All You Need to Know About Checking Accounts

The most obvious things in life are often overlooked, and your checking account is just one of them. Most people hardly give a thought to this important account and how to best manage it effectively. We’re here to change that.

Here’s all you need to know about checking accounts:

What is a checking account? 

Your checking account at Advantage One Credit Union offers easy and convenient access to your funds. The minimum balance required for opening a checking account can be as low as $25. Like most financial institutions, we also allow an unlimited number of monthly withdrawals and deposits.

Checking accounts are designed to be used for everyday expenses. You can access the funds in your account via debit card, paper check, ATM or in-branch withdrawals, online transfer or through online bill payment.

Making transactions using the connected debit card, or through a linked online account, will automatically use the available balance in your account and lower the balance appropriately.

A paper check is also linked directly to your account, but will generally take up to two business days to clear. It’s important to ensure there are enough funds in your account to cover a purchase before paying with a check.

Maintenance fees 

Many banks charge a monthly maintenance fee for checking accounts.

According to Bankrate’s most recent survey on checking accounts, only 38% of banks now offer free checking, compared with 79% in 2009. Monthly fees can be as high as $25 a month.

Interest rates

Most checking accounts offer a very low Annual Percentage Yield (APY) on deposited funds, or none at all. Institutions that offer checking accounts with interest or dividends will generally charge a monthly fee, with the fee being higher for accounts that have higher rates. They also generally require a minimum balance in the account at all times or a minimum number of monthly debit card transactions. According to Bankrate’s survey, you’ll need to keep an average of $7,550 in an interest-yielding checking account at a bank to avoid a steep maintenance fee.

Security

Funds that are kept in a checking account at a bank are federally insured by the FDIC for up to $250,000. Credit unions feature similar protection for your funds, with all federal credit unions offering government protection through the National Credit Union Association. State and private credit unions may be insured by the NCUA as well, or through their own state or private insurance. Advantage One Credit Union is insured by the NCUA to offer you full and complete protection for your funds.

Managing your checking account 

Managing a checking account is as simple as 1-2-3:

1 – Know your balance

It’s important to know how much is in your account at all times. This way, you can avoid an overdrawn account, or having insufficient funds to cover your purchases. Being aware of how much money you have will also help you stick to a budget and spend within your means. You can generally check your balance by phone [or via online checking or a synced budgeting app].

2 – Automate your finances

Make life a little easier by setting up automatic bill payment through your checking account. You won’t miss the hassle of paying your monthly bills, and you’ll never be late for a payment again. As a bonus, you’ll save on the processing fee that is often charged on bill payments made via credit card.

You can also set up direct deposit to have your paycheck land right in your account.

Finally, ask us about automatic monthly transfers from your checking account to savings so you never forget to put money into savings.

[You may also want to consider signing up for overdraft protection, or to have funds transfer from your linked savings account to checking when your balance is getting low.]

3 – Keep your account well-funded, but not over-funded

Financial experts recommend keeping one to two months’ worth of living expenses in your checking account at all times. This way, you’ll always have enough funds to cover your transactions without fear of your account being overdrawn. You’ll also be able to cover the occasional pre-authorization hold that a merchant may place on your debit card transaction until it clears.

It’s equally important not to keep too much money in your checking account. Once you’ve reached that sweet spot of two months of living expenses, it’s best to keep your savings in an account or an investment that offers a higher APY, such as a money market account or a share certificate.

Checking accounts offer the ultimate in convenience and accessibility. Now that you’ve learned all about these often overlooked accounts, let this financial tool help you manage your finances in the most effective way possible.

Your Turn: How do you manage your checking account effectively? Share your best tips with us in the comments.

Learn More:
investopedia.com
discover.com
bankrate.com
thebalance.com
kiplinger.com

5 Steps to Take After Being Hacked

Uh oh — you’ve been hacked! Finding out someone has cracked open your accounts and helped themselves to your information can be alarming, but there are ways to mitigate the damage while jump-starting your recovery process.

Here are five steps to take after being hacked.

Step 1: Assess the damage

First, take a step back and determine how much damage was done. Unfortunately, one hacked password can often be the gateway to multiple hacked accounts and even complete identity theft. This is especially true if you use the same password for several accounts, or use the hacked account or device for password recovery on other accounts. So, first things first: Review your credit card and account statements for any suspicious activity.  Also, try accessing your email, social media accounts and mobile devices to see if they’ve been hacked.

