All You Need To Know About The Capital One Data Breach

Capital One bank Hq buildingIn late July, Capital One Bank announced that 106 million of its card holders had their data compromised in a massive breach that stretched over four months. Among the victims, 140,000 customers had their Social Security numbers swiped and approximately 80,000 had their linked checking account numbers stolen. No credit card numbers were reported to have been lifted in the breach.

The company fixed the vulnerability immediately and promised to alert all victims of the breach about their compromised data. The alleged hacker has been apprehended and steps are being taken to ensure a breach of this magnitude doesn’t happen again.
The Capital One issue was hardly the first of its kind to hit the news in recent years. Factors like online data and sophisticated hacking tools have spawned a wave of data breaches that have hit all kinds of businesses and service providers, from police departments to eateries, major retailers and online search engines.

In light of the multiple and wide-reaching data breaches over the past few years, experts recommend that everyone, even those who are not Capital One credit card holders, take the following 5 steps to protect their information from hackers:

Freeze your credit – Placing a freeze on your credit is the first and most crucial step you can take to stop scammers from making use of your information. A credit freeze will not affect your credit score, but does serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. Consequently, hackers will not be able to open a new line of credit or apply for a loan in your name.
You can now freeze your credit at no cost at all three of the major credit bureaus, Equifax, TransUnion and Experian. You’ll need to provide some basic information, including your date of birth and your Social Security number. You’ll receive a PIN for the freeze that will need to be used for lifting the freeze should the need arise.

Enable two-factor authentication – If you haven’t already, change all of your logins to two-factor (also called “multi-factor”) authentication. Whenever possible, choose a non-password authentication, like face recognition or thumbprint sign-in. This will provide an extra layer of protection against hackers and scammers trying to access your account.
Sign up for credit monitoring – Capital One is offering free credit monitoring for all victims of the data breach. You can find out more about this offer and general information about the Capital One data breach here.

Even if you’re not a Capital One card holder, you might want to consider signing up for credit monitoring to prevent being a victim of a data breach in the future. The service will immediately notify you about any suspicious activity on your accounts so you can stop potential hackers in their tracks. Credit monitoring will run you $10-$30 a month, but you’ll have the security of knowing that the company is on the lookout for any signs of trouble with your credit.

Use strong, unique passwords – Always choose strong passwords for all your accounts and use different passwords for each login. Your passwords should be at least eight characters long, and use a variety of numbers, letters and symbols. Vary your capitalization use as well, and never use your name, phone number or a common phrase as your password.

If you’ve been using your current passwords for a while, consider changing them up now. You can make this task easier by using a password aggregator like LastPass or Sticky Password.

Strengthen your security and spam settings – Never answer emails asking you to share sensitive data, even when they appear to be from legitimate companies. Make sure your devices are fully updated, and keep your spam settings on their strongest levels. It’s also a good idea to keep your social media accounts as private as possible to keep scammers from finding out personal details about your life which they can use to crack open your passwords.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
Have you been affected by the Capital One breach? Tell us about it in the comments.

Learn More:

8 Things To Do If Your Identity Is Stolen

Here are eight important actions you can take if you ever become the victim of identity theft.

  • Lock the compromised account.
    • Dispute any fraudulent charges on your compromised accounts and ask to have them locked, or even shut down.
  • Older man looking concerned as he browses files on his laptopPlace a fraud alert on your credit reports.
    • This helps alert creditors that someone may be trying to open accounts in your name.
  • Consider a credit freeze.
    • This will make it impossible for the scammer to open a credit line or loan in your name.
  • Alert the FTC.
  • Strengthen your passwords.
    • In addition to changing them, use strong and different passwords for all your online accounts.
  • Check your account statements.
    • It’s best to do so frequently to look for suspicious activity.
  • Open new credit cards and accounts.
    • Replace compromised accounts that you’ve shut down so you can be inconvenienced as little as possible.
  • Repair your credit.
    • Be extra careful about paying your bills on time and keeping your credit utilization low.

