New Trends in Cyber Scams

New Trends in Cyber Scams


Photo credit: iStock/BrianAJackson

According to the cyber security company, Symantec – known for their Norton and LifeLock products – cyber criminals reached “new levels of ambition” last year.

Below are some key highlights of their 2017 Internet Security Threat Report.

Email
Deemed “the weapon of choice,” one in 131 emails sent in 2016 contained a malware-laden link or attachment – the highest rate in five years. Malicious email is “a proven attack channel,” reports Symantec. “It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.” Burgeoning trends in what awaits in your inbox:

  • Spear-phishing attacks aimed to defraud specific people rather than more widely distributed generic messages. Often disguised as routine correspondence such as invoices or delivery notifications, one spear-phishing campaign – spoofed emails instructing targets to reset Gmail account passwords – provided access to Hillary Clinton’s campaign chairman John Podesta’s account and resulted in hacked emails revealed by WikiLeaks during the 2016 presidential election.
  • Business email compromise (BEC) scams, which rely on carefully composed spear-phishing emails that target more than 400 companies each day, scamming more than $3 billion over the last three years.
  • A growing proportion of spam – roughly 53 percent of all emails sent – now contains malware.

Ransomware
Often initiated by email, ransomware attacks increased 36 percent worldwide in 2016 to seize control of personal computers and institution-wide networks, encrypting hostage files to make them inaccessible until a ransom is paid for their release. Termed by Symantec as “the most dangerous cyber crime threat facing consumers and businesses in 2016,” the company identified 101 new “ransomware families” last year – tripling previous numbers.

Another three-fold increase: The demanded ransom amount – an average of $1,077 per victim compared to just $294 in 2015. The U.S. is the most targeted and lucrative market, says Symantec, with 64 percent of American victims willing to pay a ransom to regain their files, compared to 34 percent globally.

Data Breaches
Although the total number of data breaches decreased last year – 1,209 compared to 1,211 in 2015 and 1,523 in 2014 – they now have a bigger impact. Symantec says that last year, some 1.1 billion identities were exposed, an average of 927,000 per attack; that’s twice the 2015 rates on both counts. In 2016, there were 15 individual breaches in which more than 10 million identities were exposed, up from 13 in 2015.

“Smart Home” Devices
With weak factory-issued default passwords that are rarely changed (or can’t be), smartphone app-controlled household devices including thermostats, security cameras, door locks, sprinkler systems and even coffee makers are a worrisome new frontier in computer crimes. Such Internet of Things (IoT) gizmos are already in millions of Americans homes, with predictions that some 50 billion devices will be employed by decade’s end.

Already, millions IoT devices have been hacked, typically enlisted as soldiers in a botnet army that, last October, temporarily knocked offline top websites including Amazon, PayPal, Netflix and Twitter. Some experts suspect this was a test attack to gauge (and prove) their vulnerabilities.

Most often hacked are IoT devices with these passwords, so if you can change them, do so ASAP: “Admin” and “root” lead the list in attempts to log in to the Symantec honeypot (a security technique used to attract swindlers and learn their practices), followed by “123456,” “12345,” “password,” “1234,” “admin123,” “test,” and “abc123.” The default password for the Ubiquiti brand of routers – “ubnt” – was also in the top 10, reinforcing the wisdom of having a unique (and strong) password for your home router as well as each smart home device.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 

 



Source link

Most Likely to Be Scammed? Not Seniors, but Millennials

Most Likely to Be Scammed? Not Seniors, but Millennials


Gray-haired folk have long held “most scammed” status, but it may be time to pass on that unfortunate legacy. While the retirement-aged are targeted most often, increasing data shows that it’s millennials — our children and grandchildren ages 18 to 35 — who are most likely to lose money to fraudsters. Consider these recent findings:

Phone scams. About 1 in 10 American adults lost an estimated $9.5 billon to phone scams last year. Leading the pack were millennial men between ages 18 and 34, who were three times more likely to be victimized than the overall population, reports mobile communications company Truecaller, which offers a spam-blocking phone app. Its Harris-conducted survey of 2,000 adults finds that 33 percent of male mills report losing money to phone scammers; that compares to just 3 percent of males between ages 55 and 64 and 1 percent of men 65 and older. Meanwhile, some 11 percent of female millennials got duped, four times the rate of women 55 and older.

