Cyber attackers and scam artists have ramped up their game in recent years as they stay one step ahead of technology and social awareness. It’s important to understand the real threats they pose to your personal and financial life. Here are a few things to watch out for to protect your identity and your money.
Social Media
Social media sites can be a great way to connect with friends and family, but they are also a prime feeding ground for hackers. Always remember to think before you post anything about yourself and your children, even in a private account. Follow the policy that once it’s out there, even with a delete button available, you could never get to take it back.
Cyber criminals are specifically hunting for people who chronically overshare. If your social media shows you at your favorite restaurant, lists your city, your job, your family member names, your birthday, pictures of your kids in front of their school, when you’re going to be away from home traveling, pictures showing your house address or identifiable neighborhood locations like parks/schools/churches – then you have greatly increased your risk of attack.
One of the biggest problems on Facebook are those question and answer posts that everybody loves to share. They are practically designed to get all of your security questions out of you. “Where did you go to school”, “what is your favorite place to visit”, “what friend have you known the longest”, “what other names have you gone by”, “name your pets”. It may seem innocent, but in the wrong hands that’s a lot of personal information you no longer have control of.
Using Free Wifi
The statement that ‘nothing is ever free’ is also true of free WiFi. It doesn’t matter if you are connecting from your hotel room, the mall or your local Starbucks… the risks of exposure are real. It may seem harmless to jump on to check your social media accounts and catch up on the news, but any activities that require a login, like reading your email or reviewing your bank account balance are risky. The biggest risk is called a man-in-the-middle attack. It’s essentially third-party eavesdropping. Everything you see they see. It’s also possible for hackers on the same network to slip malware into your device through security holes. Worse are malicious free hotspots specifically set up by hackers with their own internet access point to lure people in. Once you join the network everything is theirs.
The best way to avoid problems while on an open hotspot is to disable file sharing, stay on encrypted sites that use HTTPS, never log into sensitive accounts, log out of any accounts you access and as an added layer of security you could use a VPN browser to encrypt data.
Cloud Servers and Apps
As more of our information migrates from our computer hard drives into the Cloud the security of that information also becomes a concern. Cloud server services like Google Drive, Dropbox, and Amazon Cloud Drive are responsible for keeping their servers secure and protected from cyber-attacks and loss… though reading their fine print ultimately, they are not at fault for any breach or loss of data in an attack. When you are choosing a cloud service it’s important to find one that has a history of keeping their service very secure. You also need to remember to have strong passwords and log out every time you access them. Remember that no matter what guarantees the company offers, any information you choose to put on the internet could be at risk.
Spotting a phishing scam
Phishing scams have been around since the mid 1990s and traditionally use fake or spoofed emails and websites to lure people into handing over their personal details and sensitive information. Early phishing attacks only aimed to collect victim’s user names and passwords, but today have expanded to collecting whatever financial and sensitive personal information the hacker can. Phishing scams today don’t just focus on collecting information… they can also be the delivery method for ransomware attacks, automatic close-click malware downloads in popups, and malicious code hidden in images and other file downloads among other things.
Things to watch for in a scam contact:
- You don’t recognize the sender, or you do but the email is out of context for normal contact.
- The email subject contains a RE: or FWD: prefix, when you didn’t send an initial email request to that person.
- The email looks legitimate, but will contain an odd link, attachment or both. The links are redirected to a suspicious URL.
- The email asks you to verify information by clicking a link or tells you that you have won something and asks you to prove who you are.
- The email, call or text pushes you to act immediately or you’ll miss out, or there will be consequences.
- Watch the spelling. Foreign phishers often make spelling and grammatical mistakes or don’t fill out all of the dummy text on a spoofed website.
- The caller has an accent, or the call is from an automated system from a business you aren’t familiar with and asks you to hold for customer service.
- Thousands of Facebook users received a fake message that they had been mentioned in a post. The link downloaded malware onto their device and on their next visit captured their login information. Hackers then changed privacy information and compromised the victims account as well as attacking their Facebook friends.
