fbpx

Massive Social Security Breach: American Social Security Numbers Have Been Attacked 

In a chilling revelation, a notorious hacking group has claimed responsibility for what may be one of the largest breaches of personal data in history. Four months after initially making the claim, a member of this group has allegedly released a vast amount of sensitive information, including Social Security numbers, for free on a dark web marketplace.

The Scope of the Breach

The breach is reportedly linked to National Public Data (NPD), a major data broker that provides personal information to employers, private investigators, and other organizations. A class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, alleges that the hacking group known as USDoD managed to steal personal records of nearly 2.9 billion individuals from NPD. This data reportedly includes names, addresses, dates of birth, Social Security numbers, and phone numbers—essentially a treasure trove for identity thieves.

The Risks Involved

The leaked data, if authentic, poses severe risks for identity theft and fraud. According to Teresa Murray, consumer watchdog director for the U.S. Public Interest Research Group, this breach is particularly concerning due to the comprehensive nature of the stolen information. While some key details, such as email addresses and driver’s license photos, are reportedly absent, the available data could still enable fraudsters to create fake accounts, steal identities, and cause significant financial harm.

How to Protect Yourself

Given the scale of the breach, it’s crucial to take immediate steps to protect your identity and financial information:

  1. Freeze Your Credit: One of the most effective measures you can take is to place a freeze on your credit files with the three major credit bureaus: Experian, Equifax, and TransUnion. This will prevent criminals from opening new accounts in your name. Remember, you’ll need to temporarily lift the freeze if you apply for credit in the future.
  2. Use Identity Monitoring Services: Consider signing up for an identity theft monitoring service that scans the dark web and your accounts for suspicious activity. If your data was compromised, the company responsible for the breach might offer these services for free.
  3. Check If You’ve Been Breached: Several tools, such as the one offered by cybersecurity company Pentester, allow you to search the leaked NPD database to see if your information was compromised. Atlas Privacy also provides a similar service to check if your data is among the leaked records.
  4. Strengthen Your Account Security: Ensure that all your online accounts use strong, unique passwords, and consider using a password manager to keep track of them. Enable two-factor authentication (2FA) wherever possible, which adds an extra layer of security to your accounts.
  5. Be Wary of Phishing Scams: Scammers may use the breach as an opportunity to trick people into revealing more personal information. Be cautious of unsolicited emails or texts claiming to be from companies you trust. Always verify the authenticity of such communications by contacting the company directly using official channels.

The Human Factor

Despite advanced technology, one of the biggest vulnerabilities remains human error. Scammers often rely on social engineering tactics to trick individuals into giving up their personal information. Always be skeptical of unsolicited communications and avoid clicking on suspicious links or providing sensitive information to unknown entities.

Final Thoughts

The potential exposure of Social Security numbers and other personal information on such a massive scale is alarming and serves as a stark reminder of the vulnerabilities in our digital world. By taking proactive steps to secure your information, you can mitigate the risks posed by this breach and protect yourself from identity theft and fraud.

Remember, vigilance is key. As Murray aptly noted, “These bad guys, this is what they do for a living.” Stay informed, stay protected, and take the necessary actions to safeguard your personal data.

Source: https://www.latimes.com/business/story/2024-08-13/hacker-claims-theft-of-every-american-social-security-number

Photo by Pixabay: https://www.pexels.com/photo/selective-focus-photo-of-stacked-coins-128867/

Email Scams: How to Identify Email Scams and Avoid Online Deception

Scam emails and spam have become persistent problems in the modern digital world, targeting both individuals and businesses. The goal of these scams is to get the target to provide personal information or to pay money. To avoid falling for email scams and other forms of online deceit, it is important to be aware of the red flags that indicate an email might be fake and the tactics con artists use to trick their targets. In this piece, we’ll show you how to spot email scammers and give you other useful advice for being safe in the immense online world.

What is an Email Scam?

An email scam, often known as a phishing scam, is an attempt to trick an individual or an organization out of personal or confidential information by means of email. To trick their targets into thinking their fraudulent communications come from a trusted source like a bank or government agency, con artists frequently adopt false personas.

What are the Different Types of Email Scams?

Phishing Scams

Emails that appear to be from legitimate businesses like banks or shopping websites are often used in these frauds. In most cases, the sender of the email is attempting to trick the recipient into divulging sensitive information or clicking on a link for malicious objectives.

