Category Archives: Frauds

Five things to know about ransomware

The fight against ransomware is getting tougher. Here are five basics everyone should know about it.

 

  • What is ransomware? Ransomware is a type of malicious software, or malware, that denies access to files and data until a ransom is paid. There are two distinct types of ransomware. The most common is crypto ransomware, which encrypts sensitive data and files until a ransom is paid. The other type, locker ransomware, locks a device, completely preventing the victim from using it. In most cases, ransomware encrypts personal files, blocking users from accessing them. Victims are given instructions on how to pay the requested ransom, and only after doing so, are they given a decryption tool that will unlock the files.
  • How does ransomware encryption work? A well-designed ransomware strain will typically use an asymmetric encryption algorithm, which leverages a pair of keys – one public and one private. The data that is encrypted with the public key can only be unlocked by this matching private key and vice versa.
  • How do victims pay cyber ransoms? Ransoms are typically paid in the cryptocurrency Bitcoin due to its anonymity and difficulty to trace.
  • How much is a typical ransom? Requested ransom amounts can vary wildly. In the WannaCry attacks, victims were asked to pay between $300 to $600 via BitCoin to have their files unlocked. This may not seem like much, but it’s important to consider the other, more severe, costs resulting from such attacks due to downtime caused by lack of access to systems. Shockingly, it was recently reported that South Korean web hosting provider paid $1 million in bitcoins to hackers after a Linux ransomware infected its servers and encrypted the websites data hosted on them.  A big jump from the amount the Hollywood Presbyterian Medical Center reportedly paid last year.
  • How do I mitigate risk? Ransomware prevention measures can seem particularly daunting as administrator rights are not always required for some of today’s advanced strains of malware to compromise an end users’ machine and infect the endpoint. This means that while privilege management can play a role in mitigating risks, many strains of ransomware can encrypt data using standard user rights. So even if an organization has removed local administrator rights, this doesn’t necessarily mitigate the risk.

Source

 

Wise giving in the wake of Hurricane Harvey

by Colleen Tressler

It’s heartbreaking to see people lose their lives, homes, and businesses to the ongoing flooding in Texas. But it’s despicable when scammers exploit such tragedies to appeal to your sense of generosity.

If you’re looking for a way to give, the FTC urges you to be cautious of potential charity scams. Do some research to ensure that your donation will go to a reputable organization that will use the money as promised.

Consider these tips when asked to give:

  • Donate to charities you know and trust with a proven track record with dealing with disasters.
  • Be alert for charities that seem to have sprung up overnight in connection with current events. Check out the charity with the Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.
  • Designate the disaster so you can ensure your funds are going to disaster relief, rather than a general fund.
  • Never click on links or open attachments in e-mails unless you know who sent it. You could unknowingly install malware on your computer.
  • Don’t assume that charity messages posted on social media are legitimate. Research the organization yourself.
  • When texting to donate, confirm the number with the source before you donate. The charge will show up on your mobile phone bill, but donations are not immediate.
  • Find out if the charity or fundraiser must be registered in your state by contacting the National Association of State Charity Officials. If they should be registered, but they’re not, consider donating through another charity.

Source

Job scams

Some people joke about being “between jobs,” but there’s nothing funny about unemployment. Looking for a new job is stressful, and as the weeks turn into months, you may jump at any opportunity, no matter how dubious or grim.

Scammers know this, and they prey on desperate people. They send emails with headings like, “Your Résumé” or “Work From Home Job.” At first, these sound like exciting opportunities. Can you really make $1,200 a week sitting on your couch?

Employment scams are common, and you don’t have to be jobless to find their offers enticing. Many of their targets are the unemployed or underpaid eager for a change of pace. No matter what the location or time of year, scammers find a needy victim with bills to pay.

This year, I’ve noticed a rise in two different types of job-related scams. These can look very convincing if you don’t know how to watch out for them.

Mailed Check: In this scam, you apply for a job and get a response. Your potential employer mails you a check. It’ll be made out to you for $500 or so. Of course, that should be a red flag. Why would they pay you before you start working?

Reputable companies won’t do that. But scammers will call you or email you to say the mailed check was their mistake. They ask you to wire the funds back to them. If you fall for it, their bad check won’t cover the funds so that the money will come out of your bank account.

Upfront Fees: Some fake companies will require an “activation fee,” or even upfront costs for “training” and “materials.” If you’re dying for work, you might convince yourself that this is normal because you need to “spend money to make money.” Don’t rationalize. Legitimate employers should not require fees.

Better Business Bureau: Start With Trust


BBB Tip: Don’t Let an Eclipse Blind You to Scams

eclipse

The “path of totality” where the total solar eclipse is visible will stretch through 13 states from Oregon to South Carolina. In the center of that 70-mile wide path, the total eclipse will last from 2 minutes to 2 minutes and 40 seconds. Outside of this path, observers will see a partial eclipse.

