Scam Free Summer

Hello, summer! It’s the season of flip-flops and ice pops, of sun-drenched afternoons and lazy days at the beach. And, unfortunately, summertime is also prime time for scammers. People are more relaxed, schedules are looser and vacationers are traveling in unfamiliar locations. All of this can lead people to let their guard down during the summer, and the scammers know it. 

Don’t get scammed this summer! Follow these tips to stay safe. 

1. Never pay for a “prize” vacation

So you won an all-expense-paid trip to Aruba? Or a vacay in a remote French chalet? Sounds like a dream come true, but if you follow through, you’ll be caught up in a nightmare.  If you’re asked to pay even a small fee to claim a free vacation prize, you’re looking at a scam. A legitimate company will never ask winners to pay a fee for a prize.

2. Use a credit card when traveling

A credit card will offer you the most protection in case something goes wrong. You’ll be able to dispute unauthorized charges, and in most cases, reclaim your lost funds.

3. Ignore celebrity messages

Celebrities might have a direct line with the public through their social media platforms, but don’t believe a private message appearing to be from your favorite movie star, singer or athlete. A direct message from a celeb asking for money for a charity, or claiming you’ve won a prize, but need to pay a processing fee, is a scam.

4. Check for skimmers at the pump

If you’ll be spending a lot of time on the road this summer, and pumping gas in unfamiliar places, it’s a good idea to check the card reader for skimmers before going ahead with your transaction. A card skimmer will read your credit or debit card information, enabling a scammer to empty your accounts. Here’s how to check for a skimmer on a card reader:

  • Try to wiggle the card reader; this should dislodge a skimmer if there is one. 
  • Check the keypad to see if it looks newer than the rest of the card reader.
  • Touch the surface of the keypad to see if it’s raised.

5. Research vacation rentals carefully before booking

With so many vacationers now booking stays at private homes instead of hotels, scamming travelers is easy. All it takes is a few fake photos, a bogus address, and you’ve got yourself a fake vacation rental. In other vacation rental scams, scammers will falsely advertise a rental as a beachfront property when it’s not, claim that it’s larger or more up-to-date than it is or promise amenities that are missing when you arrive. 

Don’t get scammed! Before booking a vacation rental, read the reviews left by previous guests. If there aren’t any, or they don’t sound authentic, you’re likely looking at a scam. You can also look up the address of the rental to see if it in fact exists and if the location matches the description in the listing. As another precaution, you can ask the owner for more details about the property just to see their reaction; if they sound vague or uneasy, it’s likely a scam. Finally, as mentioned above, use a credit card to pay for the stay so you can dispute the charges if it ends up being a scam.

6. Vet potential contractors well

Contractors who go from door-to-door looking for work are a fairly common summertime sight. Unfortunately, though, some of these “contractors” are actually scammers who are only looking to con innocent homeowners out of their money. They’ll deliver shoddy work at an inflated price, go AWOL once a down payment on the job’s been made or do more harm than good with their “home improvement” work.

It’s best to only hire contractors whom you’ve personally reached out to instead of waiting for one to come knocking on your door. Also, before hiring, thoroughly research a potential contractor, asking for contact info of previous clients, checking out their online presence and looking up the business on the BBB website. Finally, it’s best not to agree to pay more than a third of the total cost of a job before the work commences. Even then, only pay when you see the materials arrive. 

Don’t let summertime turn into scam-time. Stay alert, follow the tips outlined above, and stay safe!

Your Turn: What are your tips for a scam-free summer? Share them with us in the comments. 

Is Plaid Safe?

Q: When using peer-to-peer payment apps, banking apps and free-trading apps, I’m often redirected to the Plaid network, where I’m asked to input personal information. Can I feel safe using Plaid?

A: The instinct to be wary of any service that’s asking you to share sensitive information is appropriate and commendable. Most financial apps will ask you to share your banking information, and some will even ask you to share your Social Security number. But it begs the important question; Should you be sharing this information?

While the safety and security of each financial app is individual, apps that are powered by Plaid are safe to use. Plaid is a reputable company that uses encryption and industry-standard security measures to protect your sensitive information.

Here’s what you need to know about Plaid.

What is Plaid? 

Plaid is a financial technology company that serves as an intermediary between financial services and their users. Apps like Venmo, You Need a Budget and Robinhood use Plaid to securely link their users’ financial accounts to their own platforms. This way, the financial apps do not have access to their users’ information; they instead rely on Plaid to supply it for them.

