Your Smart TV May be Spying on You

Person sitting on couch in front of smart TV while on thier cellphoneIf one of your Christmas presents was a smart TV, or you splurged on one for yourself on Black Friday, you might be living with an in-house spy. The FBI is warning that smart TVs, which allow customers to stream their favorite shows through apps like Netflix and Hulu, can easily be hacked and used for spying. You can be sitting and binge-watching your favorite sitcom, or hollering at the screen as your team fumbles toward another devastating defeat, and all the while a stranger’s eyes are on you and the happenings in your house.

Before you start to panic or rush to toss that brand-new TV into the trash, we have shared all you need to know about this frightening new hack.

How is this hack carried out?
Lots of smart TV models are fitted with webcams and microphones. This allows the TVs to offer all kinds of super-cool features, from facial recognition that can be used to recommend favorite shows and settings to 41-inch screen video-chatting with faraway friends and families. The FBI is warning, though, that hackers are using these add-ons for nefarious reasons.

In the best-case scenario, the TV manufacturer and app developers can hack the TV’s webcam and use it to remotely change your channels, play with your settings or even stream inappropriate videos. Obviously, this can be unsettling and even frightening, but there’s no lasting damage.

In the worst-case scenario, though, cyber-criminals can hack their way into accessing these cameras and microphones, turn them on at will, and then spy on unknowing victims. By gaining access to the cameras, hackers can turn them on whenever they please, even if your TV is off at the time. Creepiness aside, this stalking can grant a hacker access to your computer’s router and lead to all sorts of unhappy endings, including identity theft, kidnapping and more.

“Beyond the risk that your TV manufacturer and app developers may be listening [to] and watching you, that television can also be a gateway for hackers to come into your home,” the FBI announced in a report. “A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router.”

Is there anything I can do about this hack?
The FBI advises consumers to research the model of their smart TV and to familiarize themselves with the control features and camera settings.

“Do a basic Internet search with your model number and the words ‘microphone,’ ‘camera,’ and ‘privacy,’ ” said the FBI.

If possible, consumers should change the device’s default security settings and passwords. This will enable them to turn off the camera and microphone unless they are actually using them, and will serve as a deterrent for cyber-criminals seeking to control the TV from a remote location.

If you’re still spooked by the FBI’s warnings and you want to take stronger measures to protect yourself against spying, you can simply secure a piece of black tape over the camera to keep out any prying eyes.

Another important step to take for keeping hackers out of your smart TV is to always install software updates offered by the manufacturer. Keeping your device updated will afford you the strongest current protection against vulnerabilities and weaknesses.

“Generally, customers who keep their devices up to date won’t have too much to worry about,” says Matt Tait, cybersecurity expert and former analyst at GCHQ, the British signals intelligence service. “But for people who are particularly worried, or who don’t want the new ‘smart’ features, there is a simple solution to keep hackers out: unplug the device from your network.”

Our world is now smarter than ever, but along with the conveniences of an interconnected, digitized world come a whole slew of risks and vulnerabilities. Keep yourself safe by employing basic protective measures, keeping your devices updated and staying informed about the latest scams and hacks.

Your Turn:
Do you own a smart TV? What measures have you taken to protect yourself from this scare? Tell us about it in the comments.

Learn More:
cnn.com
foxnews.com
thehill.com

All You Need to Know About Data Breaches

hands on a computer keyboard with security lock icons superimposedIf you follow the news, you’ll note that there seems to be another major data breach monopolizing headlines every week. The details vary, but in each breach, thousands, millions or even billions of victims’ sensitive information is compromised, and they’re now vulnerable to identity theft unless they take immediate action.

Here at Advantage One Credit Union, your financial success and safety is our primary goal. To help keep your information and your finances secure, we’ve compiled a comprehensive guide on data breaches.

What is a data breach?
Data breaches occur when sensitive information is accessed or used without authorization. Factors like a wealth of online data and sophisticated hacking tools have spurred a steep increase in data breaches in recent years, causing tremendous damage to individual consumers and businesses across every industry.

Data breaches occur by exploiting vulnerabilities in a company’s security system. Alternatively, an employee can be tricked into giving a cyber-criminal access to the company’s network.

The goal of most data breaches is to obtain personal information, like names, email addresses and passwords, as well as financial information, like credit card numbers and account details. This information is used by criminals to steal identities and empty accounts, or sold to other criminals who will then do so.