Big events also mean big opportunities for scammers and unscrupulous businesses. With a rare event like this, it is important to plan carefully and to trust your instincts. Here are some things to be wary of while you get ready for the eclipse.

Counterfeit Eclipse Glasses

You should never look directly at the sun, so to view the solar eclipse directly without damage to your eyes, you need special solar filter glasses. These are much more powerful than sunglasses. While sunglasses only block about 50% of the sun’s rays, solar filter glasses block more than 99.99%. Unfortunately, many of the solar glasses available online may be counterfeit or do not meet safety specifications. Your best bet is to stick with a brand whose glasses are certified by NASA and the American Astronomical Society (AAS). Here is a list of reputable vendors from AAS.

Here are some additional tips for safe viewing:

  • Regular sunglasses, even very dark sunglasses, are not enough.
  • Warn children of the danger in viewing the eclipse without protective eyewear.
  • Do not look at the uneclipsed or partially eclipsed sun through an unfiltered camera, telescope, binoculars, or other optical device.
  • Do not look at the sun through a camera, a telescope, binoculars, or any other optical device while using your eclipse glasses or hand-held solar viewer – the concentrated solar rays will damage the filter and enter your eye(s), causing serious injury.
  • If the filters on your eclipse glasses are torn, scratched, punctured or coming loose from their cardboard or plastic frames, discard them.

If you are unable to get glasses, one way of indirectly observing the eclipse is by using a pinhole projector. NASA has instructions on how to do this, as well as files to print out and use,

Accommodation Scams

If you are looking for a place to stay during the eclipse, be careful if you are booking online through a third-party site. Check with BBB.org to see what previous customers’ experiences have been. Make sure to correspond within the website or app and not through other means. Always double check that a listing is on the real website and emails are coming from official addresses. Using a credit card offers the best fraud protection. Don’t deal with anyone who asks for payment outside of the platform’s approved options.

There have been reports of travelers who booked hotels for the eclipse long in advance (before it was widely publicized) only to see their reservations canceled or moved to hotels far from viewing spots. Some of the original rooms are then offered again at a much higher rate. If you are traveling out of town for the eclipse and have a hotel booked, make sure you double-check your reservations before heading out.

Event Scams

Cities across the path of totality are holding eclipse festivals with both free events and VIP viewing parties. Scammers may set up fake events or charge people for access to free public parties. These tips for avoiding summer festival scams can also help you separate real eclipse events from fake ones. NASA has information on many events.

Bus Scams

Traffic will likely be very heavy on any road between a major city and the eclipse path. A bus might sound like great option, but be careful you don’t make a reservation only to end up without transportation. Make sure you deal directly with a bus or limo company to avoid scammers using a legitimate business as a front. Go to BBB.org to look for Accredited Businesses and read reviews and complaints before you book.

This month’s eclipse may be a rare chance to see an extraordinary astronomical event right in your backyard. That urgency and unique opportunity are what can make scams successful. Remember to do your research and always trust your instincts — if something seems too good to be true, it probably is.

If you are the victim of a scam related to the eclipse, you can go to BBB.org/scamtracker to file a scam report.

Source

No secret bank accounts to pay your bills

by Colleen Tressler

Another day, another scam. Case in point: the Federal Reserve Bank of New York reports that scammers are telling people they can pay their bills using so-called “secret accounts” or “Social Security trust accounts” and routing numbers at Federal Reserve Banks. In exchange for personal information, like Social Security numbers, people get what they think is a bank account number at a Federal Reserve Bank. But this really is just a way to get your personal information, which scammers can then sell or use to commit fraud, like identity theft.

It’s good to keep in mind that people do not have accounts at Federal Reserve Banks. Only banks can bank at the Federal Reserve. But what happens if you try to use this “secret” account? Well, the Federal Reserve Bank will deny the payment, since you don’t really have an account there. Once the payment is rejected, you’ll be notified that you still owe the money – which is about when you might figure out that this was a scam. At that point, you may owe a late fee or penalty to the company you thought you were paying. You also may owe fees to your bank for returned or rejected payments.

If you see a video, text, email, phone call, flyer, or website that describes how you can pay bills using a Federal Reserve Bank routing number or account, report it to the FTC. It’s a scam. And remember: never give your credit card, bank account, or Social Security number to anyone who calls or emails and asks for it – no matter who they say they are.

False promises from a work-at-home scam

by Andrew Johnson

It’s hard to pass up a job opportunity that promises a large income and the flexibility of working entirely from home. Especially when the opportunity appears at the top of your online search results and includes video testimonials of success stories, making it seem legitimate. The problem is, most of these job opportunities are scams and won’t deliver on their promises.

Today, the FTC announced that a federal court put a temporary stop to a work-at-home scam that failed to live up to its promises. According to the FTC, Work At Home EDU made false claims that people could earn “hundreds of dollars, per hour from home, without any special skills or experience” by paying for a $97 work-at-home program. Once people paid, they were told that for $194.95 more, they could buy the advanced program and earn a whopping six figures a month. Unfortunately, none of it was true.