Step 2: Change your passwords

Once you know which accounts and devices have been hacked, change the passwords and PINs on these accounts. For an added measure of protection, it’s a good idea to change the passwords on all of your accounts that may hold sensitive information. Remember to choose strong, unique passwords for every account. A strong password uses a combination of letters, numbers and symbols; varies the use of capital letters; and does not use a piece of personal information that can easily be scraped off the internet, such as your date of birth or home address. You may want to use a password service like LastPass  or  StickyPassword to make this step easier.

While completing this step, consider signing up for two-factor authentication for any accounts that do not already have it in place.

Step 3: Protect your credit

Now that you’ve blocked the hacker(s) from your accounts, it’s time for damage control.

First, dispute any fraudulent charges on your compromised account(s). If necessary, have the account(s) locked, or even shut and/or deleted.

Next, place a fraud alert on your credit reports. This serves as a red flag to potential lenders and creditors, making it more difficult for the scammer to open up additional lines of credit or to take out a loan in your name.

Consider a credit freeze as well. This blocks potential lenders from accessing your credit report, making it impossible for the hacker to open new credit accounts in your name.

Step 4: Alert the authorities

You can alert the Federal Trade Commission (FTC) about a possible or confirmed identity theft at identitytheft.gov.  You’ll also find a detailed recovery plan on the site to help you repair your credit and reclaim your identity.

Hacking is usually done remotely, but it’s still a good idea to let your local law enforcement agencies know about the breach. This way, they can be on the alert if the hacker decides to assume your identity and use your credit cards in stores near your hometown.

Also, if you haven’t already done so, don’t forget to let Advantage One Credit Union know what’s happened! Whether it’s a credit card that’s been stolen, a checking account that’s been breached or a social media account that’s been broken into, we’ll do all we can to protect your accounts. If you’ve been hacked, give us a call at 734-676-7000 to see how we can help.

Step 5: Proceed with caution

Once you’ve taken all necessary steps toward damage control and mitigation, you can start thinking about the future.

It’s important to keep a close eye on your accounts for the next month. Look out for any suspicious activity on all accounts, including charges you don’t recall making, large withdrawals of cash and even new loans being opened in your name. If you find any fraudulent activity, be sure to let the account holders know and to follow the steps suggested above.

If you’ve opted to go with a credit freeze, it will generally lapse after 90 days. If your accounts are determined to be safe, consider opening new lines of credit now to jump-start the recovery of your credit health.

If the hacker went all out and stole your identity, it’s best to follow the recovery plan outlined by the FTC . This plan may include replacing your Social Security number, driver’s license and more.

Getting hacked is never fun, but taking immediate and decisive action can help mitigate the damage, as well as speed up the recovery process.

Your Turn: How have you dealt with your accounts being hacked? Tell us about it in the comments.

Learn More:
allthingssecured.com
digitalguardian.com

8 Ways to Spot a Counterfeit Bill

The COVID-19 pandemic has brought with it a wave of scams, with no signs of slowing down. These scams are also producing a surge of counterfeit bills into circulation. Using cutting-edge technology, scammers create bills that look just like the real thing to the untrained eye. Unfortunately, once counterfeit bills are passed, their new owner can become liable for passing them on to someone else.

In an effort to combat the reach of counterfeit bills, the Secret Service and the U.S. Treasury have added several identifying features to legitimate dollar bills to help citizens and business owners determine whether they are authentic. Here are some signs that can tell you if a bill is the real thing:

A hologram of the face image on the bill: When held up to the light, the hologram on the bill should match the face on the front of the bill. Scammers will often bleach a lower denomination bill and try to pass it off as a bill of a higher denomination — but they can’t change the interior hologram. So, if the $100 bill is really a counterfeit bill created from a $5 one, holding the bill up to the light will reveal the face of Abraham Lincoln, and not Benjamin Franklin, who appears on authentic $100s.

A thin vertical strip of text spelling out the bill’s denomination: Holding the note up to the light will also display this sign of authenticity on genuine bills.

Color-shifting ink: All new-series bills, except for the $5 bill, were designed with this trick: If you tilt the bill back and forth, the numeral in the lower right hand corner will shift from green to black and back to green again.

Watermark: The watermark of the bill can be seen in an unprinted space to the right of the portrait when the bill is held up to the light.

Security thread: Also apparent when the bill is held up to light, the security thread is a thin strip running from the top of the face on the bill until its bottom. The security strip is positioned to the right of the portrait on $10 and $50 bills, and to the left of the portrait on $5s, $20s and $100s.

