What’s Up With WhatsApp?

WhatsApp Logo on green backgroundA cybersecurity breach in Facebook’s WhatsApp app last month left users vulnerable to spyware attacks via voice calls. An undetermined number of the 1.5 billion users of the popular messaging app may have had malicious spyware installed on their devices.

Let’s take a closer look at the security breach and the steps you can take to protect yourself, both now and in the future.

What happened?
Security breaches are old news in the app world, but a breach of extremely high magnitude and reach is something new and fairly frightening. The fact that the breach hit WhatsApp is especially alarming. WhatsApp utilizes strong encryption for both voice and text messaging and is used as a communication platform for government and security officials around the world.

Here’s how it went down:
A government-grade intelligence collection tool was employed to target WhatsApp users via voice calls. The spyware has been endowed with the ability to seize control of the affected smartphones and to access any private information stored on the device.

The spyware utilized in the attack was allegedly created by the NSO Group, an Israeli cyber surveillance company that has developed this advanced technology for the express purpose of allowing government agencies to infiltrate terrorist groups and to fight crime. Unfortunately, when the spyware fell into the wrong hands, it helped scammers pull off one of the greatest cybersecurity breaches of all time.

The Financial Times reported that the WhatsApp breach was made possible because of a loophole in the app’s code that allowed hackers to transmit spyware onto smartphones by calling targets through the app. The malicious code could be injected into the device whether the user picked up the call or ignored it.

According to WhatsApp, the cyber breach was first discovered in early May and had been used to target an undisclosed number of WhatsApp users. The Facebook-owned messaging company claimed it briefed human rights organizations about the breach and also asked U.S. law enforcement agencies to assist it in conducting an investigation. When WhatsApp had more definite information, it notified the public about the breach.

Who was affected?
It doesn’t matter what kind of phone you have; the security vulnerability affects both iPhone and Android devices. The good news is that not every version of WhatsApp was affected. To check whether the version you have on your phone was part of those impacted by the breach, check out Facebook’s official advisory confirming the vulnerability, which outlines which versions were affected.

The messaging giant has not confirmed a specific number of targeted victims. Rather, it has only shared that a “select number of users were targeted through this vulnerability by an advanced cyber actor.”

What do I need to do now?
Since the vulnerability that caused the breach lies in the makeup of the app and not in an unsafe or negligent practice in the hands of a user, there is no way you could have prevented your device from being affected. However, now that the facts are on the table, you can take the recommended steps to keep your device safe from this vulnerability.

Since the breach was discovered, WhatsApp engineers have been working hard to close the app’s security vulnerability. The company has started installing a fix to servers and to private customers. It has also created an updated, safer version of the app that it has urged all users to employ on their devices as soon as possible.

Here’s a quick guide for updating your WhatsApp.

  • For iPhone users: Open the App Store, choose updates, select WhatsApp and then click Update.
  • For Android users: Open the Play Store, click the three lines in the upper left-hand corner, choose My Apps & Games, select WhatsApp and then hit Update.

If you haven’t yet updated your device, do it now. It only takes a few seconds of your time to make sure your WhatsApp is operating at its safest level.

You never know when those scammers are going to hit next. Practice safe measures by always using the latest version of any application or operating system, keeping yourself in the know about recent security breaches and never sharing sensitive information online.

Stay safe!

Your Turn:
How do you keep yourself safe from security breaches? Share your tips with us in the comments.

SOURCES:

https://www.iol.co.za/news/south-africa/gauteng/consumerwatch-what-you-should-know-about-whatsapp-breach-23607175

https://www.people.com/human-interest/whatsapp-security-breach-update-app/amp/

https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/amp/

Beware Tech Support Scams

Closeup of man's hands using a smartphone with desk and keyboard in the backgroundThe FTC is warning of a surge in tech support scams, many of which can be difficult to spot.

In a recent widespread scam, a company calling itself Elite IT Partners, Inc., purchased keywords so it showed in searches for password recovery assistance. Victims contacted the “company,” which asked them to fill out an online form with their contact information. Scammers then called the victims, asking for remote access to their computers. Once inside, they used phony evidence to convince victims that their computers were in need of repairs requiring pricey software. The scammers accepted payment for this software, but did not provide it.

Tech support scams don’t always follow the above script. Here are two other common scenarios:

1. Phone calls
In this variation, scammers spoof the numbers of well-known companies claiming they’ve found a problem with the victim’s computer. They’ll ask for remote access to it, run a “diagnostic test,” and plant bogus problems. They’ll then ask the victim to pay an exorbitant amount of money to get the issue fixed.