Your Turn:
Have you ever been the victim of credit card fraud? Share your story with us in the comments.

Simple tips for protecting your parents from financial fraud

daughter helping elderly father check his account onlineAccording to the Federal Trade Commission, older adults are disproportionately affected by fraud.

Whether it’s a phony phone call, phishing scam, or mail fraud, seniors often become targets for scammers who perceive them as easy marks.

While you alone can’t put an end to this shady illegal activity, you can empower you parents with the knowledge to keep themselves—and their finances—safe.

Remind them about “stranger danger”
Your parents probably taught you the concept of “stranger danger” at an early age—and for good reason. Don’t interact with suspicious people. It’s an important lesson that’s relevant to adults as well as children.

If someone you don’t know asks for personal information, it’s probably a scam. Remind your parents to never give out credit card or account information, passwords, or social security numbers unless they can verify the identity of the person or business making the request.

Add their number to the Do Not Call List
When you add your phone number to the The National Do Not Call Registry, the government informs telemarketers not to call you.

Unfortunately, unscrupulous organizations and scammers ignore the registry and may continue to harass your parents, but they should see a reduction in unsolicited calls and text messages from those who abide by the law.

Give them a crash course in online literacy
If your senior parents use technology but aren’t completely familiar with how scams work online, they might not understand what to click and what to avoid.

Spend some time going over how to navigate the internet safely. Most importantly, explain email phishing. Emphasize that they should never click links in unsolicited emails from people or companies they don’t know.

If they use social networks like Facebook, warn them not to share anything too personal as scammers might use this information to impersonate friends or family members online.

Used with permission. © 2019 BALANCE. All rights reserved.

All You Need To Know About Facebook’s Latest Bug

Young black woman scrolling through an app on her smartphone in a cafeWith its wide range of features, easy-to-use interface and streamlined access, Facebook is the darling of the social media age. It helps people stay connected with family and friends, allows new relationships to blossom and creates a culture of community for new and established businesses alike.

However, in December, Facebook announced its internal team found a photo API bug in its platform which may have exposed the unshared photos of 6.8 million users. As the latest in a stream of publicized security issues, this breach has the public confused and worried about their privacy.

Read on for all you need to know about the recent Facebook bug.

What happened because of the photo bug?
According to Facebook’s policy, apps linked to Facebook are only allowed to access photos that users give them permission to view, such as those posted on their Facebook timeline. The recent bug, however, may have allowed third-party apps to access loads of other pictures without their user’s knowledge and permission.

An estimated 1,500 apps built by 876 developers were affected by the bug. All of these apps are approved by Facebook, and were authorized by users to access their photos.

The photos breached include those shared on Facebook Stories or Marketplace as well as photos that had been uploaded but weren’t yet posted on Facebook.

The bug was active from Sept. 13 to Sept. 25, 2018. Although, Facebook waited to come clean about the breach in mid-December, 2018.

What steps has Facebook taken to fix the bug?
Facebook fixed the bug as early as Sept. 25 and has openly apologized for the breach. They have promised to let app developers know which of their users have been affected by the bug so they can take steps on their own. Facebook has also claimed to be working on strengthening their platform’s privacy to prevent future photo leaks and security breaches.

When asked why the social media giant did not inform the public about the bug immediately, a Facebook representative told CNN Business, “We have been investigating the issue since it was discovered to try and understand its impact so that we could ensure we are contacting the right developers and people affected by the bug. It then took us some time to build a meaningful way to notify people, and get translations done.”

Despite the statement, the jury remains out on whether Facebook has really taken the responsible course of action after the bug was discovered.

What does the bug mean for impacted Facebook users?
Having your unshared photos posted on public forums can lead to a host of safety issues. Thankfully, no crimes have been linked to the photo leak to date, but crooks can use revealing photos to stage a home robbery or worse. For reasons such as this, it’s always best to use the strongest privacy settings on your social media platforms and to be super-careful about which apps you allow to access your photos.