Lottery Scams

In this type of scam, the recipient is informed that they have won a large sum of money in a lottery or sweepstakes. To claim the winnings, the scammer requests a payment or personal information, which is used to steal the victim’s identity or money.

Nigerian Prince Scams

In this con, the victim receives an email from someone pretending to be a government official or affluent Nigerian prince offering a large quantity of money in exchange for help with a financial transaction. The scammer asks for money up front for “transaction fees” or “services,” but the promised cash are never delivered.

Fake Invoice Scams

Scammers send emails pretending to be from legitimate businesses, requesting payment for an invoice or service that the recipient has not actually received. These emails often contain a sense of urgency, pressuring the recipient to act quickly and make the payment without verifying the legitimacy of the request.

Employment Scams

Scammers pose as potential employers and send job offers via email. Under the pretense of arranging direct deposit or performing a background check, they may ask for sensitive information such a social security number or bank account number. Then, it’s utilized for things like identity theft and bank fraud.

Charity Scams

Scammers take advantage of people’s generosity by posing as charitable organizations, soliciting donations via email. They may create fake websites or use stolen logos to make their emails appear legitimate. The money donated never goes to the intended cause but instead ends up in the hands of the scammers.

How to Identify Email Scams

1. Check the sender’s email address:

Scammers often use email addresses that closely resemble those of legitimate organizations but contain slight variations or misspellings. Look for any red flags or inconsistencies in the email address.

2. Pay attention to the tone and language used in the email:

Email scams often contain poor grammar, spelling errors, or an overly urgent tone. Legitimate organizations typically have professional communication standards, so any deviations should raise suspicion.

3. Be cautious of unsolicited emails:

If you receive an email from an unknown sender or a company you haven’t interacted with before, be wary. Legitimate organizations usually do not reach out to individuals without prior contact.

4. Look for suspicious URLs or links:

Hover over any links in the email without clicking on them to see where they actually lead. Scammers may use deceptive URLs that appear legitimate but actually redirect to malicious websites. If the URL looks suspicious or unfamiliar, do not click on it.

5. Check for spelling and grammatical errors:

Many email scams originate from non-native English speakers, so they often contain spelling and grammatical mistakes. Legitimate organizations typically have professional proofreading processes in place, so errors should be a red flag.

6. Be skeptical of requests for personal or financial information:

Legitimate organizations rarely ask for sensitive information via email. If an email asks for your social security number, bank account details, or other personal information, be cautious and verify the legitimacy of the request through alternate channels.

7. Verify the email’s content through other sources:

If you receive an email claiming to be from a legitimate organization, independently verify the information through their official website or contact them directly using a verified phone number or email address.

8. Be cautious of emails with attachments:

Scammers may send malicious attachments that contain malware or viruses. Unless you are expecting an attachment from a trusted source, do not open any attachments.

What Should I Do If I Receive an Email Scam?

1. Do not click on any links or download any attachments:

Scammers often use malicious links or attachments to infect your device with malware or gather your personal information. Even if the email appears to be from a trusted source, exercise caution and refrain from interacting with these elements.

2. Do not reply to the email or provide any personal information:

Scammers may try to trick you into sharing sensitive data such as your passwords, Social Security number, or bank account details. Never disclose this information via email, as legitimate organizations would not request it in this manner.

3. Mark the email as spam:

Use your email client’s spam or junk mail feature to flag the email as spam. This helps your email provider improve its filters and reduce the chances of such scams reaching your inbox in the future.

4. Delete the email:

Remove the suspicious email from your inbox and trash folder to ensure that you don’t accidentally click on any links or open the email again. It’s crucial not to keep any record of the scam email to reduce the risk of falling victim to it later.

5. Report the scam:

Forward the scam email to your email provider’s abuse department. Most email providers have dedicated email addresses or online forms where you can report phishing attempts or scams. This helps them investigate and take appropriate action against the scammers.

What are the Consequences of Falling for an Email Scam?

One of the most common consequences of falling for an email scam is financial loss. Scammers often trick people their bank account details, credit card information, or other sensitive financial information. This can result in unauthorized transactions, identity theft, and substantial financial loss.

Email scams can also lead to identity theft. By tricking victims into sharing personal information such as social security numbers, dates of birth, or addresses, scammers can assume their identity and use it for fraudulent activities. Identity theft can have long-lasting effects on a person’s credit score, financial reputation, and overall well-being.

