Take Caution Before You Borrow Someone’s Charging Cable

Young black male teen enjoys content on his phone that is plugged into a wall charger.You know the feeling. It’s like a bona fide coffee addict running low on caffeine, or like a hiker almost out of drinking water. You’re travelling and your phone is running low on juice. Frantic, you’re searching for a place to plug in and recharge. The last thing you want is to be completely stranded in a strange place with no way to order an Uber or pay for your dinner. In one last desperate move, you search through your bag for the charging cable you always keep there – and then you remember you lent it to your friend and never got it back.

What to do?

And then, like an angel, a stranger appears out of nowhere with a friendly smile on their face. They’re holding a wonderful, beautiful charging cable in their hands.

“Do you want to use this?” they ask.

What do you do?

A. Smile your thanks, grab the cable and plug in your phone.
B. Say “No, thank you,” before walking away, dead smartphone and all.

If you chose B, you made the right decision. Cybersecurity experts are warning against using a stranger’s charging cable or even borrowing one from an airport official or front-desk concierge at a hotel.

“There are certain things in life that you just don’t borrow,” says Charles Henderson, global managing partner and head of X-Force Red at IBM Security. “If you were on a trip and realized you forgot to pack underwear, you wouldn’t ask all your co-travelers if you could borrow their underwear. You’d go to a store and buy new underwear.”

Henderson heads a team of hackers that clients privately hire to break into their computers to identify vulnerabilities before blackhat hackers do. Henderson’s team will often send clients a compromised iPhone cable in the mail to see if the client will plug it in or if they’ve learned to be more cautious by discarding the charger instead.

Henderson warns that cyberhackers can easily implant charging cables with malware that can be used to hijack mobile devices and computers. This can spell complete disaster for the desperate traveler who graciously accepted the spare cable from their fellow passenger and plugged in their device.

At the annual DEF CON Hacking Conference in Las Vegas, a hacker known as MG showed the attendees how he had modified an iPhone lightning cable to serve as a hacking device. MG used the cable to connect an iPod to a Mac computer and then remotely accessed the cable’s IP address to take control of the Mac. These compromised cables are available on the Darknet for just $200 each.

Don’t be fooled into thinking that charging cables left over by previous guests in the front desk of the hotel are any better than a cable offered by a stranger.

“If the front desk had a drawer full of underwear,” says Henderson, “would you wear those?”

Unlike most scams aiming for as wide a target base as possible, using a charging cable to hack a victim’s device can only be pulled off on one victim at a time. Lucky for us, this means the charging cable hack isn’t as popular or widespread – yet. Henderson warns that the relatively inexpensive technology required for the hack and the fact that it is so easy to make the cable look completely innocent could mean an upsurge in these scams in the near future.

For now, it’s best to be aware of this threat and to practice caution when travelling.

Henderson adds that using public USB charging stations is currently a larger threat than compromised cables. These stations can easily be compromised and open your device to all sorts of malware and vulnerabilities. It’s best to use your own charger at all times.

“In a computing context, sharing cables is like sharing your password,” says Henderson, “because that’s the level of access you’re crucially conveying with these types of technology.”

To avoid falling victim to this hack, always pack an extra charging cable in your handbag. If you forgot to take one along or you can’t seem to find it, purchase a new one to use while you’re away. You can find charging cables in almost any convenience store for under $10 – a small investment for your safety.

The next time you’re running low on juice and a stranger offers you the use of their charging cable, make the safe choice!

Your Turn:
Have you ever been targeted by using a borrowed charging cable? Tell us about it in the comments.

Learn More:
forbes.com
headtopics.com
frnews.ng

Your Complete Guide To Identity Theft Protection

Young woman in business attire seated at an outdoor cafe stares worriedly at a laptop screen with her head in her hands.Did you know there were 14.4 million victims of identity theft in 2018? According to Javelin Strategy, each case cost the victim an average of $1,050 – and that’s only the cost in dollars. When an individual’s identity is stolen, the thief wreaks major havoc on the victim’s financial health, which can take months, or even years, to recover from.

Fortunately, there are steps you can take to prevent yourself from becoming the next victim. Here is your complete guide to identity theft protection.