To be extra careful and keep yourself safe in the event of security breaches like Facebook’s recent photo bug, never post pictures that are too revealing about your personal life and your financial situation.

How can I check if my photos were leaked?
Facebook has issued an official alert to all affected users with clear steps for protecting their photos. The alert directs users to a Help Center Page where they can check if they’ve used any apps affected by the bug and get instructions on how to proceed from there.

Facebook also advises users to log into any apps they use to share photos and check which ones are accessible. If you’re worried about an app’s privacy, log into Facebook’s Manage Your Apps page and contact the app developer directly to inquire about the accessibility of your photos.

Facebook’s latest security breach may have impacted millions of users, but with the proper reactive steps and an eye toward a more secure future, it can help the social media giant and all its users practice stronger security measures and protect their privacy against potential breaches.

Your Turn:
Have you been impacted by Facebook’s latest breach? Share your experience with us in the comments below.


Beware Tech Support Scams!

Reflection of man over program code pressing "access granted" buttonYou’re always putting yourself out on a limb when you call tech support. You dial the number the company gives you, and perhaps after a while of waiting, you’re connected to someone who may be working on the other side of the world in a completely different time zone. Then you’re asked to give this anonymous person identifying details about your phone or computer and the technical problems you’re experiencing.

Of course, you’re fairly certain the speaker works for your device’s company and you believe it’s perfectly safe to share this information. At the very least, they have contracted with this individual and are tracking their service.

All of that gets a little riskier when you’re asked to allow the tech support agent to have remote access to your device. This step is sometimes necessary to fix the glitch, but it can also be unnerving. Suddenly, it’s as if an invisible person has taken over your screen. Letters you haven’t typed are showing up on the display and the cursor is flying all over the screen, even though you haven’t touched the mouse.

You’re essentially letting someone have free access to a device that houses some of your most personal information. Yikes!

And that’s exactly what tech support scammers are looking for with their nefarious hacks. It’s truly as awful as it sounds: In these scams, fraudsters contact victims and trick them into granting the scammer access to their computers. The crooks may reach out to people through a phone call, insisting the victims have a virus or another problem they’ve somehow detected from the company’s headquarters. Alternatively, they’ll send a popup to the victim’s computer which will flash dire warnings about an impending or existing virus that can be “fixed” by clicking on a link.

There are several outcomes of such tech support scams, none of them good. Sometimes, a scammer will trick you into installing malware on your computer, claiming you have to click on a link in order to heal your computer of its ills. Other times, they might sell you expensive “software” by making the same false claims. Still other times, they’ll direct you to a bogus tech support website where you’ll be asked to input your credit card information. And they’ll oftentimes simply help themselves to the sensitive data they find on your computer and then wreak havoc on your financial life.

Federal Trade Commission (FTC) Scams
Tech support scams are nothing new, but a recent wave of these scams has taken on an ironic twist. The very organization that leads the battle in taking down scammers is being exploited for a particularly heinous hack.

Scammers posing as FTC employees are calling victims, asking for remote access to their computers. They assure victims they can help restore any affected devices to their previous working conditions. Many of them are claiming to represent the FTC’s Advanced Tech Support Refund program.

This program was created to help victims of previous scams collect their refund money from the FTC. The scammers will convince the victims that they are moments away from seeing their money – they just need to provide the alleged FTC employee with remote access to their computer. They may also ask for an upfront payment before the refund can be issued or for checking account information, claiming it’s necessary for the refund to clear.

Of course, none of this is true and the caller has never worked for the FTC. In fact, the FTC will never request remote access to your device or ask you to pay to receive a refund. Also, their refunds are sent in check form via snail mail, and do not require any checking account information at all.

The FTC has alerted the public that the only genuine number to call for information about the Advanced Tech Support Refund program is 877-793-0908. If someone calls you on their own, assume it’s a scam. End the call immediately and report the incident to the FTC.