Plaid works by using a universal Application Programming Interface (API) to share users’ data with other applications. APIs are software intermediaries that allow two different applications to communicate. Plaid has developed an API that can be used by any financial institution or application, making it simpler and safer for users to share their financial information digitally.

How does Plaid work?

When you sign up for any of the 3,000+ financial applications currently powered by Plaid, you’ll be asked to choose your financial institution from a list that’s provided by Plaid. Next, you’ll enter your banking login info and password. Some apps will have you create a new password at this point. Once you’ve logged in, Plaid securely shares the information you’ve chosen to link, such as your checking account number, with the app you’re using.

It’s important to note that Plaid itself does not move money around. The technology merely enables other financial apps and their users to send funds from one account to another. Plaid holds onto your encrypted password information without touching your money, while the linked financial app can move your money, but cannot access or know your login credentials.

Is Plaid safe?

Sharing personal information with an app can be unsettling — and it should be. However, you can rest easy, knowing that Plaid uses the highest levels of security possible. When you link your checking account with a financial application by using Plaid, the company instantly encrypts the sensitive data and then shares it with the application using a secure connection.

According to the Plaid website, the company uses these measures to keep your information secure:

  • End-to-end data encryption. Plaid uses a combination of the Advanced Encryption Standard (AES-256) and Transport Layer Security (TLS) to keep your personal information completely safe.
  • Multi-factor authentication.  An extra login step adds another layer of security.
  • Cloud infrastructure. Plaid uses secure cloud infrastructure technologies to enable quick and safe connection.
  • Robust monitoring. The Plaid API and all related components are continuously monitored by a security team.
  • Third-party security reviews. Security researchers and financial institutions regularly audit Plaid’s API and security controls.

When using an application that is powered through Plaid, practice standard online safety measures. Check the URL to ensure you have the correct site, look for the lock icon and the “s” following the “http” in the address. Also, make sure the security settings on your device are updated and set to their strongest levels. Finally, if you need to choose a new password for the app, be sure to choose a strong, unique code and not to share it with anyone.

In a world that is increasingly mobile, Plaid safely connects users to thousands of financial apps and 11,000 financial institutions across the country. Follow basic online safety protocol, keep your login info private, and you can use Plaid knowing your information is secure.

Your Turn: What steps do you take to keep your data safe? Tell us about it in the comments.

Learn More:
getdivvy.com
plaid.com

Micro-Deposit Scams

It probably doesn’t surprise you to know that scammers are always coming up with creative ways to con people out of their money. Recently, there’s been an uptick in an old scam in which crooks reach out to targets and try to gain access to their accounts through micro-deposits. Unfortunately, too many people have already fallen for this scam, and we don’t want our members getting caught in the trap. To that end, we’ve compiled this guide on micro-deposit scams, how they play out and what you can do if you’re targeted.

What is a micro-deposit?

Before we can explore the actual scam, it’s important to understand how a micro-deposit works.

Micro-deposits are small sums of money transferred online from one financial account to another. The purpose of the deposits is to verify if the account on the receiving end is actually the account the sender intended to reach. Micro-deposits are generally less than $1 and can be as small as $0.02. They are also typically deposited in pairs; within one to three business days of linking accounts, two micro-deposits should appear in your account.

As mentioned, micro-deposits are primarily used to verify account ownership. For example, if you’d like to link your checking account at Advantage One Credit Union with an investment account, the investment brokerage firm will want to verify that it’s sending your dividends to the correct account. Before sending any of your investment earnings, it’ll do a test run by sending a pair of micro-deposits to your checking account. You’ll be notified that the firm has sent these deposits, and asked to verify the amount of the deposit by logging into your newly linked account. Once you’ve completed this step, the brokerage account will withdraw the small amount of money sent through the micro-deposits and proceed with regular deposits of investment dividends, as planned.

How the scams play out

Micro-deposit scams can take one of two forms.

In one type of micro-deposit scam, a crook will open as many investment accounts as they can, linking each one to one of a handful of bank accounts. When the micro-deposits begin to come in, the scammer will quickly transfer the money to another account before the brokerage company withdraws the deposits. Though each micro-deposit is small, when multiplied by thousands, the scammer can pull in quite a lot of money  — until they get caught, that is.