1. Monitor your credit
One of the best preventative measures you can take against identity theft is monitoring your credit. You can check your credit score for free on sites like CreditKarma.com and order an annual report once a year from each of the three credit reporting agencies at AnnualCreditreport.com. Also remember that Advantage One offers members a free annual credit checkup as well. However you obtain your score, be sure to check for any sudden hits and look through your reports for suspicious activity. It’s also a good idea to review your monthly credit card bills for any charges you don’t remember making.

2. Use multi-factor authentication
When banking online, or using any other service that utilizes sensitive information, always choose multi-factor authentication. If possible, use your thumbprint as one means of identification. Otherwise, use multiple passwords, PINs or personal questions to make it difficult for a hacker to break into your accounts.

3. Use strong unique passwords
Never use identical passwords for multiple accounts. If you do so, you’re making yourself an easier target for identity thieves. Instead, create strong, unique passwords for every account you use. The strongest passwords use a variety of letters, symbols and numbers, and are never mock-ups or replicas of popular phrases or words.

If you find it difficult to remember multiple passwords, consider using a free password service, like LastPass. You’ll only need to remember one master password and the service will safely store the rest.

4. Only use Wi-Fi with a VPN
Did you know you are putting your personal information at risk every time you use the free Wi-Fi at your neighborhood coffee shop (or any other public establishment)? When using public Wi-Fi, always choose a Virtual Private Network (VPN) instead of your default Wi-Fi settings to keep the sensitive information on your device secure.

5. Block robocalls
Lots of identity theft occurs via robocalls in which the scammer impersonates a government official or the representative of a well-known company. Lower the number of robocalls reaching your home by adding your home number to the Federal Trade Commission’s No Call List at donotcall.gov. It’s also a good practice to ignore all calls from unfamiliar numbers, because each engagement encourages the scammers to try again.

6. Upgrade your devices
Whenever possible, upgrade the operating system of your computer, tablet and phone to the latest versions. Upgraded systems will keep you safe from the most recent security breaches and offer you the best protection against viruses and hacks.

7. Shred old documents
While most modern-day identity theft is implemented over the internet or through phone calls, lots of criminals still use old-fashioned means to get the information they need. Dumpster-divers will paw through trashed papers until they hit upon a missive that contains personal information. It’s best to shred all documents containing sensitive information as soon as you don’t need them.

8. Keep personal information personal
Be super-cautious about sharing sensitive data, like your Social Security number and banking PINs, with strangers – and even with friends. It’s also a good idea to use the strongest, most private security settings on your social media accounts to keep hackers out.

9. Invest in identity theft protection
If you’re still nervous about being the next victim of identity theft, you may want to sign up for an identity-theft protection service. Advantage One offers affordable Identity Theft Protection service in conjunction with our Benefits Plus checking account. Other services don’t come cheap, but services like LifeLock and IdentityForce will monitor your personal information online and immediately alert you about any suspicious activity.

Identity theft can be an expensive nightmare. Be proactive about protecting your identity and keep your information and your money safe.

Your Turn:
Which safety procedures do you follow in order to protect yourself from identity theft? Share them with us in the comments.

Learn More:
safesmartliving.com
wisebread.com
centsai.com

Four Super-Scary Scams To Watch For This Halloween

woman in witch contest holding jack-o-lantern in front of her faceDon’t let a Halloween scam spook you! Stay a step ahead of those crooks by looking out for these four scams this season.

1. The shipping scam
The internet is brimming with Halloween-themed stores in the months leading up to Oct. 31. Lots of these retailers offer an impressive selection of costumes, accessories and decorations at great prices.

Unfortunately, though, some of the retailers that own such sites will never deliver the ordered goods. That’s because, though the company may exist, and will appear legit, at the end of the day there was never a real intent to ship the item(s). The delivery date may be postponed until after Halloween, or the order might get canceled without notification. Sometimes, the shopper will receive the promised package on time – only the package is empty!

Before placing an order with a seasonal store, look for the company’s physical address and phone number. Check what the Better Business Bureau (BBB) has to say about it and look for information about return and refund policies in case things go south. Finally, as always, be careful about sharing your credit card information with an unsecure site. Look for the lock icon near the URL and the “s” after the “http” in the web address; both indicate you’re on a secure site.

It’s also a good idea to order your costumes and décor in September. This way, you’ll have time on your side if you need to return a costume or a product that didn’t turn out as expected. You’re also less likely to purchase goods from iffy retailers and vendors you don’t recognize when you aren’t pressed for time. Finally, you won’t be forced to spend a ton of money on last-minute shipping costs when you make your purchase early in the season.

