Category: Internet Security

Common Scams (Common Sense Prevention) – Part 2

Common Sense for Common Scams - Part 2

Welcome to Part 2 in our series of scams to be aware of. With a bit of knowledge and some common sense,  you can be equipped to protect your identity, your devices, and your bank account.  I’m sure scammers sleep, but their schemes and systems set in motion that attempt to infiltrate cyber security forces, do not.

Some scams are carried out in person with a live scammer on the phone. Or, they may be on the other side of a text.  However, many scams are spam emails, spam texts, robocalls, fake websites, malware and virus attachments.  Some even involve mail fraud.   The list of of old and new scams seem endless but before you panic, take a deep breath.

There are simple things you can learn that apply common sense to prevent you from being fooled.  So, let’s get into it shall we?

Imposter Scams

Imposter scams, also known as impersonation scams, are scams involving cybercriminals who are pretending to be someone, or something, they are not. The most commonly reported impersonation that scammers will utilize is that of a government official.  Other examples are a scammer posting as someone you work with or trust, such as a bank, technology company, or a relative.

Signs of an imposter scams is a sense of urgency to act now to avoid of being arrested, threats of account deactivation, or additional fees being charged. Threatening language and requesting payment in obscure ways, such as with a gift card, are also common signs of an imposter scam.

Artificial intelligence (AI) is also being used to make these scams more authentic by cloning voices or creating deepfake videos.

Wrong Number Text Scams

Receiving unsolicited phone calls from unknown numbers has been common for years.  Recently, text messages from unknown numbers or entities are on the rise. Often, the messages appear to be mistakenly sent. Many people may text back with “wrong number”, but this will only verify your number to scammers. Never respond to these messages or you will begin to receive more of them.

Unsuspecting receivers of these messages who beginning communicated with the scammer will eventually receive a malicious link after trust is gained. Never click any link sent to you in a text unless you verify that you are in fact speaking to someone you know. Confirm with them if they sent you the link.

Scammers may send messages for days or weeks before doing anything suspicious.  When you receive these messages, check for blocking or reporting options on your mobile phone.

Deepfake Scams

These types of scams are also known as synthetic media or an imposter scam. A deepfake is a type of artificial intelligence that uses machine learning algorithms to manipulate images, audio or videos.  You may receive an email from your friend or boss, followed up by a phone call where the scammer has used AI to mimic their voice. Video is often used on social media to give credibility to an offer in an advertisement.

To help spot a video deepfake, experts recommend looking for irregular blinking and eye motion, inconsistent lip synching, flickering around the edges of the subject, and odd-looking teeth.

To help spot an audio deepfake, experts recommend listening for irregular high and low pitches within the audio, lack of background noise, and awkward pauses.

Mail-in Scams

Most people may not think of a scam coming in your mailbox.  We are so used to junk mail that much of it is thrown away.  But just like phishing through an email, scammers send out bulk mail in hopes of catching someone who is not paying close attention. It may be a fake bill stating that you are behind in your mortgage, or a fake utility bill requesting payment on a fake website or by mailing payment directly.

Fraudulent mail may also come as handwritten notes from a scammer pretending to be a friend.  Think of all the ways phishing emails you receive. These can just as easily come in the form of junk male.   A scam known as the “Hard Luck Story” takes the form of a scammer impersonating a friend or stranger needing assistance, but this letter is really coming from a scammer.

Social Media Phishing Attaches

Most of us feel comfortable on social media.  After all, it’s where we connect with friends and family. There is also the potential to make new friends in community groups.  The more relaxed we are in the social media environment, the easiest it is for cybercriminals to scam us.

These scams are dangerous for both an individual and an organization. The takeover of a business or brand’s social media account by cybercriminals can have devastating consequences.

Many social media phishing attacks begin with cybercriminals gathering publicly available information.  They will use this to fool you into clicking a link or forwarding a message to all your friends.

How to Protect Yourself:

Use the privacy controls on personal and business social media accounts to keep personal information out of public view.  Including your location, full name, and lists of connections.

Take from the SLAM Method (used to inspect possible phishing emails) and adapt it to social media.

SLAM stands for Sender, Links, Attachments, and Message.

For social media, do the following for each of the SLAM Method points:

Sender: Don’t accept message requests from outside of your known circle of friends or connections.  Don’t accept friend requests from anyone you don’t know.

Links:  Do not click on any links in social media posts, profiles or messages unless you can see the full URL and be certain that the site is legitimate.