But it’s the other type of micro-deposit scam that concerns us more — and should concern you as well. In this scam, crooks will link brokerage accounts with strings of random numbers, hoping to hit a valid account. When a deposit is verified from an account, they will use additional information about the account holder to withdraw funds from this account as they please. Unfortunately, many people are uninformed about this scam and innocently verify the micro-deposits, giving the scammers free access to their accounts.

[Here at Advantage One Credit Union, we’ve had an alarming number of micro-deposits made to some of our members’ accounts. To protect our members and their money, we’ve started sending automatic text message alerts to members when they’ve received a micro-deposit. This way, the member knows about the deposit and, if they don’t recognize the sender, they can let us know they’ve been targeted by a scammer. We can then refuse to let the deposit clear and consider placing a fraud alert on the member’s account. Most importantly, the member will know they’ve been targeted and they can refuse to verify the deposit.]

What to do if you’re targeted

Micro-deposits are small enough to fly under the radar and you may unknowingly verify one of these deposits with an uninformed click. [However, now that we’ve initiated our micro-deposit alert system, you will know when to be on the lookout for a micro-deposit and the verification request that follows it.] Here’s what to do if you’ve received a micro-deposit from an unknown source:

  • Do not verify the deposit. Without verification, the scammer won’t know they’ve hit an authentic account.
  • Do not click on any links embedded in the verification request message or download any attachments.
  • Let us know you’ve been targeted.
  • Report the scam to the Federal Trade Commission at FTC.gov so they can do their part in catching the scammers.
  • Let your friends and family know about the scam so they can be on the alert as well.

Scammers are using micro-deposits to gain access to our members’ accounts, but Advantage One Credit Union is doing everything possible to stop them before they can do any real damage. Together, we can beat the scammers at their game and protect your accounts and your money. Stay safe!

Your Turn: Have you been targeted by a micro-deposit scam? Share your experience in the comments.

Lean More:
schneier.com
learn.stash.com
finextra.com
support.wealthfront.com

Beware of the USPS Smishing Text Scam

Your phone pings with an incoming text. You swipe it open to find a message from the USPS. They’re texting to let you know that the scheduled delivery time for your package has been changed. Unfortunately, though, the message is not from the USPS and you’ve just been targeted by a scam.

Here’s what you need to know about the USPS smishing text scam.

How the scam plays out

In the USPS smishing text ruse, a target will receive a text like the one described above. The message prompts the victim to click on a link to reschedule the delivery. However, if the victim follows the instructions, they’ll be falling victim to a smishing text scam.

The United States Postal Inspection Service (USPIS) is warning of an uptick in smishing scams that use the USPS as a cover, conning unsuspecting victims into downloading malware onto their phones or sharing personal information with scammers they assume is the USPS. The scammer will then go on to empty the victim’s accounts or steal their identity.

Individuals who’ve recently made online purchases and are expecting a package delivery within the next few days are especially vulnerable to this scam. To the uninformed, the text looks legitimate, and with just one careless click, the scammer has access to the victim’s device and personal information.

However, with one crucial bit of information, you can protect yourself from falling victim to the USPS smishing scam: The USPS never sends out unsolicited text messages about a package. The company will only send a message when a consumer has signed up for alerts about a package’s delivery. If you have not signed up for messages from the USPS, and you receive a text like the one described above, you know you’re being targeted by a scam.

What to do if you’re targeted

If you’re targeted by a smishing text scam, the USPIS recommends taking the following steps:

  • Verify the sender. Confirm the identity of the message sender by checking with the USPS if you actually have a delivery schedule change. Don’t call the number on the text. Instead, reach out to your local USPS office directly.
  • Don’t reply or click on links. Replying to the message or downloading an embedded link can install malware onto your phone.
  • Delete. Save a screenshot of the text to share with law enforcement agencies and then delete the message.
    Block the number and update the security on your device. Prevent a recurrence of the scam by putting the number on your “Do Not Call” list and beefing up the security settings on your phone.
  • Keep personal information personal. Never share sensitive information, like your Social Security number or financial account details, with an unverified contact.

Report the scam

Do your part to stop the scammers by reporting it to the proper authorities.

First, you can report smishing scams that impersonate the USPS to the Inspection Service Cybercrime Team at the USPIS by email. Take a screenshot of the text and send it to spam@uspis.gov. Make sure your screenshot shows the number of the sender as well as the date it was sent. You’ll also need to include your name in the email so the team can reach you, along with any other relevant details about the scam, such as money you may have lost, links you may have downloaded, and personal information you may have shared. The USPIS will contact you if it needs any additional information to help nab the scammers.