2. The fraudulent offer
In this scam, a bogus company advertises a “Super Special Deal” for “Today Only” offer, or something similar. It will offer amazing Halloween goods for prices that are too good to be true and lure lots of unsuspecting customers into the trap. Unfortunately, the company is bogus and the offer doesn’t actually exist. If you purchase the advertised product, you’ll never see the product – or your money.
As with all potential scams, check out a company’s authenticity and a website’s security before purchasing.

3. The fake ticket scam
Planning to take a trip to an amusement park, attend a concert or take in another event on Halloween? Be wary of the fake ticket scam, in which third-party vendors sell bogus tickets to unsuspecting customers right before an event. They’ll also tack on an exorbitant commission, claiming that they need to charge extra because of the last-minute purchase. Of course, the ticket is bogus and they’ll pocket the ticket money, plus the commission.

Make sure to get your tickets to any event you’d like to attend well in advance. Contact the event organizers directly to make sure you’ve reached the right address. If you find tickets being sold online near Halloween time, do a quick online search to see if the event has already sold out. Check for spelling mistakes and erroneous information about the date and time of the event on the ticket, as well.

4. The bogus purchase scam
In this scenario, scammers try to convince you that you ordered something you have no recollection of purchasing just to get you to share your personal information. Once the scammers have this data, they’ll do anything from emptying your accounts to taking out loans in your name or committing full-blown identity theft.
If you receive any emails, phone calls or text messages asking you about a costume you never ordered or a ticket you never purchased, do not engage with the sender or caller. Delete the emails or flag them as spam. Also, block the contact from calling or texting you again. With any luck, the scammer will get the message that you’re not an easy target and leave you alone.

Here’s wishing you and yours a safe and frightfully fun Halloween from all of us here at Advantage One Credit Union!

Your Turn:
Have you ever been targeted by a Halloween scam? Tell us about it in the comments.

Learn More:
scam-detector.com
help-center.pissedconsumer.com
legalshred.com

Beware Natural Disaster Scams

Insurance salesman signing insurance paperwork with a middle-aged ladyWhen disaster strikes, so do the scams. It’s the season of hurricanes, earthquakes, tornadoes and more. If you live in an area that’s prone to storms and flooding, or you volunteer to help the victims of natural disasters, beware of these four post-disaster scams so you’re not taken for a ride.

1. Bogus charities
As soon as a major natural disaster hits, fake charities spring up like dandelions after a spring rain. You might get solicitations for donations via email, social media posts, text messages or phone calls. These appeals are usually accompanied by a tear-jerking story designed to play on your emotions and get you to loosen your purse strings.

Unfortunately, these scams are often successful at swindling victims out of thousands of dollars.

Never take a request for monetary aid at face value. Check out the charity’s authenticity at Charitynavigator.org and see what the Better Business Bureau has to say about them. If you find the charity does indeed exist and is a reliable organization, double-check that the website address (URL) is correct so you can be sure you’re not handing over money to a copycat site. If you want to be absolutely certain that your donation is going to the right address, you can simply contact the charity or The Red Cross on your own.

2. FEMA imposters
The days following a natural disaster can be chaotic, as victims try to put their lives and their homes back together.

Devious scammers capitalize on this misfortune to impersonate FEMA representatives to collect victims’ personal information and/or their money. They’re counting on victims being too preoccupied to check their legitimacy.

If you applied for FEMA, stay one step ahead of the scammers by remaining alert and cautious. If you receive a phone call from someone claiming to represent the federal organization, only share your FEMA claim number over the phone, keeping all other personal details to yourself. If the caller is legitimate, they should already have any other information they need.

If a FEMA representative shows up at your home, ask to see a FEMA-issued photo ID badge. The “representative” may promise to speed up your claim if you pay a deposit, but this is completely false, as FEMA does not offer any such arrangement. Do not give the “FEMA rep” any of your money – or any of your personal information.

3. Shady repair contractors
Many so-called contractors will make the rounds of neighborhoods that have seen storm damage to offer their services to homeowners seeking repairs. They may ask for upfront payment for any work you need and then do a sloppy job or never complete their task. You won’t realize you’ve been conned until the worker has left your home with your money in their pocket. To avoid getting caught in this scam, carefully research any contractor you’d like to use before hiring, and never agree to pay for all or most of the repairs before the work is done.

