Tag Archive for Identity Theft

| November 14, 2022
Comments Off on 6 Things to Never Save on Your Mobile Phone

6 Things to Never Save on Your Mobile Phone

6 Things to Never Save on Your Mobile PhoneTwo out of every three people are addicted to their mobile phone. The average user touches their smart phone 2,617 times a day. It is no wonder that most people view their cell phone as detailed summary of their personal life. This convenience comes at a price. A recent from report from Kensington found that 70 million smartphones are lost each year, with only 7 percent recovered.

dangerous to your privacy and your walletThere are things you should never store in your cell phone. Readers Digest says that keeping valuable info on your mobile is dangerous to your privacy and your wallet. You open yourself up to an invasion of privacy, identity theft and straight-up theft. Here are some things you should not keep on your phone.

Your passwords

If you keep your passwords on your mobile, you are putting you privacy at risk. Even if you keep them in a note, a document or even in auto-fill on your mobile, you’re putting your data at risk. The article says if you lose your phone, someone might easily see your “cheat sheet.”  Because everyone snoops through mobile phones. Even if you store your passwords on your mobile phone they can end up stored in the cloud, still putting your accounts at risk. Instead consider a password manager such as Keeper, or LastPass. That way all of your passwords can be accessed by you using one strong master password.

Your face and fingerprints

don’t use biometrics to open your phoneIf you really want to keep your cell phone secure, don’t use biometrics to open your phone (or any of its apps or accounts). There are many reasons why biometrics like fingerprints don’t make you more secure. Facial recognition apps are more dangerous that using a password. The author says the simple fact is that a phone that requires a password to unlock it requires more steps to unlock. That makes the mobile phone more secure.

Your private photos and videos

You may have cleaned up your Facebook account, but what about your phone? What photos and videos do you store on your phone? If you have photos you wouldn’t want your spouse, children, or boss to see, then you shouldn’t store those photos on your smartphone according to the article. Media stored on your phone is saved in the cloud outside of your control.

Your naughty photos are one problem. Another is any photos containing private information. While photos of credit cards and ID can help you keep track of “what’s in your wallet,” they can also leave your information vulnerable to hacking. Again the photos are stored on the cloud. As with your naughty photos, Readers Digest suggests you store your pictures ID on a PC that only you have access to in a password-protected album.

Anything on your work phone

Do not save anything personal on an employer-provided mobileDo not save anything personal on an employer-provided mobile. There’s no such thing as a free lunch. The phone you were issued by your employer comes at a steep price: your privacy. You should have no expectation of privacy for anything you do on that phone. For your personal life the article recommends using a separate phone and phone number. One budget-minded option is a burner phone.

Your online bank account

Digital banking in the US is expected to grow from 197 million users in March 2021 to 217 million by 2025. But the convenience online banking affords—the ability to bank anywhere, anytime— comes at a cost: your privacy. Carrying your bank account with you on your phone means that you’re risking losing control of it in the event you lose your phone…or even lose track of an old phone that you no longer use they warn.

To manage the risk, you might consider avoiding doing your online banking on your phone. Instead, do it on a computer that never leaves your home. If you find that you simply must take your online banking with you wherever you go, just be sure to use a strong, unique password to unlock your banking app.

Your home address

Storing your home address in navigation app like Waze or Google Maps makes getting home from anywhere super-easy. But it can also leave you vulnerable. If a thief ends up with your phone, they can simply click on “home,” or “work,” and see what you’ve stored, and pay you a visit.

If you lose your mobile phone that are some steps you need to take according to Consumer Reports. As soon as you get your new mobile phone.

Use strong password protection on your mobile phone

Use strong password protectionThis is your first and strongest line of defense. You need a strong password, because one that’s easy to guess could unlock your phone and allow someone to override the biometric safeguards.

Skip the simple 4-digit PIN and instead create a strong password that contains a string of at least eight characters that include some combination of letters, numbers, and special characters that don’t form recognizable words or phrases, especially those that could be associated with you.

Password protection comes with another safeguard according to Consumer Reports. After several unsuccessful tries to enter a passcode, some phones will lock your device for a short period of time. This slows down attempts to access your phone. There’s also a setting on the latest Android phones that automatically erases all of your personal data after 10 unsuccessful log in attempts. Here’s how to activate it. Go to:

  • Settings | Lock Screen | Secure Lock Settings | and toggle the Auto Factory Reset option to switch it on. (The labels may vary slightly on other Android models.)