IRS imposter scams. Among the scariest and most successful phone scams: calls from self-described IRS agents threatening arrest, property seizure or deportation. Although millennials are less likely than Gen Xers (born between 1965 and 1984) or boomers (born 1946 to 1964) to receive tax scam calls, they are six times more likely to reveal credit card and Social Security numbers and other sensitive information, finds another just-released survey of 1,000 adults. Roughly 17 percent of millennials confessed that they had forked over ID theft-worthy details to mystery callers who could cite the last four digits of their Social Security number (as tax scammers often do), compared to only 3 percent of Gen Xers and 2 percent of boomers.

Job scams. Overall, about 1 in 6 job seekers have been scammed while searching for work online, and the highest gotcha rate is among that generation considered the most tech-savvy — millennials. In a 2015 survey of 2,600 American adults, job-search website FlexJobs finds that 20 percent of millennial job seekers got scammed, compared to 13 percent of those in their 60s.

Tech support scams. Millennials, especially men between 18 and 35, are the most often targeted and leading scammer-paying victims tricked by phony pop-up ads or alerts warning of a crippling computer virus. The top danger zone to snag most-duped male mills in these tech support scams: porn websites.

Everyday fraud. In its own research of more than 2,000 adults last year, the Better Business Bureau finds that some 30 percent of those between ages 25 and 34 lost money to scammers; it’s only single digits among those 55 and older.

What explains these trends? As experts continue to study the “whys,” the leading theories:

  1. We’re better prepared. Older is wiser — at least when it comes to recognizing that we’re vulnerable to scams. And heeding news, advice and warnings by AARP’s Fraud Watch Network and others, we are better able to spot scams and act accordingly. Tracking some 30,000 consumers targeted in different schemes, the BBB finds that nearly 9 in 10 seniors recognized the scam in time, with only 11 percent reporting they lost money. Millennials, meanwhile, lose money three times more often, likely being duped because they are clueless or could care less about educating themselves to prevent scams.
  2. Millennials think they’re invulnerable. Ask mills to describe the typical scam victim and their usual reply: an elderly, naive woman with less income and education. (The reality is younger college graduates have the highest gotcha rates.) While scam-savvy oldsters know that anyone is vulnerable, some researchers believe that millennials are most likely to have an “invulnerability illusion” — the belief that other people are more vulnerable than themselves. That mindset leads to more impulsive decision-making.
  3. They overuse and overtrust technology. Raised with the internet and cellphones, the average millennial, studies say, spends about 18 hours per day using some type of digital media. Because they are so familiar and comfortable with technology, defenses (and common sense radar) can take a back seat. Compared with other age groups, millennials are more likely to be careless with their tech — such as not using passwords to lock computers and cellphones and accessing financial accounts and doing online shopping on risky public Wi-Fi.
  4. They overshare. Tweets about breakfast. Selfies over lunch. Millennials love to share their lives online with who-knows-who, and that often includes details best kept private — names, birth dates, likes and dislikes, and other personal information that could be used for identity theft and scam-targeting sucker lists. Promise them a prize or other “tangible benefits,” and the majority of millennials willingly share their personal information with even unrecognized online askers. And guess which age group, says online security firm Norton, most likely willy-nilly shares their computer and cellphone passwords? No surprise (again): those between 18 and 34.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Photo: iStock/Zinkevych

Also of Interest

 

See the AARP home page for deals, savings tips, trivia and more.



Source link

Virginia County Explores How Technology Can Help Aging Population

Virginia County Explores How Technology Can Help Aging Population


It’s clear that a majority of people want to remain independent as they age and now technology can help them do so. As a Northern Virginia resident and an employee of AARP, I was drawn to a recent local event titled “Can Technology Help Older Arlingtonians Age Independently?”

The event was the fourth installment of Arlington County’s Digital Destiny campaign which seeks to explore the impact of the Digital Revolution on defined aspects of life for the county and its residents.

This session featured Arlington county employees, local residents and aging experts discussing tech trends likely to have the greatest impact on older Americans.

Speakers included:

  • Amy Doherty, Chief Information Officer and AARP
  • Brittany Weinberg, Director of Community Engagement,Aging2.0

 

Doherty discussed three emerging trends and how they can apply to aging independently:

  1. Leveraging virtual reality to make the aging experience real to people of all ages.
  2. Investigating ways that robotics can aid in caregiving and social isolation.
  3. How artificial intelligence could strengthen programs like the Fraud Watch Network that provide citizens with information on how to avoid scams.