In a different variation of this scam, someone may show up at your door claiming to represent a utility company you use. They’ll threaten to shut off your service if you don’t provide immediate payment for any repairs you might need. Ask to see proof that they indeed represent the company they claim to work for and do not make any upfront payments until you have checked out their authenticity.

4. Damaged cars
It’s not only homes that can be heavily damaged by storms; vehicles can get hit hard, too. Sometimes, a car that’s been in a flood or hurricane can be fixed up so it looks fine on the outside despite a heavily damaged interior. Shady car salespeople might try to sell these vehicles to unsuspecting consumers who have no idea the car has been in such a storm.

If you’re shopping for a car in an area that has recently been hit by a natural disaster, be sure to check out the car’s history on sites like Carfax.com.

Don’t let scammers make a natural disaster more difficult than it already is. If you suspect fraud, let the FTC know at FTC.gov.

Your Turn:
Have you been targeted by a natural disaster scam? Tell us about it in the comments.

Learn More:
ridester.com

fema.gov

aarp.org

Tw

All You Need To Know About The Capital One Data Breach

Capital One bank Hq buildingIn late July, Capital One Bank announced that 106 million of its card holders had their data compromised in a massive breach that stretched over four months. Among the victims, 140,000 customers had their Social Security numbers swiped and approximately 80,000 had their linked checking account numbers stolen. No credit card numbers were reported to have been lifted in the breach.

The company fixed the vulnerability immediately and promised to alert all victims of the breach about their compromised data. The alleged hacker has been apprehended and steps are being taken to ensure a breach of this magnitude doesn’t happen again.
The Capital One issue was hardly the first of its kind to hit the news in recent years. Factors like online data and sophisticated hacking tools have spawned a wave of data breaches that have hit all kinds of businesses and service providers, from police departments to eateries, major retailers and online search engines.

In light of the multiple and wide-reaching data breaches over the past few years, experts recommend that everyone, even those who are not Capital One credit card holders, take the following 5 steps to protect their information from hackers:

Freeze your credit – Placing a freeze on your credit is the first and most crucial step you can take to stop scammers from making use of your information. A credit freeze will not affect your credit score, but does serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. Consequently, hackers will not be able to open a new line of credit or apply for a loan in your name.
You can now freeze your credit at no cost at all three of the major credit bureaus, Equifax, TransUnion and Experian. You’ll need to provide some basic information, including your date of birth and your Social Security number. You’ll receive a PIN for the freeze that will need to be used for lifting the freeze should the need arise.

Enable two-factor authentication – If you haven’t already, change all of your logins to two-factor (also called “multi-factor”) authentication. Whenever possible, choose a non-password authentication, like face recognition or thumbprint sign-in. This will provide an extra layer of protection against hackers and scammers trying to access your account.
Sign up for credit monitoring – Capital One is offering free credit monitoring for all victims of the data breach. You can find out more about this offer and general information about the Capital One data breach here.

Even if you’re not a Capital One card holder, you might want to consider signing up for credit monitoring to prevent being a victim of a data breach in the future. The service will immediately notify you about any suspicious activity on your accounts so you can stop potential hackers in their tracks. Credit monitoring will run you $10-$30 a month, but you’ll have the security of knowing that the company is on the lookout for any signs of trouble with your credit.

Use strong, unique passwords – Always choose strong passwords for all your accounts and use different passwords for each login. Your passwords should be at least eight characters long, and use a variety of numbers, letters and symbols. Vary your capitalization use as well, and never use your name, phone number or a common phrase as your password.

If you’ve been using your current passwords for a while, consider changing them up now. You can make this task easier by using a password aggregator like LastPass or Sticky Password.

Strengthen your security and spam settings – Never answer emails asking you to share sensitive data, even when they appear to be from legitimate companies. Make sure your devices are fully updated, and keep your spam settings on their strongest levels. It’s also a good idea to keep your social media accounts as private as possible to keep scammers from finding out personal details about your life which they can use to crack open your passwords.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
Have you been affected by the Capital One breach? Tell us about it in the comments.