Ultraviolet glow: You’ll need an ultraviolet light for this to work, but it’s an instant reveal about the bill’s authenticity. When held up to an ultraviolet light, $5 bills glow blue, $10 bills glow orange, $20 bills glow green, $50 bills glow yellow, and $100 bills glow red.

Microprinting: For yet another sign of a bill’s authenticity, you can look for tiny microprinting on the bill’s security thread, which spells out its denomination in all-caps text.

Fine line printing patterns: Look for very fine lines behind the portrait and on the other side of the bill as well.

What to do if you’ve been passed a counterfeit bill

If a note you’ve been passed does not hold up to the authenticity test, and you believe it’s a counterfeit bill, the U.S. Treasury advises the following course of action:

  • Do not put yourself in a position of danger.
  • Do not return the bill to the passer.
  • If possible, delay the passer with an excuse.
  • Take note of the passer’s physical appearance and record their vehicle license plate if possible.
  • Contact your local police department or call your local Secret Service office.
  • Write your initials and date in the white border area of the suspected counterfeit note.
  • Do not handle the counterfeit note. Place it inside a protective cover, a plastic bag or an envelope until you can pass it on to an identified Secret Service Special agent. You can also mail it to your nearest Secret Service office.

Counterfeit cash can be harder to spot than you think. Don’t get stuck holding the bag! If you think you’ve been passed a counterfeit bill, and the note is missing the signs listed above, follow the advice of the U.S. Treasury to keep your hands clean.

Your Turn: Have you ever encountered a counterfeit bill? Tell us about it in the comments.

Learn More:
losspreventionmedia.com
mentalfloss.com
secretservice.gov
businessknowhow.com
wvnews.com

Beware of Relay Theft

car keys with fobKeyless entry is one of the most convenient features of newer cars. There’s no more fumbling for your keys when your arms are full of groceries or you’re toting a squirming toddler. Just press the “unlock” button to get inside and the “start” button to get the engine powered up, and your car will pick up the signals from your key fob.

Unfortunately, though, this user-friendly feature is also a favorite for car thieves. Security experts are warning of a relatively new scam centered on key fobs. In this scam, thieves use a simple device to pick up the signal from a vehicle’s key fob and use it to steal the car. What is very scary about this one is the fact that the fob can be safely hidden inside a car owner’s pocket or home while its signals are being hacked.

Here’s all you need to know about this scam and to learn how to protect your vehicle.

How it plays out

With keyless entry, the hotwiring car thief is a thing of the past.

The key fob scam, or “relay theft,” is frighteningly easy for people to pull off. Criminals purchase relay boxes, which are available on eBay and Amazon. They then use these devices to hijack the signal from a nearby key fob.

The boxes come in pairs, allowing the crooks to set up one box as close as possible to the probable location of the key fob, such as near a window or door to the car owner’s home. The second box is placed close to the car the criminal is trying to steal. The first box then reads the signal and “relays” it to the second box, tricking the car into registering the key fob as nearby. The thief can then unlock the car, start the engine and make off with the vehicle while the owner is oblivious to what is happening.

Keeping your key fob safe

Thankfully, protecting your key fob signals from being hacked is easy. All you need is a little metal.

You can achieve this protection by securely wrapping your key fob in a small piece of aluminum foil. The foil will block the electromagnetic signals of the fob, making it impossible for a relay box to pick them up. A foil-wrapped key may look strange, but the key fob can be safely kept in a pocket when you’re out, and inside a kitchen drawer when you’re home, so no one has to know about it.

You can also choose to invest in a specially designed Faraday bag to keep your car safe. Retailing on Amazon for just a few dollars, these metal-lined pouches will block your fob’s signals from being read. There are also metal-lined key wallets on the market that serve the same purpose.

It’s best to test out the effectiveness of your signal blocker before using it for the long term. Wrap your key fob in foil or place it inside your Faraday bag or metal-lined wallet, stick it in your pocket and sit in the driver’s seat of your car. Try to start the vehicle. The car should not be able to detect the key fob. If it revs up as usual, the blocker is ineffective.

Protecting your car

If you’d rather not bother with foil and Faraday bags, you can also go the old-fashioned route and protect the car itself from possible theft.

One way to achieve this protection is through a steering-wheel lock. These locks work with actual keys that can’t be hacked. You won’t have a completely keyless entry and startup any longer, but it’s a small price to pay for the protection of your car. If a car thief hacks your key fob’s signal and starts the engine of your car, they won’t be able to drive off. The sight of the lock on your steering wheel can also serve as a deterrent for would-be thieves.

