Category Archives: Security

Don’t save your credit card data in online shops

Online shops such as Amazon and eBay track many different types of metrics, one of the most important being “conversion rate”. This means how many of their visitors end up buying a product from the website.

They’ve discovered you can increase the conversion rate by remembering a costumer’s payment data.

From a cybersecurity standpoint however this is risky business, since if the online shop gets hacked, then they might reveal a huge amount of stored credit card data, including yours.

Mortgage Relief Scam

Behind on your mortgage and looking for help? Check out these tips and learn how to avoid mortgage relief scams.

If you’re hiring a company to stop foreclosure or reduce your mortgage payments, here are some things to keep in mind:

  • Don’t pay an up-front fee. Unless they’re attorneys following specific rules, it’s illegal for companies to charge you until they’ve negotiated a loan modification and you’ve accepted it. So, don’t pay them until they fulfill their promise.
  • If a company claims attorneys will be helping you, check it out. Make sure they’re licensed to practice law in your state. Some companies falsely claim to be working with attorneys to get your business and charge fees in advance.
  • Beware of companies that tell you to stop contacting your lender. You should always feel free to contact your lender directly to see whether they can offer you additional options. Companies that tell you otherwise are breaking the law.
  • Find free, reliable mortgage assistance. To contact a free, HUD-approved housing counselor, visit the U.S. Department of Housing and Urban Development or HOPE NOW


New phishing scam targets Netflix customers

Photo (c) mphillips007 – Getty Images

If you receive an email from Netflix informing you that your credit card no longer works, be very careful how you respond.

Mailguard, an Australian cyber-security firm, is warning that fraudsters are using “brandjacking” emails in hopes of capturing consumers’ credit card information.

Brandjacking is an increasingly common tactic used in phishing scams. The email is designed to look like it’s coming from a well-known institution. It might be a major bank or a utility company.

In this case, the bogus email appears to come from Netflix — a video streaming service with millions of subscribers worldwide — and at first glance the email appears to be the real thing.

Payment declined

PhotoIn bold letters at the top, the email informs the recipient that payment for Netflix services has been declined and that credit card information must be updated.

There is a button to click to update credit card information. But the link takes you to the scammer’s website where you are asked to enter credit card information, which will then be sold on the Dark Web.

This scam is dangerous because so many people who are receiving this email are Netflix customers. Their first response may be to click the button and provide the requested information.

But there is a safer course of action. Should you receive one of these emails, type the Netflix URL into your browser and log into your account. After you’re signed in, click on your personal icon in the upper right corner of the page, then click on “account.” Then click on “update payment info.”

If there is a legitimate problem with your credit card, you’ll see a message there informing you of that fact. If you’re still not sure, you can re-enter your credit card information or enter the information for a different credit card.

Tell-tale clues

A closer look at the email, however, might save you the trouble. If the email mentions that your American Express card was declined, but Netflix uses your Visa, then the email is an obvious fake.

Also note the spelling of certain words. Emails sent to customers in the U.S. should refer to the “Help Center,” not the “Help Centre.”

Phishing scams can take different forms. Besides directing a potential victim to a phony website, they can also contain attachments that can unleash malware, including ransomware.


Say NO to websites which try to install stuff on your device

If you’re on a website that tries to asks you to install something in order to run properly or for any other reason, leave it immediately!

Here are two examples of what you may come across while you surf the web:

Ask yourself this: why would a website need to install something for you to access it?

The best thing to do is to ignore all the download options that come your way. You should be the one to choose which software you want to install, when to install it and why to install it.

Vishing, is like phishing, except they call you

Vishing is a social scamming method similar to phishing, except that scammers will try to trick the victim through a telephone call or even an Internet call such as Skype or FaceTime. As in other forms of phishing, the scammers target important personal information such as credit card data, passwords, emails and so on.

Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. It is sometimes referred to as ‘vishing‘, a word that is a combination of “voice” and phishing.

My Account Was Hacked – Here’s How to Control the Damages

In your digital life, it’s quite possible that you may experience a cyber attack. Many of us have had this experience, either in mild forms (adware, browser hijackers) on in more impactful ways (banking Trojans, ransomware, etc.).

Given the frequency in data breaches, your private data could also become involved in such a breach, independently of your actions

So it’s important to have an action plan for when this happens, a plan that can guide your steps and help you manage the panic.

We actually created a guide for that particular situation, which I honestly hope you’ll never experience. It includes advice on how to behave, how to act and what to verify to ensure that your risks are minimized.

I hope you find it useful!

1. First of all, this is not a good time to panic. Take a deep breath and keep your calm.

The opposite, not caring, nor taking any measures, isn’t an option either.

You should be aware that things could quickly escalate in an unwanted direction. It doesn’t matter if you think the service is unimportant to you.

The breached data can be used to hack into other accounts of yours (especially if you use the same password for multiple accounts – please don’t), identity theft, financial damage, blackmailing and cause all sorts of other unwanted headaches.

2. Log into the account of the service that was hacked as soon as you find out about the breach.

Glance over the settings for your account, see if there’s anything fishy or changed there.