Recognizing Tech Support Scams
As mentioned, the wave of tech support scams in which fraudsters impersonate the FTC are easy to spot if you know this basic information about the FTC: They will never request remote access to your computer, ask for payment in exchange for a refund, or reach out to you on the phone.

Here’s how to prevent other variations of tech support scams:

  • Never click on a pop-up box that claims your computer has a virus and offers to clean it. This will only infect your computer or grant a scammer remote access to your device.
  • Always call tech support on your own; if they call you, especially if you’re not aware of any problem with your computer, hang up as quickly as you can.
    Never agree to purchase expensive software online to fix an alleged virus.
  • If you think you’ve been scammed, tell everyone you know about it and be sure to alert the FTC. Let’s do our part to put those crooks out of business for good!

Your Turn:
Have you ever been targeted by a tech support scam? Share your experience with us in the comments!


The Risks of Using Someone Else’s Wi-Fi

Protecting you and your money from hackers
The internet has made doingWiFiSeucure_Featured many things much easier. It provides instant gratification for shopping for that perfect outfit or new gadget, and banking and bill payment services are just a click away.

But the internet also has made it much easier for cyber criminals to get your personal information.

The dangers of using a public or unsecure Wi-Fi connection
When you connect to an unfamiliar Wi-Fi network, including a public Wi-Fi network at your favorite coffee shop, restaurant or store, you’re opening the door for hackers and cyber criminals to steal your personal and confidential information. They can impersonate you, steal your money or even sell your information on the cyber black market to a host of people who could do the same. How can they do this?

In a July 2014 article in Forbes, Vice President of Check Point Software Technologies Bari Abdul highlights common ways a hacker can get into your computer when you’re using a public Wi-Fi or someone’s unprotected Wi-Fi network.

Scenario No. 1: Rogue/evil twin Wi-Fi
“A hacker creates a hotspot named Hotel Wi-Fi in a hotel lobby using a USB antenna and laptop. You connect to it and log in to your email or other account,” says Abdul. “When [you] log in, hackers listen for your passwords and other sensitive information. They can also use these networks to get you to download malware.”

And you’re none the wiser, because most hotels offer free Wi-Fi to their guests, and why would something so official-looking be fake?

Scenario No. 2: Man-in-the-middle attacks
Man-in-the-middle attacks happen when a hacker intercepts communication between two computers while one is connected to an unsecure network, like public Wi-Fi.

“A common man-in-the-middle attack is when a third party or ‘middle person’ eavesdrops as you exchange bank account or credit card information. Traveling and forgot to set up a payment? Be aware that online shopping interactions or other financial transactions are highly susceptible to man-in-the-middle attacks,” reports Abdul.

Other common ways you could unknowingly allow a hacker access to your devices include using smartphones that automatically connect to any available Wi-Fi (including rogue Wi-Fi networks posing as legitimate ones) and even maintaining a home or office network that’s not up-to-date in its firewall and security software. A hacker will wait until you use the device on an unprotected connection and then eavesdrop on everything you type, looking for passwords and sensitive banking or credit card information.

Tips to protect you from becoming a victim of cybercrime
Kaspersky Labs, a renowned global cybersecurity company with a North American base in Massachusetts, shares tips on its website about how to protect yourself while banking or shopping online with an unfamiliar Wi-Fi connection.

  • Treat every unknown Wi-Fi connection with suspicion. If you’re in a retail store, talking with an employee before connecting.
  • Use your smartphone as a hotspot instead of connecting to any Wi-Fi networks, and turn off the capability in your settings to automatically connect to available Wi-Fi without permission.
  • Because links are often infected with Trojans or other malware viruses, always type in the full URL to the online bank or store instead of clicking a link.
  • Beware of fake messages from your bank asking for personal information. A legitimate financial institution will not ask you to send sensitive information via email or a pop-up window; nor will it ask you to visit its site for authorization.
  • “When you’re visiting a web page that needs you to enter confidential data, carefully check that the address of the page that’s shown on the browser corresponds with the page that you were intending to access,” says Kaspersky Labs. “If the URL is made up of a random selection of letters and numbers — or it looks suspicious — do not input any information.”
  • Before entering any sensitive information, check that the URL in your browser has a padlock icon and starts with “https” — not “http” — to make sure the connection’s encrypted.