Enable location tracking

You must turn on the global positioning settings (GPS) in order to find a missing phone on a map. To enable this setting on an Android phone go to:

  • Settings | Security | Find My Device and toggle Find My Device.

Back up your photos and videos

Consider using a carrier-neutral service to back up your mobileConsider using a carrier-neutral service to back up your mobile. Apple’s iCloud or Android’s Google Drive may make it easier to retrieve your memories should your next phone be from a different carrier. Phone carriers, phone makers, and operating systems also offer free over-the-air backup for photos, settings, and more. These options can limit you if you select a new carrier for your next mobile phone.

Write down your phone’s unique ID number

Smartphones have a unique serial number known as an IMEI (International Mobile Equipment Identity) or MEID (Mobile Equipment Identifier). Unlike other information stored on the phone’s removable SIM card, these numbers are etched into its circuits and are difficult to alter. Your carrier already has this number and can use it to put the phone on a missing phone list. Some police departments ask for either of these numbers when you report a stolen phone. With the numbers they’ll be able to return a phone to you if it’s recovered. To find your phone’s unique IMEI or MEID number, use any of the following steps:

  • Dial *#06# from your phone. The number may pop up on your screen.
  • On an Android phone go to: Settings | About Phone. The number should be on that screen.

After the phone is gone, the sooner you act, the better your chances of retrieving your phone and securing your data. Here are key actions to take according to CR.

Seek and (possibly) destroy your mobile phone

erase the data on yourphoneIt is important that the minute you learn your phone is missing, you send it commands you think are appropriate. Time is of the essence because these next steps requires your phone to be on and have some battery life left.

As soon as possible, call or text your phone from another device. That might be all it takes if your phone is just misplaced nearby.

Then log on to your Find My Phone service from a secure device. For an Android phone, go to Google’s Find My Device in a browser. Use the service to make your phone play a sound. You can also lock the screen and display a message for someone who finds your phone. An honest person may come across your device and notify you via the contact info on the screen. If you think the bad guys have your phone, you can erase the data on it using Find My Device.

Report the Loss to Your Service Provider

Inform your mobile carrier that your phone has been lost or stolen. It can suspend service to prevent anyone from using the device on its network. They may also mark the phone as unusable even on a new carrier or with a different SIM card. Note that your device will still be usable over WiFi. You can notify your provider by going to one of its stores, calling, or logging on to its website.

  • AT&T: Call 800-331-0500 or go to AT&T’s Suspend page.
  • T-Mobile: Call 800-937-8997 or go to My T-Mobile, and in the My Line section click on your device name to find the Report Lost or Stolen option.
  • Verizon: Call 800-922-0204 or go to the Suspend or Reconnect Service page in My Verizon and follow the prompts.

Change Your Important Passwords

Once you realize your phone is in danger, go to a secure PC,  log in to every account you had on your phone (banking, shopping, email, etc.) and change your passwords. Start with your email account. Then change the financial and shopping accounts that have your credit card on file, such as Amazon or your bank. Next move on to social networks. If you’ve set up a password manager, this task will be easy.

Report the Loss to the Police and File an Insurance Claim

Notify the police. This not only launches an official recovery attempt but also helps speed up the process of making an insurance claim (if your covered). You might also need a police report to dispute fraudulent credit card charges, and some credit card issuers will reimburse you for a stolen phone.

Wipe your mobile phone anyway

malicious app or spywareIf you recover your phone You never know what malicious app or spyware someone may have installed while the phone was out of your hands. To be on the safe side, reset the phone to factory settings. If you see an option to erase everything, make sure you select it. Before you nuke the phone, check your backups to make sure that you have copies of all the photos and videos that were on your phone.  On an Android phone, go to:

  • Settings | System | Advanced | Reset Options | Erase All Data (factory reset).

 

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

 

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| April 10, 2018
Comments Off on IRS Systems Oldest in Federal Gov

IRS Systems Oldest in Federal Gov

As is often attributed to Benjamin Franklin, who wrote in 1789 that “nothing can be said to be certain, except death and taxes.” The taxman is coming again on April 17th, 2018. Despite Trump’s Uncle Sam‘s latest tricks to take more of our money the Internal Revenue Service’s (IRS) systems are the oldest running in the U.S. Government. Nextgov reports that one of the IRS’ most important tax-processing applications is old enough to be a grandparent, and officials warn a failure during tax season could have dire economic ramifications or delay tax refunds for 100 million Americans.