You can also report the scam to the Federal Trade Commission at FTC.gov and let your friends and family know about the circulating scam.

Stay alert and stay safe!

Your Turn: Have you been targeted by a USPS smishing text scam? Tell us about it in the comments.

Learn More:
wmbfnews.com
keloland.com
wkbw.com
link.usps.com

All You Need to Know About Checking Accounts

The most obvious things in life are often overlooked, and your checking account is just one of them. Most people hardly give a thought to this important account and how to best manage it effectively. We’re here to change that.

Here’s all you need to know about checking accounts:

What is a checking account? 

Your checking account at Advantage One Credit Union offers easy and convenient access to your funds. The minimum balance required for opening a checking account can be as low as $25. Like most financial institutions, we also allow an unlimited number of monthly withdrawals and deposits.

Checking accounts are designed to be used for everyday expenses. You can access the funds in your account via debit card, paper check, ATM or in-branch withdrawals, online transfer or through online bill payment.

Making transactions using the connected debit card, or through a linked online account, will automatically use the available balance in your account and lower the balance appropriately.

A paper check is also linked directly to your account, but will generally take up to two business days to clear. It’s important to ensure there are enough funds in your account to cover a purchase before paying with a check.

Maintenance fees 

Many banks charge a monthly maintenance fee for checking accounts.

According to Bankrate’s most recent survey on checking accounts, only 38% of banks now offer free checking, compared with 79% in 2009. Monthly fees can be as high as $25 a month.

Interest rates

Most checking accounts offer a very low Annual Percentage Yield (APY) on deposited funds, or none at all. Institutions that offer checking accounts with interest or dividends will generally charge a monthly fee, with the fee being higher for accounts that have higher rates. They also generally require a minimum balance in the account at all times or a minimum number of monthly debit card transactions. According to Bankrate’s survey, you’ll need to keep an average of $7,550 in an interest-yielding checking account at a bank to avoid a steep maintenance fee.

Security

Funds that are kept in a checking account at a bank are federally insured by the FDIC for up to $250,000. Credit unions feature similar protection for your funds, with all federal credit unions offering government protection through the National Credit Union Association. State and private credit unions may be insured by the NCUA as well, or through their own state or private insurance. Advantage One Credit Union is insured by the NCUA to offer you full and complete protection for your funds.

Managing your checking account 

Managing a checking account is as simple as 1-2-3:

1 – Know your balance

It’s important to know how much is in your account at all times. This way, you can avoid an overdrawn account, or having insufficient funds to cover your purchases. Being aware of how much money you have will also help you stick to a budget and spend within your means. You can generally check your balance by phone [or via online checking or a synced budgeting app].

2 – Automate your finances

Make life a little easier by setting up automatic bill payment through your checking account. You won’t miss the hassle of paying your monthly bills, and you’ll never be late for a payment again. As a bonus, you’ll save on the processing fee that is often charged on bill payments made via credit card.

You can also set up direct deposit to have your paycheck land right in your account.

Finally, ask us about automatic monthly transfers from your checking account to savings so you never forget to put money into savings.

[You may also want to consider signing up for overdraft protection, or to have funds transfer from your linked savings account to checking when your balance is getting low.]

3 – Keep your account well-funded, but not over-funded

Financial experts recommend keeping one to two months’ worth of living expenses in your checking account at all times. This way, you’ll always have enough funds to cover your transactions without fear of your account being overdrawn. You’ll also be able to cover the occasional pre-authorization hold that a merchant may place on your debit card transaction until it clears.

It’s equally important not to keep too much money in your checking account. Once you’ve reached that sweet spot of two months of living expenses, it’s best to keep your savings in an account or an investment that offers a higher APY, such as a money market account or a share certificate.

Checking accounts offer the ultimate in convenience and accessibility. Now that you’ve learned all about these often overlooked accounts, let this financial tool help you manage your finances in the most effective way possible.

Your Turn: How do you manage your checking account effectively? Share your best tips with us in the comments.

Learn More:
investopedia.com
discover.com
bankrate.com
thebalance.com
kiplinger.com

5 Steps to Take After Being Hacked

Uh oh — you’ve been hacked! Finding out someone has cracked open your accounts and helped themselves to your information can be alarming, but there are ways to mitigate the damage while jump-starting your recovery process.