Learn More:
cbsnews.com

usatoday.com

upi.com

capitalone.com

Beware Emergency Scams!

collefge age girl shares a meme on her phone with her grandmother while they have lunch at a cafe“Grandma? Is that you?”

“What’s the matter, honey?”

“Grandma, you gotta help me! They’re going to arrest me if I don’t pay the fine — and I lost my wallet! I don’t have a penny on me or any ID. Can you wire me some money?”

Does this sound like a phone call that can really tug at your heartstrings? It’s actually more like a diabolical plot by devious scammers. There’s no emergency, no imminent arrest and no lost wallet. In fact, it isn’t even your grandchild on the line; you’re speaking to a criminal who wants to get their hands on your money.

Family emergency scams, often referred to as “grandparent scams,” are some of the most nefarious around. They prey on the elderly and take advantage of the natural affection a grandparent has for their grandchild. They’re usually pulled off in the guise of a frantic phone call, though they sometimes show up as an urgent email, text, or social media post using the same panicky message.

Don’t be the next victim of this ruse! Read on to learn how to identify an emergency scam and what to do if you’ve been victimized.

3 ways to spot an emergency scam:

1. The caller will insist upon absolute secrecy
Once your “grandchild” has had their say, the scammer will then take the phone, impersonating an authority figure who is out to make the arrest and demanding that payment be made immediately. They’ll stress the importance of keeping the entire business hush-hush so nobody gets hurt. But, of course, the real reason behind their need for secrecy is to keep you from doing too much digging and identifying the scam for what it is. Any true law enforcement officer would have no request for such secrecy.

2. The “authority figure” will only accept certain means of payment
If you ever receive a phone call insisting that you wire money, send a prepaid debit card, cashier’s check, or certified check in return for helping your grandchild from a distressing situation, you can be certain it’s a scam. Criminals love these payment methods because they provide the victim with very little recourse once they’ve discovered the scam.

3. Your “grandchild” does not know basic information about themselves or family
It’s hard not to be duped into helping out your grandchild when they sound so stressed on the phone. It can also be hard to recognize your grandchild’s voice over a phone that has iffy reception, or from an overseas phone call if your grandchild is abroad. To make it even more complicated, scammers will use any information they can find about your grandchild’s life to appear legitimate. If the scam is carried out through email, they may even hack your grandchild’s email account so their missive appears to be coming directly from your grandchild.

If you ever receive a call or an email like the one described above, simply ask the caller about some personal details that a stranger would not be able to scrape off of your grandchild’s social media accounts. Ask about specific family memories or even jokes that will immediately let you know who you’re really dealing with.

If you’ve been scammed
If you’ve gotten a frantic phone call from your grandchild and you believe it to be true, don’t react just yet. You’ll be urged to act quickly, but take a minute to call your grandchild on your own to verify his or her whereabouts. You can also call the grandchild’s parents to ask where they might be at this time. You may be surprised to learn that your grandchild is safe at home!

If you’ve fallen for the scam and you’ve only recognized the ruse after you’ve sent your money, you may still be able to reclaim some or all of your funds by reporting the scam to the Federal Trade Commission at ftc.gov or by calling 1-877-FTC-HELP (1-877-382-4357). Even if you can’t reclaim your lost funds, you’ll be doing your part to help the authorities put those crooks behind bars.

Grandparenting is a wonderful experience. Don’t let scammers abuse your relationship with your grandchild by pulling the wool over your eyes. Stay one step ahead of them by being alert and knowing how to spot these scams. Show them that no one messes with grandma!

Your Turn:
Have you been targeted by an emergency scam? Tell us all about it in the comments.

SOURCES:

https://www.consumer.ftc.gov/blog/2018/07/scammers-create-fake-emergencies-get-your-money

https://www.consumer.ftc.gov/articles/0204-family-emergency-scams

https://money.usnews.com/money/personal-finance/family-finance/articles/most-common-phone-scams

8 Things To Do If Your Identity Is Stolen

Here are eight important actions you can take if you ever become the victim of identity theft.