While major data breaches make headlines, according to the Identity Theft Resource Center, there is an average of three data breaches each day, most of which will never even make the news.

After a data breach
Whenever you hear about a major data breach that can possibly affect you, it’s best to monitor your accounts for suspicious activity. In most cases, you will be notified by the victimized company if your data has been compromised; however, it helps to keep an eye on your accounts even if you haven’t been contacted so you can minimize your loss by acting quickly if your are among the unfortunate victims.

If you’ve been victimized by a breach
If you’ve been informed your information is compromised by a data breach, take the following steps immediately:

  1. Freeze your credit
    Placing a freeze on your credit is the most crucial step you can take to stop scammers from getting at your information. A credit freeze will not bring down your credit score, but it will serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. This added layer of protection will make it difficult, or impossible, for hackers to open a new credit line or loan in your name.

    You can freeze your credit at no cost at all three of the major credit bureaus, Equifax, Transunion and Experian. You’ll need to provide some basic information and you’ll receive a PIN for the freeze. Use this number to lift the freeze when you believe it is safe to do so.

  2. Change your passwords
    Most people are on the alert following a major data breach, but they tend to let their guard down once the heat is off and things calm down. Hackers know this, and they’ll often hold onto victims’ information immediately following a data breach and then sell it months down the line to other identity thieves. To protect your accounts from a delayed-reaction hack, change all of your passwords after a breach that possibly has affected you.
  3. File an identity theft report
    Unfortunately, these protective measures can sometimes be too little, too late. If your accounts have been compromised, and you believe your identity has been stolen, file an identity theft report with the Federal Trade Commission (FTC) as soon as possible. This will assist the feds in tracking down your hacker(s) and returning your finances to their usual state as quickly as possible.

Protecting your information
There’s no fool-proof way to protect yourself from a data breach, but following these simple steps can help keep your information as safe as possible:

Monitor your credit.
Check your credit accounts for suspicious activity on a regular basis. You can request a free credit report from each of the three major credit bureaus once a year at AnnualCreditReport.com. You may also want to consider signing up for credit monitoring, a service that will cost you $10-30 a month for the promise of notifying you immediately about any suspicious activity on your accounts.

Use strong, unique passwords.
Use a different password for each account, and choose codes that are at least eight characters long. Also, use a variety of numbers, letters and symbols. Vary your capitalization use as well, and don’t utilize any portion of your name, phone number or a common phrase as your password. Using a password manager like Dashlane or iPassword can also help keep your information safe. It’s also a good idea to choose two-factor authentication when possible, and non-password authentication, such as face recognition or fingerprint sign-in, for stronger protection.

Browse safely.
Never share sensitive information online and always keep your security and spam settings at their strongest levels. Make sure your devices are fully updated at all times. It’s also a good idea to keep your social media accounts as private as possible.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
How do you protect yourself from data breaches? Share your tips with us in the comments.

Learn More:
forbes.com
malwarebytes.com
searchsecurity
experian.com

All You Need To Know About The Capital One Data Breach

Capital One bank Hq buildingIn late July, Capital One Bank announced that 106 million of its card holders had their data compromised in a massive breach that stretched over four months. Among the victims, 140,000 customers had their Social Security numbers swiped and approximately 80,000 had their linked checking account numbers stolen. No credit card numbers were reported to have been lifted in the breach.

The company fixed the vulnerability immediately and promised to alert all victims of the breach about their compromised data. The alleged hacker has been apprehended and steps are being taken to ensure a breach of this magnitude doesn’t happen again.
The Capital One issue was hardly the first of its kind to hit the news in recent years. Factors like online data and sophisticated hacking tools have spawned a wave of data breaches that have hit all kinds of businesses and service providers, from police departments to eateries, major retailers and online search engines.

In light of the multiple and wide-reaching data breaches over the past few years, experts recommend that everyone, even those who are not Capital One credit card holders, take the following 5 steps to protect their information from hackers:

Freeze your credit – Placing a freeze on your credit is the first and most crucial step you can take to stop scammers from making use of your information. A credit freeze will not affect your credit score, but does serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. Consequently, hackers will not be able to open a new line of credit or apply for a loan in your name.
You can now freeze your credit at no cost at all three of the major credit bureaus, Equifax, TransUnion and Experian. You’ll need to provide some basic information, including your date of birth and your Social Security number. You’ll receive a PIN for the freeze that will need to be used for lifting the freeze should the need arise.