  • You can also protect your car from relay theft by keeping it out of sight and parking it in a garage.
  • If you own a pricier vehicle, it can also be worthwhile to invest in a security system.
  • Don’t let those scammers get your car! Take the precautions necessary to keep your key fob and your car safe from relay theft.

Your Turn:
Do you own a car with “keyless entry”? How do you protect it from relay theft? Tell us about it in the comments.

Learn More:
homemaking.com
abcnews.go.com

 

Your Smart TV May be Spying on You

Person sitting on couch in front of smart TV while on thier cellphoneIf one of your Christmas presents was a smart TV, or you splurged on one for yourself on Black Friday, you might be living with an in-house spy. The FBI is warning that smart TVs, which allow customers to stream their favorite shows through apps like Netflix and Hulu, can easily be hacked and used for spying. You can be sitting and binge-watching your favorite sitcom, or hollering at the screen as your team fumbles toward another devastating defeat, and all the while a stranger’s eyes are on you and the happenings in your house.

Before you start to panic or rush to toss that brand-new TV into the trash, we have shared all you need to know about this frightening new hack.

How is this hack carried out?
Lots of smart TV models are fitted with webcams and microphones. This allows the TVs to offer all kinds of super-cool features, from facial recognition that can be used to recommend favorite shows and settings to 41-inch screen video-chatting with faraway friends and families. The FBI is warning, though, that hackers are using these add-ons for nefarious reasons.

In the best-case scenario, the TV manufacturer and app developers can hack the TV’s webcam and use it to remotely change your channels, play with your settings or even stream inappropriate videos. Obviously, this can be unsettling and even frightening, but there’s no lasting damage.

In the worst-case scenario, though, cyber-criminals can hack their way into accessing these cameras and microphones, turn them on at will, and then spy on unknowing victims. By gaining access to the cameras, hackers can turn them on whenever they please, even if your TV is off at the time. Creepiness aside, this stalking can grant a hacker access to your computer’s router and lead to all sorts of unhappy endings, including identity theft, kidnapping and more.

“Beyond the risk that your TV manufacturer and app developers may be listening [to] and watching you, that television can also be a gateway for hackers to come into your home,” the FBI announced in a report. “A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router.”

Is there anything I can do about this hack?
The FBI advises consumers to research the model of their smart TV and to familiarize themselves with the control features and camera settings.

“Do a basic Internet search with your model number and the words ‘microphone,’ ‘camera,’ and ‘privacy,’ ” said the FBI.

If possible, consumers should change the device’s default security settings and passwords. This will enable them to turn off the camera and microphone unless they are actually using them, and will serve as a deterrent for cyber-criminals seeking to control the TV from a remote location.

If you’re still spooked by the FBI’s warnings and you want to take stronger measures to protect yourself against spying, you can simply secure a piece of black tape over the camera to keep out any prying eyes.

Another important step to take for keeping hackers out of your smart TV is to always install software updates offered by the manufacturer. Keeping your device updated will afford you the strongest current protection against vulnerabilities and weaknesses.

“Generally, customers who keep their devices up to date won’t have too much to worry about,” says Matt Tait, cybersecurity expert and former analyst at GCHQ, the British signals intelligence service. “But for people who are particularly worried, or who don’t want the new ‘smart’ features, there is a simple solution to keep hackers out: unplug the device from your network.”

Our world is now smarter than ever, but along with the conveniences of an interconnected, digitized world come a whole slew of risks and vulnerabilities. Keep yourself safe by employing basic protective measures, keeping your devices updated and staying informed about the latest scams and hacks.

Your Turn:
Do you own a smart TV? What measures have you taken to protect yourself from this scare? Tell us about it in the comments.

Learn More:
cnn.com
foxnews.com
thehill.com

All You Need to Know About Data Breaches

hands on a computer keyboard with security lock icons superimposedIf you follow the news, you’ll note that there seems to be another major data breach monopolizing headlines every week. The details vary, but in each breach, thousands, millions or even billions of victims’ sensitive information is compromised, and they’re now vulnerable to identity theft unless they take immediate action.

Here at Advantage One Credit Union, your financial success and safety is our primary goal. To help keep your information and your finances secure, we’ve compiled a comprehensive guide on data breaches.

What is a data breach?
Data breaches occur when sensitive information is accessed or used without authorization. Factors like a wealth of online data and sophisticated hacking tools have spurred a steep increase in data breaches in recent years, causing tremendous damage to individual consumers and businesses across every industry.

Data breaches occur by exploiting vulnerabilities in a company’s security system. Alternatively, an employee can be tricked into giving a cyber-criminal access to the company’s network.