Here are five steps to take after being hacked.

Step 1: Assess the damage

First, take a step back and determine how much damage was done. Unfortunately, one hacked password can often be the gateway to multiple hacked accounts and even complete identity theft. This is especially true if you use the same password for several accounts, or use the hacked account or device for password recovery on other accounts. So, first things first: Review your credit card and account statements for any suspicious activity.  Also, try accessing your email, social media accounts and mobile devices to see if they’ve been hacked.

Step 2: Change your passwords

Once you know which accounts and devices have been hacked, change the passwords and PINs on these accounts. For an added measure of protection, it’s a good idea to change the passwords on all of your accounts that may hold sensitive information. Remember to choose strong, unique passwords for every account. A strong password uses a combination of letters, numbers and symbols; varies the use of capital letters; and does not use a piece of personal information that can easily be scraped off the internet, such as your date of birth or home address. You may want to use a password service like LastPass  or  StickyPassword to make this step easier.

While completing this step, consider signing up for two-factor authentication for any accounts that do not already have it in place.

Step 3: Protect your credit

Now that you’ve blocked the hacker(s) from your accounts, it’s time for damage control.

First, dispute any fraudulent charges on your compromised account(s). If necessary, have the account(s) locked, or even shut and/or deleted.

Next, place a fraud alert on your credit reports. This serves as a red flag to potential lenders and creditors, making it more difficult for the scammer to open up additional lines of credit or to take out a loan in your name.

Consider a credit freeze as well. This blocks potential lenders from accessing your credit report, making it impossible for the hacker to open new credit accounts in your name.

Step 4: Alert the authorities

You can alert the Federal Trade Commission (FTC) about a possible or confirmed identity theft at identitytheft.gov.  You’ll also find a detailed recovery plan on the site to help you repair your credit and reclaim your identity.

Hacking is usually done remotely, but it’s still a good idea to let your local law enforcement agencies know about the breach. This way, they can be on the alert if the hacker decides to assume your identity and use your credit cards in stores near your hometown.

Also, if you haven’t already done so, don’t forget to let Advantage One Credit Union know what’s happened! Whether it’s a credit card that’s been stolen, a checking account that’s been breached or a social media account that’s been broken into, we’ll do all we can to protect your accounts. If you’ve been hacked, give us a call at 734-676-7000 to see how we can help.

Step 5: Proceed with caution

Once you’ve taken all necessary steps toward damage control and mitigation, you can start thinking about the future.

It’s important to keep a close eye on your accounts for the next month. Look out for any suspicious activity on all accounts, including charges you don’t recall making, large withdrawals of cash and even new loans being opened in your name. If you find any fraudulent activity, be sure to let the account holders know and to follow the steps suggested above.

If you’ve opted to go with a credit freeze, it will generally lapse after 90 days. If your accounts are determined to be safe, consider opening new lines of credit now to jump-start the recovery of your credit health.

If the hacker went all out and stole your identity, it’s best to follow the recovery plan outlined by the FTC . This plan may include replacing your Social Security number, driver’s license and more.

Getting hacked is never fun, but taking immediate and decisive action can help mitigate the damage, as well as speed up the recovery process.

Your Turn: How have you dealt with your accounts being hacked? Tell us about it in the comments.

Learn More:
allthingssecured.com
digitalguardian.com

8 Ways to Spot a Counterfeit Bill

The COVID-19 pandemic has brought with it a wave of scams, with no signs of slowing down. These scams are also producing a surge of counterfeit bills into circulation. Using cutting-edge technology, scammers create bills that look just like the real thing to the untrained eye. Unfortunately, once counterfeit bills are passed, their new owner can become liable for passing them on to someone else.

In an effort to combat the reach of counterfeit bills, the Secret Service and the U.S. Treasury have added several identifying features to legitimate dollar bills to help citizens and business owners determine whether they are authentic. Here are some signs that can tell you if a bill is the real thing:

A hologram of the face image on the bill: When held up to the light, the hologram on the bill should match the face on the front of the bill. Scammers will often bleach a lower denomination bill and try to pass it off as a bill of a higher denomination — but they can’t change the interior hologram. So, if the $100 bill is really a counterfeit bill created from a $5 one, holding the bill up to the light will reveal the face of Abraham Lincoln, and not Benjamin Franklin, who appears on authentic $100s.