Enable two-factor authentication – If you haven’t already, change all of your logins to two-factor (also called “multi-factor”) authentication. Whenever possible, choose a non-password authentication, like face recognition or thumbprint sign-in. This will provide an extra layer of protection against hackers and scammers trying to access your account.
Sign up for credit monitoring – Capital One is offering free credit monitoring for all victims of the data breach. You can find out more about this offer and general information about the Capital One data breach here.

Even if you’re not a Capital One card holder, you might want to consider signing up for credit monitoring to prevent being a victim of a data breach in the future. The service will immediately notify you about any suspicious activity on your accounts so you can stop potential hackers in their tracks. Credit monitoring will run you $10-$30 a month, but you’ll have the security of knowing that the company is on the lookout for any signs of trouble with your credit.

Use strong, unique passwords – Always choose strong passwords for all your accounts and use different passwords for each login. Your passwords should be at least eight characters long, and use a variety of numbers, letters and symbols. Vary your capitalization use as well, and never use your name, phone number or a common phrase as your password.

If you’ve been using your current passwords for a while, consider changing them up now. You can make this task easier by using a password aggregator like LastPass or Sticky Password.

Strengthen your security and spam settings – Never answer emails asking you to share sensitive data, even when they appear to be from legitimate companies. Make sure your devices are fully updated, and keep your spam settings on their strongest levels. It’s also a good idea to keep your social media accounts as private as possible to keep scammers from finding out personal details about your life which they can use to crack open your passwords.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
Have you been affected by the Capital One breach? Tell us about it in the comments.

Learn More:
cbsnews.com

usatoday.com

upi.com

capitalone.com

What’s Up With WhatsApp?

WhatsApp Logo on green backgroundA cybersecurity breach in Facebook’s WhatsApp app last month left users vulnerable to spyware attacks via voice calls. An undetermined number of the 1.5 billion users of the popular messaging app may have had malicious spyware installed on their devices.

Let’s take a closer look at the security breach and the steps you can take to protect yourself, both now and in the future.

What happened?
Security breaches are old news in the app world, but a breach of extremely high magnitude and reach is something new and fairly frightening. The fact that the breach hit WhatsApp is especially alarming. WhatsApp utilizes strong encryption for both voice and text messaging and is used as a communication platform for government and security officials around the world.

Here’s how it went down:
A government-grade intelligence collection tool was employed to target WhatsApp users via voice calls. The spyware has been endowed with the ability to seize control of the affected smartphones and to access any private information stored on the device.

The spyware utilized in the attack was allegedly created by the NSO Group, an Israeli cyber surveillance company that has developed this advanced technology for the express purpose of allowing government agencies to infiltrate terrorist groups and to fight crime. Unfortunately, when the spyware fell into the wrong hands, it helped scammers pull off one of the greatest cybersecurity breaches of all time.

The Financial Times reported that the WhatsApp breach was made possible because of a loophole in the app’s code that allowed hackers to transmit spyware onto smartphones by calling targets through the app. The malicious code could be injected into the device whether the user picked up the call or ignored it.

According to WhatsApp, the cyber breach was first discovered in early May and had been used to target an undisclosed number of WhatsApp users. The Facebook-owned messaging company claimed it briefed human rights organizations about the breach and also asked U.S. law enforcement agencies to assist it in conducting an investigation. When WhatsApp had more definite information, it notified the public about the breach.

Who was affected?
It doesn’t matter what kind of phone you have; the security vulnerability affects both iPhone and Android devices. The good news is that not every version of WhatsApp was affected. To check whether the version you have on your phone was part of those impacted by the breach, check out Facebook’s official advisory confirming the vulnerability, which outlines which versions were affected.

The messaging giant has not confirmed a specific number of targeted victims. Rather, it has only shared that a “select number of users were targeted through this vulnerability by an advanced cyber actor.”

What do I need to do now?
Since the vulnerability that caused the breach lies in the makeup of the app and not in an unsafe or negligent practice in the hands of a user, there is no way you could have prevented your device from being affected. However, now that the facts are on the table, you can take the recommended steps to keep your device safe from this vulnerability.

Since the breach was discovered, WhatsApp engineers have been working hard to close the app’s security vulnerability. The company has started installing a fix to servers and to private customers. It has also created an updated, safer version of the app that it has urged all users to employ on their devices as soon as possible.