The goal of most data breaches is to obtain personal information, like names, email addresses and passwords, as well as financial information, like credit card numbers and account details. This information is used by criminals to steal identities and empty accounts, or sold to other criminals who will then do so.

While major data breaches make headlines, according to the Identity Theft Resource Center, there is an average of three data breaches each day, most of which will never even make the news.

After a data breach
Whenever you hear about a major data breach that can possibly affect you, it’s best to monitor your accounts for suspicious activity. In most cases, you will be notified by the victimized company if your data has been compromised; however, it helps to keep an eye on your accounts even if you haven’t been contacted so you can minimize your loss by acting quickly if your are among the unfortunate victims.

If you’ve been victimized by a breach
If you’ve been informed your information is compromised by a data breach, take the following steps immediately:

  1. Freeze your credit
    Placing a freeze on your credit is the most crucial step you can take to stop scammers from getting at your information. A credit freeze will not bring down your credit score, but it will serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. This added layer of protection will make it difficult, or impossible, for hackers to open a new credit line or loan in your name.

    You can freeze your credit at no cost at all three of the major credit bureaus, Equifax, Transunion and Experian. You’ll need to provide some basic information and you’ll receive a PIN for the freeze. Use this number to lift the freeze when you believe it is safe to do so.

  2. Change your passwords
    Most people are on the alert following a major data breach, but they tend to let their guard down once the heat is off and things calm down. Hackers know this, and they’ll often hold onto victims’ information immediately following a data breach and then sell it months down the line to other identity thieves. To protect your accounts from a delayed-reaction hack, change all of your passwords after a breach that possibly has affected you.
  3. File an identity theft report
    Unfortunately, these protective measures can sometimes be too little, too late. If your accounts have been compromised, and you believe your identity has been stolen, file an identity theft report with the Federal Trade Commission (FTC) as soon as possible. This will assist the feds in tracking down your hacker(s) and returning your finances to their usual state as quickly as possible.

Protecting your information
There’s no fool-proof way to protect yourself from a data breach, but following these simple steps can help keep your information as safe as possible:

Monitor your credit.
Check your credit accounts for suspicious activity on a regular basis. You can request a free credit report from each of the three major credit bureaus once a year at AnnualCreditReport.com. You may also want to consider signing up for credit monitoring, a service that will cost you $10-30 a month for the promise of notifying you immediately about any suspicious activity on your accounts.

Use strong, unique passwords.
Use a different password for each account, and choose codes that are at least eight characters long. Also, use a variety of numbers, letters and symbols. Vary your capitalization use as well, and don’t utilize any portion of your name, phone number or a common phrase as your password. Using a password manager like Dashlane or iPassword can also help keep your information safe. It’s also a good idea to choose two-factor authentication when possible, and non-password authentication, such as face recognition or fingerprint sign-in, for stronger protection.

Browse safely.
Never share sensitive information online and always keep your security and spam settings at their strongest levels. Make sure your devices are fully updated at all times. It’s also a good idea to keep your social media accounts as private as possible.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
How do you protect yourself from data breaches? Share your tips with us in the comments.

Learn More:
forbes.com
malwarebytes.com
searchsecurity
experian.com

All You Need To Know About The Capital One Data Breach

Capital One bank Hq buildingIn late July, Capital One Bank announced that 106 million of its card holders had their data compromised in a massive breach that stretched over four months. Among the victims, 140,000 customers had their Social Security numbers swiped and approximately 80,000 had their linked checking account numbers stolen. No credit card numbers were reported to have been lifted in the breach.

The company fixed the vulnerability immediately and promised to alert all victims of the breach about their compromised data. The alleged hacker has been apprehended and steps are being taken to ensure a breach of this magnitude doesn’t happen again.
The Capital One issue was hardly the first of its kind to hit the news in recent years. Factors like online data and sophisticated hacking tools have spawned a wave of data breaches that have hit all kinds of businesses and service providers, from police departments to eateries, major retailers and online search engines.

In light of the multiple and wide-reaching data breaches over the past few years, experts recommend that everyone, even those who are not Capital One credit card holders, take the following 5 steps to protect their information from hackers:

Freeze your credit – Placing a freeze on your credit is the first and most crucial step you can take to stop scammers from making use of your information. A credit freeze will not affect your credit score, but does serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. Consequently, hackers will not be able to open a new line of credit or apply for a loan in your name.
You can now freeze your credit at no cost at all three of the major credit bureaus, Equifax, TransUnion and Experian. You’ll need to provide some basic information, including your date of birth and your Social Security number. You’ll receive a PIN for the freeze that will need to be used for lifting the freeze should the need arise.