  • Lock the compromised account.
    • Dispute any fraudulent charges on your compromised accounts and ask to have them locked, or even shut down.
  • Older man looking concerned as he browses files on his laptopPlace a fraud alert on your credit reports.
    • This helps alert creditors that someone may be trying to open accounts in your name.
  • Consider a credit freeze.
    • This will make it impossible for the scammer to open a credit line or loan in your name.
  • Alert the FTC.
  • Strengthen your passwords.
    • In addition to changing them, use strong and different passwords for all your online accounts.
  • Check your account statements.
    • It’s best to do so frequently to look for suspicious activity.
  • Open new credit cards and accounts.
    • Replace compromised accounts that you’ve shut down so you can be inconvenienced as little as possible.
  • Repair your credit.
    • Be extra careful about paying your bills on time and keeping your credit utilization low.

Your Turn:
Have you ever been the victim of credit card fraud? Share your story with us in the comments.

4 Vacation Scams To Watch For This Summer And How To Avoid Them

young parents with two kids taking a selfie picture while on vacationWith summer in full swing, you might be planning and packing up for the vacation of a lifetime. Before you load the car and head out, though, read through our list of four common vacation scams and learn how to avoid them. You don’t want to take a permanent vacation from your hard-earned money!

1. The bogus prize vacation
In this scam, you’ll receive notification via snail mail, phone call or email, that you’re the lucky winner of an absolutely free vacation stay. You’ll eagerly start planning your trip, only to find that you’re constantly asked to pay various “prize fees,” “taxes,” or “reservation deposits” as the departure date draws near. Your “free” vacation isn’t really free at all!

You might get suspicious and pull out. Or, you might be too deeply ensnared in the trap and only realize that, when you arrive at your destination, you’ve been conned. The vacation destination will either not exist at all, or be so substandard that you’ll need a vacation from your vacation when you get back home.

2. The dream-priced rental
You’re scrolling through Airbnb, searching for that perfect vacation rental house when you suddenly strike gold. There it is! The rental you’ve been looking for — and at a dream price!

You’ll contact the renter and begin making make arrangements for your trip. The renter will offer you an even steeper discount if you pay them through a third-party processing site instead of through the Airbnb website. Their likely preference is wire transfer. You’ll then be asked to pay a deposit or even the full price of the rental before you arrive. While it’s completely expected to pay up front through Airbnb or another rental service, you will not have the same protection if you’re not using the site.

The problem starts when you arrive at your vacation spot — or try to do so, that is. The address you’ve been given does not actually exist and the gorgeous pictures you’ve been looking through belong to another renter. Sadly, you’re now out your money and have nowhere to stay during your vacation.

3. Phony “experiences”
Aside from vacation rentals, sites like Airbnb also allow you to book “experiences,” or days out on the town with locals.

Unfortunately, this platform has become a breeding ground for scammers who offer phony tours to eager vacationers. You might find yourself booking a tour or an experience, and even paying for it, only to find out you’ve been scammed.

4. Travel-club membership with a catch
In these scams, unscrupulous travel companies work hard to persuade you to join their travel club with the promise of significant benefits and kickbacks, including dream vacation stays, discounted cruises or resort tickets and completely free getaways. Unfortunately, once you’ve joined the club, you’ll be charged high dues for perks that are so hard to access, they’re practically worthless. The discounted tickets will only be eligible for certain vacation dates that probably will not align with your own plans, and the “free” trip you were promised also comes with severe restrictions.

How to spot a vacation scam
Now that you know the many ways you can be conned while planning for or being on vacation, let’s take a moment to review the red flags that will clue you in to these scams.

Upfront fees
Whether it’s a vacation rental, a tourist experience or a sweepstakes prize, you should not have to pay more than a small deposit before your arrival. If you’re asked to pay steep upfront fees or even the full amount before your vacation, run the other way and don’t look back.

Specific payment methods
Similarly, if you’re asked to pay via wire transfer only, you can be sure you’re looking at a scam. According to the FTC, a demand for payment by wire transfer is the surest sign of a scam.

Skimpy details and absent reviews
When booking any kind of vacation, do your research. If your contact refuses to provide you with anything more than the most basic of details and you can’t find much info online, you’re likely looking at a bogus vacation.

Prices that are too good to be true
Trust your instincts. If a vacation rental, experience or package is priced ridiculously low, do some digging. Google the travel company or the renter’s name with the words “scam” or “bogus” to see what results come up.

Pressure tactics
If you’re urged to sign on a vacation package quickly or risk losing out on the deal, opt-out. Scams succeed with speed.

Scammers never go on vacation. Keep your guard up when planning your getaway and stay safe!