Here’s a quick guide for updating your WhatsApp.

  • For iPhone users: Open the App Store, choose updates, select WhatsApp and then click Update.
  • For Android users: Open the Play Store, click the three lines in the upper left-hand corner, choose My Apps & Games, select WhatsApp and then hit Update.

If you haven’t yet updated your device, do it now. It only takes a few seconds of your time to make sure your WhatsApp is operating at its safest level.

You never know when those scammers are going to hit next. Practice safe measures by always using the latest version of any application or operating system, keeping yourself in the know about recent security breaches and never sharing sensitive information online.

Stay safe!

Your Turn:
How do you keep yourself safe from security breaches? Share your tips with us in the comments.

SOURCES:

https://www.iol.co.za/news/south-africa/gauteng/consumerwatch-what-you-should-know-about-whatsapp-breach-23607175

https://www.people.com/human-interest/whatsapp-security-breach-update-app/amp/

https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/amp/

8 Ways To Spot A Home Improvement Scam

feet sticking down through sheetrock ceiling, electrical light box hangingIt’s home improvement season! Contractors of all kinds, from painters to builders, electricians, roofers and more, are hard at work sprucing up homes across the country.

If you’re hiring anyone to make improvements on your home, be alert! Home improvement scams are more common than you may think. And they can be difficult to spot. According to the Better Business Bureau (BBB), home improvement scams in 2017 cost Americans more than $600,000 in losses. A contractor can con a homeowner in a number of ways, from doing sloppy work that requires more repair down the line to leaving a job unfinished, or even making off with their pay and doing no work at all.

Don’t let this happen to you! Read on for 8 ways to spot a home improvement scam:

  1. The contractor insists on being paid up front
    While most contractors will ask for a deposit toward their final fee when you hire them, be wary of any contractor who demands you pay more than a third of the total fee up front. This is likely a scammer who is trying to cover their bases in case of shoddy work or even a no-show.
  2. The contractor refuses to supply references
    Never hire a contractor without speaking to someone who’s used their services in the past. The Federal Trade Commission (FTC) advises homeowners to ask past customers detailed questions about a contractor’s work, including the projected and actual project timeline, as well as final cost. If a contractor is in the middle of another job, ask if you can check out their work yourself. If a contractor refuses to furnish names and contact information of previous clients, it may be best to seek a new option.
  3. There’s negative information about the contractor on the BBB site
    Before hiring any small business you’ve never used, it’s a good idea to check them out on the Better Business Bureau (BBB) website. Once there, you can read reviews and ratings and see if any complaints have been filed against the company.
  4. The contractor demands payment in cash
    The FTC recommends paying contractors with a check or credit card so you can contest the charges if something goes wrong. Cash leaves no trail and makes it easy for a scammer to walk away from a job without doing much (or any) work at all.
  5. The contractor will do the work for an insanely cheap price
    Don’t get conned by a contractor who severely underbids all competitors. You might get lucky and find someone who is just starting out and can still do great work, or you might be dealing with someone who will cut every corner and end up costing you more than you thought you were saving. If you’re offered a bid that is a lot lower than the going price for the work, ask a lot of questions. If you only get evasive answers, look elsewhere.
  6. They show up at your door … uninvited
    The smiling contractor at your door claiming to have recently done work in your neighborhood just happened to notice your home can use some repairs, too. They suggest you hire them to do it for you–all for a great price, of course. Don’t fall for every house call. There’s a small chance you’re looking at a rookie contractor just starting to build a referral base, but it is far more likely that your uninvited visitor is a scammer who will do sloppy work, leave the job half-finished or disappear with your money. If the contractor does seem legit, look them up on the BBB site and ask for references before hiring.
  7. The contractor refuses to put anything in writing
    Never hire anyone to do work on your home without a written contract. The BBB advises homeowners to include as many details as possible in the contract, such as payment terms, a definitive date for the start and completion of the project, warranty information and a clear description of the job.
  8. They try to avoid permits
    A contractor who tries to convince you there’s no need to pull permits is one who wants to avoid the authorities at all costs. You’re likely dealing with an unlicensed worker or who will cut corners wherever possible. The lack of proper permits can also cause you problems down the line when you try to sell your home.

Don’t get ripped off by a scammer! Do your homework well before hiring any contractors this (or any) season. It’s one surefire way to ensure your home improvement project goes smoothly and without unpleasant surprises.