A thin vertical strip of text spelling out the bill’s denomination: Holding the note up to the light will also display this sign of authenticity on genuine bills.

Color-shifting ink: All new-series bills, except for the $5 bill, were designed with this trick: If you tilt the bill back and forth, the numeral in the lower right hand corner will shift from green to black and back to green again.

Watermark: The watermark of the bill can be seen in an unprinted space to the right of the portrait when the bill is held up to the light.

Security thread: Also apparent when the bill is held up to light, the security thread is a thin strip running from the top of the face on the bill until its bottom. The security strip is positioned to the right of the portrait on $10 and $50 bills, and to the left of the portrait on $5s, $20s and $100s.

Ultraviolet glow: You’ll need an ultraviolet light for this to work, but it’s an instant reveal about the bill’s authenticity. When held up to an ultraviolet light, $5 bills glow blue, $10 bills glow orange, $20 bills glow green, $50 bills glow yellow, and $100 bills glow red.

Microprinting: For yet another sign of a bill’s authenticity, you can look for tiny microprinting on the bill’s security thread, which spells out its denomination in all-caps text.

Fine line printing patterns: Look for very fine lines behind the portrait and on the other side of the bill as well.

What to do if you’ve been passed a counterfeit bill

If a note you’ve been passed does not hold up to the authenticity test, and you believe it’s a counterfeit bill, the U.S. Treasury advises the following course of action:

  • Do not put yourself in a position of danger.
  • Do not return the bill to the passer.
  • If possible, delay the passer with an excuse.
  • Take note of the passer’s physical appearance and record their vehicle license plate if possible.
  • Contact your local police department or call your local Secret Service office.
  • Write your initials and date in the white border area of the suspected counterfeit note.
  • Do not handle the counterfeit note. Place it inside a protective cover, a plastic bag or an envelope until you can pass it on to an identified Secret Service Special agent. You can also mail it to your nearest Secret Service office.

Counterfeit cash can be harder to spot than you think. Don’t get stuck holding the bag! If you think you’ve been passed a counterfeit bill, and the note is missing the signs listed above, follow the advice of the U.S. Treasury to keep your hands clean.

Your Turn: Have you ever encountered a counterfeit bill? Tell us about it in the comments.

Learn More:
losspreventionmedia.com
mentalfloss.com
secretservice.gov
businessknowhow.com
wvnews.com

Beware of Relay Theft

car keys with fobKeyless entry is one of the most convenient features of newer cars. There’s no more fumbling for your keys when your arms are full of groceries or you’re toting a squirming toddler. Just press the “unlock” button to get inside and the “start” button to get the engine powered up, and your car will pick up the signals from your key fob.

Unfortunately, though, this user-friendly feature is also a favorite for car thieves. Security experts are warning of a relatively new scam centered on key fobs. In this scam, thieves use a simple device to pick up the signal from a vehicle’s key fob and use it to steal the car. What is very scary about this one is the fact that the fob can be safely hidden inside a car owner’s pocket or home while its signals are being hacked.

Here’s all you need to know about this scam and to learn how to protect your vehicle.

How it plays out

With keyless entry, the hotwiring car thief is a thing of the past.

The key fob scam, or “relay theft,” is frighteningly easy for people to pull off. Criminals purchase relay boxes, which are available on eBay and Amazon. They then use these devices to hijack the signal from a nearby key fob.

The boxes come in pairs, allowing the crooks to set up one box as close as possible to the probable location of the key fob, such as near a window or door to the car owner’s home. The second box is placed close to the car the criminal is trying to steal. The first box then reads the signal and “relays” it to the second box, tricking the car into registering the key fob as nearby. The thief can then unlock the car, start the engine and make off with the vehicle while the owner is oblivious to what is happening.

Keeping your key fob safe

Thankfully, protecting your key fob signals from being hacked is easy. All you need is a little metal.

You can achieve this protection by securely wrapping your key fob in a small piece of aluminum foil. The foil will block the electromagnetic signals of the fob, making it impossible for a relay box to pick them up. A foil-wrapped key may look strange, but the key fob can be safely kept in a pocket when you’re out, and inside a kitchen drawer when you’re home, so no one has to know about it.

You can also choose to invest in a specially designed Faraday bag to keep your car safe. Retailing on Amazon for just a few dollars, these metal-lined pouches will block your fob’s signals from being read. There are also metal-lined key wallets on the market that serve the same purpose.

