Category Archives: Social Media

A costly low-cost trial offer

by Rosario Méndez

You’ve probably seen online ads with offers to let you try a product – or a service – for a very low cost, or even for free. Sometimes they’re tempting: I mean, who doesn’t want whiter teeth for a dollar plus shipping? Until the great deal turns into a rip-off. That’s what the FTC says happened in a case it announced today.

The defendants sold tooth-whitening products under various names, and hired other companies to help them market the products. These affiliate marketers created online surveys, as well as ads for free or low-cost trials – all to drive people to the product’s website. What happens next is so complicated that we created an infographic to explain it.

In short, once people ended up on the product’s website, they filled in their info, put in their credit card number, and clicked “Complete Checkout.” When people clicked this button they not only got the free trial of the one product, but were actually agreeing to monthly shipments of the product at a cost of $94.31 each month.

Next, another screen came up and people were asked to click “Complete Checkout” again. But the second screen wasn’t a confirmation screen for the trial of the product. Instead, by clicking this button people were actually agreeing to monthly shipments of a second product. So, what started as a $1.03 (plus shipping) trial of one product wound up being an unexpected two products at a very unexpected $94.31 each – for a total monthly charge of $188.96 plus shipping.

Trial offers can be tricky – and there is often a catch. If you’re tempted, do some research first, and read the terms and conditions of the offer very closely. Sometimes, however, marketers might simply try to trick you – and it can be hard to spot. Look again at the infographic…would you have known what charges were about to hit your credit card? If you use your credit card for a low-cost trial offer, be sure to check your credit card statement closely. If you see charges you didn’t authorize, contact the company and your bank immediately. And then tell us about it.

Scammers impersonate the National Institutes of Health

by Cristina Miranda

Consumers are reporting another government imposter scam – this time the scammers are pretending to be calling from the National Institutes of Health (NIH). According to reports, callers are telling people they’ve been selected to receive a $14,000 grant from NIH. To get it, though, callers tell people to pay a fee through an iTunes or Green Dot card, or by giving their bank account number.

If you get a call like this from someone asking you to pay money to get money, stop. Hang up the phone. The federal government will not call you to give you a grant. NIH does give grants to researchers, but they have to apply for them, and those grants are for public purposes, not for personal use.

Also, the federal government will never call you, demanding that you give your personal or financial information – like your bank account or Social Security number. Has a caller ever asked you to wire money, cash a check they send you (and send them money), or use a prepaid card to pay someone? Those are all red flags. Nobody legitimate – and certainly not the government – will ever ask you to pay in any of those ways.

For more tips on avoiding government grant scams, check out NIH’s handy guide. Did you send money to an NIH imposter? Get in touch right away with whoever you used to send the money (your bank, MoneyGram, Western Union, iTunes…) and report the fraud. You might not get your money back, but you certainly won’t if you don’t report it. And then tell the FTC.


What your hacked account is worth on the Dark Web

Next time you sign up for a new website and it asks for a password, or your favourite social media site nags you for a phone number, or a site you use every day pesters you to set up two-factor authentication, take a pause.

What’s going through your mind?

Are you getting ready to jump at the chance to tighten up your security? Itching to drum up another impenetrable 14 character password? Reaching for your password manager? Pulling out your phone ready to read the soon-to-arrive verification code?

Hey, you’re a Naked Security reader so perhaps you are.

But what about the next person? Many of them won’t be doing any of those things. They’ll pass up 2FA and stick with their go-to password of 123456 or qwerty, even though they know what a strong password looks like.

They’ll do it and stay safe, in their own mind at least, because Elliot Alderson and his ilk aren’t interested in their Netflix account.

Hackers in popular culture are ideological, FBI-dodging cyber-swordsmen who penetrate the armour of sophisticated adversaries using precise rapier thrusts.

The problem (of course) is that real life is messy, dull and rarely telegenic. In the real world we have to worry about real criminals who aren’t carrying rapiers and aren’t interested in kudos or ideology.

The adversaries we have to worry about when we’re choosing our Twitter or eBay passwords are in it for the money and their approach isn’t so much cyber-fencing as carpet bombing – it’s untargeted and it doesn’t matter who gets hit because it’s “how many?” that matters.

Our accounts aren’t compromised one by one, they’re cracked en masse or exfiltrated in the millions and then bought and sold online.

According to account monitoring company LogDog, who recently took a fresh look at this burgeoning part of the underground economy, it’s such a lucrative trade that there are Dark Web sites selling nothing but logins, not even credit cards.

There are now stores completely dedicated to selling only online accounts, without even offering credit cards for sale. Fraudsters, it appears, have discovered the financial potential in targeting various online services instead of just banks and credit card issuers.

As you’d expect in any marketplace, prices fluctuate based on supply and demand, and the value that criminals can extract from the accounts they buy. But everything has a price:

While Paypal has, and still dominates … it is now possible to find Amazon, Uber, eBay, Netflix, Twitter, Dell and many more … Any account that can generate fraudsters money, or even help them receive a service for free, has a demand in the cyber underground.

…Uber, for example, are sought after by fraudsters simply because they provide “free taxi rides”. Demand for adult entertainment accounts is high due to interest for self ­consumption.

…eBay and Amazon are sought after … to steal money or credits from these accounts … Compromised dating site accounts are also often exploited for romance scams.

