 |
|
'Tis the Season
The happy holiday spirit puts many people in optimistic, giving and trusting moods. Cybercriminals, identity thieves and other scammers know this all too well. Read on to avoid some of their craftier tricks so you can spend the season celebrating.
IN THIS ISSUE
|
|
More Than What's Bargained For
|
|
Digital shopping opens doors for data thieves
With more consumers turning to mobile and online sites for holiday purchases, crooks have greater opportunity to seize personal and financial information through vulnerable systems connected to the Internet. Chip cards, too, are making it more difficult to perpetrate a once simple and inexpensive crime - counterfeit credit and debit card scams.
With the above in mind, the California Attorney General prepared a
list of holiday shopping tips for consumers looking to protect themselves. Of course
, her list is applicable to people beyond her state. Here are just a few:
- If you receive a call from your credit card company that requests you to verify your account information for security reasons, ask to call the company back. Then call the telephone number listed on your card.
- Say "no" to strange apps. Scammers can use mobile apps and games to hide malware that steals your personal information. Do not download apps unless they are from a known source and have third-party reviews that verify their legitimacy.
- Use strong passwords. No repeaters. Weak and repeat passwords are a hacker's holiday treat. Always use more than ten characters, with numbers, special characters and a combination of upper and lower case letters. Use different passwords for different sites.
|
|
A few more tips to share with friends, family and colleagues
In a recent
visit to CWIowa Live morning show, I shared some precautions people can take to mitigate their privacy and data security risks during the busy holiday season (as well as throughout the year). You can watch the segment on YouTube, but in the meantime, here's a quick sample of what we discussed:
- Beware offers that appear too good to be true. They probably are. With email offers, hover your mouse over the sender's address and look at the bottom of your browser. If the address in the To field doesn't match what is displayed at the bottom of your browser, consider that a red flag.
- Remove all the data from devices you are selling to make money for the holidays. Sixty-seven percent of used digital devices sold on eBay and Craigslist hold personally identifiable information (PII)! Check out this Rossen Report from NBC's Today Show to see just how much data can become available to the buyers of these used devices.
- If a smart gadget or device (e.g. Samsung TV or Amazon Echo) is voice-activated, consider that it is always listening. Even if the device is designed only to respond to specific words or phrases, it has to be "tuned in" to hear those. Which of your conversations is it hearing? All of them. Turn it completely off when you don't need to use it.
|
|
Cyber Monday isn't the only day staff is tempted
Depending on your organization's policies, it may be okay to get some holiday shopping done at work. Maybe it's over the lunch hour or after the office officially closes. (Maybe not.) Either way, your organization's network and devices could be accessed by malware, viruses or covert data kidnappers should you or a fellow employee fall for a holiday-themed scam while at work. (It could even happen if you fall for it on a company-issued device you're working on from home!)
Consider sharing these best practices with staff, vendors and anyone who may be using your network to browse or buy:
- Never click on pop-ups; they are often fake and infested with malware.
- A growing numbers of scam deals, coupons and discounts are circulating via social media. Your colleagues may see such a post and consider it okay because it was shared by a friend. The added air of legitimacy is exactly why these scams are so effective. On social media, friends can't be trusted!
- A warning especially for high-ranking executives - you are prime targets for "whaling," a type of targeted phishing attack that aims to trick C-level associates into clicking links with infected malware or sharing confidential data. We might like to think these individuals are too busy to shop at work, but those jam-packed schedules may be precisely why they are cramming holiday gift buying in between conference calls.
Below is an example of a realistic looking phishing email sent to me on Nov. 15
, seemingly from ToysForce. The dead giveaways? When hovering over the "Cancel De-Activation" button, I saw the actual domain it went to, and it was not ToysForce.
Plus, I've never done business with a company called ToysForce!
|
|
Are You Phish Bait?
|
|
Four sites to help you find out without clicking
Aside from the "hover over the link" tip above, there are other ways to check the legitimacy of an email. The four sites below catalog harmful URLs. Next time you hover, type in what you see at three or more such sites to safely "test" the URL.
|
|
 Keep Your Eyes Peeled When Accessing Cash
|
|
ATMs are a thief's paradise
Across the world, in both high traffic and desolate areas, cash machines have become a mecca of opportunity for even the most resource-tapped criminals. That's because skimming devices are easy to get and generally cost just a few hundred dollars. They're sold on the dark web and generally grab plenty of data before they are detected.
We recently experienced a
city-wide ATM hacking in my neck of the woods here in Des Moines, Iowa. Evidence it can happen anywhere.
Before you visit your next ATM, be aware of three simple steps you can take to protect yourself and your card account:
- Pull on the card reader to see if it jiggles.
- Cover keys while putting in PIN (even when no one is around... a video camera could be monitoring your key entry).
- If something looks suspicious, move on. There's likely to be another ATM nearby.
These tips are also good for self-pay scanners, such as those found at gas stations and self-serve checkouts in stores. Crooks are big fans of planting skimmers there.
VIDEO: Check out
these two videos compiled by investigative reporter Brian Krebs. They detail an especially stealthy version of criminal hardware - insert skimmers.
|
|
| | | | |