Emerging Online Scams | New Tech Means New Scams and Security Risks

Identity thieves are continually on the look out for new methods to steal your identity.  It may be a new scheme using existing technology or the use of a new technology.  When cyber criminals get creative it means the rest of us need to get more vigilant about internet security.

Mostly, we need to pay closer attention. People tend to have their guard down when they are on a new app that couldn’t possibly be used as a scam.  Or could it?   For example, people a more prone to question a potential scam on Facebook, because these schemes are common and well documented.

Parents have also read many articles about the popular apps that kids are using, such as Snapchat, Kik Messenger, and WhatsApp.

Education is the first step to protect yourself, but as technology continues to advance there is never a time to stop learning.

Fitness Scams

When I first heard about fitness scams my first thought was, huh?  I couldn’t imagine what it was.  Perhaps it was about people being approached while someone was outside jogging or working out in a gym.

On the contrary, this scam happens through fitness apps.  We usually don’t think of a fitness app being related to social media.  But when people connect with other joggers, yoga partners, or weightlifters, they are now socially connected with these friends and colleagues

This is when cyber thieves begin to work their schemes to steal someone’s private data, glean money through a scam, or find out where a person lives.

Criminals also use a person’s passion for health and fitness to entice you with tried-and-true methods, like incredible offers via email or text. If you receive a text message that claims to have a drug for a cheap price that can make you lose weight immediately, you should not follow the link and purchase it, even if the deal appears to be too good to pass up.

Ways to Protect Yourself

Many fitness trackers will store users’ locations on their systems, and if this information gets into the wrong hands, it could be used for malicious purposes.  Keep your account secure with a good password and email/text authorization to ensure no one can attempt to log in without your knowledge.

And regarding the social media aspect of a fitness app.  If you are sharing your location or connecting with others through the app, scrutinize all communication.  If you receive a message on a legitimate fitness app from someone new or a friend, it does not mean the message is safe.  It could be a scammer attempting to build a fitness relationship with you learn personal information about you.

These fake relationships start innocently enough, but over time they will try to get personal information from you.  You also don’t know if a friends apps has been hacked and it’s a scammer contact you from their account.

Quishing: Malicious QR Code Scams

Just when you think you’ve seen it all, Quishing is like is Phishing (email scams), Smishing (SMS text scams), and Vishing (voice call scams).  QR codes are common but if you are not familiar them or have never scanned one, here’s how they work:

QR codes are a type of barcode that can be scanned using a smartphone camera. When scanned, the code opens a website, pdf, or other type of digital page.  If a malicious QR code gets scanned, it could lead to malware or a malicious website.

This QR code when scanned on your phone will take you to our website’s home page.  You can trust it’s safe because we created it.  Always be cautious of unsolicited emails with QR codes.  Before scanning a code, verify the legitimacy of the website or the email sender. QR codes are a legitimate method used for authentication purposes on your phone. 

Scanning a malicious QR code is the same as clicking a malicious email link or in a text message. It will either infect your computer or access personal information from you.

However, they can cause havoc if created by a hacker.  Check for red flags such as suspicious email addresses or requests for sensitive information.  But even an email address you know could be used to carry out the scam, such as a hacked email account of someone you know.  It may require you to talk to or text the person who sent for confirmation.

For an added layer of protection, consider using a trusted QR code scanner app instead of scanning with your camera phone.  These apps often scan for malicious URL’s and give warnings about potential dangers.

Scams Powered by AI

Thanks to new developments in artificial intelligence scammers are taking advantage.  This new technology is accessible to anyone for any purpose, good or bad.  Using AI allows users to make  presentations more realistic, even to those who are suspicious.

AI is used by scammers for:

• Writing:  AI can write emails and texts and track response rates of the message to increase effectiveness. Traditionally, one of the common traits of a scam message is misspelled words and grammatical error.  This can be eliminated using AI.

• Voice:  Be extra cautious of calls from friends or employers who ask for personal information.  AI can mimic a voice to be a certain age or have a specific accent. Scammers no long need to make these calls themselves, which opens up the scary prospect that AI could even have a conversation with you. Plus, it’s all automated like a robocall, but an intelligent one.

• Deepfakes: There is already plenty examples of AI creating deepfakes of celebrities for the purposes of advertising on social media or simply for entertainment.  Deepfakes add authenticity to offers that fool unsuspecting victims who are enticed by big savings or winning a contest.

AI can also produce deepfake photos used to create fake online profiles for romance scams. This is where scammers gain the trust of someone seeking a relationship online and later manipulate their victims to divulge personal information or steal from them.

Payment Apps

Banking fraud is common there has been much education about how to avoid divulging login details about your accounts. However, with the dawn of new payments apps it’s never been easier to send and received money to and from friends and family.  These convenience of not having to deal directly with your bank makes it easier for scammers to steal from you.

Spoofing calls may be made to you about security issues and requesting personal information regarding a payment app you may be using.  You may also receive links from your bank or payment app requested you to login to verify or correct information.  In any of these situations, be very suspect.

In general, one should always pay close attention to the apps they are downloading. Recently, Apple found an app in their store that was mimicking a reputable password manager app.