Your Turn:
Have you been targeted by a home improvement scam? Share your experience with us in the comments.

SOURCES:

https://www.aarp.org/money/scams-fraud/info-2019/home-improvement.html

https://www.experian.com/blogs/ask-experian/the-ultimate-list-of-the-years-worst-scams/

https://www.thespruce.com/common-home-improvement-scams-4163354

8 Ways To Avoid Getting Scammed On Craigslist

woman visibly upset and closing eyes while on the phoneThe arrival of spring and the deep house cleaning it inspires means more people are putting their old furniture, devices, sports equipment and clothing up for sale. That’s why the amount of items like these on sites like Craigslist swells considerably during this season. If you have the time and patience to sift through the offerings, there are wonderful treasures to be found. Conversely, if your own spring cleaning unveils hordes of sellable stuff you don’t use anymore, you can make good money selling them online.

Unfortunately, though, when there’s money to be made, the scammers are never far behind. Craigslist is riddled with scammers looking to make a quick buck off people’s naivety. Stay one step ahead of scammers and keep your money safe by following these eight tips when using Craigslist.

1.) Be familiar with Craigslist and the services it offers
Lots of Craigslist scams can be avoided by knowing basic information about the site. Before using Craigslist, make sure you know the following:

The Craigslist URL is http://www.craigslist.org. Scammers often use fake sites to lure buyers into paying for items that don’t exist. Always check the URL before finalizing a purchase.
Craigslist does not back any transaction on its site. If you receive an email or text trying to sell you purchase protection, you’re looking at a scam.
There is no such thing as a Craigslist voicemail service. If a contact asks you to access or check your “Craigslist voicemails,” you’re dealing with a scammer.

2.) Deal locally.
The “barely used” couch that’s up for sale a couple of states over might be better-priced than the one being sold just a 10-minute drive away, but it’s always safer to deal with locals on Craigslist. According to the site’s advice on avoiding scams on their platform, you’ll avoid 99% of the scams on Craigslist by following this rule.

Keeping your transaction local will enable you to finalize a sale in person. Plus, there’s less of a chance of there being a language barrier blurring the details of the deal.

3.) Examine the product(s) before finalizing a sale.
Never rely solely on pictures to get the full scope on what you’re buying. Ask to look at the item in person. If you’re purchasing an electronic device or something else that needs to work in order to be valuable, ask to try it out as well.

4.) Don’t accept or send a cashier’s check, certified check or money order as payment.
Fraudulent checks can be impossible to fight. Also, a bad check can seem to clear on sight, so you’ll agree to the sale and use the money that’s supposedly in your account. A few days later, though, you’ll realize the check bounced. By that time, the buyer has vanished with your goods, leaving you responsible for covering the funds you used while presuming it cleared.

On the flip side, if you pay for an item with a money order or wire transfer, you’ll have no way of recouping your loss if the seller fails to come through with the goods.

5.) Use cash—safely.
The most secure way to pay or collect funds for a Craigslist transaction is with cold cash. If the idea of handing over a large sum of money to a stranger scares you, you can make the exchange of money and goods in a safe place like your local police station or even at Advantage One.

When accepting cash for a sale, bring along a counterfeit detector pen (which can be found at most office supply stores and online) to be certain you’re not getting scammed with bogus bills. These retail for as little as $5, but they can save you from big losses.

6.) Never share your personal information with a buyer or seller.
As always, when online, keep your personal information to yourself. There’s no reason a buyer or seller needs to know your checking account number, your date of birth or even your mother’s maiden name. If a contact is asking too many questions, back out of the deal.

7.) Be wary of fake escrow service sites.
Escrow services, in which a company holds onto a large sum of money for two parties in the middle of a transaction, can be super-convenient when buying and selling things online. However, they can also be a clever trap for unsuspecting victims. Scammers often create bogus escrow service sites to lure victims into dropping their money right into the scammers’ hands. The site will be a copycat of a reputable escrow service site, with some slight deviations you wouldn’t notice unless you looked for them.

When using an escrow service site, it’s best to find the site yourself instead of following a pop-up ad or a link. Check the site carefully for spelling mistakes and poor syntax. Also, make sure the URL is secure and matches the site of the service you intend to use.