Red flag: Legitimate tech-support companies will never initiate contact by phone.

2. Pop-up warnings
Sometimes, a tech-support scammer will target victims with an alarming pop-up warning. The pop-up might look like a legitimate error from the victim’s system or antivirus software. The message will warn about a computer security issue and instruct the victim to call a listed number. Once the victim calls, they’ll be asked to grant the scammer remote access to their computer. The scam will then proceed much like what’s described above.

Red flag: Legitimate security warnings from tech companies will never ask you to call a phone number.

If you’ve been scammed
Are you a victim of a tech-support scam? It may not be too late to reclaim your money.

If you paid via credit or debit card, you may be able to stop the transaction. Contact your credit card company or [credit union] about contesting the charge.

You’ll also want to update your computer’s security software and run a scan. Delete anything your computer identifies as a security issue. Be sure to change your usernames and passwords as well.

Finally, don’t forget to report your scam to the FTC.

Your Turn: Have you been targeted by a tech-support scam? Tell us about it in the comments.

SOURCES:
https://www.consumer.ftc.gov/blog/2019/03/keep-tech-support-strangers-out-your-computer

https://support.microsoft.com/en-us/help/4013405/windows-protect-from-tech-support-scams

https://www.consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams

All You Need To Know About P2P Payment Systems

Young woman hands waiter her chip enabled card to pay for her and her friends lunch at an outdoor cafe.Cash is so overrated. Why fumble through wads of crumpled bills and piles of change when you can easily pay back the $6.75 you borrowed from your friend simply by using your phone?

Peer-to-peer (P2P) payment systems are changing the way we handle our money and our social finances forever. Eating out and splitting the tab is super-easy. Collecting money for a shared gift is no longer a hassle. Paying back borrowed money can be done anywhere, and at any time.

First popularized by PayPal, the world of P2P systems has exploded. Many financial institutions Advantage One, offer the option of P2P payments between members, and lots of social media platforms let you transfer money between friends as well. However, the most popular way to pay a friend back is through money transfer apps like PayPal’s Venmo, Square’s Cash App and Zelle. In fact, according to eMarketer, the total value of mobile P2P transactions in the U.S. could increase from $156.49 billion to $244.03 billion from 2018 to 2021.

Are P2P payments really the wave of the future, or just the latest hype? Read on for all your questions on P2P payment systems, answered.

How do P2P payments work?
Say you’re eating out with a bunch of friends and your pal, Meghan, offers to cover the tab and have everyone pay her back. She hands her card to the server while you and your friends pull out your phones. You’ll open up the cash-transfer app of your choice and find Meghan in your contact list. Just key in the amount you owe and send. You may have to input your PIN or prove your identity in another way before the transaction is finalized. Within seconds, Meghan will get a notification that the money’s been sent. Once the funds actually transfer, Meghan can choose to leave them in the P2P account until it’s her turn to pay, or she may move the money to a checking account at the financial institution of her choice.

Will it cost me to transfer money?
Depending on the service provider you use, there may be a fee for transferring money through your phone.

Most P2P systems will allow you to make a payment from a linked financial account or directly into the P2P account at no cost. However, several providers will take 2-3 percent of any payment made with a debit or credit card. Also, if you want your transfer to happen immediately, you’ll usually have to pay: Square Cash will charge a 1.5 percent fee while Venmo takes a flat $0.25 for every instant transfer.

How long will it take for the money transfer to clear?
Your friend will receive notification of your payment soon after you hit the send button. However, the actual money transfer usually takes one to three business days to clear. As mentioned, if you really need that transfer to clear your account immediately, most providers allow you to pay a small fee to make that happen.

Are P2P payments safe?
All P2P systems are careful to encrypt your financial information and to use security measures for protecting your funds. However, these measures aren’t foolproof. Many P2P systems have been targeted by hackers and scammers.

Protect yourself from P2P scams by taking the following steps:

  • Use two-factor identification and a PIN before completing a transaction.
  • Asked to be notified about every transaction.
  • Never use a P2P service for business purposes or for a money transfer with someone you don’t personally know.
  • Triple-check your recipient’s information before you send a payment; a misspelled email address could send your money to the wrong person.

If something goes wrong with a P2P payment, who is responsible for covering the loss?
Unfortunately, if you’ve been scammed or have had another issue with a P2P payment, you’re on your own. Most services will offer their assistance to law enforcement agencies and notify users if they’ve been scammed, but that’s usually the extent of their fraud protection.

