I admit this has not been my best gift shopping year. I tried, but with the pandemic, I limited my shopping outings, and I don’t like shopping online for obvious reasons. My new mantra is “How about no gifts this year and we all give the money we would have spent to our favorite charities?” 

Even so, there are still gifts to buy, and an easy way to check that person off your list is to buy a gift card. 

Scammers know this and are taking advantage of it. Fake websites have been developed that mimic legitimate retailer websites to make it easy for you to buy a gift card. Scammers also are using phishing emails and texts to alert individuals that they have received a gift card for the holiday and to “click here” to redeem it. 

Here are a couple of tips for giving and getting gift cards during this holiday season: 

  • If you purchase a gift card, make sure it is from the actual retailer.
  • Be wary of buying gift cards online from other sites, such as auction sites or reseller sites.
  • When you purchase a gift card for someone, tell them you purchased it.
  • Don’t click on any texts, email links or attachments that purport to redeem a gift card.
  • Keep receipts of purchases of gift cards for proof of purchase in the event there is an issue.
  • Be wary of any emails or texts requesting that you purchase gift cards for someone.

Happy holidays and safe shopping. I still like the charity giving idea…

Cyber criminals are taking advantage of the increase in online holiday shopping due to the pandemic. They know people are buying gifts online and sending the packages to the recipients. Often, the recipients do not know they are receiving a gift as it is intended to be a surprise. 

Cyber criminals have stepped up their attempts to infiltrate personal devices and company systems through phishing emails and texts that spoof well-known carriers, such as UPS and FedEx. The email or text looks like a real communication from UPS or FedEx as it includes the company logo and tells the recipient that a package is on its way, but that the user needs to either update their delivery preferences or can check the delivery status by “clicking here.” It’s that “clicking here” instruction that dupes users into clicking on the link (even when they know they shouldn’t), which then infects their device or the system with malware or ransomware. 

We all love to get presents and packages. If you are sending a package or gift to someone, let them know that it is on the way. If you receive a message from a carrier that you weren’t expecting, be cautious and wicked paranoid about clicking on any links or attachments, just as you should with any other suspicious email or text.

Holiday shopping has started in earnest following Thanksgiving. Statistics show that with the pandemic, more shopping will be done online this year than ever before. We provided some tips last week, but I had an opportunity since then to participate in an interview and a podcast on the subject and want to pass them along to provide additional tips for the holiday shopping season. 

The first is a Bloomberg article that can be accessed here. 

The second was a podcast with Legal Talk Today titled “Safe Shopping on Black Friday” which can be accessed here.

Happy holidays and safe shopping!

I have done more online shopping this year than ever before, and I know that I am not alone. With the holidays approaching, this will only increase because of the pandemic, and hackers and fraudsters know it. 

A recent report by GBG entitled “GBG State of Digital Identity: 2020,” states that 47 percent of individuals have open up a new online shopping account, 31 percent have opened a new social media account and 35 percent a new online bank account in 2020. In addition, one third of consumers 75 years or older have opened a new online account in 2020.

Additional depressing statistics from that report states that one in five individuals have been affected by identity fraud this year and were informed that their personal information has been exposed following the data breach. Therefore, one third of consumers have become more aware of and consumed about fraud and believe their personal information is exposed on the dark web.

GBG estimates that during the upcoming holidays, each online retailer will have to combat an average of 20,000 fraud attempts. 

With these statistics in mind, a recap of tips to think about to protect yourself while online shopping during this holiday season may be helpful: 

  • Be wary of emails with unbelievable sales that ask you to click on embedded links or attachments
  • When shopping online, visit the retailer’s actual website instead of a link that has been provided to you through an email
  • Use a credit card and not your debit card for all ongoing shopping
  • Use a dedicated credit card for all online shopping so if there is a compromise of that credit card it is limited to that one credit card
  • When asked if you want the online shopping site to save your credit card number, click “no thanks”
  • Be wary of gift card promotions or requests
  • Watch your credit card account statements closely
  • Check your credit report frequently

During this holiday season, support your local retailers, shop safely and have a happy, safe and healthy Thanksgiving.

Just as ending a relationship with an email or a text message is bad form, employers don’t usually terminate employees with an email. Nonetheless, since a message that appears to address a termination is so drastic and final, it is hard to resist opening it, if only to see if your severance  is mentioned in the email.

Hackers know that we are curious by nature, so they have created a new phishing scheme to take advantage of that to get into a target company’s networks. The scheme works like this: an email is sent to an employee from an authority in the Human Relations department stating that the individual has been terminated. An attachment to the email provides further information about the termination and the severance payout, which appears to be on Google Docs. When the victim clicks on the attachment, they are directed to a fake Google Docs page and told to click on another link. When they click on that link, they are directed to a URL to download a file.

To make the download look totally legitimate, a fake security pop-up is presented to the user asking if the user is sure s/he wants to download the file. We’ve all seen those—that is good security. That security pop-up would not be included if it were a malicious email, would it? Yes, that is what they want us to think. When the user is lured into clicking on the file, the user unknowingly downloads either a Bauer loader malware or a Bazar backdoor. Bauer has been used to deliver ransomware such as Ryuk and the Bazare backdoor attempts to gain access to networks. This information is all thanks to the invaluable research done by Area 1 Security researchers.

 Tips to take away:

  • Be wary of termination emails—if you receive one, it is probably fake
  • If you really are terminated, Human Resources will get in touch with you one way or the other
  • Continue to be vigilant about phishing schemes and spoofing campaigns using executives’ identities
  • Think twice before you click or say “I agree”
  • Don’t open any attachments or click on any links that you are not expecting

Pick up the phone to confirm suspicious emails, links or attachments.