Falling for an email scam can compromise the security of your devices and personal information. Scammers may trick individuals into clicking on malicious links or downloading malware-infected attachments, allowing them to gain unauthorized access to sensitive data, passwords, or even take control of your device remotely.

How To Avoid Falling Victim to Email Scams

1. Educate yourself and stay informed:

Stay up-to-date on the latest email scams and tactics used by scammers. By staying informed, you can better recognize and avoid scams when they come your way.

2. Install and regularly update antivirus software:

Antivirus software helps protect your computer from malware and viruses that can be spread through email scams. Make sure to install a reputable antivirus program and keep it updated to ensure maximum protection.

3. Enable two-factor authentication:

Two-factor authentication adds an extra layer of security to your online accounts. It requires you to provide a second form of verification, such as a code sent to your phone, in addition to your password. This can help prevent scammers from gaining unauthorized access to your accounts.

4. Be cautious with your personal information:

Be mindful of how much personal information you share online, especially on social media platforms. Scammers can use this information to impersonate you or gain access to your accounts. Only provide personal information when it is absolutely necessary and only to trusted sources.

5. Be wary of urgent or threatening language:

Scammers often use urgency or fear tactics to manipulate individuals into providing personal information or taking immediate action. If an email tries to create a sense of urgency or threatens negative consequences, take a step back and verify the legitimacy of the email before taking any action.

6. Trust your instincts:

If something feels off or too good to be true, it probably is. Trust your gut instincts and be cautious when dealing with unfamiliar or suspicious emails. It’s better to be safe than sorry, so take the time to investigate further before providing any personal information or clicking on any links.

7. Report suspicious emails:

If you receive a suspicious email, report it to your email provider or to the appropriate authorities. This can help protect others from falling victim to the same scam and can aid in the investigation and prosecution of scammers.

8. Double-check email addresses and links:

Scammers often use deceptive tactics to make their emails appear legitimate. Before clicking on any links or providing any information, double-check the email address and hover over the link to see where it leads. If something looks suspicious or unfamiliar, do not proceed.

9. Be cautious with email attachments:

Email attachments can contain malware or viruses that can harm your computer or compromise your personal information. Only open attachments from trusted sources and scan them with your antivirus software before opening.

10. Use strong, unique passwords:

Create strong, complex passwords for your online accounts and avoid using the same password for multiple accounts. This can help prevent scammers from easily gaining access to your accounts.

11. Be vigilant with phishing attempts:

Phishing is a common tactic used by scammers to trick individuals into providing their personal information or login credentials. Be wary of emails asking for sensitive information, such as passwords or credit card numbers, and never provide this information via email.

12. Use email filters and spam detection:

Enable email filters and spam detection features provided by your email provider to help identify and block suspicious emails. This can help reduce the number of scam emails that make it into your inbox.

Conclusion

In conclusion, staying cautious and aware is critical in the face of today’s growing email scams and online fraud. You may protect your personal and financial security by being acquainted with common fraudster strategies and learning how to recognize red flags in dubious communications. Remember to be cautious when communicating with unfamiliar senders, avoid revealing critical information, and keep your security measures up to date. You may traverse the digital world with confidence and protect yourself from the perils of email scams by following these guidelines and remaining proactive.

Final Thoughts

For all your cybersecurity needs, rely on Buzz Cybersecurity as your trusted partner. We excel in providing a comprehensive range of cybersecurity solutions, including cloud services, disaster recovery, and managed detection and response. Our services are accessible to businesses of all sizes, spanning across California and nearby states. Contact us today, and let’s work together to fortify the protection of your digital assets.

Sources

  1. https://www.technology.pitt.edu/security/phishing-awareness-dont-take-bait
  2. https://www.cnbc.com/2019/04/18/nigerian-prince-scams-still-rake-in-over-700000-dollars-a-year.html
  3. https://www.fdacs.gov/Consumer-Resources/Scams-and-Fraud/Charity-Scams
  4. https://www.linkedin.com/pulse/world-password-day-importance-strong-passwords-technology-benis/
  5. https://www.verizon.com/articles/internet-essentials/antivirus-definition/

What Does Weak Security Mean on WiFi: Assessing Vulnerabilities

Weak security on WiFi networks can leave us vulnerable to various cyber threats. Whether it’s at home or in a business setting, understanding the implications of weak security is crucial in safeguarding our personal information and sensitive data. In this article, we will delve into the world of WiFi vulnerabilities, exploring what weak security actually means and the potential risks associated with it. By gaining a deeper understanding of these vulnerabilities, we can take proactive steps to protect ourselves and ensure our WiFi networks are secure. So, let’s uncover the hidden dangers of weak security on WiFi and empower ourselves with the knowledge to stay safe in the digital realm.

