraction of a second.

In 2009, some major software companies, including Google and Yahoo fell victim to an attack called Operation Aurora. This took advantage of a vulnerability in Microsoft’s Internet Explorer Browser on Windows XP. It was serious enough that the German and French governments recommended that users stop using Internet Explorer until the issue was resolved.

The perpetrators gathered information from social media about users including interests, birthplaces and dates, schools attended, etc. The attackers then created Facebook pages and befriended the victims’ friends before requesting friendship from the targets. All of this was in effort to gain trust. When the victims used their lunch break (or other time while at the office) to catch up on all the social news of the day, it was only a matter of time before the attacker was able to get that victim to click something malicious allowing entry into the corporate network.

Even if your company has a plethora of perimeter security tools implemented, they are not foolproof. The cybercriminals are generally one or more steps ahead of these tools. Therefore, it’s up to us to be on guard for these attacks at all times.

1. Always be 100% certain that any links or attachments clicked in email or on social media are safe. If you cannot be sure, don’t click them.

2. Consider the information you share on social media and business networking sites. Spear-phishing is a way that attackers target victims by using information found on social media or by social engineering. They use that information to perform attacks such as business email compromise (BEC) or W2 Fraud.

3. Always keep all devices and computers updated with the latest operating system versions and software. In the office, the IT department might do this. However, if you bring your own device to work and connect to the WiFi for example, you are adding risk to your company if your devices are not kept up-to-date.

4. When multifactor authentication (MFA) is offered for an account, take advantage of it. Facebook offers it, as does Twitter, iCloud, Google, and many others. It will prevent someone from gaining access to your account with merely with a password.

5. Always pay attention to awareness training and to any information you receive about potential threats. This information is provided to help you supplement those security tools that protect the perimeter of the office network. While they can detect key words and phrases to filter out potentially threatening email, for example, they will never be 100% accurate. It is difficult to imagine a time that human interaction will not be necessary to prevent cyber-attacks.

© Copyright 2017 Stickley on Security

Phone Fraud is Real and Raking in Millions

While social engineering comes in many forms, over the past two years phone fraud has been seen a steady rise with some organizations reporting more than a 30% increase in attacks. Social engineering via the phone offers many advantages to criminals because of the limited technical resources required, the low risk of capture if detected and the ease in which these attacks can be performed.

Most organizations have set policies designed to prevent employees from falling victim to phone fraud. The problem is that these policies are often the same for all organizations and over time criminals have become aware of how these policies work and are finding new ways to have success through loopholes in these policies. In addition the types of attacks themselves are changing, making it more difficult for employees to detect fraudulent activity based on the policies implemented by the organization. This is why it is so important that employees not only follow the policies of the organization but also use their own intuitions when speaking with people on the phone.

Often when a customer calls into an organization they will provide their name and then the employee will ask additional verification questions to confirm the person is who they say they are. Unfortunately many of the verification questions such as mother’s maiden name, first pet name, favorite color, favorite teacher in school, etc. can often be discovered through social media sites. In addition, through the dark web, databases are for sale that contain thousands of people and their associated verification answers including the last four digits of their social security number. Generally this information has been gained through previous phishing attacks.

Another form of verification often used to confirm the identity of the caller is caller ID. Many automated systems will check the phone number of the caller automatically and flag the user as verified when they are connected to the employee. While caller ID does help in the verification process, criminals now have access to online services that for a small fee will allow you to change your caller ID to any number they choose. This in turn makes the caller ID validation only a layer of security and not a guaranteed verification.

Because it has become so difficult for an employee to guarantee the caller is who they claim to be, even when all policies are properly followed, it is up to the employee to watch for suspicious activity while talking with the caller. First, don’t assume the caller will sound nervous, have an accent or act suspicious. Criminals making these calls are often very experienced and will sound just like every other customer calling in. Instead pay attention to the requests of the caller. One of the most common steps a criminal will take is the request to change their contact information. This will include their home address, phone number and email address. Account takeovers often start with the criminal changing this information to allow them to control all correspondence going forward. While these changes may be valid, it is also potentially suspicious and depending on your organization, other verification steps may be required before you should continue.

If your organization is a financial institution, does the caller ask for their balance, want to transfer funds, add addition people to their account, or receive new credit card services? Again, while all possibly legitimate requests, when coupled with a change of address or other odd behavior, it could be a red flag. Often something as simple as additional verification by asking the customer to name off any recent check written or payment made can help confirm the called is legitimate.