If you choose to use your P2P payment service for a business-related transfer, fraud protection is limited even further. P2P services were created to be a means of transferring funds from friend to friend; most services clearly state in their policies that their platforms should not be used in business transactions. Many consumers, though, choose to ignore these warnings and use Venmo and Square Cash to pay for goods they’ve bought on Craigslist, to sell a used item or even to accept funds for a service they’ve provided.

If you disregard these rules, the service will likely offer no fraud protection or assistance in reclaiming lost funds. Many of them will not even honor a business transaction at all. It’s best to only use P2P payment services among friends and people you know and trust.

Lots of users mistakenly think their financial institution will back them up if a P2P payment goes sideways. However, financial institutions like Advantage One are never responsible for a P2P payment transfer. While we never want to see you lose money for a simple mistake or because you’ve been victimized by a scam, there’s not much we can do about it after the fact. For this very reason, we strongly advocate practicing caution when transferring money online or by app.

In short, if something goes wrong with a P2P payment, you’ll be the one who is responsible for the fallout.

When used responsibly, P2P payment transfers can be a super-convenient way for friends to share expenses or pay back borrowed funds.

Your Turn:
Do you use a P2P payment system? Tell us all about it in the comments, below.

SOURCES:
https://www.wired.com/story/venmo-alternatives/

https://paymentweek.com/2018-3-30-problems-p2p-mobile-payments/

https://www.nerdwallet.com/blog/banking/p2p-payment-systems/

https://www.google.com/amp/s/amp.usatoday.com/amp/36726065:

Are P2P Payment Systems Safe?

Close-up of the hands of four people holding smart phonesP2P payment services, like Venmo, Zelle and Square’s Cash App, are aiming to make cash obsolete – and some would contend they’re succeeding! Just a few quick swipes, and you can transfer funds to a friend, pay for an item you bought online or collect money that’s owed to you.

Convenient as they are, P2P payment systems have unfortunately become a breeding ground for scams and hacks. From compromised accounts to fraudulent transactions, using a P2P service opens you to some risk of losing your money to a scammer.

Read on to learn how to better protect yourself from a P2P payment scam.

How do P2P payment scams happen?
There are lots of ways using a P2P payment system can put you at risk, but the following two vulnerabilities are most common:

1.) The bogus buyer
In most cash-transfer apps, when you receive a payment, the money goes into your P2P system balance and stays there until you transfer it to an external account or use it to pay for another transaction. This transfer usually takes one to three business days to clear. Crooked scammers are taking advantage of that “float” in the transfer process to con you out of your money.

Here’s how it works:
A scammer will contact you about an item you’ve put up for sale or tickets to an event. Together, you’ll arrange for an exchange of funds and goods. You may even take precautions against a possible scam by insisting on an in-person meeting for the exchange or refusing to send out the item until you see the money in your P2P account. Things proceed according to plan. You’re notified that the money has been sent to your account and you hand over your item. Sadly, you won’t realize you’ve been ripped off until a few days later when the money transfer does not clear and the contact has disappeared with your goods. Unfortunately, there’s no way you can get your money back, because most P2P providers will not offer compensation for a fraudulent sale. Similarly, your linked financial institution bears no responsibility for the scam and can’t help you recoup the loss.

2.) Publicized payments
PayPal’s Venmo is the only P2P app with a built-in social networking component. This feature has led to a host of privacy issues that have been brought to the attention of the Federal Trade Commission (FTC).

In short, every Venmo transaction you make is up for public scrutiny. No one can access the payment amounts, but anyone who is interested can track the restaurants where you like to eat, the clothing stores you most frequent and check out when you last filled your gas tank. Creepiness factor aside, all that information going public makes Venmo users super-vulnerable to scammers and identity thieves.

Venmo allows you to tweak your privacy settings to keep your information from going public, but most people are unaware of the issue and/or neglect to take this measure. Recently, the FTC ruled that Venmo must make this detail clearer to users. Venmo has since created a popup tutorial for all new users demonstrating how to adjust your privacy settings to keep your transactions from going public. If you choose to use Venmo, check your settings to be sure your money habits aren’t being broadcast for the world to see.