8.) Create a disposable number.
When conducting business on Craigslist, you may need to share a working phone number. You can create a cost-free, disposable number on Google Voice instead of giving out your real number. Your Google Voice number will be untraceable and will expire within 30 days of non-use.

Your Turn:
Have you ever been targeted by a Craigslist scam? Share your experience with us in the comments.

SOURCES:

https://www.fraudguides.com/internet/craigslist/

https://www.craigslist.org/about/scams

https://www.thestreet.com/amp/personal-finance/craigslist-scams-14707309

https://www.efraudprevention.net/home/templates/?a=96

8 Ways To Spot A Job Scam

Young woman looks at a job sheet while verifying information on her smartphone.If you’re in the market for a new job, or you’re looking for extra part-time work, be careful. The Federal Trade Commission (FTC) is warning of a surge in employment scams of every kind. Victims might have their accounts emptied, their identities stolen, or they may even find themselves facing jail time for money laundering charges.

Protect yourself from employment scams by holding up any job you’re considering against this list of red flags:

1.) The job pays very well for easy work
If a job description offers a high hourly rate for non-skilled work with no experience necessary, you can assume it’s a scam. Legitimate companies will not overpay for work that anyone can do. Carefully read the wording of the job pitch. If the deal sounds too good to be true, it probably is.

2.) The job description is poorly written
Scrutinize every word of the job description. If it’s riddled with typos and spelling mistakes, you’re looking at a scam.

3.) They need to hire you NOW!
If a “business” claims the position needs to be immediately filled and they’re ready for you to start working today, assume it’s a scam. Most legitimate businesses will need time to process your application, properly interview you and determine if you are indeed a good fit.

4.) The business has no traceable street address or real online presence
If you’ve spotted a position on an online job board, your first step should be researching the company. Google the company name to see what the internet has to say about them. If you suspect a scam, search the name with words like “scam” and “fraud” in the search string. Look for a brick-and-mortar address, a phone number and a real online presence. If all you find are help-wanted ads and a P.O. Box, move on to better job leads.

5.) You need to share sensitive information just to apply
Does the “job application” you’re looking at seek sensitive details, like your Social Security number and/or a checking account number? Such information should not be necessary just to submit an application. You might even be innocently asked to share details you think are minor, like your date of birth, name of your hometown, first pet’s name or your mother’s maiden name. Of course, these are all keys to open up access to your passwords and/or PINs.

There’s no surer sign you’re dealing with crooks than being asked to share information that practically guarantees you’ll be scammed.

6.) You need to pay a steep fee to apply
Some legitimate companies charge a nominal application fee for hopeful employees. However, if the fee is absurdly high, or the company asks you to cash a check for them and then refund it, you’re being scammed.

7.) There’s no business email
Some job scammers will impersonate well-known companies to look authentic. For example, you might think you’re applying to an off-site job at Microsoft. You’ll be told to email your resume to JohnSmithMicrosoftHR@gmail.com. Your red flag here is the email address: The domain is generic. If the “recruiter” genuinely represented Microsoft, the email address would be something like JohnSmith@HR.Microsoft.com.

8.) The “recruiter” found your resume on a job board you never use
If the “recruiter” claims they’ve picked up your resume on a job board you don’t remember visiting, it’s not your memory failing you. Job-scammers often scrape victims’ personal details off the internet and then pretend to have received a resume. They’ll know you’re looking for a job, and they’ll know enough about you to convince you they’ve got your resume, but it’s all a scam. If someone contacts you about a position you’ve never applied for, or claims to have found your resume on a job board you’ve never visited, run the other way!

As always, practice caution when online. Keep your browser updated and strengthen the privacy settings on your social media accounts. When engaged in a public forum, don’t share information that can make you vulnerable, like your exact birthdate or employment history. Never wire money to people you don’t know well or agree to cash a stranger’s check in exchange for a commission. Above all, keep your guard up when online and use common sense: When in doubt, opt out!

Your Turn:
Have you been targeted by a job scam? Tell us about it in the comments, below!

SOURCES:
https://www.consumer.ftc.gov/features/scam-alerts

https://www.job-hunt.org/onlinejobsearchguide/job-search-scams.shtml

https://www.whatismybrowser.com/guides/how-to-be-safe-online/why-should-i-update-my-web-browser

Simple tips for protecting your parents from financial fraud

daughter helping elderly father check his account onlineAccording to the Federal Trade Commission, older adults are disproportionately affected by fraud.