If you have any questions on other measures to take to protect yourself from the dangers of using someone else’s Wi-Fi for online banking, bill paying or shopping, let us know and we’ll be happy to help.

Used with Permission. Published by IMN Bank Adviser Includes copyrighted material of IMakeNews, Inc. and its suppliers.

Safe Online Banking

Tips for a safer online banking experience

Online banking toolsSafeOnline_Featured have revolutionized the world of personal finance. You can deposit checks, transfer funds and pay bills all without leaving the comfort of your home, but you need to make sure that you’re doing these things safely.

“The Internet offers the potential for safe, convenient new ways to shop for financial services and conduct banking business, any day, anytime,” states the FDIC. “However, safe banking online involves making good choices — decisions that will help you avoid costly surprises or even scams.”

With an online-only bank, you have to take more steps to verify that the website or mobile app comes from a legitimate financial institution and is not just run by a scammer. You also still have to be careful when using the online services offered by your financial institution. A common practice for scammers is to create websites that are similar to those of a real bank, in order to trick people into giving out their personal information and their passwords and other account information. Before you enter any information into a website, double-check the URL to make sure it is correct. And always make sure the website begins with “https” to ensure that it’s secure.

Similarly, don’t click a link that comes from an email, even if that email seems exactly like the ones your financial institution typically sends. Instead, open a browser and navigate to the website yourself. Taking this extra step ensures that you end up at the correct page and are not rerouted to a fraudulent one.

Make sure you have a strong password for your online banking and change it regularly. Don’t choose anything that could be easily guessed, such as your birthday, family members’ birthdays, addresses or anniversaries. It’s best to not use any word that can be found in the dictionary, because hacking software can quickly scan through those and land on the correct one. Replacing letters with numbers that look the same and putting an exclamation point at the end of a word are overused tricks and also easy for scammers to guess.

Furthermore, it should go without saying that your banking password shouldn’t be the same as your password for other things. Your password goes to your financial institution through an encryption system that protects it from hackers, but if you use the same password for other websites, there are many ways to obtain it. Since many people reuse passwords, it is common for hackers to try a discovered password on more than one account.

“Okay, in the real world you probably have more than one online financial account. Rather than strain your brain memorizing tough, hard-to-crack passwords for each of them, enlist the help of a password manager,” says Neil J. Rubenking from “The best ones not only store your passwords securely but also help you work through your collection of passwords and replace weak ones and duplicates.”

It’s best if you don’t access online banking when you are not using your own network. You don’t know how many other people are using it and how it is secured or monitored.

“If you can’t resist, at least connect through a virtual private network,” states Rubenking. “Now nobody can read your encrypted traffic. For free VPN protection, we like CyberGhost and VPNBook. Commercial VPNs like Private Internet Access and Norton Hotspot Privacy are ad-free, with more power and flexibility.”

Using a VPN will change your IP address. This means that your financial institution’s website will not recognize your incoming traffic and may ask for more information on top of your correct password to try to authenticate that you are whom you claim to be. These measures can include asking set security questions or requiring secondary phone or email authentication, if you have those features enabled. If you think you forgot the answer to your security question, wait until you get home so you don’t get locked out of your account by making too many wrong guesses.

If you can’t wait until you get home and you have a smartphone or tablet, just turn off Wi-Fi and use your mobile connection. Anyone else could be monitoring public Wi-Fi, but your mobile data plan is difficult for outsiders to access.

Last, make sure you review your banking transactions regularly to ensure that there isn’t something there that shouldn’t be.

Online banking can make your life easier, but you need to make sure it’s safe. Stop by today to let us know if you have any questions.

Used with Permission. Published by IMN Bank Adviser Includes copyrighted material of IMakeNews, Inc. and its suppliers.