In some cases your organization may contain confidential information about your customers and the criminal calling in is looking to gain access to this information. A customer calling in asking for you to provide them with their social security number, account numbers, drivers license number or other confidential information should definitely raise your suspicions. While the caller may have passed the initial verification screening, additional follow up may be required before proceeding with giving out this information. Check with your company policies as many organizations will not allow you to ever provide some or all of this information over the phone.

Another trick criminals use when calling organizations is to pretend to work for a vendor that the organization does business with. By using this relationship they hope to bypass some of the security policies implemented in the organization. For example, a caller may pretend to work for an IT company that is partnered with the organization. Using this business relationship they may explain they are working on a networking issue and ask for login credentials, network information or even remote access to the employees computer. In many cases they will mention other employee names such as management in the organization that they have been working with to help lend credibility to their call. As you read this you may think that seems ridiculous that anyone would fall victim to that type of attack but when a call like this takes place it is often far less obvious than you would think. That is why it is so important to always keep your guard up and remain suspicious with any incoming call.

Phone fraud is real and criminals are adapting to security policies put into place to detect them. As with most types of social engineering attacks, the goal of these criminals is to get you to act quickly without having time to thoroughly think about the actions requested. Your job is to pay attention to the small things and whenever you have any doubt, stop. Take a little extra time to think through the situation and when in doubt get help.

© Copyright 2017 Stickley on Security

Teens and Money: Preparing to Move Out

You may feel emotionally ready to move out on your own, but are you financially prepared? Living independently means much more than not having to be home by curfew; it comes with a great deal of financial responsibilities. Before you take the leap, know how much the big move will cost you, now and in the future.

Moving out
There are many costs to prepare for just to walk in the door of your first home. You may need to save for at least a few of these big ticket items:

Moving expenses. If your friends won’t do it for the price of a couple of pizzas, you may be looking at hiring some help and renting a moving van.

Rent for the first and last month. Paying two months rent protects the landlord financially (in case you move out on a moment’s notice) but it can be quite a lot of money for a first-time renter to come up with.

Security deposit. Most landlords require a security deposit, which is held as protection against damages to the premises or unpaid rent.

Cleaning deposit. Yet another cash sum a landlord is likely to want is a cleaning deposit. This is held in the event the residence needs some extra scrubbing after you move out. If you have a pet, expect the cleaning deposit to be even higher.

Utilities and telephone deposit. Before you ever turn on the heat or make a phone call, you may have to put down some money to activate these necessities.

Furniture and appliances. Most rentals don’t come furnished. Depending on the room, you may have to buy a few key items to be somewhat comfortable:

Bedroom – bed, mattress, linens, pillows, dresser, rugs, lamps
Living room – sofa, chairs, coffee table, television, DVD player, stereo, lamps, rugs, pictures

Kitchen – table, utensils, dishes, cookware, microwave, cleaning supplies

Bathroom – hair dryer, shower curtain, bath mat
Of course if you will have roommates, you’ll be sharing at least some of these costs. But even with a quick estimation you can see that you may need to save quite a lot to leave home.

Monthly bills
Once you are in your own place, the costs continue. It is extremely important to pay all bills on time. If you don’t, you’ll probably be charged late payment fees, and if left unpaid, they will go into a collection agency. Dealing with collectors is not only highly unpleasant, but the negative effect on your credit report is severe. And if you default on some, such as telephone and other utilities, you may not be able to turn them on again until they’re paid (and even then it can be difficult).

If you are sharing your home with roommates, establish how the bills will be paid from the beginning. You may be able to split some and have each one send a check for their portion of the amount due. Another option is for one of you to act as the money manager and collect from the others. However you arrange it, if the accounts are in your name, know that you are responsible for sending the complete payment in on time.

Rent: If the rent is due by the first, don’t pay on the fifth or some other late date. Think ahead. It is highly unlikely that you will remain forever in the first place you get, so being a good tenant today will help you rent another place in the future. The last thing you want is to establish a bad relationship with your landlord, the very person you will turn to for a glowing rental history reference.
Utilities: Utilities include cable, Internet access, garbage, gas, electric, and water. You will soon understand why your parents were always telling you to turn the lights off when you leave the room.

Telephone: Whether you have a landline, cell phone, or both, know that all that chatting can cost you big money unless you have an unlimited plan. Be careful with your minutes!
Moving out and living independently for the first time can be a thrilling experience. You can make it even better by being financially prepared and responsible from the beginning.

Revised January 2016.