What Does Weak Security Mean on WiFi?

Weak security on WiFi refers to a network that lacks the necessary measures to protect against unauthorized access and malicious activities. It means that the network is vulnerable to attacks and can be easily compromised by cybercriminals.

When a WiFi network has weak security, it becomes susceptible to several risks, including:

Unauthorized Access

Weak security allows unauthorized individuals to connect to the network without permission. This can lead to unauthorized use of internet bandwidth, as well as potential theft or misuse of sensitive data.

Man-in-the-Middle Attacks

These attacks occur when an attacker intercepts the communication between a device and the network connections. With weak security, it becomes easier for attackers to eavesdrop on sensitive information or modify data packets, leading to data breaches or manipulation.

Data Theft

Weak security makes it easier for hackers to steal personal information, such as passwords, credit card details, and other sensitive data. This can result in identity theft, financial loss, and other forms of cybercrime.

Malware Infections

Cybercriminals can exploit weak security to inject malware into a WiFi network. Once in, the malware can spread to connected devices, compromising their functionality and allowing attackers to gain control or extract data.

Vulnerability Exploitation

Weak security often means that the WiFi network hasn’t been updated with the latest security patches and protocols. Attackers can exploit these vulnerabilities to gain unauthorized access to the network or launch targeted attacks.

How Can I Tell If My Wifi Security is Weak?

Encryption Protocol

Check the encryption protocol being used by your WiFi network. WEP (Wired Equivalent Privacy) is the weakest form of encryption and can be easily hacked within minutes. If you are still using WEP, it is a clear sign of weak security. Upgrade to the more secure WPA2 (WiFi Protected Access 2) or the latest WPA3 for enhanced protection.

Network Security Key (Password Strength)

Determine the strength of your WiFi password. Weak passwords, such as common dictionary words, birthdates, or simple combinations, can be easily cracked by hackers using brute-force or dictionary-based attacks. A strong password should be at least 12 characters long, contain a mix of uppercase and lowercase letters, numbers, and special characters.

Network Visibility

Check if your WiFi network is visible to others. A hidden network, also known as a closed network, adds an extra layer of security as it doesn’t broadcast its SSID (Service Set Identifier). If your network is visible to anyone nearby, it increases the chances of unauthorized access.

Unauthorized Devices

Monitor the devices connected to your WiFi network. If you notice any unfamiliar devices or devices that you don’t recognize, it could be a sign of weak security. Unauthorized devices can indicate that someone has gained unauthorized access to your network and is using it without your knowledge.

Outdated Firmware

Check if your WiFi router’s firmware is up to date. Manufacturers regularly release firmware updates to patch any security vulnerabilities and improve the overall security of the device. If you haven’t updated your router’s firmware in a while, it could be an indication of weak security.

Weak Signal Strength

Weak WiFi signal strength can also be an indicator of weak security. A weak signal can make it easier for attackers to intercept and exploit your network. Ensure that your router is placed in a central location and away from obstructions to maximize signal strength.

Lack of Two-Factor Authentication

Two-factor authentication adds an extra layer of security to your WiFi network. If you don’t have two-factor authentication enabled, it can be a sign of weak security. Enable this feature in your router settings to enhance the security of your network.

How Can I Strengthen My WiFi Security?