Attachments: Never download or open attachments from social media posts, profiles or messages.

Message:  Look carefully at the body of any social media message or post that you are interacting with. If it feels off, contains misspellings, off grammar or even uncharacteristic emojis, you might be looking at a phishing attempt.  Be wary of messages that push you to take some urgent action or another.

Visual Spoofing

Visual spoofing is an action performed by a cybercriminal to disguise a website or email.  Domain spoofing can also occur when a website is made to look like a legitimate website. Link in emails can also be cleverly disguised to catch you off guard.  Looking closely at the URL will reveal that there are additional characters in the domain that seem to fit at first glance.

Scammers may also use different characters from other languages or accents over letters in the domain name. Something as simple as using the capital letter O instead of the number 0 can fool people.

Scammers don’t stop there.  If you happen to end up on one of the scam websites, it may be copied from the original website to look real, including the design and products listed.

Be cautious of all links. It’s always better to access any website directly instead of clicking a link.  Look for fake logos, poor website design or spelling errors.  Keep your browser up to date allowing for automatic updates for all software and operating systems on your devices.

Pig Butchering Scam

This sounds like a weird name for a scam.  In pig butchering scams, the scammer first builds trust through a new business relationship or friendship.  It can happen through email or text.  So, just like a farmer fattens up a pig before it’s time to send it to the butcher, the scammer is prepared their victim to eventually give them money.

Typically, they use the lure of guaranteed quick profits from cryptocurrency investments to convince the victim to invest.  If you find yourself in this situation, conversations may go on for weeks or months until your defenses are totally down and you won’t think twice about investing or helping your new friend.

Be cautious of “wrong number” text scams, which may be a ploy to start a friendly conversation and eventually launch the scam.

Wrapping Things Up

There will never be a shortage of scams to write about.  As technology grows and changes, someone somewhere in the world is thinking about a new year to use it for malicious purposes.  However, we hope you have seen a common theme of how some basic tips, combined with common sense, can help to be ready to take a second look when something strange comes to you in an email, a text, or app.

Learn more about Scams – Part 1.

Share This Article

Common Scams to Be Aware Of and Prepare For – Part 1

Common Scams to Be Aware Of and Prepare For

So many scams, too little time to stay ahead of them all. Cyber criminals are not nice people, but they certainly are creative; always thinking of new ways to scam you. Scammers are opportunists working in multiple areas at the same time. Their motivation is money. They will either access your personal information and sell it to others or easily steal your money outright.

You may not know about every scam that’s on the internet or offline in the real world. But there are common ways of how you can be aware of and prepared for all potential scams. That doesn’t mean you shouldn’t try to learn about old and new scams.

Common Scams to Be on the Look Out For

In Part 1 of our series on common scams and new scams that are ever emerging, you will notice a persistent theme of how you can be prepared. Even if a brand-new scheme designed to fool you rears it’s ugly head for the first time, there are consistent things you can do to protect yourself.

Charity Scams

Types of charity scams include:

Crowd Sourcing Scams:  Don’t take for granted that all is legit. Scrutinize the validity of the crowding funding request.

Post Tragedy Scams:  When a tragedy strikes, scammers will sometimes spoof the website or create a site that closely resembles the site of a legitimate donation site.

Firefighter, Police and Military Scams:  These scammers will often use familiar or local organizations to build trust and take people off guard.   Some will directly target military veterans and their families.

Warning Signs of Charity Scams:

  1. Requests for cash, money wire, or gift card donations can be a red flag. Use a credit card instead.
  2. Non-tax deductible donations are a red flag that a charity may not be legitimate.
  3. Pressure Tactics: Real charities will never use a hard sell or pressure tactics to solicit a donation.
  4. Fake information: Charitable donation websites almost always end with .org and domains will always start with https:// not http:// without the “s”.

Fake Charity Scams:

Beware of fake charities based related to common world issues, such as what happened during the pandemic. Scammers prey on the emotions of people who want to help those in need of disaster relief, such as during war or refugees fleeing their country for safety or a better life.  Charity and disaster fraud often increases during the holiday season.

Cybercriminals will also call people thanking them for a previous donation, a donation which may have not been made. Veteran fraud and disaster fraud are often the premise used for fake charity scams.

Marketplace Scams

There are two categories within marketplace scams.