Protecting yourself
You can keep your money safe and still enjoy the convenience of cash-transfer apps with these simple steps:

  • Only send money to people you know and trust.
  • Never use a P2P service for business-related transactions.
  • When using Venmo, adjust your privacy settings and opt-out of public tracking.
  • Carefully read the terms and conditions of a P2P service before using.
  • Always choose two-factor identification and use a PIN when possible. If your app and phone allows, choose fingerprint recognition and/or touch ID for added protection.
  • Accept any security updates offered by the P2P app you use.
  • Check your recipient’s information carefully before completing a money transfer.
  • Choose to be notified about every transaction.
  • Link an external account instead of keeping your funds in the P2P account.

Your Turn:
Do you think P2P systems are safe? Why, or why not? Share your take with us in the comments.

SOURCES:
https://triblive.com/business/technology/13358843-74/peer-to-peer-apps-come-with-risks-ftc-warns

https://www.consumer.ftc.gov/blog/2018/02/tips-using-peer-peer-payment-systems-and-apps

https://paymentweek.com/2018-3-30-problems-p2p-mobile-payments/

https://www.ftc.gov/news-events/events-calendar/2016/10/fintech-series-crowdfunding-peer-peer-payments

https://www.lexology.com/library/detail.aspx?g=9efa141a-40d2-4773-b930-bb395111d226

https://www.consumerreports.org/scams-fraud/how-to-protect-yourself-from-p2p-payment-scams/

 

5 Ways To Avoid Credit Fraud

Middle-aged red-haired woman in modern studying credit report witha look of concernkitchenHere are five ways that you can avoid credit fraud.

  • Keep your credit cards safe. Store your cards in a secure wallet or purse. After making a purchase, immediately return your card to that place.
  • Don’t allow websites to “remember” your card number. Only let secure payment portals, like GooglePay and PayPal, remember your card number. An even better practice is to never check the “remember card number” box for any site or portal.
  • Be wary when shopping online. Before using your credit card online, verify the site’s security and that the URL is authentic—there’s an “s” after the “http” in the web address, and a lock icon as well.
  • Report lost or stolen cards immediately. The sooner you report a missing card, the less liability you’ll have for fraudulent charges made with your card.
  • Review your monthly bill. Always look through your monthly statement to check for suspicious account activity.

Your Turn:
How do you avoid credit card fraud? Share your own tips with us in the comments.

Don’t Get Caught In A Crowdfunding Scam

The days of handouts and begging loans off wealthy relatives are fast becoming extinct. Today, if you need boatloads of money—whether it’s to help you cover an expensive emergency or to fund a new business idea—you only need to appeal to the vast audience of the internet and wait for the money to start rolling in.

Crowdfunding platforms like GoFundMe, Kickstarter and IndieGoGo are packed with eager would-be entrepreneurs and desperately needy individuals alike.

But, they’re also packed with scammers.
For instance, an Iowa woman raised thousands of dollars on GoFundMe for her daughter’s terminal cancer—which would be heartwarming were it not for the fact that her daughter is perfectly healthy.

In a second example, an American company called Triton claimed to have created a device enabling people to breathe underwater. The IndieGoGo page they set up to raise funds for production pulled in $850,000 in just a few days. Sounds inspiring until you realize their supposed invention is more like something out of a sci-fi movie. In reality, Triton fooled many people with an invention that only existed in their imagination.

In yet another incident that garnered national attention, a New Jersey couple teamed up with a homeless veteran from Philadelphia to start a bogus GoFundMe page. The couple claimed the veteran had used his last $20 to buy gas for the wife when she was stranded on Interstate 95. It was the perfect feel-good story, with just enough pathos and emotion to get people to part with their money—to the tune of $400,000, in fact.

Later, when the veteran accused the couple of withholding his money, the case went to court. Proceedings are currently ongoing, but authorities believe the campaign was a scam and that the couple allegedly burned through a whopping $350,000 of donated funds in just a few months.

While some crowdfunding platforms will refund your money if a cause turns out to be a scam, most of them will keep a portion of it for themselves, so don’t plan to get back every penny if you get caught up in a scam. There’s also the possibility of a crowdfunding scam remaining undetected, allowing the scammers to live it up on everyone else’s dimes. Even if your money does land back in your wallet, it’s never a good feeling to know you’ve been conned.

So, don’t let the scammers out there ruin it for everyone else! You should be able to share your money with any cause you believe in. Here are some tips to help ensure you’re chipping in for something genuine.

How to check a campaign for legitimacy
Whether it’s a heartbreaking story or a brilliant business venture you want to support, you’ll first want to research the campaign’s creator. Google their name to see what the internet has to say about them. Also, look up their street address and phone number to verify they’re using their real name, and check whether they’ve started any crowdfunding campaigns in the past.