- In a sophisticated version of a vishing attack callers receive a phone call from a hacker, but don’t pick up. An email or text is immediately sent with ‘voicemail’ in the subject line so that the curious victim who is aware of the call will click to find out what the call was and end up downloading malware.
- A user clicks on a link which directs to a page containing fake Google search results that all point to attacker-controlled websites. These contain malware links and login screens designed to steal user’s account names and passwords or solicit purchases to steal money and credit information. In 2020 many of these advertisements and links were about COVID with fake CDC warnings, stimulus check information and quarantine information. Every country in the world has been affected by these types of attacks.
- Scammers are using fake ads on Twitter and Facebook showing clothing, toys and household items for purchase at steep discounts or with timed sales to convince users to click and buy quickly to take advantage of the deal. Credit card and personal contact info is collected and money is sent to fake overseas companies. The website is designed to spoof a business and looks just like any other shopping cart with notifications etc. so the victim doesn’t realize the mistake for a while and the card information can be used for other illicit purchases. The victim often never receives the item they thought they purchased, or receives a randomly shipped item.
- A consumer is looking for a good deal on a credit card, mortgage loan, or investment account, and is researching their options online. One site promises to give them immediate approval on a loan or to check their credit for available interest rates. The fake forms then collect all of that person’s personal information – including their birth date, social security number and contact information while offering them fake results and taking over their identity.
- A Netflix user receives an email that looks like it has been sent from Netflix customer service notifying them that their payment information didn’t go through. The link directs the victim to a spoofed look-alike website that collects their user and credit card information. As a second whammy, a phone number in the email also directs to a fake customer service number with either an automated system that collects the entered account info or a real-life scammer willing to take the information as well if the user chooses to call instead of work online.
- If it sounds too go to be true – it always is.
- Slow down and think, then look twice before you click!
- Never share your login details with anyone via email, text, social media or phone. If you do, delete the email or text immediately.
- Maintain security software, anti-virus software, firewalls, email filters, and anti-malware on your computers. Leave safe search on in your browser settings.
- Lock your phone and laptop with a secure password or PIN
- Never deal directly with incoming calls from any financial institutions. If there appears to be a problem, hang up and call the company from their officially listed phone number or go into the local branch if you can.
- There is never a way to completely avoid email phishing attacks. Make it a habit to never click on links or attachments in emails from unknown people. And never click any link without a careful review.
- Always keep the status bar on in your browser active. It usually appears in the bottom left of your browser window and when you hover over a link will show you exactly where it is directed to if you were to click on it. If it looks fishy, don’t click.
- If you receive an unsolicited email with a link that claims it will take you to the website type the URL into the browser window instead of clicking the provided link so you go to the real site.
- Never blindly trust a website. Any halfway decent programmer can closely duplicate the look and function of a real company website when they create a fake to trick you into filling out a form, calling a fake phone number for support, or making a purchase and handing over your personal details and credit card info.
- Keep an eye out for children, teens, older parents and other at-risk people in your family and teach them about scam risks. A breach in their life will put your own at higher risk.
- Don’t write down passwords in unsecure places and consider setting up two-factor authentication on all websites that offer it.
- Keep all important documents in a safe place and out of sight.
- “You’ve won! Now pay us” is always a scam.
- Trust your gut. If it doesn’t look right stay away.
FFEF has a goal of helping you and your family stay safe and protect your financial future. If you have any questions, would like to review your budget, or need help fixing your debt please give one of our counselors a call at 877-789-4172.
For more information:
- www.phishing.org – covers information on what to watch for and prevention.
- blog.KnowBe4.com – reviews common current scams and cyber-attacks every quarter.
- https://www.consumer.ftc.gov/features/scam-alerts – Federal Trade Commission current scam alerts.
- https://www.usa.gov/common-scams-frauds – Common scams listed at USA.gov official website.