Internal Revenue ServiceReports from the General Accounting Office, the IRS’ Individual Master File (IMF), and its sister system, the Business Master File (BNF) are the two oldest tech systems in all the federal government at about 58 years old. The next oldest tech system identified is the Defense Department’s Strategic Automated Command and Control System, which helps coordinate U.S. nuclear forces, which was developed 55 years ago (rb- Thanks reassuring).

The IMF and BMF are relics of the early days of computing itself. In 1960, an IRS report announced plans to install computers to automate tax processing at a facility in Martinsburg, West Virginia. Today, almost 60 years later, the IRS is still using the same systems to process the nation’s tax returns.

data from 1 billion taxpayer accountsThe Individual Master File is a massive application written in the antiquated and low-level Assembly programming language. It runs on an IBM mainframe and holds the data from 1 billion taxpayer accounts going back decades. IMF is chiefly responsible for receiving individual taxpayer data and dispensing refunds.

Despite hundreds of millions in spending, plans to fully modernize the application are more than six years behind schedule, and in a statement to Nextgov, IRS revised its new timeline for a modernized IMF to 2022.“To address the risk of a system failure, the IRS has a plan to modernize two core components of the IMF by 2021, followed by a year of parallel validation before retiring those components in 2022.”

DelayedThe timeline could slip further. The article says the IRS will need the authority to hire at least 50 more employees—and backfill any losses—and receive an extra $85 million in annual non-labor funding for the next five years. Trump’s fiscal 2018 budget request would cut IRS funding by $239 million.

In the statement, IRS said IMF “is antiquated, with an architecture and design that dates back to the 1960s,” and admitted fewer programmers understand the old Assembly code. Auditors at the GAO have said IRS has more than 20 million lines of Assembly code.

The IRS’ main efforts to replace the IMF is the Customer Account Data Engine, which was canceled in 2009, and the next modernization effort CADE 2. Nextgov reports that plans to fully deploy CADE 2 and replace IMF have slipped, even as each company working on the project has earned as much as $290 million in revenue from IRS.

Contracting data obtained by Nextgov indicates contractors Deloitte, CSRA, Northrop Grumman, and MITRE Corporation all earned more than $60 million through fiscal 2017 through CADE or CADE 2 task orders.

In the meantime, IRS runs its legacy systems like IMF on newer hardware, though GAO’s latest audit stated 64 percent of the agency’s hardware is aged. Dave Powner, GAO’s director of IT management issues, said before the House Committee on Ways and Means in October. “But relying on these antiquated systems for our nation’s primary source of revenue is highly risky, meaning the chance of having a failure during the filing season is continually increasing.”

Such a failure would be “catastrophic,” according to former IRS Commissioner John Koskinen.

“If this failure were to occur during the filing season, we could be looking at a lengthy interruption in processing returns and issuing refunds … This could have a devastating effect on more than 100 million taxpayers waiting on their refunds as well as the nation’s economy, which sees some 275 billion dollars of refunds each winter and spring.”

Mr. Koskinen told Nextgov that work on CADE 2 stalled “because of the budget crunch of the past year or two, along with the critical need to protect taxpayers against identity theft.” IRS diverted resources toward partnerships with private companies and state and local tax agencies to battle identity theft. The agency spends $2.7 billion annually on IT.

“Victims of identity theft dropped by two-thirds, after years of barely being able to hold our own,” he said. “It was the appropriate decision to protect accounts against identity theft, but it has meant that other critical information technology programs have gone more slowly.”

rb-

The government’s technology woes are worse than you think. Over 80% $90 billion federal IT budget goes toward outdated, legacy IT systems, leaving little leftover innovation commonplace in the private sector.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

 

Category: Uncategorized | Tags: , , , , , , , , ,
| October 15, 2016
Comments Off on 2016’s Most Dangerous Online Celebrities

2016’s Most Dangerous Online Celebrities

2016's Most Dangerous Online CelebritiesThe 10th annual McAfee Top 100 Most Dangerous Celebrities to Search for Online Study, published by Intel Security, was recently released.  The yearly report uncovers which celebrities are the most dangerous to search for on Intertube.  These dangerous celeb results can expose fans to viruses, malware, and identity theft while searching for the latest information on today’s pop culture stars.  Intel (INTC) used its McAfee site rating software to find the number of risky sites generated by searches on Google, Bing, and even beleaguered Yahoo.