  1. Change the default router login credentials: The default usernames and passwords of routers are easily accessible online, making it effortless for hackers to gain access to your network. Change these credentials to a unique and strong combination of characters to prevent unauthorized access.
  2. Use a strong WPA2 password: WiFi Protected Access 2 (WPA2) is currently the strongest encryption protocol available for WiFi networks. Make sure to set a password that is at least 12 characters long and includes a mix of uppercase and lowercase letters, numbers, and special characters.
  3. Enable network encryption: In addition to setting a strong WiFi password, enable encryption to protect the data transmitted over your network. Use WPA2 encryption, as it provides a higher level of security compared to older encryption methods like WEP or WPA.
  4. Disable SSID broadcasting: By default, routers broadcast their network name (SSID) to make it easier for devices to connect. However, this also makes it easier for hackers to identify and target your network. Disable SSID broadcasting to make your WiFi network less visible to potential attackers.
  5. Implement a guest network: If you have visitors or clients accessing your WiFi network, it’s a good idea to set up a separate guest network. This way, you can keep your main network and its devices separate from guests, reducing the risk of unauthorized access to your sensitive information.
  6. Regularly update your router firmware: Router manufacturers often release firmware updates to fix security vulnerabilities and improve performance. Make sure to regularly check for updates and install them to keep your router secure.
  7. Enable two-factor authentication: Two-factor authentication (2FA) adds an extra layer of security to your WiFi network. It requires users to provide a second form of verification, such as a unique code sent to their mobile device, in addition to their password. Enable this feature in your router settings to enhance the security of your network.
  8. Enable a firewall: A firewall acts as a barrier between your network and the internet, monitoring and filtering incoming and outgoing network traffic. Enable the built-in firewall feature of your router, or consider using a dedicated firewall device or software, to add an extra layer of protection to your network.
  9. Disable remote management: Remote management allows you to access and manage your router settings from outside your home or office network. While convenient, it can also be a security risk if not properly secured. Disable remote management unless you have a specific need for it.
  10. Consider using a virtual private network (VPN): A VPN encrypts your internet traffic and provides a secure connection between your devices and the internet. This can be especially useful when using public WiFi networks or when accessing sensitive information online. Consider using a reputable VPN service to protect your data and maintain your privacy.

How Can I Strengthen My WiFi Security on iPhone and Android?

  1. Update your device’s operating system: Keeping your iPhone or Android device up to date with the latest operating system is crucial for security. These updates often include patches for security vulnerabilities and help protect your device from potential threats.
  2. Use strong and unique passwords: Creating strong and unique passwords for your WiFi network is the first line of defense against unauthorized access. Avoid using common passwords and consider using a password manager to generate and store your passwords securely.
  3. Enable WiFi encryption: Ensure that your WiFi network is encrypted with a strong encryption method, such as WPA2 or WPA3. This will prevent unauthorized users from intercepting and accessing your network traffic.
  4. Disable WiFi auto-connect: By disabling the auto-connect feature on your iPhone or Android device, you can have more control over which WiFi networks you connect to. This reduces the chances of connecting to insecure or malicious networks.
  5. Be cautious of public WiFi networks: Public WiFi networks are often unsecured and can be a hotspot for hackers. Avoid connecting to public WiFi networks for tasks that involve sensitive information, such as online banking or accessing personal emails.
  6. Enable device tracking and remote wipe: In case your iPhone or Android device gets lost or stolen, enabling device tracking and remote wipe features can help protect your personal data. These features allow you to track the location of your device and remotely erase its data to prevent unauthorized access.
  7. Install a reputable security app: There are many security apps available for both iPhone and Android devices that can help protect against malware, phishing attacks, and other security threats. Research and choose a reputable security app that suits your needs.
  8. Disable WiFi when not in use: When you’re not actively using WiFi, it’s a good practice to disable it on your device. This prevents your device from automatically connecting to potentially insecure networks and reduces the chances of unauthorized access.
  9. Keep your apps up to date: Just like your device’s operating system, keeping your apps up to date is important for security. App updates often include security fixes and patches for vulnerabilities. Enable automatic app updates or regularly check for updates manually.
  10. Consider using a virtual private network (VPN): Using a VPN on your iPhone or Android device can add an extra layer of security. A VPN encrypts your internet traffic and provides a secure connection, making it difficult for hackers to intercept your data. Look for a reputable VPN service and consider using it, especially when using public WiFi networks or accessing sensitive information online.

Conclusion

In summary, understanding the implications of weak security on WiFi networks is crucial for protecting our personal and business data. By adhering to security standards, such as using strong encryption protocols and regularly updating firmware, we can minimize the risks associated with weak security. Practicing good security habits, such as using strong passwords and enabling network segmentation, further enhances the security of our WiFi networks. By prioritizing security and staying informed, we can build a resilient defence against cyber threats and ensure the safety of our digital lives. Stay secure, stay connected!

Final Thoughts

At Buzz Cybersecurity, we pride ourselves on our unmatched expertise in the field of cybersecurity. From managed IT services to cloud solutions, disaster recovery to managed detection and response, we offer comprehensive solutions for businesses of all sizes. Serving not only our local California community but also neighboring states, we are dedicated to fortifying your digital security. Contact us today and let us protect your business from cyber threats.