Today on Veterans Day, we thank all veterans for their service and dedication to our democracy.

Unfortunately, it is well-known that veterans are targeted with scams, so providing tips today to prevent scams against veterans is timely.

The Federal Trade Commission (FTC) has provided tips for veterans to avoid scams, which can be read here.

 The tips include:

  • Never pay to be part of a clinical trial, or to find out about one
  • Be wary of robocalls saying you overpaid utility bills
  • Be wary of offers to help pay your student loan debt
  • Consult http://www.militaryconsumer.gov/ to avoid known scams against veterans

Let’s all help our veterans avoid becoming the victim of a scam and thank them for their service every day, not just today.

The misinformation on social media about the election results (and other topics) is rampant. Social media companies like Twitter and Facebook are struggling with the balance between the First Amendment right to free speech and false information or exaggerated reports on their platforms and are hiding or flagging those they deem to be false or misleading.

Misinformation and false information does not help anyone get to the truth. Getting news from reliable sources and news outlets, instead of through social media platforms and websites, is usually more reliable because there are standards in the news industry that must be followed by major news organizations regarding content.

In addition, going to unreliable websites to obtain information may put you at a higher risk of a cyber-attack. Cyber criminals and foreign adversaries develop fake websites and when individuals click on such a website, they introduce malware or ransomware into the system.

Don’t be fooled by false or misleading information on social media platforms or websites. Go directly to the source to stay informed and to stay cyber-safe.

The Federal Trade Commission (FTC) has launched ReportFraud.ftc.gov so consumers can report fraud directly to the FTC in a more “streamlined and user-friendly way.” According to the FTC, the new website will allow consumers to submit reports to the FTC more easily, and consumers will receive “next steps from the FTC with advice on what to do based on their particular report. The FTC has more information available for consumers, including a new video explaining how the site works.” 

The site is also in Spanish at ReporteFraude.ftc.gov.

Binary Check Ad Blocker Security News

It has been widely reported that hackers are taking advantage of the pandemic to perpetrate scams and frauds. We have seen attacks against workers of companies through phishing emails that include an attachment or link offering information or access to specialized treatment for COVID-19 to lure people to click on them. Once they click on the link or attachment, the attacker infects the system with malware or ransomware. Cyber criminals know that people are concerned about the coronavirus and looking for more information to protect themselves and their family members, and they also are preying on the distraction of working from home.

It has become such a problem that the Department of Justice (DOJ) instructed the National Center for Disaster Fraud (NCDF) to gather coronavirus-related complaints from the public and assist with information sharing about scams. The NCDF has received more than 76,000 tips on COVID-19 related wrongdoing, and the FBI’s Internet Crime Complaint Center has received more than 20,000 tips about suspicious websites and media postings. This doesn’t include the successful phishing campaigns using COVID-19-related information to trick people into clicking on malicious links or attachments.

The United States Attorney’s Office for the Western District of Louisiana issued a reminder this week for “members of the public to be vigilant against fraudsters who are using the COVID-19 pandemic to exploit American consumers and organizations…In particular, the department is warning the public about scams perpetrated through websites, social media, emails, robocalls, and other means that peddle fake COVID-19 vaccines, tests, treatments, and protective equipment, and also about criminals that fabricate businesses and steal identities in order to defraud federal relief programs and state unemployment programs.”

In addition, the notice states “Moving forward, the department also is concerned about, and will aim to deter and prevent, attempts by wrongdoers to prey upon potential victims by leveraging news about anticipated approval of a COVID-19 vaccine or about the potential enactment of new disaster relief bills that extend or expand upon CARES Act relief.”

The notice is a good reminder to each of us personally as well as employees of the continued threat and to need to remain vigilant to combat these scams. The DOJ “encourages the public to continue to report wrongdoing relating to the pandemic to the NCDF and to remain vigilant against bad actors looking to exploit this national emergency.”

Late last week, October 9, 2020, the U.S. Attorney’s Office for the Northern District of New York issued a warning to the public entitled “Internet Predators: Warnings & Prevention for Families During the Pandemic and Beyond”  which is a must read for parents, teachers, families, and frankly, everyone.

Warning: it is a scary read in which the FBI, Department of Justice, Department of Homeland Security, United States Marshals Service and the National Center for Missing and Exploited Children (NCMEC) “warn the public of increased risks to children and teens from online sexual predators. In an era where children are spending more time on the Internet, it is essential that parents, guardians, educators and trusted adults know the risks and how to prevent exploitation.”

 The warning outlines how, during the pandemic, children are online more than ever before. They are downloading and using apps that parents are unable to monitor, and exploiters know how to use social media and online platforms to target children and teens. 

The warning states “[W]e must all educate ourselves and talk to our children about the risks inherent in the open access the Internet provides. Talk to your kids about what sites they are visiting, what apps they use, whom they are texting and messaging, what kinds of pictures they take of themselves, and what kinds of pictures other people send to them. Encourage them to share with you anything makes them uncomfortable, whether an image, a message, or a solicitation.”

 It also provides a list of resources for consideration:

  • NetSmartz has a number of websites with tool kits, games, videos for all ages, PowerPoints for educators, tip sheets and more. Go to NetSmartz.org
  • Homeland Security Investigations and NCMEC just launched their SafetyPledge campaign, encouraging parents to pledge to talk with their children about this threat. Their website includes a tool kit packed with information. Go to SafetyPledge.org
  • The Federal Bureau of Investigation’s website, entitled Safe Online Surfing, has resources categorized from 3rd grade through 8th grade, for teachers and students. Go to SOS.FBI.gov

The alert reminds all of us to educate children and each other about the risks to children and teens when they are online. October is Cybersecurity Awareness Month, and this is a good reminder to revisit conversations about online activity with the children and teens in our lives.