Enable two-factor authentication – If you haven’t already, change all of your logins to two-factor (also called “multi-factor”) authentication. Whenever possible, choose a non-password authentication, like face recognition or thumbprint sign-in. This will provide an extra layer of protection against hackers and scammers trying to access your account.
Sign up for credit monitoring – Capital One is offering free credit monitoring for all victims of the data breach. You can find out more about this offer and general information about the Capital One data breach here.

Even if you’re not a Capital One card holder, you might want to consider signing up for credit monitoring to prevent being a victim of a data breach in the future. The service will immediately notify you about any suspicious activity on your accounts so you can stop potential hackers in their tracks. Credit monitoring will run you $10-$30 a month, but you’ll have the security of knowing that the company is on the lookout for any signs of trouble with your credit.

Use strong, unique passwords – Always choose strong passwords for all your accounts and use different passwords for each login. Your passwords should be at least eight characters long, and use a variety of numbers, letters and symbols. Vary your capitalization use as well, and never use your name, phone number or a common phrase as your password.

If you’ve been using your current passwords for a while, consider changing them up now. You can make this task easier by using a password aggregator like LastPass or Sticky Password.

Strengthen your security and spam settings – Never answer emails asking you to share sensitive data, even when they appear to be from legitimate companies. Make sure your devices are fully updated, and keep your spam settings on their strongest levels. It’s also a good idea to keep your social media accounts as private as possible to keep scammers from finding out personal details about your life which they can use to crack open your passwords.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
Have you been affected by the Capital One breach? Tell us about it in the comments.

Learn More:
cbsnews.com

usatoday.com

upi.com

capitalone.com

What’s Up With WhatsApp?

WhatsApp Logo on green backgroundA cybersecurity breach in Facebook’s WhatsApp app last month left users vulnerable to spyware attacks via voice calls. An undetermined number of the 1.5 billion users of the popular messaging app may have had malicious spyware installed on their devices.

Let’s take a closer look at the security breach and the steps you can take to protect yourself, both now and in the future.

What happened?
Security breaches are old news in the app world, but a breach of extremely high magnitude and reach is something new and fairly frightening. The fact that the breach hit WhatsApp is especially alarming. WhatsApp utilizes strong encryption for both voice and text messaging and is used as a communication platform for government and security officials around the world.

Here’s how it went down:
A government-grade intelligence collection tool was employed to target WhatsApp users via voice calls. The spyware has been endowed with the ability to seize control of the affected smartphones and to access any private information stored on the device.

The spyware utilized in the attack was allegedly created by the NSO Group, an Israeli cyber surveillance company that has developed this advanced technology for the express purpose of allowing government agencies to infiltrate terrorist groups and to fight crime. Unfortunately, when the spyware fell into the wrong hands, it helped scammers pull off one of the greatest cybersecurity breaches of all time.

The Financial Times reported that the WhatsApp breach was made possible because of a loophole in the app’s code that allowed hackers to transmit spyware onto smartphones by calling targets through the app. The malicious code could be injected into the device whether the user picked up the call or ignored it.

According to WhatsApp, the cyber breach was first discovered in early May and had been used to target an undisclosed number of WhatsApp users. The Facebook-owned messaging company claimed it briefed human rights organizations about the breach and also asked U.S. law enforcement agencies to assist it in conducting an investigation. When WhatsApp had more definite information, it notified the public about the breach.

Who was affected?
It doesn’t matter what kind of phone you have; the security vulnerability affects both iPhone and Android devices. The good news is that not every version of WhatsApp was affected. To check whether the version you have on your phone was part of those impacted by the breach, check out Facebook’s official advisory confirming the vulnerability, which outlines which versions were affected.

The messaging giant has not confirmed a specific number of targeted victims. Rather, it has only shared that a “select number of users were targeted through this vulnerability by an advanced cyber actor.”

What do I need to do now?
Since the vulnerability that caused the breach lies in the makeup of the app and not in an unsafe or negligent practice in the hands of a user, there is no way you could have prevented your device from being affected. However, now that the facts are on the table, you can take the recommended steps to keep your device safe from this vulnerability.

Since the breach was discovered, WhatsApp engineers have been working hard to close the app’s security vulnerability. The company has started installing a fix to servers and to private customers. It has also created an updated, safer version of the app that it has urged all users to employ on their devices as soon as possible.

Here’s a quick guide for updating your WhatsApp.