If you’re looking at a charity campaign, your next step is to take emotion out of the picture. Charity crowdfunding scams succeed by playing with people’s heartstrings. Take the time to study the campaign with pure logic. Does the story really make sense? If you still think it’s legitimate and everything seems to check out, you can choose to donate. Or, you can take your caution one step further by contacting the campaign’s creator and asking for verification of their cause. If they’re genuinely in need, they’ll gladly supply you with names of doctors or references. But if they sound hesitant, or refuse to answer your questions, opt out.

If you’re looking at a crowdfunding campaign for a new business idea, ask yourself if the project is realistic. There are currently several GoFundMe pages set up by individuals with the goal of fighting ISIS. Sounds good until you realize how impossible it is for a single person to achieve such a goal. Lots of inventions or other business ideas also sound incredible until you realize they’re only possible in a fantasy world. Don’t help a business venture get off the ground until you can verify that it’s actually legitimate.

Do your due diligence with crowdfunding campaigns, and you can donate with confidence.

Your Turn:
Do you have a crowdfunding horror story? Tell us all about it in the comments.

SOURCES:
https://www.google.com/amp/s/www.nj.com/news/2019/01/inspired-by-viral-gofundme-fraud-this-nj-bill-would-mean-harsher-punishment-for-scammers.html%3FoutputType%3Damp

https://www.daveramsey.com/blog/how-to-avoid-crowdfunding-scams

https://www.google.com/amp/s/www.nbcnews.com/news/amp/ncna936941

http://www.cracked.com/blog/6-incredibly-obvious-crowdfunding-scams-people-fell-for/

Tax Scams 2019

Each year, the IRS publishes the “Dirty Dozen,” a list of 12 scams that are rampant during that year’s tax season.

This year, the IRS is cautioning taxpayers to be extra vigilant because of a 60% increase in email phishing scams over the past year. This is particularly disheartening, since it comes on the heels of a steady decline in phishing scams over the previous three years.

Typically, an email phishing scam will appear to be from the IRS. Once the victim has opened the email, the scammer will use one of several methods to get at the victim’s personal information, including their financial data, tax details, usernames and passwords. They will then use this information to steal the victim’s identity, empty their accounts or file taxes in the victim’s name and then make off with their refund.

Scammers have several means for fooling victims into handing over their sensitive information. The most popular tax-related phishing scams include the following:

  • Tax transcript scams
    In these scams, victims are conned into opening emails appearing to be from the IRS with important information about their taxes. Unfortunately, these emails are bogus and contain malware.
  • Threatening emails
    Also appearing to be from the IRS, these phony emails will have subject lines like “IRS Important Notice” and will demand immediate payment for unpaid back taxes. When the victim clicks on the embedded link, their device will be infected with malware.
  • Refund rebound
    In this scam, a crook posing as an IRS agent will email a taxpayer and claim the taxpayer was erroneously awarded too large a tax refund. The scammer will demand the immediate return of some of the money via prepaid debit card or wire transfer. Of course, there was no mistake with the victim’s tax refund and any money the victim forwards will be used to line the scammer’s pockets.
  • Phony phone call
    In this highly prevalent scam, a caller spoofs the IRS’s toll-free number and calls a victim, claiming they owe thousands of dollars in back taxes. Those taxes, they are told, must be paid immediately under threat of arrest, deportation or driver’s-license suspension. Obviously, this too is a fraud and the victim is completely innocent.

If you’re targeted
When targeted by any scam, it’s crucial to not engage with the scammer. If your Caller ID announces that the IRS is on the phone, don’t pick up! Even answering the call to tell the scammer to get lost can be enough to mark you as an easy target for future scams. If you accidentally picked up the phone, hang up as quickly as possible.

Similarly, suspicious-looking emails about tax information should not be opened. Mark any bogus tax-related emails that land in your inbox as spam to keep the scammers from trying again.

If you’re targeted by a tax scam, report the incident to help the authorities crack down on these crooks. Forward suspicious tax-related emails to phishing@irs.gov. You can also alert the Federal Trade Commission at FTC.gov.

Protect yourself from tax scams
Stay one step ahead of scammers this tax season by being proactive. Protect yourself with these steps:

File early in the season so scammers have less time to steal your identity, file on your behalf and collect your refund.
Use the strongest security settings for your computer and update them whenever possible.
Use unique and strong passwords for your accounts and credit or debit cards.
Choose two-step authentication when conducting financial transactions online.

