No real time check-ins

Never check in when you are leaving the house for longer periods of time (such as holidays).

That includes no posting of flight tickets and holiday pics – at least not while you’re still away from home.

Something so common and apparently innocent can turn into a nightmare. There were plenty of cases of people who checked-in from their holidays, bragged about the wonderful places they’re visiting, only to come back home and find out that their house became the target of burglars.

You never know who else can benefit from the information you are sharing. You can never fully control and restrict who’s watching your social networks posts.

Got tape? Stick it over your webcam

Put tape over your laptop’s webcam.

The FBI director does it. You should do it too, because you never know who’s watching you.

A few examples from the past years that might give you the creeps:

  • In 2009, a student sued his high school for taking photos of him through the laptop they provided him.
  • Miss Teen USA was photographed without her knowledge by an ex high school colleague, who infected her PC with spyware. In that case, the victim fought back and the man was sent to jail.

Avoiding technical support scams

Cybercriminals don’t just send fraudulent email messages. They might call you on the telephone and claim to be from Microsoft. They might also setup websites with persistent pop-ups displaying fake warning messages and a phone number to call and get the “issue” fixed. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

  • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
  • Convince you to visit legitimate websites (like www.ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
  • Request credit card information so they can bill you for phony services.
  • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

“Remember, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.”

Ransomware re-do? Back up your files.

Based on early news reports, it’s possible that another widespread ransomware attack is sweeping the globe. It may spread using the same vulnerability that the WannaCry attack used in May, or it may be a new virus. Either way, if organizations don’t patch their software, they’re at risk. It’s crucial to keep operating systems and other software up to date.

If you’re a computer user, what else can you do to avoid losing access to your data because of a ransomware attack? Back up your files! Here’s a lighthearted reminder that backing up your files is serious business.

Link: FTC

Avoid skimmers at the pump

Skimmers are illegal card readers attached to payment terminals — like gas pumps — that grab data off a credit or debit card’s magnetic stripe without your knowledge. Criminals sell the stolen data or use it to buy things online. You won’t know your information has been stolen until you get your statement or an overdraft notice.

Skimmers are nothing new, but technology has made them smaller and harder to find. Sometimes, they’re even hidden inside a gas pump.

Here are tips to help you avoid a skimmer when you gas up:

  • Make sure the gas pump panel is closed and doesn’t show signs of tampering. Many stations now put security seals over the cabinet panel. This is part of a voluntary program by the industry to thwart gas pump tampering. If the pump panel is opened, the label will read “void,” which means the machine has been tampered with.

Photo credit: National Association of Convenience Stores (NACS) and Conexxus

  • Take a good look at the card reader itself. Does it look different than other readers at the station? For example, the card reader on the left has a skimmer attached; the reader on the right doesn’t.

http://www.kamloopsbcnow.com/files/files/images/skimmer%20compared.jpg

Photo credit: Royal Canadian Mounted Police in Kamloops, Canada

You can try to wiggle the card reader before you put in your card. If it moves, report it to the attendant. Then use a different pump.

  • If you use a debit card at the pump, run it as a credit card instead of entering a PIN. That way, the PIN is safe and the money isn’t deducted immediately from your account. If that’s not an option, cover your hand when entering your PIN. Scammers sometimes use tiny pinhole cameras, situated above the keypad area, to record PIN entries.
  • Monitor your credit card and bank accounts regularly to spot unauthorized charges.
  • If you’re really concerned about skimmers, you can pay inside rather than at the pump. Another option is to use a gas pump near the front of the store. Thieves may target gas pumps that are harder for the attendant to see.

If your credit card has been compromised, report it to your bank or card issuer. Federal law limits your liability if your credit, ATM, or debit card is lost or stolen, but your liability may depend on how quickly you report the loss or theft. For more information, read Lost or Stolen Credit, ATM, and Debit Cards.

Consider placing a fraud alert or a credit freeze on your credit report. This requires businesses to confirm your identity before approving applications in your name.

If you think you see a scam, talk with someone. Your story could help someone avoid that scam. Then report it to FTC.

Scammers don’t really give refunds

The FTC has been cracking down on deceptive tech support operations that call or send pop-ups to make people think their computers are infected with viruses. Scammers ask for access to computers, then charge people hundreds of dollars for unnecessary repairs. In Operation Tech Trap, the FTC and its partners announced 16 actions against deceptive operations, and the FTC temporarily halted the operations of several defendants.

Recently, a woman who lost money to one of the defendants in the FTC cases got a call from someone who claimed to be with a company the FTC sued. (It was a lie. In reality, the company has closed.) He said the company wanted to give her a refund. He asked her to give him access to her computer, fill out paperwork and buy a prepaid card. She knew that didn’t sound right, so she didn’t cooperate. And she contacted the FTC right away.

We’re grateful for her call, and want to share this warning: If you lost money to a tech support scam or other fraud, you might get a call from someone claiming to give you a refund, or help you recover your money – but only if you give them personal information or some money. Those calls are scams. Don’t give out personal or financial information to anyone who calls you, and never give them access to your computer. And then report the call to the FTC.

Do a winter cleaning through your mobile apps

Take a quick glance over your mobile apps, see what you have installed there.

  • Remove any apps you haven’t been using – they are vulnerabilities for your security and privacy.
  • Revoke permissions for apps that require access to sensitive information – why would a flashlight app request access to read your messages, for example?
  • Keep your apps update – this lowers the chances for malware to take advantage of their vulnerabilities.

And remember to never install apps from anywhere else but the official app store. In Android, there’s a setting that also doesn’t allow apps from third parties to be installed.

Enhance your smartphone’s security & privacy

Never leave your mobile phone unattended, without a security password in place. Activate your smartphone to auto lock the screen after a short period of inactivity, like 15 seconds.

4 digit PINs are the easiest to break, so you should skip using those and instead set a good password, similar to those you use for your online accounts. That means it’s long, random, with mixed lower and upper cases, digits and symbols.

Or draw a pattern.

Or, even better, activate fingerprint authentication, if that’s available on your device. It won’t be a secret, as we leave our fingerprints everywhere, but biometrics are the hardest to replicate.

New scams era – bigger, better, bolder

Do you remember the scam with the Nigerian prince who claimed to be rich and endangered and asked for your money?

Those scams never disappeared, they just evolved into bigger and more complex scams.

They now take the form of contests on social networks, with airlines that offer free tickets or Apple giving away free iPhones. Or videos and eBooks that claim to help you get rich in no time.

Three basic rules:

  • If it’s too good to be true, it probably is.
  • Nothing in this world is free.
  • Always check from at least three trustworthy sources. “Trustworthy” = official website, official social channel (look for the blue check mark), legit media or by directly contacting the company.

Stop measuring yourself against others

Stop comparing yourself to those around you.

So what if they don’t use two-factor authentication?
So what if they don’t pay for a trustworthy antivirus?
So what if they don’t update all their software or backup their data?

You should know better.

Don’t let them influence you or he measures you take in order to protect your data.

  • Use a strong, unique password for every website. Yes, that means you’ll have to install and use a password manager.
  • Set your smartphone to lock after a short idle time, and set it to require authentication for unlocking. If at all possible, use something stronger than a simple-minded four-digit PIN.
  • Never click links in emails or texts that seem to come from your bank, the IRS, or any other institution. If you think the message might be valid, log into your account directly, without using the supplied link.