Sources

1. https://www.passwordcoach.com/priority-5-bolstering-the-routers-passwords

2. https://www.pcmag.com/how-to/multi-factor-authentication-2fa-who-has-it-and-how-to-set-it-up

3. https://www.webopedia.com/definitions/wpa2/

4. https://www.pcmag.com/how-to/do-i-need-a-vpn-at-home

Photo by Andres Urena on Unsplash

How To Avoid Amazon Gift Card Malware Scams

The Gift That Keeps on Taking

This year, many people awoke on Christmas morning and were delighted to find Amazon gifts card delivered to their email. For some, however, the email they clicked on wasn’t really from Amazon, but part of a phishing campaign. What they actually received was the gift of a Trojan horse in their email. It’s enough to make anyone pause, because even though we’d like to think we’d be savvy enough to catch a phony scam, the truth is that hackers are getting more sophisticated with how well they can disguise their malware. Let’s take a look at this particular email attack, and help you to reduce your chances that you’ll be their next victim.

To begin with, when the email was opened, the virus didn’t automatically get installed. The recipient was asked to click on an “enable content” button under the premise that the attachment to the gift card was created in an online version of Microsoft Office. Once the button was clicked, it allowed malware to be downloaded and installed to whatever computer the user was on.

The particular type of malware that came through in this latest attack was the Dridex Virus. The original version of Dridex first appeared back in 2012, and over the years has become one of the most prevalent financial Trojans. Up until now, the cybercriminals using it have mainly targeted the financial sector, including the banking industry and its customers. One of the reasons why this incarnation of Dridex is so dangerous is because it has been known to give threat actors, such as DoppelPaymer, access to compromised systems to deploy ransomware. The FBI issued a warning last month that predicted DoppelPaymer attacks would see a spike in activity. In 2019, the hackers hit several high-profile targets, including Chile’s Ministry of Agriculture.

This is the first time DoppelPaymer has gone after people via a fake gift card, and the recent change in the ways the attacks are being targeted have left many scratching their heads. There could be many reasons for this. Some speculate that the answer that makes the most sense is simply that with many people celebrating the holidays in isolation this year, online shopping has seen an increase, and hackers, sensing that Amazon gift cards would be a popular gift, are looking to exploit any opportunity to profit. Others worry that the reasons could be much darker.

Typically Dridex tries to lure unsuspecting users to click on an attachment in their email to access the content, in this latest case a gift card. But you can stay clear of becoming a victim by remembering just a few simple rules.

To begin when you get any type of gift card, especially one from Amazon, it will never ask you to download an attachment. A legitimate gift card from Amazon will send you an email indicating who the gift is from, as well as a code in the message that you enter on the Amazon website to add funds to your account. If you get an email that purports to be from Amazon and it’s asking you to download an attachment in a Microsoft Word document, anything resembling such, close the email immediately, and mark it as spam. If you think the gift card might be legitimate, contact the sender via phone, as opposed to email, to find out if it was from them or not.

Scammers also went after online shoppers, too. In one instance, a fake website was set up to lure unsuspecting Target gift card recipients to check their balance. Once the card number was entered, the bad guys had all they needed to go on an illegal shopping spree. Bleepingcomputer reported in a recent article that in some instances, the differences between Target’s actual page and the imposter are so minute that most people would not notice the differences. The layout, text, and colors are a very good imitation. To further obfuscate the user, once their information is entered, they get a “checking balance” message that buys considerable time, and eventually appears to “time out,” telling the user that an error has occurred, and verification has failed. Most people assume the issue is either a user error, or that online traffic is maxing out the site, causing it to crash. They then go about their business, intending to check back layer, and never suspect that they’re been scammed.

When people we consider naïve get scammed, we comfort ourselves with the thought that we would have been savvier and not fallen for it. But it’s super frustrating when the hackers are getting better all the time and we see something that we probably would have fooled even us. In the case of the Target gift card scam, the only “tell” is that the web address is a bit suspect, and none of the links on the rest of the page work. But during the holiday season, when people are overloaded with trying to get shopping done, or after the holiday when they are trying to come down from having brain overload, it’s understandable that sometimes things slip by that we might otherwise be wise to.

Especially if they’re cleverly disguised and seem familiar to what we’re used to seeing, with only slight differences.

What we can tell you is to always, always trust your gut. As cybercriminals continue to get more sophisticated with their tactics, while following these guidelines will help you to avoid most scams, there is no exhaustive list that covers every single situation. Most of the time though, you will have a nagging feeling that you need to slow down before you click. Pay attention to that.