If you can’t access your account anymore, reset the password via email.

If you used a fake email for it, or you don’t have access to that email account anymore, you’ll have to contact the administrators of that website and prove it’s your account.

Keep out

3. Change the password for that service. Use a strong, unique password.

If you’ve been reading our blog constantly, you most likely know how much we insist on this issue: never, ever reuse a password. You should have unique, strong passwords, that you change periodically.

However, if it’s too late for this and you recycled the password from the compromised website, change the password for all other services.

You can use a password generator, such as Norton Identity Safe Password Generator, in order to create strong passwords.

In the future, prepare for the worse and make sure you don’t reuse the passwords, in order to minimize the impact in case of a hacked account. You wouldn’t use the same key for your house and for you car, would you?

Remember to treat the answers to the password security questions the same as you treat your password. Don’t use real answers, instead generate strong passwords. The real answers can be easily discovered by attackers.

And never keep your passwords in a file on your computer, mail or cloud. Instead, you can use a passwords management application, like LastPass or Dashlane. This way, you won’t have to memorize 30-40 strong passwords, with all their capital letters and symbols and numbers, passwords that you regularly change. You’ll only have to remember the master password for your LastPass account, your other passwords will be safely encrypted.


4. If available, activate two-factor (or more) authentication.

The two-factor authentication (or two-steps verification) will add an extra layer of security, using your mobile phone. It works as a secondary authentication method, besides your password.

It will send you a one-time, unique digit code by SMS or generated by an authentication app installed on your phone.

Gmail, Twitter, Facebook and Amazon are among the ones who offer this option. You can find an extended list on

How your online accounts are interconnected

5. Change the password to your email or any other linked accounts.

As soon as you find out about the breach, change the password for the email you used to create the account for the service that got hacked.

Also look over the email settings, especially the Email Forwarding, Filters, Reply-to Address and Security Questions, to make sure that everything’s in order. An attacker will try to leave some kind of a back door opened, to come back into the account.

Your email address is most likely tied to many of your online accounts. If any of those is compromised, you’ll have to change the password to any other service that was remotely linked.

Also de-authorize all the third-party apps, that use your account.


How to see where shortened URLs take you (before clicking)

Shortened URLs, such as and are tricky, because you never know where you might end up. This is rarely true for entities you trust and follow closely, but cyber criminals can abuse URL shortners to redirect your traffic to malicious online locations.

If you want to check the link and see where it may lead before click on it, copy and paste it here:

How scammers make you pay

Here’s one of the top questions we get from people: Is this a scam? Whatever the “this” looks like, here’s our best answer to that question: Did someone say you can only pay by wiring money, putting money on a gift card, or loading money on a cash reload card? If they did, then yes: that is a scam.

Here’s a video that has, in a little more than a minute, some of the scam scenarios we see – and what you should do about them.

Whether someone tells you to pay to claim a prize, help someone out of trouble, or deal with tax issues from the (so-called) IRS: nobody legitimate is ever going to say you have to pay by wiring them money, getting iTunes cards, or putting money on a MoneyPak, Vanilla Reload, or Reloadit card.

So: watch the video. And if anyone ever insists you pay in one of those ways, tell the FTC. Because that will be a scam we want to know about.


Careful when clicking Accept (Adware)

The truth is that no one reads the Terms and Conditions. We just scroll and click “Accept”, so we can get to the point where we can use the apps we install and do what we need to do.

However, when using new software whose trustworthiness you’re unsure of, it’s best to at least glance over the terms and conditions before clicking “I agree” or “Accept”.

Online crooks sometimes slip adware into otherwise safe software installers, and they bury it in the fine print of the terms and conditions. Since no one reads it, users unknowingly install adware that can potentially open up their systems to other cyber threats.

So please only install software from trusted sources and be careful of what it can hide.

Easy money scam

Would you pay $49 for a “secret code” to make huge sums of money automatically? That’s what the FTC says the fraudsters behind the Mobile Money Code scam promised. In fact, the FTC alleges that the defendants and their affiliate marketers were out to rip people off.

In a case announced today, the FTC says the defendants took more than $7 million and provided nothing more than software products that showed people how to create a mobile-friendly website.

The FTC says that the defendants paid a network of affiliate marketers to drive people to its websites. These affiliates used spam emails to push false claims and deceptive marketing. According to the FTC, they included:

  • Fake testimonials — “real life” rags to riches stories… that were really from paid actors
  • Outrageous claims — “You can make $1,000 to $5,000 a day just by having this app running in the background”
  • High-pressure upselling — for more money you could have a “ready to go” business worth over $250,000
  • Subject lines like “In transit: Payment into your account”
  • “Hassle-free” money-back guarantees they did not honor

If someone promises you fast and easy money, it’s a scam. Do you feel yourself wanting to believe it? Watch out! That’s a normal reaction scammers count on. Do not take the bait. Slow down. Search the company’s name online with words like “scam” or “complaint.” Talk to a friend, and help others by reporting what you’ve spotted to