Remember, the IRS will never:
Call about taxes owed without having first sent you a bill via snail mail.
Call to demand immediate payment over the phone.
Threaten to have you arrested or deported for failing to pay your taxes.
Require you to use a specific payment method for your taxes.

Ask you to share sensitive information, like a debit card number or checking account number, over the phone.

Be alert and be careful this tax season and those scammers won’t stand a chance!

Your Turn:
Have you ever been targeted by a tax scam? Share your experience with us in the comments.

SOURCES:
https://clark.com/personal-finance-credit/taxes/beware-of-these-common-irs-scams/

https://www.google.com/amp/s/www.forbes.com/sites/kellyphillipserb/2018/12/04/irs-warns-on-surge-of-new-email-phishing-scams/amp/

https://www.businessinsider.com/irs-phone-scam-what-to-do-if-you-get-scam-call-2018-2

All You Need To Know About Facebook’s Latest Bug

Young black woman scrolling through an app on her smartphone in a cafeWith its wide range of features, easy-to-use interface and streamlined access, Facebook is the darling of the social media age. It helps people stay connected with family and friends, allows new relationships to blossom and creates a culture of community for new and established businesses alike.

However, in December, Facebook announced its internal team found a photo API bug in its platform which may have exposed the unshared photos of 6.8 million users. As the latest in a stream of publicized security issues, this breach has the public confused and worried about their privacy.

Read on for all you need to know about the recent Facebook bug.

What happened because of the photo bug?
According to Facebook’s policy, apps linked to Facebook are only allowed to access photos that users give them permission to view, such as those posted on their Facebook timeline. The recent bug, however, may have allowed third-party apps to access loads of other pictures without their user’s knowledge and permission.

An estimated 1,500 apps built by 876 developers were affected by the bug. All of these apps are approved by Facebook, and were authorized by users to access their photos.

The photos breached include those shared on Facebook Stories or Marketplace as well as photos that had been uploaded but weren’t yet posted on Facebook.

The bug was active from Sept. 13 to Sept. 25, 2018. Although, Facebook waited to come clean about the breach in mid-December, 2018.

What steps has Facebook taken to fix the bug?
Facebook fixed the bug as early as Sept. 25 and has openly apologized for the breach. They have promised to let app developers know which of their users have been affected by the bug so they can take steps on their own. Facebook has also claimed to be working on strengthening their platform’s privacy to prevent future photo leaks and security breaches.

When asked why the social media giant did not inform the public about the bug immediately, a Facebook representative told CNN Business, “We have been investigating the issue since it was discovered to try and understand its impact so that we could ensure we are contacting the right developers and people affected by the bug. It then took us some time to build a meaningful way to notify people, and get translations done.”

Despite the statement, the jury remains out on whether Facebook has really taken the responsible course of action after the bug was discovered.

What does the bug mean for impacted Facebook users?
Having your unshared photos posted on public forums can lead to a host of safety issues. Thankfully, no crimes have been linked to the photo leak to date, but crooks can use revealing photos to stage a home robbery or worse. For reasons such as this, it’s always best to use the strongest privacy settings on your social media platforms and to be super-careful about which apps you allow to access your photos.

To be extra careful and keep yourself safe in the event of security breaches like Facebook’s recent photo bug, never post pictures that are too revealing about your personal life and your financial situation.

How can I check if my photos were leaked?
Facebook has issued an official alert to all affected users with clear steps for protecting their photos. The alert directs users to a Help Center Page where they can check if they’ve used any apps affected by the bug and get instructions on how to proceed from there.

Facebook also advises users to log into any apps they use to share photos and check which ones are accessible. If you’re worried about an app’s privacy, log into Facebook’s Manage Your Apps page and contact the app developer directly to inquire about the accessibility of your photos.

Facebook’s latest security breach may have impacted millions of users, but with the proper reactive steps and an eye toward a more secure future, it can help the social media giant and all its users practice stronger security measures and protect their privacy against potential breaches.

Your Turn:
Have you been impacted by Facebook’s latest breach? Share your experience with us in the comments below.