If you’re looking to work from home, here are some questions to ask to help you determine if a program is legitimate:

  • What tasks will I have to perform? Are any other steps involved?
  • What is the total cost of this work-at-home program? What will I get for my money?
  • Will I be paid a salary or commission?
  • Who will pay me? When will I get my first paycheck?
  • What is the basis for your claims about my likely earnings? What documents can you show me to prove your claims are true before I give you any money?

Before you hand over any money, also make sure you know what information you’re entitled to under the FTC’s Business Opportunity Rule. Doing an online search of the company’s name with the words “complaint,” “reviews,” or “scam” also can be a good way to hear what others have to say.

Source

Payments you didn’t authorize could be a scam

by
Rosario Méndez
Attorney, Division of Consumer & Business Education, FTC

Usually, when I pay with a check, I write it out and sign it, or I direct my bank to send it on my behalf. But what if a check is drawn on my account but I didn’t write it, sign it, or tell my bank to send it? It can happen if someone has your bank account number: they can use your number to create a check that takes money out of your account. Now, if you’d already agreed to the charges, there’s no problem. But what if you didn’t? That means this check is part of a scam – which is what the FTC says happened in a case announced today.

The FTC sued several companies and individuals for allegedly taking millions of dollars out of people’s accounts using remotely created checks – without the account owners’ authorization. The defendants had websites and made telemarketing calls that offered short-term loans and cash advances to people with bad credit. To get access to that money, people gave their bank account information. But the FTC says the defendants actually signed people up for online discount membership clubs – and charged for them. People had not agreed to that, and it only made their situations worse. When people complained to the company, the FTC says the defendants lied to confuse people into thinking they had, in fact, approved those charges.

Here are three things you can do to .

  • Stop before you put your account information in a website. Ask yourself: who, exactly, am I dealing with? Can I trust them? What will they do with my information? Dishonest people may use your bank or credit card information to take your money, or sell your information to others who’ll do the same.

Review your bank account and credit card statements carefully. Check for charges you don’t recognize, remember agreeing to, or that you didn’t authorize – especially if you recently applied for a loan or credit.Tell your bank or credit card company immediately if you see a check or charge you don’t recognize. If the unauthorized charge is part of a scam, telling your bank might help stop the scammers.

Source

The Internet, the Deep Web, and the Dark Web

If you’re into computer security at all you may have heard of terms like “Deep Web” and “Dark Web”. The terms can be confusing so here are the basics:

  • The Internet: This is the easy one. It’s the common Internet everyone uses to read news, visit Facebook, and shop. Just consider this the “regular” Internet.

  • The Deep Web: The deep web is a subset of the Internet that is not indexed by the major search engines. This means that you have to visit those places directly instead of being able to search for them. So there aren’t directions to get there, but they’re waiting if you have an address. The Deep Web is largely there simply because the Internet is too large for search engines to cover completely. So the Deep Web is the long tail of what’s left out.
  • The Dark Web: The Dark Web (also called Darknet) is a subset of the Deep Web that is not only not indexed, but that also requires something special to be able to access it, e.g., specific proxying software or authentication to gain access. The Dark Web often sits on top of additional sub-networks, such as Tor, I2P, and Freenet, and is often associated with criminal activity of various degrees, including buying and selling drugs, pornography, gambling, etc.While the Dark Web is definitely used for nefarious purposes more than the standard Internet or the Deep Web, there are many legitimate uses for the Dark Web as well. Legitimate uses include things like using Tor to anonymize reports of domestic abuse, government oppression, and other crimes that have serious consequences for those calling out the issues.Common Dark Web resource types are media distribution, with emphasis on specialized and particular interests, and exchanges where you can purchase illegal goods or services. These types of sites frequently require that one contribute before using, which both keeps the resource alive with new content and also helps assure (for illegal content sites) that everyone there shares a bond of mutual guilt that helps reduce the chances that anyone will report the site to the authorities.

Nanny and Caregiver Imposter Scams

by Delonda Scott

Are you looking for a nanny or caregiver job? Do you search for these jobs on websites such as care.com or sittercity.com? If so, then you should look out for nanny or caregiver scams.

Here’s what they look like. Scammers send messages pretending to be interested in hiring you for a job as a nanny, caregiver, or pet sitter. But first, your new “employer” asks you — with a heartfelt plea — to accept and cash a check. The scammer tells you to keep part of the money, for you (and your labor), and send the rest to a supplier to pay for medical equipment and other special items required for the job. What really happens? The check is fake (and will bounce), the money you send will go to the scammers, and you will owe the bank for the money you withdrew. Oh and there’s no job.

People who are legitimately looking for help will never ask you to pay for the promise of a job. They’ll also never ask you to deposit a check and send the money to someone else. So, if you get this kind of offer, stop — and then tell the FTC.

Source