Your Turn:
Have you been targeted by a vacation scam? Share your experience with us in the comments.

SOURCES:

https://www.consumer.ftc.gov/blog/2019/05/make-it-scam-free-vacation

https://www.aarp.org/money/scams-fraud/info-2019/vacation.html?CMP=KNC-DSO-Adobe-Bing-FRD-VacationRentalScams-General&s_kwcid=AL!4520!10!73873646340258!73873595875939&ef_id=XQkCmwAAAKChlBOg:20190618160907:s

https://www.consumer.ftc.gov/articles/0073-timeshares-and-vacation-plans

 

What’s Up With WhatsApp?

WhatsApp Logo on green backgroundA cybersecurity breach in Facebook’s WhatsApp app last month left users vulnerable to spyware attacks via voice calls. An undetermined number of the 1.5 billion users of the popular messaging app may have had malicious spyware installed on their devices.

Let’s take a closer look at the security breach and the steps you can take to protect yourself, both now and in the future.

What happened?
Security breaches are old news in the app world, but a breach of extremely high magnitude and reach is something new and fairly frightening. The fact that the breach hit WhatsApp is especially alarming. WhatsApp utilizes strong encryption for both voice and text messaging and is used as a communication platform for government and security officials around the world.

Here’s how it went down:
A government-grade intelligence collection tool was employed to target WhatsApp users via voice calls. The spyware has been endowed with the ability to seize control of the affected smartphones and to access any private information stored on the device.

The spyware utilized in the attack was allegedly created by the NSO Group, an Israeli cyber surveillance company that has developed this advanced technology for the express purpose of allowing government agencies to infiltrate terrorist groups and to fight crime. Unfortunately, when the spyware fell into the wrong hands, it helped scammers pull off one of the greatest cybersecurity breaches of all time.

The Financial Times reported that the WhatsApp breach was made possible because of a loophole in the app’s code that allowed hackers to transmit spyware onto smartphones by calling targets through the app. The malicious code could be injected into the device whether the user picked up the call or ignored it.

According to WhatsApp, the cyber breach was first discovered in early May and had been used to target an undisclosed number of WhatsApp users. The Facebook-owned messaging company claimed it briefed human rights organizations about the breach and also asked U.S. law enforcement agencies to assist it in conducting an investigation. When WhatsApp had more definite information, it notified the public about the breach.

Who was affected?
It doesn’t matter what kind of phone you have; the security vulnerability affects both iPhone and Android devices. The good news is that not every version of WhatsApp was affected. To check whether the version you have on your phone was part of those impacted by the breach, check out Facebook’s official advisory confirming the vulnerability, which outlines which versions were affected.

The messaging giant has not confirmed a specific number of targeted victims. Rather, it has only shared that a “select number of users were targeted through this vulnerability by an advanced cyber actor.”

What do I need to do now?
Since the vulnerability that caused the breach lies in the makeup of the app and not in an unsafe or negligent practice in the hands of a user, there is no way you could have prevented your device from being affected. However, now that the facts are on the table, you can take the recommended steps to keep your device safe from this vulnerability.

Since the breach was discovered, WhatsApp engineers have been working hard to close the app’s security vulnerability. The company has started installing a fix to servers and to private customers. It has also created an updated, safer version of the app that it has urged all users to employ on their devices as soon as possible.

Here’s a quick guide for updating your WhatsApp.

  • For iPhone users: Open the App Store, choose updates, select WhatsApp and then click Update.
  • For Android users: Open the Play Store, click the three lines in the upper left-hand corner, choose My Apps & Games, select WhatsApp and then hit Update.

If you haven’t yet updated your device, do it now. It only takes a few seconds of your time to make sure your WhatsApp is operating at its safest level.

You never know when those scammers are going to hit next. Practice safe measures by always using the latest version of any application or operating system, keeping yourself in the know about recent security breaches and never sharing sensitive information online.

Stay safe!

Your Turn:
How do you keep yourself safe from security breaches? Share your tips with us in the comments.

SOURCES:

https://www.iol.co.za/news/south-africa/gauteng/consumerwatch-what-you-should-know-about-whatsapp-breach-23607175

https://www.people.com/human-interest/whatsapp-security-breach-update-app/amp/

https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/amp/

Don’t Get Caught In A Pyramid Scheme!