SOURCES:
https://betanews.com/2018/12/16/facebook-photo-api-bug/

https://www.google.com/amp/s/amp.cnn.com/cnn/2018/12/14/tech/facebook-private-photos-exposed-bug/index.html

https://www.geek.com/tech/facebook-photo-bug-how-to-check-if-you-were-impacted-1766300/

https://www.google.com/amp/s/www.cnbc.com/amp/2018/12/14/facebook-bug-exposed-photos-from-up-to-6point8-million-users.html

Credit Card Fraud In Fives

Businessman enters credit card number on a laptopNo one wants to be the victim of credit fraud. Aside from the stolen money you may never recover, victims of fraud can be faced with an enormous hassle. That hassle involves the closing of accounts, putting a fraud alert on your credit and a huge ding on your credit history, which can be difficult to fix.

Whodunnit? When we’re talking about credit card fraud, everyone’s pointing fingers at everyone else.

Consumers tend to blame the credit card issuer, but the vulnerability usually lies with the point-of-sale terminal. Tampering with a credit card reader takes just a few minutes and can be done with an inexpensive device that’s available on Amazon. In addition, there are lots of other ways your information can be skimmed, none of which point to a security deficiency with your credit union or credit card company.

Thankfully, there are steps you can take to prevent and recognize credit card fraud before it happens. Read on for all you need to know about credit card fraud in 5 lists of fives.

5 ways your card can be frauded

  1. It’s physically lifted from your wallet.
    The old-fashioned pickpocket is still a very real threat. Invest in a secure wallet and/or purse and always keep your card inside.
  2. A restaurant or bar server skims it.
    When you hand over your card to a dishonest server at the end of a meal, you give them a few minutes to skim your card while it’s in their possession.
  3. A terminal you use is compromised.
    Payment terminals can be tampered with and rewired to transmit your information to scammers. This is especially common in pay-at-the-pump gas stations.
  4. An online breach puts your information on the black market.
    After a company you use suffers a breach, your personal information may be up for sale on the dark web.
  5. Your computer’s been hacked.

Once a scammer gets inside your computer, they have full access to all of your sensitive data.

5 signs a terminal’s been compromised

  1. The security seal has been voided.
    Many gas stations have joined the war against credit card crimes by placing a security label across the pump. When the pump is safe to use, the label has a red, blue or black background. When it’s been breached, the words “Void Open” will appear in white.
  2. The card reader is too big for the machine.
    The card reader is created to fit perfectly on top of the machine. If it protrudes past it, it’s likely been tampered with.
  3. The pin pad looks newer than the rest of the machine.
    The entire machine should be in a similar condition.
  4. The pin pad looks raised.
    If the pin pad looks abnormally high compared to the rest of the machine, the card reader may have been fitted with a new pin pad that will record your keystrokes.
  5. The credit card reader is not secured in place.
    If parts of the payment terminal are loose, it’s likely been compromised.

5 times you’re at high risk for credit card fraud

  1. You lost your card.
    If you misplaced your card – even if it was eventually returned to you – there’s a chance your information has been skimmed.
  2. You’re visiting an unfamiliar area.
    When patronizing a business in an unfamiliar neighborhood, you don’t know who you can trust.
  3. A company you use has been breached.
    If a business you frequent has been compromised, carefully monitor your credit for suspicious activity.
  4. You shared your information online with an unverifiable contact.
    If you’ve willingly or unwillingly shared sensitive information online and you’re not certain of the contact’s authenticity, you’ve likely been frauded.
  5. You downloaded something from an unrecognizable source.
    Have you accidentally downloaded an attachment from an unknown source? Then your computer has likely been compromised and you’re at risk for credit card fraud.

5 ways to protect yourself against credit card fraud

  1. Check all card readers for signs of tampering before paying.
  2. Never share your credit card information online unless you’re absolutely sure the website you’re using is authentic and the company behind it is trustworthy.
  3. Check your monthly credit card statements for suspicious activity and review your credit reports on a frequent basis.
  4. Use cash when patronizing a business that’s in an unfamiliar area.
  5. Don’t download any attachments from unknown sources.

5 steps to take if your credit card has been frauded

  1. Lock the compromised account.
    Dispute any fraudulent charges on your compromised accounts and ask to have them locked or completely shut down.
  2. Place a fraud alert on your credit reports.

  3. Consider a credit freeze.
    This will make it impossible for the scammer to open a line of credit in your name.
  4. Alert the FTC.
    Visit identitytheft.gov to report the crime.
  5. Open new accounts.
    Begin restoring your credit with new accounts and lines of credit.

At [credit union], we’ve always got your back! Call, click, or stop by today to ask about steps you can take to protect your information from getting hacked.

Your Turn:
Have you ever been a victim of credit card fraud? Share your story with us in the comments.