Non-Payment Scam:   In a non-payment scam, cybercriminals will use a phony screenshot of a completed cash transfer to trick a victim into shipping an item.

Non-Delivery Scams:  Scammers trick victims into paying for goods and services that are never delivered.  They offer prices that are almost too good to be true.

Non-delivery scams advertise popular items and services at deeply discounted prices and ask for payment using gift cards or cash payment through a payment app. Marketplace scams come in many forms so always be cautious.

Prevention Tips:

  1. Know your marketplace:  When shopping online, do so on trusted sources with secure processing and payment policies that protect consumers.
  2. Use a credit card:  Credit card companies have systems and policies in place to protect against a fraud.
  3. Stay on the platform you are shopping on:  Scammers will try to bait their victims into leaving the marketplace platform for messaging and payment.

Display Name Scams

Display name spoofing occurs when the cybercriminal manipulates the sender’s display name or makes the display name look like an email address.  Seeing a legitimate display name deceives you into believing that it’s from a trusted email source.

If a sender looks familiar, but the message makes unusual requests, it is best to contact the person or company directly through another method of contact.

Delivery Scams

Types include:

Pet Delivery Scams: These are fake ads where payment is required upfront.

  • Protect yourself asking to see the pet in person before you pay.

Fake Delivery Notifications:  Here, scammers mimic big name online shopping or shipping companies in their delivery scam messages. They claim there is a problem with the delivery of your package, or you need to confirm something has been delivered.

  • Be cautious of clicking on links or downloading attachments.  Never enter personal information when requested. Verify the tracking number and status of a delivery through the companies’ official website. 

Non-Delivery Scams:  An example of a non-delivery scam in this training involves making a purchase online, but never receiving the order or confirmation details of the purchase.  Only make purchases on reputable websites.

  • When you do make an order, follow up immediately if you don’t receive a confirmation of your order. Check the address on the website and phone number. 

If you are unable to make contact and your credit card was charged by a non-delivery scammer, you should call your credit card company and consider deactivating the card.

Transportation Scams

Scammers will make phone calls or send messages via text or email claiming that your flight has been delayed or cancelled. Messages will likely include links that offer a refund for the flight or an opportunity to rebook for a small fee.  Airlines will never ask for a fee to rebook. Contact your airline directly on their website or call them to enquire about the status of your flight.

Cyberthieves also set up fake websites or send messages offering deals on rental cars as well. Always verify the URL and company phone number before booking. In your unsure, going to directly to the official website is always better than clicking a link.

Learn the dangers of freight scams.  Be on the look out for gifts and rewards being offered by transportation companies. Tread carefully and do your research before jumping on a deal that may be a scam created to steal your information or your money.

Conclusion

Most scams come to us when we have our guard down. They prey on our emotions by using fear filled headlines or threats of potential loss of accounts or hard-earned dollars. It’s not uncommon to receive an email, phone call, or text that is related to something we have already done.

You may be expecting a package that you ordered a few days earlier. You may have booked a flight.  Maybe you happen to be needing of a product or service. That fact that relevant messages come to us are simply a coincidence. When you receive a text or email out of the blue, always ask the question; “Is this real? Or is it a scam?”

Some scams also encourage users to download malicious apps in order to receive a reward or discount. This does not prey on our fear, but entices a natural human desire for personal gain. Be cautious of all app downloads in every situation.

In one second you could infect your devices with malware to give away personal login information. However, it only takes a few seconds more to carefully review the message to verify it’s legit. When in doubt, go to Google and search for the company. Visit their website directly. Or, login to trusted websites directly at the source from a personal bookmark, not though an email link.

If an email or text message lines up with a legitimate notice about a login verification or purchase you just made, it’s still a good idea to only click the link after you’ve double checked that it’s not going you to a different site.  This can be done by hovering over the link to see the destination.

Continue to educate yourself on how to spot scams, while being mindful that exercising caution is your first best step to protecting yourself.   Be prepared by thinking twice before you click or react to any message or phone call. Take a breath and take the time to do a bit of research. I will save you a world of trouble.

Continue your education, read about common scams – part-2.

Share This Article

Emerging Online Scams | New Tech Means New Scams to Beware Of

Emerging Online Scams to Beware Of

Identity thieves are continually on the look out for new methods to steal your identity.  It may be a new scheme using existing technology or the use of a new technology.  When cyber criminals get creative it means the rest of us need to get more vigilant about internet security.