It’s best to test out the effectiveness of your signal blocker before using it for the long term. Wrap your key fob in foil or place it inside your Faraday bag or metal-lined wallet, stick it in your pocket and sit in the driver’s seat of your car. Try to start the vehicle. The car should not be able to detect the key fob. If it revs up as usual, the blocker is ineffective.

Protecting your car

If you’d rather not bother with foil and Faraday bags, you can also go the old-fashioned route and protect the car itself from possible theft.

One way to achieve this protection is through a steering-wheel lock. These locks work with actual keys that can’t be hacked. You won’t have a completely keyless entry and startup any longer, but it’s a small price to pay for the protection of your car. If a car thief hacks your key fob’s signal and starts the engine of your car, they won’t be able to drive off. The sight of the lock on your steering wheel can also serve as a deterrent for would-be thieves.

  • You can also protect your car from relay theft by keeping it out of sight and parking it in a garage.
  • If you own a pricier vehicle, it can also be worthwhile to invest in a security system.
  • Don’t let those scammers get your car! Take the precautions necessary to keep your key fob and your car safe from relay theft.

Your Turn:
Do you own a car with “keyless entry”? How do you protect it from relay theft? Tell us about it in the comments.

Learn More:
homemaking.com
abcnews.go.com

 

Your Smart TV May be Spying on You

Person sitting on couch in front of smart TV while on thier cellphoneIf one of your Christmas presents was a smart TV, or you splurged on one for yourself on Black Friday, you might be living with an in-house spy. The FBI is warning that smart TVs, which allow customers to stream their favorite shows through apps like Netflix and Hulu, can easily be hacked and used for spying. You can be sitting and binge-watching your favorite sitcom, or hollering at the screen as your team fumbles toward another devastating defeat, and all the while a stranger’s eyes are on you and the happenings in your house.

Before you start to panic or rush to toss that brand-new TV into the trash, we have shared all you need to know about this frightening new hack.

How is this hack carried out?
Lots of smart TV models are fitted with webcams and microphones. This allows the TVs to offer all kinds of super-cool features, from facial recognition that can be used to recommend favorite shows and settings to 41-inch screen video-chatting with faraway friends and families. The FBI is warning, though, that hackers are using these add-ons for nefarious reasons.

In the best-case scenario, the TV manufacturer and app developers can hack the TV’s webcam and use it to remotely change your channels, play with your settings or even stream inappropriate videos. Obviously, this can be unsettling and even frightening, but there’s no lasting damage.

In the worst-case scenario, though, cyber-criminals can hack their way into accessing these cameras and microphones, turn them on at will, and then spy on unknowing victims. By gaining access to the cameras, hackers can turn them on whenever they please, even if your TV is off at the time. Creepiness aside, this stalking can grant a hacker access to your computer’s router and lead to all sorts of unhappy endings, including identity theft, kidnapping and more.

“Beyond the risk that your TV manufacturer and app developers may be listening [to] and watching you, that television can also be a gateway for hackers to come into your home,” the FBI announced in a report. “A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router.”

Is there anything I can do about this hack?
The FBI advises consumers to research the model of their smart TV and to familiarize themselves with the control features and camera settings.

“Do a basic Internet search with your model number and the words ‘microphone,’ ‘camera,’ and ‘privacy,’ ” said the FBI.

If possible, consumers should change the device’s default security settings and passwords. This will enable them to turn off the camera and microphone unless they are actually using them, and will serve as a deterrent for cyber-criminals seeking to control the TV from a remote location.

If you’re still spooked by the FBI’s warnings and you want to take stronger measures to protect yourself against spying, you can simply secure a piece of black tape over the camera to keep out any prying eyes.

Another important step to take for keeping hackers out of your smart TV is to always install software updates offered by the manufacturer. Keeping your device updated will afford you the strongest current protection against vulnerabilities and weaknesses.

“Generally, customers who keep their devices up to date won’t have too much to worry about,” says Matt Tait, cybersecurity expert and former analyst at GCHQ, the British signals intelligence service. “But for people who are particularly worried, or who don’t want the new ‘smart’ features, there is a simple solution to keep hackers out: unplug the device from your network.”