SOURCES:

https://www.thebalance.com/how-credit-card-skimming-works-960773

https://www.thebalance.com/more-at-risk-of-credit-card-fraud-960780

https://www.makeuseof.com/tag/credit-card-fraud-works-stay-safe/

http://gizmodo.com/home-depot-was-hit-by-the-same-hack-as-target-1631865043

5 Scams To Avoid This Black Friday

Woman at home views tablet showing black friday sale adBlack Friday and Cyber Monday can be great fun – but they can also put you at great risk. Scams abound on the weekend that heralds the holiday shopping season, and you don’t want a phishing scheme or a bogus bargain to turn you into a Grinch.

Here are five scams to look out for as you brave the frenzied crowds while trying to snag the best deals after Thanksgiving.

1. Crazy deals that are actually bogus
The noisy crowds and flashy ads on Black Friday can lead you to make rash decisions and spend more than you planned. But be careful not to leave your senses at home.

An iPhone X retailing at just $12? A pair of genuine Ugg boots for just $9? These deals sound insane because that’s exactly what they are. And yet, thousands of people happily send their money to online stores that are advertising these laughable prices on Black Friday. And of course, once the scammers have your credit card information, they won’t hesitate to use it for their own shopping spree – all on your dime.

Be smarter: Don’t believe any advertised price that is ridiculously low. It’s only bait used by scammers to lure you into their trap. Black Friday deals tend to fall within the 20-30% off range or an offer of free shipping.

2. Black Friday gift cards for cheap
In the weeks leading up to Black Friday, you might see an explosion of cheap gift cards being sold at online marketplaces. The gift cards are linked to big-name retailers and are offered for a fraction of their real value.

These cards are usually stolen from their real owners. The victim of the theft will likely report the loss and the card will be disabled. And you’ll have forked over your hard-earned money for a card that’s not worth the plastic it’s made from.

Be smarter: Don’t buy any gift cards that are retailing at a heavily marked-down price.

3. Bait and switch
Want to be the lucky winner of a brand new iPhone X? Just fill out a form with your personal details and take this survey. You may just be the proud new owner of the super-expensive phone!

If you know anything about online scams, you’ll already recognize this one. Your personal details and a site whose authenticity you can’t verify are two things that should never meet. The sweepstakes is just the scammer’s bait to get at your information. And, with holiday expenses growing each year, it’s the perfect time to lure an innocent victim into thinking they’ve just saved a ton of money.

Don’t make the mistake of thinking you’re safe from this scam just because you’re doing all your Black Friday shopping at the mall. “Bait and switch” scams can happen offline, too.

The brick-and-mortar version of this scam is somewhat less nefarious. Retailers will advertise deals so amazing you’ll find yourself travelling across town and battling impossible traffic to grab these bargains. Once you finally reach the store, though, you’ll be told that those items are all sold out, but you can check out the items they do have in stock. You’ll be shown similar, but inferior, products and cheap knockoffs, or nothing you’re interested in at all. These scams are just a waste of your time and often your money, too.

Be smarter: Don’t enter any sweepstakes or believe advertisements for heavily marked-down prices on sites and stores you’re unfamiliar with.

4. Delivery problems
With so much of your shopping happening online, you probably wouldn’t be surprised to receive an email claiming there’s been a problem with the delivery of one of your purchases. But if you get an email like this asking you to click on a link or download an attachment to arrange an alternative delivery date, you’re looking at a scam. You may also receive a message asking you to pay an extra fee for delivery after you’ve completed an order. Again, this email is bogus and you’re being scammed. Ignore these emails. And, if you have a problem with the delivery of your purchase, contact the seller or company directly.

Be smarter: Never download anything or click on a link from an unverifiable source.

5. Online purchases that can only be paid for with a wire transfer
If you’re planning on going on an all-out spending spree this Black Friday, use your credit card. It offers you the most protection against purchases that don’t turn out to be what you expected.

A debit card can be a good choice, too, if you’re only shopping at stores and retailers you trust and frequent often.

Never agree to an online purchase demanding payment via money order or wire transfer. These are favorites among scammers since they are similar to paying with cash – once the money has changed hands, there’s almost no way you can get it back.

Be smarter: When frequenting unfamiliar stores and sites, use your credit card.

Be an educated shopper this Black Friday and outsmart scammers!

Your Turn:
Have you ever been targeted by a Black Friday scam? Share your experience with us in the comments below.

SOURCES:
https://www.finder.com/black-friday-scams

https://www.makeuseof.com/tag/6-scams-watch-black-friday-cyber-monday/