As always, if you want to train your employees on how to spot phishing scams, Buzz Cybersecurity has our Lunch and Learn Program that will be continuing in 2021. Contact us today to learn more and schedule us to come out and educate your employees on how to take ownership of protecting your company’s assets!

Image by Robinraj Premchand from Pixabay

7 Ways to Protect Your Assets During the Holiday Season

As we close out what has been a difficult year for many, there’s a temptation to slack off being aware of the cyber risks out there, but the holiday season statistically sees an increase in cyberattacks, and experts are predicting that this year will be particularly bad. This year with COVID-19 restrictions hindering in-person activities, online purchases are expected to have a record-setting year. Cybercriminals are anticipating this, and will ramp up their efforts to take advantage of both unaware shoppers and unprotected businesses, looking to exploit sensitive information and data for the purpose of hacking. In this article, we take a look at how to stay one step ahead of the bad guys. We’ve done the research so you can actually enjoy your holidays with loved ones, rather than having to be on guard duty 24/7.

  1. Be Careful With Holiday-Themed Emails. Retailers go out of their way to send out emails touting sales and special deals, and they all look really shiny! And by all means, take advantage of those savings, but understand that phishing emails will also look festive. Pay particular attention to an email if you don’t recognize the sender, or it’s rife with spelling errors. That might be a clue that someone overseas is trying to get you to give your credit card information, or open an email with a virus attached to it.
  2. Slow Down. We’ve all clicked on a deal, only to see a pop up telling us that the special price is only available for a limited time—sometimes only minutes! Personally, I click right out of these because retailers often use this tactic to pressure you into making a bad decision that will result in buyer’s remorse, but hackers also use it to get you to throw caution to the wind, enter your credit card information, and click the buy button before you’ve really checked out the site. It’s OK to slow down and take a minute to make sure you trust the retailer on the other end.
  3. Beware of Phone Phishing Scams. I don’t know about you, but during the month of December, I am working to meet deadlines faster so I can have more time to bake cookies, attend parties, and savor the moments of peace and joy that are unique to this time of year. And all the while, I’m juggling phone calls and emails from clients. Normally, I don’t answer the phone if I don’t recognize a number, but I’ve occasionally broken my own rule, and there is usually someone on the other end trying to sell me something. They’re typically harmless telemarketers, but one time in particular I remember the person on the other end had an air of urgency and needed to verify me before he would even explain what the call was about. And when I say verify, he needed me to confirm my mother’s maiden name and the last 4 numbers of my social security number! When I refused, he tried to intimidate me with vague consequences that made me laugh out loud and hang up. Stay vigilant—this time of year scammers are counting on you juggling ten things at once and hoping you’ll have a momentary lapse in judgment.
  4. If You Must Work While Mobile, Be Extra Aware of The Risks. Many people wind up working during the holidays from hotels, airports, and anyplace that has free WiFi. But there are additional risks that come with working on-the-go, so be sure that you’re not using an unsecured network. Hackers will sit in coffee houses and lie in wait for unsuspecting victims who are tired, working against a deadline, and figure that using the free WiFi this one time won’t hurt. Trust us, it’s not worth it. A moment in lapsed judgment can wind up costing you thousands of dollars, and damage your professional reputation when you have to explain to clients how their information got leaked.
  5. Pay Attention to Your Server Activity. Server mining happens with more frequency during periods of shutdown, like holidays, when schools, businesses, and others are not using the majority of their server capacity. You’ll want to keep an eye on the activity level, and if it seems off to you, make sure to look into it right away. Buzz Cybersecurity offers Managed IT Services that can help with this.
  6. Keep You Updates Updated! The excitement of getting to see family, coupled with fast-approaching deadlines means that during the holidays, many companies and employees are more likely to put off patching until the beginning of the year, and hackers will look to take advantage of this. Updates and restarts are often seen as a frustrating barrier to getting out the door and often get overlooked, but take the time to audit. You know what they say about an ounce of prevention.
  7. Keep the Faith. As we celebrate the holidays, we want to encourage you to keep your faith in things above, and not in too-good-to-be-true sales and specials that make grandiose promises. If you get a nagging feeling that something isn’t right, don’t ignore that. At Buzz Cybersecurity, we like to think that we all have a built-in sense of discernment that helps to protect us when others would seek to harm us in some way. We encourage you to pay attention to that.

