Category Archives: Spyware

Avoiding technical support scams

Cybercriminals don’t just send fraudulent email messages. They might call you on the telephone and claim to be from Microsoft. They might also setup websites with persistent pop-ups displaying fake warning messages and a phone number to call and get the “issue” fixed. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

  • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
  • Convince you to visit legitimate websites (like www.ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
  • Request credit card information so they can bill you for phony services.
  • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

“Remember, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.”

Ransomware re-do? Back up your files.

Based on early news reports, it’s possible that another widespread ransomware attack is sweeping the globe. It may spread using the same vulnerability that the WannaCry attack used in May, or it may be a new virus. Either way, if organizations don’t patch their software, they’re at risk. It’s crucial to keep operating systems and other software up to date.

If you’re a computer user, what else can you do to avoid losing access to your data because of a ransomware attack? Back up your files! Here’s a lighthearted reminder that backing up your files is serious business.

Link: FTC

Avoid skimmers at the pump

Skimmers are illegal card readers attached to payment terminals — like gas pumps — that grab data off a credit or debit card’s magnetic stripe without your knowledge. Criminals sell the stolen data or use it to buy things online. You won’t know your information has been stolen until you get your statement or an overdraft notice.

Skimmers are nothing new, but technology has made them smaller and harder to find. Sometimes, they’re even hidden inside a gas pump.

Here are tips to help you avoid a skimmer when you gas up:

  • Make sure the gas pump panel is closed and doesn’t show signs of tampering. Many stations now put security seals over the cabinet panel. This is part of a voluntary program by the industry to thwart gas pump tampering. If the pump panel is opened, the label will read “void,” which means the machine has been tampered with.

Photo credit: National Association of Convenience Stores (NACS) and Conexxus

  • Take a good look at the card reader itself. Does it look different than other readers at the station? For example, the card reader on the left has a skimmer attached; the reader on the right doesn’t.

http://www.kamloopsbcnow.com/files/files/images/skimmer%20compared.jpg

Photo credit: Royal Canadian Mounted Police in Kamloops, Canada

You can try to wiggle the card reader before you put in your card. If it moves, report it to the attendant. Then use a different pump.

  • If you use a debit card at the pump, run it as a credit card instead of entering a PIN. That way, the PIN is safe and the money isn’t deducted immediately from your account. If that’s not an option, cover your hand when entering your PIN. Scammers sometimes use tiny pinhole cameras, situated above the keypad area, to record PIN entries.
  • Monitor your credit card and bank accounts regularly to spot unauthorized charges.
  • If you’re really concerned about skimmers, you can pay inside rather than at the pump. Another option is to use a gas pump near the front of the store. Thieves may target gas pumps that are harder for the attendant to see.

If your credit card has been compromised, report it to your bank or card issuer. Federal law limits your liability if your credit, ATM, or debit card is lost or stolen, but your liability may depend on how quickly you report the loss or theft. For more information, read Lost or Stolen Credit, ATM, and Debit Cards.

Consider placing a fraud alert or a credit freeze on your credit report. This requires businesses to confirm your identity before approving applications in your name.

If you think you see a scam, talk with someone. Your story could help someone avoid that scam. Then report it to FTC.

Scammers don’t really give refunds

The FTC has been cracking down on deceptive tech support operations that call or send pop-ups to make people think their computers are infected with viruses. Scammers ask for access to computers, then charge people hundreds of dollars for unnecessary repairs. In Operation Tech Trap, the FTC and its partners announced 16 actions against deceptive operations, and the FTC temporarily halted the operations of several defendants.

Recently, a woman who lost money to one of the defendants in the FTC cases got a call from someone who claimed to be with a company the FTC sued. (It was a lie. In reality, the company has closed.) He said the company wanted to give her a refund. He asked her to give him access to her computer, fill out paperwork and buy a prepaid card. She knew that didn’t sound right, so she didn’t cooperate. And she contacted the FTC right away.

We’re grateful for her call, and want to share this warning: If you lost money to a tech support scam or other fraud, you might get a call from someone claiming to give you a refund, or help you recover your money – but only if you give them personal information or some money. Those calls are scams. Don’t give out personal or financial information to anyone who calls you, and never give them access to your computer. And then report the call to the FTC.

Do a winter cleaning through your mobile apps

Take a quick glance over your mobile apps, see what you have installed there.

  • Remove any apps you haven’t been using – they are vulnerabilities for your security and privacy.
  • Revoke permissions for apps that require access to sensitive information – why would a flashlight app request access to read your messages, for example?
  • Keep your apps update – this lowers the chances for malware to take advantage of their vulnerabilities.

And remember to never install apps from anywhere else but the official app store. In Android, there’s a setting that also doesn’t allow apps from third parties to be installed.

Enhance your smartphone’s security & privacy

Never leave your mobile phone unattended, without a security password in place. Activate your smartphone to auto lock the screen after a short period of inactivity, like 15 seconds.

4 digit PINs are the easiest to break, so you should skip using those and instead set a good password, similar to those you use for your online accounts. That means it’s long, random, with mixed lower and upper cases, digits and symbols.

Or draw a pattern.

Or, even better, activate fingerprint authentication, if that’s available on your device. It won’t be a secret, as we leave our fingerprints everywhere, but biometrics are the hardest to replicate.

New scams era – bigger, better, bolder

Do you remember the scam with the Nigerian prince who claimed to be rich and endangered and asked for your money?

Those scams never disappeared, they just evolved into bigger and more complex scams.

They now take the form of contests on social networks, with airlines that offer free tickets or Apple giving away free iPhones. Or videos and eBooks that claim to help you get rich in no time.

Three basic rules:

  • If it’s too good to be true, it probably is.
  • Nothing in this world is free.
  • Always check from at least three trustworthy sources. “Trustworthy” = official website, official social channel (look for the blue check mark), legit media or by directly contacting the company.

Stop measuring yourself against others

Stop comparing yourself to those around you.

So what if they don’t use two-factor authentication?
So what if they don’t pay for a trustworthy antivirus?
So what if they don’t update all their software or backup their data?

You should know better.

Don’t let them influence you or he measures you take in order to protect your data.

  • Use a strong, unique password for every website. Yes, that means you’ll have to install and use a password manager.
  • Set your smartphone to lock after a short idle time, and set it to require authentication for unlocking. If at all possible, use something stronger than a simple-minded four-digit PIN.
  • Never click links in emails or texts that seem to come from your bank, the IRS, or any other institution. If you think the message might be valid, log into your account directly, without using the supplied link.

No reckless clicking

You’ve probably heard about the study that shows how humans became so distracted because of computers and internet, that we are now competing with the attention span of a goldfish (and the goldfish will probably win in a year or two).

I don’t know how researchers ended up with this conclusion or how they measured it (perhaps they made it watch 50 Shades of Grey?), but I do know that it only takes one unfortunate click to end up with a malware infection.

Stuff not to click on:

  • Any short links, that you have no idea where they lead
  • Any emails or attachments that you never requested
  • Any shady Facebook apps (especially those who claim to let you see who visited your profile).

Don’t wait for bad things to happen

Most people wait for something bad to happen before they take any security measures. They either don’t realize the threats they expose themselves to, or just consider protection to be too consuming of time, money and comfort.

Unfortunately, nobody is and never will be safe online. Any of the online accounts that we use can be breached.

What if that lesson is too expensive to learn the hard way?

What would happen if you lost one of your accounts?

Or the data you had on them?

What if that data was sold? Or used to blackmail you? How much would that ruin your reputation?

If it’s too late and you’ve already been hacked