Our world is now smarter than ever, but along with the conveniences of an interconnected, digitized world come a whole slew of risks and vulnerabilities. Keep yourself safe by employing basic protective measures, keeping your devices updated and staying informed about the latest scams and hacks.

Your Turn:
Do you own a smart TV? What measures have you taken to protect yourself from this scare? Tell us about it in the comments.

Learn More:
cnn.com
foxnews.com
thehill.com

All You Need to Know About Data Breaches

hands on a computer keyboard with security lock icons superimposedIf you follow the news, you’ll note that there seems to be another major data breach monopolizing headlines every week. The details vary, but in each breach, thousands, millions or even billions of victims’ sensitive information is compromised, and they’re now vulnerable to identity theft unless they take immediate action.

Here at Advantage One Credit Union, your financial success and safety is our primary goal. To help keep your information and your finances secure, we’ve compiled a comprehensive guide on data breaches.

What is a data breach?
Data breaches occur when sensitive information is accessed or used without authorization. Factors like a wealth of online data and sophisticated hacking tools have spurred a steep increase in data breaches in recent years, causing tremendous damage to individual consumers and businesses across every industry.

Data breaches occur by exploiting vulnerabilities in a company’s security system. Alternatively, an employee can be tricked into giving a cyber-criminal access to the company’s network.

The goal of most data breaches is to obtain personal information, like names, email addresses and passwords, as well as financial information, like credit card numbers and account details. This information is used by criminals to steal identities and empty accounts, or sold to other criminals who will then do so.

While major data breaches make headlines, according to the Identity Theft Resource Center, there is an average of three data breaches each day, most of which will never even make the news.

After a data breach
Whenever you hear about a major data breach that can possibly affect you, it’s best to monitor your accounts for suspicious activity. In most cases, you will be notified by the victimized company if your data has been compromised; however, it helps to keep an eye on your accounts even if you haven’t been contacted so you can minimize your loss by acting quickly if your are among the unfortunate victims.

If you’ve been victimized by a breach
If you’ve been informed your information is compromised by a data breach, take the following steps immediately:

  1. Freeze your credit
    Placing a freeze on your credit is the most crucial step you can take to stop scammers from getting at your information. A credit freeze will not bring down your credit score, but it will serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. This added layer of protection will make it difficult, or impossible, for hackers to open a new credit line or loan in your name.

    You can freeze your credit at no cost at all three of the major credit bureaus, Equifax, Transunion and Experian. You’ll need to provide some basic information and you’ll receive a PIN for the freeze. Use this number to lift the freeze when you believe it is safe to do so.

  2. Change your passwords
    Most people are on the alert following a major data breach, but they tend to let their guard down once the heat is off and things calm down. Hackers know this, and they’ll often hold onto victims’ information immediately following a data breach and then sell it months down the line to other identity thieves. To protect your accounts from a delayed-reaction hack, change all of your passwords after a breach that possibly has affected you.
  3. File an identity theft report
    Unfortunately, these protective measures can sometimes be too little, too late. If your accounts have been compromised, and you believe your identity has been stolen, file an identity theft report with the Federal Trade Commission (FTC) as soon as possible. This will assist the feds in tracking down your hacker(s) and returning your finances to their usual state as quickly as possible.

Protecting your information
There’s no fool-proof way to protect yourself from a data breach, but following these simple steps can help keep your information as safe as possible:

Monitor your credit.
Check your credit accounts for suspicious activity on a regular basis. You can request a free credit report from each of the three major credit bureaus once a year at AnnualCreditReport.com. You may also want to consider signing up for credit monitoring, a service that will cost you $10-30 a month for the promise of notifying you immediately about any suspicious activity on your accounts.

Use strong, unique passwords.
Use a different password for each account, and choose codes that are at least eight characters long. Also, use a variety of numbers, letters and symbols. Vary your capitalization use as well, and don’t utilize any portion of your name, phone number or a common phrase as your password. Using a password manager like Dashlane or iPassword can also help keep your information safe. It’s also a good idea to choose two-factor authentication when possible, and non-password authentication, such as face recognition or fingerprint sign-in, for stronger protection.

Browse safely.
Never share sensitive information online and always keep your security and spam settings at their strongest levels. Make sure your devices are fully updated at all times. It’s also a good idea to keep your social media accounts as private as possible.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
How do you protect yourself from data breaches? Share your tips with us in the comments.

Learn More:
forbes.com
malwarebytes.com
searchsecurity
experian.com