Intel securityConsumers today remain fascinated with celebrity culture and go online to find the latest pop culture news,” said Gary Davis, chief consumer security evangelist at Intel Security.  “With this craving for real-time information, many search and click without considering potential security risks.  Cyber-criminals know this and take advantage of this behavior by attempting to lead them to unsafe sites loaded with malware.

Most Dangerous Online Celebrities

This year’s most dangerous celebrity online is Amy Schumer.  The comic joins recent most dangerous celebrity online alumni Jimmy Kimmel, Jay Leno, and Emma Watson.  According to Intel Security, a search for the “Trainwreck” actress has a 16.1% likelihood of returning results that direct fans to sites with viruses and malware.

2016 most dangerous celebrity online is Amy SchumerJustin Biber is the second most dangerous online celebrity.  As for the “Sorry” singer, there’s a 15% chance that Beliebers could connect with a malicious website.

The rest of this year’s Top 10 list included:
3.  Carson Daly 13.4%
4.  Will Smith 13.4%
5.  Rihanna 13.3%
6.  Miley Cyrus 12.7%
7.  Chis Hardwick 12.6%
8.  Daniel Tosh  11.6%
9.  Selena Gomez 11.1%
10.  Kesha 1exploit celebrity fandom for abuse1.1%

Intel says there are two big truths: cyber-criminals try to exploit celebrity fandom for abuse.  The first is that consumers want convenience.  As people rely less on cable and, instead, search for the content they want online, they’ll find many third-party sources for their favorite music or videos.

But unofficial sources are often dangerous.  Links can send users to unsafe sites, where sneaky tactics for stealing data and usernames are awaiting.  The popular torrent file format for downloading files allows cyber-criminals to sneak viruses onto devices.

social media obsessed cultureSocial media-obsessed culture

The second truth attackers are exploiting is the desire for gossip – now.  In today’s social media-obsessed culture, fans want real-time information about their favorite celebrities.  It isn’t uncommon for a celebrity to share a photo, post, or comment around the world in a matter of seconds.  Those posts often spark a wave of searches.  With all that traffic, cyber-criminals can trick fans into visiting a faux-gossip website infested with malware to steal passwords, credit card information, and more.  This method is particularly effective on social media channels, like Facebook, Twitter, and WhatsApp, where the standards for trust are low.

How to protect yourself

In addition to recommending anti-virus software, Intel, whose products include McAfee software, urges consumers to be skeptical when surfing the web.  But don’t worry.  No one is asking you to give up your celebrity infatuation; here are a few things you can do to make sure you’re entertained safely:

  • rusted video streaming services Watch media from sources.  Are you looking for the latest episode of Amy Schumer’s TV show, Inside Amy Schumer?  Stick to the official source at comedycentral.com or well-known and trusted video streaming services like Hulu to ensure you aren’t clicking on anything malicious.
  • Be wary of searching for file downloads.  Of all the celebrity-related searches we conducted, “torrent” was the riskiest by far.  According to Intel, a search for ‘Amy Schumer Torrent’ results in a 33 % chance of connecting to a malicious website.  Cybercriminals can use torrents to embed malware within authentic files, making it tricky to detect safe downloads from unsafe sources.  It’s best to avoid using torrents, especially when so many legitimate streaming options are available.
  • Keep your personal information personal.Keep your personal information private.  Cybercriminals are always looking for ways to steal your personal information.  If you receive a request to enter information like your credit card, email, home address, or social media log-in, Intel says you should not give it out thoughtlessly.  Please research and ensure it’s not a phishing or scam attempt that could lead to identity theft.
  • Use security protection while browsing.  Many software products can scan web pages you’re browsing, alerting you to malicious websites and potential threats.  This can keep you safe as you study the latest gossip.

rb-

The stars are new, but the game is the same.  In addition to applying some critical thinking to your web browsing, the same advice from 2015, 2014, 2013, 2012, etc. stands……

Maybe I will get more hits after putting these pop names in here.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005.  You can follow him on LinkedInFacebook, and Twitter.  Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , ,
| September 17, 2016
Comments Off on Mind Readers Can Steal Your Biometric Info

Mind Readers Can Steal Your Biometric Info

Mind Readers Can Steal Your Biometric InfoBy now, most people have come to the position that passwords suck. The momentum for alternate means of authentication is growing. Researchers are working on how to use biometric technology for mainstream login activities. As I have pointed out there is a number of emerging biometric techniques like; iris scans, facial recognition, or behavioral characteristics. All of these methods have flaws, which pose a problem for authentication non-repudiation.

passwords suckIn a post at IEEE Spectrum, Megan Scudellari writes that fingerprints can be stolen, iris scans spoofed, and facial recognition software fooled. In the wake of these flaws, researchers have turned to brain waves as the next step in biometric identification. Biometric identification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits. Unique identifiers include fingerprints, hand geometry, earlobe geometry, retina and iris patterns, voice waves, DNA, and signatures.