We hope you and your loved ones enjoy the happiest of holidays and stay safe. And if you want to have us run a diagnostic on how you’re doing with protecting your assets, contact us so we can help you to have peace of mind this holiday season.

Eye on Security: Rogue Mobile Apps

What are they and are you at risk?

Here at Buzz Cybersecurity, we never stop looking out for our clients and readers when it comes to the evolving world of data breaches, viruses, and other threats to your security. So this time, we wanted to take a closer at a type of malware that isn’t necessarily new, but many people are still unaware of: the rogue mobile app.

Phishing is still #1 when it comes to global fraud, but rogue mobile apps have become more prevalent in scams over the past few years and sit in the #2 spot. With more apps coming out every year, pewresearch.org reports that 6 in 10 Americans prefer getting their news via their mobile devices, such as smartphones or tablets, versus the traditional desktop or laptop. Thieves understand this, and are more than willing to capitalize on the opportunity to get you to download something while being distracted: on the subway ride home, checking your phone while your date is in the bathroom, or simply after a long day at work.

Simply put, rogue mobile apps are created for the sole purpose of gathering sensitive information stored on your phone. Think phone numbers, passwords, user names, credit card info, and bank account information. These apps will typically have some type of malware, usually in the form of either a worm, spyware, or virus (Trojan horse or otherwise). According to the RSA’s 2019 Whitepaper on the Current State of Cybercrime, the percentage of fraudulent activity originating from mobile platforms is 70%. On average there are 82 rogue mobile apps identified each day alone, and they estimate that fraud from mobile apps has increased a staggering 680% since 2015.

It used to be that these apps were fairly easy to identify. They were mostly accessed via unofficial app stores or through email links. Most people got smart fairly quickly and understood that the best way to avoid scams was to stick to accessing apps through credible sources like the Apple App or Google Play Stores. But in recent years, links to fake Google Play stores have cropped up as well, and legitimate social media platforms like Facebook, Instagram, and WhatsApp are being used to sell stolen identities and credit card information.

But it’s not all doom and gloom. The fact that there are entire committees devoted to staying one step ahead of cybercrime is encouraging. And there are still things that you, as a consumer, can do to keep yourself safe. Let’s take a look at some of those!

  • Only use trusted sites. This one may seem obvious, but remember, cybercriminals are counting on you to have a momentary lapse in judgment and click on a link that you normally wouldn’t. If you come across a link in an email or on a website asking to download an app, go the Apple App or Google Play Store to download it directly. If you can’t find it there, then chances are it’s a rogue mobile app and you’re being targeted for a scam.
  • Read reviews. Do some homework on the app before installing it. See what others have had to say and how they rated it first. And make sure the rating makes sense. Fake or illegally modified app reviews are sadly on the rise, as well. Last year, 9to5mac.com published an article detailing accounts of how negative reviews (calling an app virtually unusable, for example) were showing up with 5 stars! Both iOS and Google have acknowledged having to identify and delete fake reviews, so they’re not unaware, but don’t rely solely on their admins to weed out bad apps.
  • Look at who developed the app. Larger institutions like banks will departments that put out the app themselves. If the developer isn’t the bank, it’s very likely to be fake. For smaller entities, check the app developer history. If they have created several apps that generally have good reviews, then it’s more likely to be legitimate,
  • Be aware of what permissions you’re being asked to give. This is a hard one sometimes because in recent years the list of permissions keeps growing. The question you must ask yourself is: do I need this app enough to want to disclose the information it’s asking for? If the answer is no, then don’t risk it.
  • Trust your gut. This nugget of wisdom never gets obsolete. If you get that cringy, unsettling feeling that won’t go away, listen to it. Go back and review the steps above. Too often we don’t want to seem like dinosaurs, left behind in the barrage of technology, while everyone around us seems to be evolving. It may take some extra effort, but if you’re still not sure, when possible, call your bank or other institution to verify that the app is not a rogue. And in the end, follow what you have peace about.

Cyber thieves are not expected to go away any time soon, but getting in the habit of practicing good cybersecurity has a cumulative effect. You’ll get better at it the more you do it, and you’ll become adept at spotting scams from the get-go. Just be aware that there is always a level of risk associated with conducting any transaction online, and use common sense. Many smartphones can be outfitted with antivirus and antimalware apps, so check with your provider to see what options are available to you.

If you enjoyed this article, sign up for our weekly emails so you can continue to stay in the know about cybersecurity and protecting your assets.

Photo by Brooke Cagle on Unsplash