  • For iPhone users: Open the App Store, choose updates, select WhatsApp and then click Update.
  • For Android users: Open the Play Store, click the three lines in the upper left-hand corner, choose My Apps & Games, select WhatsApp and then hit Update.

If you haven’t yet updated your device, do it now. It only takes a few seconds of your time to make sure your WhatsApp is operating at its safest level.

You never know when those scammers are going to hit next. Practice safe measures by always using the latest version of any application or operating system, keeping yourself in the know about recent security breaches and never sharing sensitive information online.

Stay safe!

Your Turn:
How do you keep yourself safe from security breaches? Share your tips with us in the comments.

SOURCES:

https://www.iol.co.za/news/south-africa/gauteng/consumerwatch-what-you-should-know-about-whatsapp-breach-23607175

https://www.people.com/human-interest/whatsapp-security-breach-update-app/amp/

https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/amp/

8 Ways To Spot A Home Improvement Scam

feet sticking down through sheetrock ceiling, electrical light box hangingIt’s home improvement season! Contractors of all kinds, from painters to builders, electricians, roofers and more, are hard at work sprucing up homes across the country.

If you’re hiring anyone to make improvements on your home, be alert! Home improvement scams are more common than you may think. And they can be difficult to spot. According to the Better Business Bureau (BBB), home improvement scams in 2017 cost Americans more than $600,000 in losses. A contractor can con a homeowner in a number of ways, from doing sloppy work that requires more repair down the line to leaving a job unfinished, or even making off with their pay and doing no work at all.

Don’t let this happen to you! Read on for 8 ways to spot a home improvement scam:

  1. The contractor insists on being paid up front
    While most contractors will ask for a deposit toward their final fee when you hire them, be wary of any contractor who demands you pay more than a third of the total fee up front. This is likely a scammer who is trying to cover their bases in case of shoddy work or even a no-show.
  2. The contractor refuses to supply references
    Never hire a contractor without speaking to someone who’s used their services in the past. The Federal Trade Commission (FTC) advises homeowners to ask past customers detailed questions about a contractor’s work, including the projected and actual project timeline, as well as final cost. If a contractor is in the middle of another job, ask if you can check out their work yourself. If a contractor refuses to furnish names and contact information of previous clients, it may be best to seek a new option.
  3. There’s negative information about the contractor on the BBB site
    Before hiring any small business you’ve never used, it’s a good idea to check them out on the Better Business Bureau (BBB) website. Once there, you can read reviews and ratings and see if any complaints have been filed against the company.
  4. The contractor demands payment in cash
    The FTC recommends paying contractors with a check or credit card so you can contest the charges if something goes wrong. Cash leaves no trail and makes it easy for a scammer to walk away from a job without doing much (or any) work at all.
  5. The contractor will do the work for an insanely cheap price
    Don’t get conned by a contractor who severely underbids all competitors. You might get lucky and find someone who is just starting out and can still do great work, or you might be dealing with someone who will cut every corner and end up costing you more than you thought you were saving. If you’re offered a bid that is a lot lower than the going price for the work, ask a lot of questions. If you only get evasive answers, look elsewhere.
  6. They show up at your door … uninvited
    The smiling contractor at your door claiming to have recently done work in your neighborhood just happened to notice your home can use some repairs, too. They suggest you hire them to do it for you–all for a great price, of course. Don’t fall for every house call. There’s a small chance you’re looking at a rookie contractor just starting to build a referral base, but it is far more likely that your uninvited visitor is a scammer who will do sloppy work, leave the job half-finished or disappear with your money. If the contractor does seem legit, look them up on the BBB site and ask for references before hiring.
  7. The contractor refuses to put anything in writing
    Never hire anyone to do work on your home without a written contract. The BBB advises homeowners to include as many details as possible in the contract, such as payment terms, a definitive date for the start and completion of the project, warranty information and a clear description of the job.
  8. They try to avoid permits
    A contractor who tries to convince you there’s no need to pull permits is one who wants to avoid the authorities at all costs. You’re likely dealing with an unlicensed worker or who will cut corners wherever possible. The lack of proper permits can also cause you problems down the line when you try to sell your home.

Don’t get ripped off by a scammer! Do your homework well before hiring any contractors this (or any) season. It’s one surefire way to ensure your home improvement project goes smoothly and without unpleasant surprises.

Your Turn:
Have you been targeted by a home improvement scam? Share your experience with us in the comments.