The researchers are racing to prove how accurately and accessibly they can verify a person’s identity using electroencephalograph (EEG) data. An EEG is a test that detects electrical activity in the brain using electrodes attached to the scalp. The IEEE article explains that as your eyes skim over these pixels you are reading and turn them into meaningful words, your brain cells are flickering with a pattern of electrical activity that is unique to you. These unique patterns can be used like a password or biometric identification. In fact, researchers have taken to calling them “passthoughts”.

brain cells are flickering with a pattern of electrical activity that is unique to youUsing brainwaves to authenticate people goes back a while. Back in 2012, I wrote about the Muse headband sensor which promised to “create a specific brainwave signature or a password they would never have to say out loud or type into a computer.” More recently, psychologists and engineers at Binghamton University in New York achieved 100 percent accuracy at identifying individuals using brain waves captured with a skullcap with 30 electrodes. Scientists at the University of California at Berkeley have adopted a set of earbud sensors that worked with 80 percent accuracy.

The problem is our brains don’t produce a single, clear signal that can be checked like a fingerprint. The article says our brains emit a messy, vibrant symphony of personal information, including one’s emotional state, learning ability, and personality traits. The author contends that as EEG technology becomes cheaper, portable, and more ubiquitous—not only for identity authentication, but in apps, games, and more— there’s a high likelihood that someone will tap into that concerto of information for malicious purposes. Abdul Serwadda, a cybersecurity researcher at Texas Tech University told Spectrum;

If you have these apps, you don’t know what the app is reading from your brain or what [the app’s creators are] going to use that information for, but you do know they’re going to have a lot of information

The Texas Tech team performed experiments to see if they could glean sensitive personal information from brain data captured by two popular EEG-based authentication systems. Surprise, surprise: they were able to capture sensitive personal information from brain data.

capture sensitive personal information from brain data.

Mr. Serwadda presented his results at the IEEE International Conference on Biometrics. The Texas Tech researchers examined EEG-based authentication systems that claimed high levels of authentication accuracy. One system examined was the Berkley model, and the second was based on the Binghamton model. The article explains that these EEG-based authentication systems utilize specific features, or markers, of brain activity to identify a person, like isolating the melody of a specific orchestra instrument to identify a song.

ListeningThe researchers wanted to see if those markers also contained sensitive personal information—in this case, a tendency for alcoholism. They ran old EEG scans which included alcoholics and non-alcoholics through the systems. Using the brain wave data, they were able to accurately identify 25% of the alcoholics in the sample. That’s 25% of people who just lost their privacy. Mr. Serwadda said;

We weren’t surprised, because we know the brain signal is so rich in information … But it is scary. [Wearable brain measurement] is an application that’s just about to go mainstream, and you can infer a lot of information about users.

The researcher said that malicious third parties could mine brain data to make inferences about learning disabilities, mental illnesses, and more. He told Spectrum, “Imagine if you made these things public, and insurance companies became aware of them … It would be terrible.”

IOActive senior consultant Alejandro Hernández told The Register that dangerous vulnerabilities exist in EEG kits. EEG’s security problems are depressingly familiar results of bad software design, Hernández said. EEG devices are vulnerable to man-in-the-middle attacks, as well as less-severe application vulnerabilities and ordinary crashes. Mr. Hernández says.

… some applications send the raw brain waves to another remote endpoint using the TCP/IP protocol, that by design doesn’t include security, and therefore this kind of traffic is prone to common network attacks such as man-in-the-middle where an attacker would be able to intercept and modify the EEG data sent.

steal raw EEG dataThe IOActive consultant found that components like the acquisition device, middleware, and endpoints lack authentication meaning an attacker can connect to a remote TCP port and steal raw EEG data. That same flaw lets attacks pull off the more dangerous reply attacks.