And here, according to LogDog’s research, is what your account is currently worth on the Dark Web:

Service Min. Price Max. Price
Brazzers $1
Yahoo 70c $1.20
Gmail 70c $1.20
Dell 80c $2
Uber $1 $2
Netflix $1 $2
Walmart $2.50
Twitter 10c $3
Mate1 Premium $4
Amazon 70c $6
Ebay $2 $10
eHarmony $10
PayPal $1 $80

How to get through college with your data unscathed

College is a challenging, but rewarding time of our lives. But it’s also a time when youngsters can be reckless more frequently.

To make sure that your digital life doesn’t take a hit, here’s a useful checklist of what you should have in place:

  • Data backups (yes, that’s more than one)
  • Strong passwords (never reused)
  • Avoiding online piracy (not an impossible feat)
  • Strong cyber security awareness (phishers be phishing’)
  • Never sharing your credentials
  • Installing software updates as soon as they’re available (or automating them)
  • Using robust security software to protect your data from ransomware and other threats.

Information Sharing

Information sharing is essential to the protection of critical infrastructure and to furthering cybersecurity for the nation. As the lead federal department for the protection of critical infrastructure and the furthering of cybersecurity, the Department of Homeland Security (DHS) has developed and implemented numerous information sharing programs. Through these programs, DHS develops partnerships and shares substantive information with the private sector, which owns and operates the majority of the nation’s critical infrastructure. DHS also shares information with state, local, tribal, and territorial governments and with international partners, as cybersecurity threat actors are not constrained by geographic boundaries.


Scams in the name of charity

Scammers are creative, cunning and cruel — and they often mix in a little truth to spice up their big lies. This scheme shows just how low they can go.

Government imposters claiming to be with the FTC, or another agency like the fictitious “Consumer Protection Agency,” are calling to inform people they have won a huge sweepstakes from the Make-a-Wish Foundation, a well-known charity for very sick children. To get the money, the callers say, the “winner” must first pay thousands of dollars to cover taxes or insurance on the prize. The call may even come from a 202 (Washington, DC) area code to appear credible — since the headquarters for the FTC and most federal agencies are in DC.

This is just a scheme using the well-known names of Make-a-Wish and the FTC to rob thousands of dollars from people. Once you wire money or send banking information, you will never see your money again.

Here are a few facts and tips to protect yourself and others:

  • If someone asks you to wire money or provide your bank account information over the telephone, it’s a scam.
  • Anytime you have to pay to get a prize, it’s a scam.
  • The FTC doesn’t oversee sweepstakes and no FTC staff is involved in giving out sweepstakes prizes. We do, however, go after sweepstakes scams like this one.
  • If an FTC case results in refunds, you can find the details at
  • The Make-a-Wish Foundation has information about this specific scam on its fraud alerts page.
  • If you encounter this or other scams, report it to the FTC at 1-877-FTC-HELP or
  • Talk to your friends and family about scams. Visit to find out how.

Link: Report

Remove past geo-tags from your social accounts

In one of our recent tips we approached the dangers of real time check ins on social network.

If it’s too late for that and you already have tons of check ins from your home, you also have the option to delete previous history location.

In Facebook you’ll have to do that manually for all the photos you uploaded and turn off Location for future posts.

In Instagram, you can Remove Geo-tag for all your uploaded pics.

No real time check-ins

Never check in when you are leaving the house for longer periods of time (such as holidays).

That includes no posting of flight tickets and holiday pics – at least not while you’re still away from home.

Something so common and apparently innocent can turn into a nightmare. There were plenty of cases of people who checked-in from their holidays, bragged about the wonderful places they’re visiting, only to come back home and find out that their house became the target of burglars.

You never know who else can benefit from the information you are sharing. You can never fully control and restrict who’s watching your social networks posts.

Common scams evolved into cyber scams

Benjamin Franklin used to say that in this world nothing is certain, except death and taxes. If he were alive today, he would most likely add social scams to the list.

Three common tricks you may come across in the digital world:

– Shocking news or fake celebrity news – Remember the saying “Curiosity killed the cat”? Cyber criminals will use anything that’s hot right then in the media, in order to capture your attention.

– Free stuff. Free mobile phones, free trips, free flight tickets, free beauty products. Always works!

– Urgency. Click here now, the discount is only available today, download this now or never, etc.

Privacy Awareness Week: A time to learn

by Melinda Claybaugh

APPA Privacy Week logo: Share with Care

Privacy Awareness Week is May 8-12, 2017. It’s an annual initiative of the Asia Pacific Privacy Authorities Forum that combines the efforts of privacy agencies in the region to share information about privacy practices and rules.

If you’ve been following this blog, you know the FTC has tips on how to secure your routers, IP cameras and ‘Internet of Things’ devices, protecting them from hackers and malware attacks. We’ve also reminded you about steps to take to control online tracking by advertisers, as well as how to protect your personal information when connecting mobile devices to a rental car’s infotainment system.

The FTC continues to stay up to date on technologies that affect your privacy. Last year, we hosted the Fall Tech Series, which examined smart TVs, drones, and ransomware. The agency issued the Internet of Things challenge, an invitation to the public to create an innovative tool to protect consumers from security vulnerabilities in connected devices. And in June the Connected Cars workshop will examine privacy and security issues in automated and connected motor vehicles.

The theme of Privacy Awareness Week 2017 is “Share with Care.” You can learn more about safeguarding your information online with the FTC’s information on computer security, protecting your personal information, and limiting unwanted calls, mail and email.

Asia Pacific Privacy Authorities (APPA)

Formed in 1992, APPA is a forum for privacy, security and data protection regulators to collaborate and exchange ideas. For more information about APPA and Privacy Awareness Week, visit