Whether it’s a phony phone call, phishing scam, or mail fraud, seniors often become targets for scammers who perceive them as easy marks.

While you alone can’t put an end to this shady illegal activity, you can empower you parents with the knowledge to keep themselves—and their finances—safe.

Remind them about “stranger danger”
Your parents probably taught you the concept of “stranger danger” at an early age—and for good reason. Don’t interact with suspicious people. It’s an important lesson that’s relevant to adults as well as children.

If someone you don’t know asks for personal information, it’s probably a scam. Remind your parents to never give out credit card or account information, passwords, or social security numbers unless they can verify the identity of the person or business making the request.

Add their number to the Do Not Call List
When you add your phone number to the The National Do Not Call Registry, the government informs telemarketers not to call you.

Unfortunately, unscrupulous organizations and scammers ignore the registry and may continue to harass your parents, but they should see a reduction in unsolicited calls and text messages from those who abide by the law.

Give them a crash course in online literacy
If your senior parents use technology but aren’t completely familiar with how scams work online, they might not understand what to click and what to avoid.

Spend some time going over how to navigate the internet safely. Most importantly, explain email phishing. Emphasize that they should never click links in unsolicited emails from people or companies they don’t know.

If they use social networks like Facebook, warn them not to share anything too personal as scammers might use this information to impersonate friends or family members online.

Used with permission. © 2019 BALANCE. All rights reserved.

Tax Scams 2019

Each year, the IRS publishes the “Dirty Dozen,” a list of 12 scams that are rampant during that year’s tax season.

This year, the IRS is cautioning taxpayers to be extra vigilant because of a 60% increase in email phishing scams over the past year. This is particularly disheartening, since it comes on the heels of a steady decline in phishing scams over the previous three years.

Typically, an email phishing scam will appear to be from the IRS. Once the victim has opened the email, the scammer will use one of several methods to get at the victim’s personal information, including their financial data, tax details, usernames and passwords. They will then use this information to steal the victim’s identity, empty their accounts or file taxes in the victim’s name and then make off with their refund.

Scammers have several means for fooling victims into handing over their sensitive information. The most popular tax-related phishing scams include the following:

  • Tax transcript scams
    In these scams, victims are conned into opening emails appearing to be from the IRS with important information about their taxes. Unfortunately, these emails are bogus and contain malware.
  • Threatening emails
    Also appearing to be from the IRS, these phony emails will have subject lines like “IRS Important Notice” and will demand immediate payment for unpaid back taxes. When the victim clicks on the embedded link, their device will be infected with malware.
  • Refund rebound
    In this scam, a crook posing as an IRS agent will email a taxpayer and claim the taxpayer was erroneously awarded too large a tax refund. The scammer will demand the immediate return of some of the money via prepaid debit card or wire transfer. Of course, there was no mistake with the victim’s tax refund and any money the victim forwards will be used to line the scammer’s pockets.
  • Phony phone call
    In this highly prevalent scam, a caller spoofs the IRS’s toll-free number and calls a victim, claiming they owe thousands of dollars in back taxes. Those taxes, they are told, must be paid immediately under threat of arrest, deportation or driver’s-license suspension. Obviously, this too is a fraud and the victim is completely innocent.

If you’re targeted
When targeted by any scam, it’s crucial to not engage with the scammer. If your Caller ID announces that the IRS is on the phone, don’t pick up! Even answering the call to tell the scammer to get lost can be enough to mark you as an easy target for future scams. If you accidentally picked up the phone, hang up as quickly as possible.

Similarly, suspicious-looking emails about tax information should not be opened. Mark any bogus tax-related emails that land in your inbox as spam to keep the scammers from trying again.

If you’re targeted by a tax scam, report the incident to help the authorities crack down on these crooks. Forward suspicious tax-related emails to phishing@irs.gov. You can also alert the Federal Trade Commission at FTC.gov.

Protect yourself from tax scams
Stay one step ahead of scammers this tax season by being proactive. Protect yourself with these steps:

File early in the season so scammers have less time to steal your identity, file on your behalf and collect your refund.
Use the strongest security settings for your computer and update them whenever possible.
Use unique and strong passwords for your accounts and credit or debit cards.
Choose two-step authentication when conducting financial transactions online.

Remember, the IRS will never:
Call about taxes owed without having first sent you a bill via snail mail.
Call to demand immediate payment over the phone.
Threaten to have you arrested or deported for failing to pay your taxes.
Require you to use a specific payment method for your taxes.