Man in suit looking worriedly at computer screenPyramid schemes are just one of the many ways scammers capitalize on human greed. These business-centered schemes have been around for years, but scammers are still growing rich off victims. Recently, the state of Washington sued LuLaRoe, a massive pyramid operation that had collected millions of dollars from small business owners who believed it to be a legitimate organization.

Pyramid schemes are especially dangerous because they can be difficult to spot. They make every effort to appear legitimate, and are often confused with authentic multi-level marketing (MLM) companies.

Let’s take a look at what constitutes a pyramid scheme and how to avoid falling into their trap.

What is a Pyramid Scheme?
A pyramid scheme is a system in which participating members earn money by recruiting an ever-expanding number of “investors.” The initial promoters of the business stand on top of the pyramid. They will recruit additional investors, who will each also recruit even more investors. At each level, the number of investors multiplies. Investors earn a profit for each new recruit, and pass on some of the profit to their recruiters. The further up on a pyramid an investor is, the more money they will earn.

Sometimes, pyramid schemes involve the sale of a product, but that is usually just an attempt to appear authentic. The product will typically be faulty, and will obviously not be the focus of the business. The main object of all pyramid schemes is to recruit new investors in a never-ending quest for expansion.

It may be difficult to spot the crime here—and pyramid schemes are actually legal in some states. However, there are definitely underhanded tactics you’ll want to be aware of with every pyramid scheme.

First, new investors need to pay a fee for the right to sell a product or service, and to recruit others for monetary reward. This fee can be quite steep. Essentially, the recruiter is paying the salary of their superiors.

Also, as mentioned, if a product is sold, it is likely faulty or damaged and will not sell well. Recruiters might be required to purchase the product themselves. To make it even worse, the company will refuse to take back products that are deemed unsalable.

Finally, every pyramid scheme is set to fail because they are dependent on the ability to recruit more investors. Because there is a limited number of people in any community, every pyramid scheme will eventually collapse, leaving only those at the top with a profit.

What is Multi-Level Marketing?
MLM companies are often confused with pyramid schemes, but there are some distinctions that set them apart.

First, MLM companies work by selling products directly to consumers without a retail store or website. Distributors or salespeople will market the products on their own and will also train and recruit additional distributors. Each distributor earns a commission on each sale, as well as commission on the sales of the distributors they’ve recruited.

You might have unknowingly encountered an MLM business or even purchased their products. Some MLM companies include Avon, Mary Kay Cosmetics, Amway, and Scentsy. These are all completely legitimate businesses, with no devious intent.

The primary difference between MLM companies and pyramid schemes is the reliable line of products or services that stand behind each MLM company. The bulk of the company’s profits come from sales, not from recruiting new investors.

Also, authentic MLM businesses will never leave their distributors with unsold products. They will gladly buy back unsold merchandise, though often at a discounted price.

How Can I Spot a Pyramid Scheme?
Watch out for these red flags which immediately mark a business as a pyramid scheme:

  • High-pressure tactics.
    Pyramid schemes work by ensnaring victims whose judgment is clouded by hopeful ambition and don’t bother to read the fine print.
  • Recruitment-based income.
    If your promised income is completely tied to recruiting more members for the business, you’re looking at a pyramid scheme.
  • Unsubstantiated income claims.
    If you’re promised a 6-digit salary within a year while working a low-skill job that requires no experience at all, opt out.
  • Outrageous products claims.
    Are you being asked to sell a cream that will make wrinkles disappear overnight? Or maybe a pill that makes people drop five pounds in a week? If the product is accompanied by outlandish claims that are hard to prove, you’re being targeted for a pyramid scheme.
  • You need to buy the product to sell it.
    A company that requires its salespeople to purchase its products is a company that is desperate for business. Run the other way and don’t look back.

If you think you’ve been targeted by a pyramid scheme, check your state laws and report the scheme to the authorities if a law has been broken. Also, warn your friends about the circulating scheme so they know to avoid falling into its trap.

Stay alert and stay safe!

Your Turn:
Have you been targeted by a pyramid scheme? Tell us about it in the comments!

SOURCES:

https://www.fraud.org/direct_sale_pyramids

https://www.fbi.gov/scams-and-safety/common-fraud-schemes/pyramid-schemes

https://ag.ny.gov/consumer-frauds/pyramid-schemes