SOURCES:

https://www.aarp.org/money/scams-fraud/info-2019/home-improvement.html

https://www.experian.com/blogs/ask-experian/the-ultimate-list-of-the-years-worst-scams/

https://www.thespruce.com/common-home-improvement-scams-4163354

8 Ways To Avoid Getting Scammed On Craigslist

woman visibly upset and closing eyes while on the phoneThe arrival of spring and the deep house cleaning it inspires means more people are putting their old furniture, devices, sports equipment and clothing up for sale. That’s why the amount of items like these on sites like Craigslist swells considerably during this season. If you have the time and patience to sift through the offerings, there are wonderful treasures to be found. Conversely, if your own spring cleaning unveils hordes of sellable stuff you don’t use anymore, you can make good money selling them online.

Unfortunately, though, when there’s money to be made, the scammers are never far behind. Craigslist is riddled with scammers looking to make a quick buck off people’s naivety. Stay one step ahead of scammers and keep your money safe by following these eight tips when using Craigslist.

1.) Be familiar with Craigslist and the services it offers
Lots of Craigslist scams can be avoided by knowing basic information about the site. Before using Craigslist, make sure you know the following:

The Craigslist URL is http://www.craigslist.org. Scammers often use fake sites to lure buyers into paying for items that don’t exist. Always check the URL before finalizing a purchase.
Craigslist does not back any transaction on its site. If you receive an email or text trying to sell you purchase protection, you’re looking at a scam.
There is no such thing as a Craigslist voicemail service. If a contact asks you to access or check your “Craigslist voicemails,” you’re dealing with a scammer.

2.) Deal locally.
The “barely used” couch that’s up for sale a couple of states over might be better-priced than the one being sold just a 10-minute drive away, but it’s always safer to deal with locals on Craigslist. According to the site’s advice on avoiding scams on their platform, you’ll avoid 99% of the scams on Craigslist by following this rule.

Keeping your transaction local will enable you to finalize a sale in person. Plus, there’s less of a chance of there being a language barrier blurring the details of the deal.

3.) Examine the product(s) before finalizing a sale.
Never rely solely on pictures to get the full scope on what you’re buying. Ask to look at the item in person. If you’re purchasing an electronic device or something else that needs to work in order to be valuable, ask to try it out as well.

4.) Don’t accept or send a cashier’s check, certified check or money order as payment.
Fraudulent checks can be impossible to fight. Also, a bad check can seem to clear on sight, so you’ll agree to the sale and use the money that’s supposedly in your account. A few days later, though, you’ll realize the check bounced. By that time, the buyer has vanished with your goods, leaving you responsible for covering the funds you used while presuming it cleared.

On the flip side, if you pay for an item with a money order or wire transfer, you’ll have no way of recouping your loss if the seller fails to come through with the goods.

5.) Use cash—safely.
The most secure way to pay or collect funds for a Craigslist transaction is with cold cash. If the idea of handing over a large sum of money to a stranger scares you, you can make the exchange of money and goods in a safe place like your local police station or even at Advantage One.

When accepting cash for a sale, bring along a counterfeit detector pen (which can be found at most office supply stores and online) to be certain you’re not getting scammed with bogus bills. These retail for as little as $5, but they can save you from big losses.

6.) Never share your personal information with a buyer or seller.
As always, when online, keep your personal information to yourself. There’s no reason a buyer or seller needs to know your checking account number, your date of birth or even your mother’s maiden name. If a contact is asking too many questions, back out of the deal.

7.) Be wary of fake escrow service sites.
Escrow services, in which a company holds onto a large sum of money for two parties in the middle of a transaction, can be super-convenient when buying and selling things online. However, they can also be a clever trap for unsuspecting victims. Scammers often create bogus escrow service sites to lure victims into dropping their money right into the scammers’ hands. The site will be a copycat of a reputable escrow service site, with some slight deviations you wouldn’t notice unless you looked for them.

When using an escrow service site, it’s best to find the site yourself instead of following a pop-up ad or a link. Check the site carefully for spelling mistakes and poor syntax. Also, make sure the URL is secure and matches the site of the service you intend to use.

8.) Create a disposable number.
When conducting business on Craigslist, you may need to share a working phone number. You can create a cost-free, disposable number on Google Voice instead of giving out your real number. Your Google Voice number will be untraceable and will expire within 30 days of non-use.

Your Turn:
Have you ever been targeted by a Craigslist scam? Share your experience with us in the comments.

SOURCES:

https://www.fraudguides.com/internet/craigslist/

https://www.craigslist.org/about/scams

https://www.thestreet.com/amp/personal-finance/craigslist-scams-14707309

https://www.efraudprevention.net/home/templates/?a=96