Mostly, we need to pay closer attention. People tend to have their guard down when they are on a new app that couldn’t possibly be used as a scam.  Or could it?   For example, people a more prone to question a potential scam on Facebook, because these schemes are common and well documented.

Parents have also read many articles about the popular apps that kids are using, such as Snapchat, Kik Messenger, and WhatsApp.

Education is the first step to protect yourself, but as technology continues to advance there is never a time to stop learning.

Fitness Scams

When I first heard about fitness scams my first thought was, huh?  I couldn’t imagine what it was.  Perhaps it was about people being approached while someone was outside jogging or working out in a gym.

On the contrary, this scam happens through fitness apps.  We usually don’t think of a fitness app being related to social media.  But when people connect with other joggers, yoga partners, or weightlifters, they are now socially connected with these friends and colleagues

This is when cyber thieves begin to work their schemes to steal someone’s private data, glean money through a scam, or find out where a person lives.

Criminals also use a person’s passion for health and fitness to entice you with tried-and-true methods, like incredible offers via email or text. If you receive a text message that claims to have a drug for a cheap price that can make you lose weight immediately, you should not follow the link and purchase it, even if the deal appears to be too good to pass up.

Ways to Protect Yourself

Many fitness trackers will store users’ locations on their systems, and if this information gets into the wrong hands, it could be used for malicious purposes.  Keep your account secure with a good password and email/text authorization to ensure no one can attempt to log in without your knowledge.

And regarding the social media aspect of a fitness app.  If you are sharing your location or connecting with others through the app, scrutinize all communication.  If you receive a message on a legitimate fitness app from someone new or a friend, it does not mean the message is safe.  It could be a scammer attempting to build a fitness relationship with you learn personal information about you.

These fake relationships start innocently enough, but over time they will try to get personal information from you.  You also don’t know if a friends apps has been hacked and it’s a scammer contact you from their account.

Quishing: Malicious QR Code Scams

Just when you think you’ve seen it all, Quishing is like is Phishing (email scams), Smishing (SMS text scams), and Vishing (voice call scams).  QR codes are common but if you are not familiar them or have never scanned one, here’s how they work:

QR codes are a type of barcode that can be scanned using a smartphone camera. When scanned, the code opens a website, pdf, or other type of digital page.  If a malicious QR code gets scanned, it could lead to malware or a malicious website.

Safe Search Kids QR CodeThis QR code when scanned on your phone will take you to our website’s home page.  You can trust it’s safe because we created it.  Always be cautious of unsolicited emails with QR codes.  Before scanning a code, verify the legitimacy of the website or the email sender. QR codes are a legitimate method used for authentication purposes on your phone. 

Scanning a malicious QR code is the same as clicking a malicious email link or in a text message. It will either infect your computer or access personal information from you.

However, they can cause havoc if created by a hacker.  Check for red flags such as suspicious email addresses or requests for sensitive information.  But even an email address you know could be used to carry out the scam, such as a hacked email account of someone you know.  It may require you to talk to or text the person who sent for confirmation.

For an added layer of protection, consider using a trusted QR code scanner app instead of scanning with your camera phone.  These apps often scan for malicious URL’s and give warnings about potential dangers.

Scams Powered by AI

Thanks to new developments in artificial intelligence scammers are taking advantage.  This new technology is accessible to anyone for any purpose, good or bad.  Using AI allows users to make  presentations more realistic, even to those who are suspicious.

AI is used by scammers for:

  • Writing:  AI can write emails and texts and track response rates of the message to increase effectiveness. Traditionally, one of the common traits of a scam message is misspelled words and grammatical error.  This can be eliminated using AI.
  • Voice:  Be extra cautious of calls from friends or employers who ask for personal information.  AI can mimic a voice to be a certain age or have a specific accent. Scammers no long need to make these calls themselves, which opens up the scary prospect that AI could even have a conversation with you. Plus, it’s all automated like a robocall, but an intelligent one.
  • Deepfakes: There is already plenty examples of AI creating deepfakes of celebrities for the purposes of advertising on social media or simply for entertainment.  Deepfakes add authenticity to offers that fool unsuspecting victims who are enticed by big savings or winning a contest.

AI can also produce deepfake photos used to create fake online profiles for romance scams. This is where scammers gain the trust of someone seeking a relationship online and later manipulate their victims to divulge personal information or steal from them.