Ask you to share sensitive information, like a debit card number or checking account number, over the phone.

Be alert and be careful this tax season and those scammers won’t stand a chance!

Your Turn:
Have you ever been targeted by a tax scam? Share your experience with us in the comments.

SOURCES:
https://clark.com/personal-finance-credit/taxes/beware-of-these-common-irs-scams/

https://www.google.com/amp/s/www.forbes.com/sites/kellyphillipserb/2018/12/04/irs-warns-on-surge-of-new-email-phishing-scams/amp/

https://www.businessinsider.com/irs-phone-scam-what-to-do-if-you-get-scam-call-2018-2

All You Need To Know About Facebook’s Latest Bug

Young black woman scrolling through an app on her smartphone in a cafeWith its wide range of features, easy-to-use interface and streamlined access, Facebook is the darling of the social media age. It helps people stay connected with family and friends, allows new relationships to blossom and creates a culture of community for new and established businesses alike.

However, in December, Facebook announced its internal team found a photo API bug in its platform which may have exposed the unshared photos of 6.8 million users. As the latest in a stream of publicized security issues, this breach has the public confused and worried about their privacy.

Read on for all you need to know about the recent Facebook bug.

What happened because of the photo bug?
According to Facebook’s policy, apps linked to Facebook are only allowed to access photos that users give them permission to view, such as those posted on their Facebook timeline. The recent bug, however, may have allowed third-party apps to access loads of other pictures without their user’s knowledge and permission.

An estimated 1,500 apps built by 876 developers were affected by the bug. All of these apps are approved by Facebook, and were authorized by users to access their photos.

The photos breached include those shared on Facebook Stories or Marketplace as well as photos that had been uploaded but weren’t yet posted on Facebook.

The bug was active from Sept. 13 to Sept. 25, 2018. Although, Facebook waited to come clean about the breach in mid-December, 2018.

What steps has Facebook taken to fix the bug?
Facebook fixed the bug as early as Sept. 25 and has openly apologized for the breach. They have promised to let app developers know which of their users have been affected by the bug so they can take steps on their own. Facebook has also claimed to be working on strengthening their platform’s privacy to prevent future photo leaks and security breaches.

When asked why the social media giant did not inform the public about the bug immediately, a Facebook representative told CNN Business, “We have been investigating the issue since it was discovered to try and understand its impact so that we could ensure we are contacting the right developers and people affected by the bug. It then took us some time to build a meaningful way to notify people, and get translations done.”

Despite the statement, the jury remains out on whether Facebook has really taken the responsible course of action after the bug was discovered.

What does the bug mean for impacted Facebook users?
Having your unshared photos posted on public forums can lead to a host of safety issues. Thankfully, no crimes have been linked to the photo leak to date, but crooks can use revealing photos to stage a home robbery or worse. For reasons such as this, it’s always best to use the strongest privacy settings on your social media platforms and to be super-careful about which apps you allow to access your photos.

To be extra careful and keep yourself safe in the event of security breaches like Facebook’s recent photo bug, never post pictures that are too revealing about your personal life and your financial situation.

How can I check if my photos were leaked?
Facebook has issued an official alert to all affected users with clear steps for protecting their photos. The alert directs users to a Help Center Page where they can check if they’ve used any apps affected by the bug and get instructions on how to proceed from there.

Facebook also advises users to log into any apps they use to share photos and check which ones are accessible. If you’re worried about an app’s privacy, log into Facebook’s Manage Your Apps page and contact the app developer directly to inquire about the accessibility of your photos.

Facebook’s latest security breach may have impacted millions of users, but with the proper reactive steps and an eye toward a more secure future, it can help the social media giant and all its users practice stronger security measures and protect their privacy against potential breaches.

Your Turn:
Have you been impacted by Facebook’s latest breach? Share your experience with us in the comments below.

SOURCES:
https://betanews.com/2018/12/16/facebook-photo-api-bug/

https://www.google.com/amp/s/amp.cnn.com/cnn/2018/12/14/tech/facebook-private-photos-exposed-bug/index.html

https://www.geek.com/tech/facebook-photo-bug-how-to-check-if-you-were-impacted-1766300/

https://www.google.com/amp/s/www.cnbc.com/amp/2018/12/14/facebook-bug-exposed-photos-from-up-to-6point8-million-users.html