Unfortunately, the researchers do not have a solution for how to secure such information—though in the study, compromising a little on authentication accuracy did reduce the ability to detect who was an alcoholic. Mr. Serwadda hopes other research teams will now take privacy, and not just accuracy, into account when optimizing such systems. Professor Serwadda concludes, “We have to prepare for the movement of brain wave [assessment] into our daily lives.”

Rb-

Given the willingness of apps developers to sell share any info to any third party and the unwillingness of the public to take even basic steps to secure their info online, everyone’s deepest personal information can be hacked in the future.

Another problem with passthoughts UC Berkeley’s John Chuang identifies that stress, mood, alcohol, caffeine, medicine, and mental fatigue could change the electrical signals that are generated.

Despite advances in logging in with your mind, there might always be a need for an old-fashioned eight-plus character phrase with no spaces. “Passwords will never go away,” says Berkeley’s Chuang. He reasons that for a computer, a typed password may be the easiest way to verify identity, while a finger swipe may be best for a touch screen.

But we need to think beyond those to future devices—wearables, for instance—for which there will be neither a keyboard nor a touch screen. “For each device, we must figure out what are the most natural, intuitive ways to tell the device that we are who we are,” Professor Chuang says. Going directly to the brain seems like an obvious choice.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| April 7, 2016
Comments Off on 9 Emails You Should Never Open

9 Emails You Should Never Open

9 Emails You Should Never OpenThe increasing pace of life coupled with mobile computing which bombards us with emails and messages, from more sources, and across more devices than ever before has created what Proofpoint calls a generation of trigger-happy clickers.

fake emails from cyber criminals.Trigger-happy clickers are falling more and more for fake emails from cybercriminals. These fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link according to the article. To put that into context a legitimate marketing department typically expects <2% click rate on their advertising campaigns.

So, despite the best efforts of security professionals, too many people are still falling prey to email scams at home and work. Whether it’s a get-rich-quick scheme or a sophisticated spearphishing attack, here are some emails to steer clear of:

1. The government scam

These emails look as if they come from government agencies, such as the IRS, FBI, or CIA. If these TLA’s want to get a hold of you, it won’t be through email.

2. The “long-lost friend”

tries to make you think you know themThis scammer tries to make you think you know them, but it might also be a contact of yours that was hacked.

3. The billing issue

These emails typically come in the form of legitimate-looking communications. If you catch one of these, log into your member account on the website or call the call center.

4. The expiration date

A company claims your account is about to expire, and you must sign in to keep your data. Again, sign in directly to the member website instead of clicking a link in the email.

5. You’re infected

you’re infected with a virusA message claims you’re infected with a virus. Simple fix: Just run your antivirus and check. In a recent twist, scammers claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.

Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans, and send alarming messages to try to convince you that your computer is infected with malware. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.

But wait it gets worse – If you paid for their “tech support” you could later get a call about a refund. The refund scam works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund.

Or the caller may say that the company is going out of business and providing refunds for “warranties” and other services.

The scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account.

6. You’ve won

you won a contest you never enteredClaims you won a contest you never entered. You’re not that lucky; delete it. It’s illegal to play a foreign lottery. Any letter or email from a lottery or sweepstakes that ask you to pay taxes, fees, shipping, or insurance to claim your prize is a scam.

Some scammers ask you to send the money through a wire transfer. That’s because wire transfers are efficient: your money is transferred and available for pick up very quickly. Once it’s transferred, it’s gone. Others ask you to send a check or pay for your supposed winnings with a credit card. The reason: they use your bank account numbers to withdraw funds without your approval, or your credit card numbers to run up charges.

7. The bank notification

An email claiming some type of deposit or withdrawal. Give the bank a call to be safe.

8. Playing the victim

emails make you out to be the bad guyThese emails make you out to be the bad guy and claim you hurt them in some way. Ignore.

9. The security check

A very common phishing scam where a company just wants you to “verify your account.” Companies almost never ask you to do this via email.

What To Do Instead of Clicking Links

In the case of your bank or other institution, just go to the website yourself and log in. Type in the address manually in the browser or click your bookmark. That way you can see if there’s something that needs taken care of without the risk of ending up on a phishing site.

In the case of your friend’s email, chances are that they copied/pasted the link into the message. That means you can see the full address. You can just copy/paste the address into the browser yourself without clicking anything. Of course, before doing that make sure you recognize the website and that it’s not misspelled.

Proofpoint’s bottom line is that unless you explicitly know and trust it, avoid it. That’s all there is to it. Make this a habit and you can avoid one of the biggest mistakes in internet safety.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
« Older Entries