Payment Apps

Banking fraud is common there has been much education about how to avoid divulging login details about your accounts. However, with the dawn of new payments apps it’s never been easier to send and received money to and from friends and family.  These convenience of not having to deal directly with your bank makes it easier for scammers to steal from you.

Spoofing calls may be made to you about security issues and requesting personal information regarding a payment app you may be using.  You may also receive links from your bank or payment app requested you to login to verify or correct information.  In any of these situations, be very suspect.

In general, one should always pay close attention to the apps they are downloading. Recently, Apple found an app in their store that was mimicking a reputable password manager app.

Final Tips

Never give our personal information over the phone until you are sure who you are speaking with.  Tell the caller you will call them back at the number you have in your contacts.  The same goes for links.  Don’t click a link in an email.  Visit your bank or employer’s website directly from one of your bookmarks or by searching Google.

If any of your accounts are compromised in a breach you should change your password immediately.  The same goes if someone guessed your password and manages to log in.  After changing your password, take the steps offered within each of your accounts to enhance login security.

Learn more about how scammers try to dupe you into clicking malicious links or responding to messages with personal information.  Give yourself a well-rounded education about common scams and remember to never stop discovering ways to protect your devices and your identity.

Learn about Phishing, Vishing, and SMishing.
How to report email phishing.

Share This Article

Can Apps Track Your Location?

Can Apps Track Your Location?

Many apps use location to work properly, from mapping and rideshare to food delivery and weather apps. These apps rely on the user’s location to offer a satisfying user experience and function. Android and iOS have built-in security features that let you know when an app requests to use location.

Some apps, such as Google Maps, also use location in the background to run their services, which utilizes user location to provide traffic data.

With all these features and countless apps using GPS, it’s normal to wonder if apps can track your location. In this article, we’ll give an answer to this question and help you find out if an app is using your location, as well as how to prevent apps you don’t want from using such features on your phone.

Is It Possible for an App to Track Location?

Yes. Apps can track location through geolocation services on your phone. However, you’ll need to allow the app to use location services on your phone. Unless you give the app the green light (typically when you use the app for the first time), your phone won’t let the app use the location.

Although it’s unlikely for an app to use location services to track where you are specifically, it can happen. If you received a suspicious text message about your location after downloading an app, a reverse phone number lookup can reveal the sender’s true identity.

How Do Apps Use Location?

If an app requires location to work appropriately, you’ll be prompted with a notification as to whether or not to allow the app to use location. This prompt typically appears when the app tries to use geolocation services for the first time and saves your preference afterward.

You’ll typically have two options when allowing an app to use location services. You can permit the app to use location all the time or only when the app is in use. The first option gives the app access to your location even when the app isn’t in use. The second means the app can only use the location when it’s on.

Depending on what services the app offers, you may need to update these preferences. For example, a messaging app providing your live location to another user relies on geolocation services continuously to provide precise location when your phone is locked.

How to Check If an App Is Tracking Your Location?

Checking whether an app is using your phone’s location features is the easiest way to know if an app is tracking your location. Below, you’ll find how to check this on Apple and Android devices.

iOS

  1. Go to Settings.
  2. Tap Privacy & Security.
  3. Select Location Services and select the app you want to check.

Once you select the app you want to check, you’ll know if the app has permission to use location services. If you’d like the app not to use your location, you can do it by selecting Never in the settings.

If you don’t want any app to use location services on your iPhone, you can also turn off location services altogether in the Privacy & Security settings.

Android

The exact steps to check if an app is tracking your location on Android vary due to phone brands using different variations of the operating system.

Generally, you’ll need to go to Settings > Apps & Notifications > select the app you want to check > Permissions > Location.

Following the above, you’ll see which apps are using location and update your preferences. Additionally, you can turn off location using the Quick Settings menu by swiping down from the top of the screen. Simply bring up this menu and tap the location icon to turn off location services for all apps.

Staying Safe While Using Devices With GPS

Staying Safe While Using Devices With GPS

Most apps rely on-location services to offer a better user experience. The apps downloaded from an official store are unlikely to use your location for something malicious.

However, the same can’t be said for apps downloaded from the internet. Fraudsters and hackers deliberately offer free versions of apps and run different types of schemes in the background to steal your data.

Installing these apps can put you at risk for more than just revealing your current location. It can go as far as stealing your identity and credit card information. Only download apps from the App Store and Play Store to stay safe.

Share This Article
Google Safe Search Explore the Safe Search Engine - Google for Kids