Cyber Gateways for Scammers

Are cybercriminals watching you or listening to your conversations? Many don’t think about Bluetooth and how it can affect your privacy and even computer security in the home. Hackers can access your devices and data if your Wi-Fi or Bluetooth settings are weak.  They can learn personal information about you to carry out targeted phishing attacks against you and your family members.

Bluetooth Security and Smart Devices

Fortunately, there are steps your can take to make sure your home is secure.  We’ll first explore Bluetooth vulnerabilities, followed by what you can do to increase awareness and safety.

Potential Bluetooth Vulnerabilities

Here are things you need to be aware of when it comes to smart devices.

Eavesdropping Attacks

Devices like Alexa and Google Home make our lives easier, but they can be hacked, and malware can be installed to listen in on your conversations.

Device Hacking

Smart appliances like washing machines and refrigerators rarely have their default passwords changed. These can be used as a means to infect every other device on the network.

BlueBorne

BlueBorne is a set of vulnerabilities that affect devices with Bluetooth connections, allowing attackers to potentially take control of devices, spread malware, or steal data without requiring the devices to be paired.

Bluetooth Sniffing

Bluetooth signals can sometimes be intercepted by nearby devices using specialized equipment, allowing attackers to eavesdrop on communications between devices.

Weak Encryption

Some Bluetooth devices may use weak encryption methods or have security flaws that make them susceptible to brute-force attacks. To protect against weak encryption vulnerabilities, use Bluetooth devices that support stronger encryption protocols, such as Bluetooth 4.2 or later, and keep your devices updated with the latest firmware.

Bluetooth Impersonation Attacks

Attackers may attempt to impersonate trusted Bluetooth devices to gain unauthorized access to your device or data. To prevent Bluetooth impersonation attacks, be cautious when connecting to unknown devices and verify the authenticity of Bluetooth devices before pairing with them.

Smart Doorbells

Cybercriminals use a search engine called Shodan for this purpose. Cybercriminals use a specialized IoT search engine to find unsecured devices or devices with only a default password in place.

Solutions to Enhance Bluetooth Security

Bluetooth Pairing:  Make sure to pair devices in a secure environment and verify the devices’ identities during pairing. Avoid pairing with unknown or untrusted devices. Use strong, unique passwords for Bluetooth pairing whenever possible.  Replace any default pin codes.

Separate Your Networks:   Your fridge and laptop should never be on the same network. If they are, hackers could gain access to your data on any device connected to your Wi-Fi. Even home surveillance cameras and become infected with malicious code to carry out cyber attacks.

More Tips for Bluetooth Set Up and Usage

• Avoid Using outdated Bluetooth devices.
• Keep your Bluetooth-enabled devices updated with the latest firmware and security patches.
• Disable Bluetooth when not in use, especially in public places.
• Consider using Bluetooth devices that support secure pairing methods, such as Bluetooth Low Energy (LE) Secure Connections.
• Regularly monitor your device for suspicious activity and review Bluetooth connection logs if available.
• Devices that are loaded with sensitive personal and business information should never be on the same network as IoT devices which are more vulnerable to attacks.

Smart TVs

IoT devices are a network of physical devices that connect and exchange data with each other over the internet. IoT stands for the Internet of Things.  Basically, anything connected to the internet.  One device that is often forgotten about is the Smart TV.  Because Smart TVs connect to the internet and are therefore considered an IoT device.

Though convenient, Smart TVs can be exposed to cyber threats similar to phones and laptops.  Cybercriminals who have hacked a Smart TV may change your privacy and security settings. They can even lock you out of your TV ask and as you for payment to unlock it.  This is called a ransomware attached.

Hacking into you TV can allow them to access private information, including your credit card details.  A hacked TV allows scammers can watch you and listen to you from your TV. And just like any security breach, they can send you targeted phishing attacks based on what they have learned about you.

Hacked TVs also become a gateway to access other devices that are connected to your home network.  Also, once inside your TV, cybercriminals can create malicious apps designed to look like legitimate ones.

Ways to Prevent Smart TV Hacks

• Make sure your software is up to date. Do it manually when you think of it and enable automatic updates for those times you forget.
• Use strong and unique passwords for account associated with the TV.
• If you can hard wire your connection, this is much safer than using Wi-Fi.
• If you wonder if you TV has been hacked because of strange activity, disconnect it from the internet and perform a factory reset.
• Be sure update other passwords across all other accounts and make them unique from each other, including your Smart TV

Cyber awareness about all the devices connected to the internet in home will help keep you accounts and devices safe.

Final Reminders

If any of your accounts are compromised in a breach you should change your password immediately.  The same goes if someone guessed your password and manages to log in.  After changing your password, take the steps offered within each of your accounts to enhance login security.

Never give our personal information over the phone until you are sure who you are speaking with.  Tell the caller you will call them back at the number you have in your contacts.  The same goes for links.  Don’t click a link in an email.  Visit your bank or employer’s website directly from one of your bookmarks or by searching Google.

Learn more about how scammers try to dupe you into clicking malicious links or responding to messages with personal information.  Give yourself a well-rounded education about common scams and remember to never stop discovering ways to protect your devices and your identity.