 

Brittany Weinberg, the Director of Community Engagement, Aging2.0. explained how people-centered-design, including voice recognition and gesture controls, is improving the technology experience for people of a variety of ages and is helping to solve issues related to caregiving and social isolation. She also noted that the prevalence of sensors within the home helps enable people to age independently and live in their homes for as long as possible.

After each speaker presented, the audience was charged to brainstorm ways they thought technology could make their lives easier.

The ideas presented included:

  • Programs that enable schools to give back to the 50+ community by allowing children to tutor older adults
  • Programs like Cyber Seniors and AARP TEK were mentioned as existing resources to help educate adults about technology.
  • Libraries were mentioned as good resources and as go-to sites for downloading digital books, taking classes and accessing educational videos via Lynda.
  • The group also encouraged tech companies to design for all ages and accessibility



Source link

Mother’s Day Scams: Top Tricks to Dupe You (and Mom)

Mother’s Day Scams: Top Tricks to Dupe You (and Mom)


To that most special woman in our lives we eagerly pay tribute on Mother’s Day. And for next Sunday’s tributes, we’ll pay a record-breaking $23.6 billion – a $2 billion uptick over last year and some $9 billion more than spent on Father’s Day.

The coming days are prime time for crooks to cash in on the mother of all spring celebrations. Beware of these common Mother’s Day cons (and expect a slight tweaking in similar scams for upcoming Dad’s Day and graduations):

Floral fleecing. At least $2 billion is spent on Mother’s Day flowers. Scammers angle for their cut by posing as online florists and in emails, online ads and social media, they promise bargain-priced bouquets, “free” vouchers and overly generous coupons. Don’t be fooled: Most lead to scammer-run websites to collect (your and Mom’s) personal information and your credit card account. Some also deliver malware.

Find reputable local florists (close to Mom) through word-of-mouth or via directories from Teleflora and FTD. Online, look for proof the website is secure – including an “https” opening on pages that require personal and financial information. When calling, ask about tack-on charges and get insist on guaranteed refunds for missed or late delivery or if flowers come in poor condition.

Other gift grift. The latest Mother’s Day gift scam making the rounds on Facebook alleges to be a $50 coupon from Lowe’s. If Mom’s wish list leans more toward jewelry, designer clothing or the like, the same flower-wise rules apply: Those insanely discounted online deals for brand-name bounty often lead to copycat websites that capitalize on high-priced and respected names, but sell cheap counterfeits…if anything at all. Like phony florists, many are also fraudster-run fronts phishing for personal and financial information.

To spot trouble before it can happen, very carefully read website addresses before visiting – and especially before “buying” there. Look for extra or missing letters (like www.tiffanny.com) or even punctuation (such as www.tiffanyco.mn, a now-defunct website previously exposed by Scam Alert whose .mn ending meant it was a Mongolia-registered website). Before clicking, hover your computer mouse over the link to see its “real” address; avoid those that wildly deviate from the legit company name. If that doesn’t work, copy-and-paste the link into a Word document, then right-click on the pasted link and select “Edit Hyperlink” from the menu for a pop-up window that should display, in the “Address” field, the web address to which the link directs. When buying jewelry in-store, know what you’re buying with this advice from the FTC and how to spot fake appraisals.

Greetings gotchas. Fake notifications for electronic greeting cards are a common way to spread malware to the computers of mothers (and others) so scammers get remote access to files, passwords and online financial accounts. Scammers trick their prey with emails that promise an awaiting greeting card, usually from a bogus “sender” with a supposed title like “webmaster@hallmark.com” or touting a generic heading such as “Happy Mother’s Day from Your Loving Son/Daughter.” But even if a specific name is used (namely, yours), it could have been gleaned from online directories or social media.

So, instruct would-be recipients to not open greeting cards via links in emails. Legitimate notices will include a confirmation code that should be entered at the card company’s website, such as Hallmark or American Greetings, for malware-free viewing. If there’s no waiting for you, the email Mom got was sent by a scammer.

Courier cons. Another way to spread malware: Bogus shipping emails claiming to be from retailers or services such as FedEx, UPS or the U.S. Postal Service that claim a supposed scheduled delivery, tracking update, or shipment snafu – with a link promising details. Unless you or recipients already provided the courier with an email address, assume these as scams. If you signed up for tracking updates, expect them to be in text form, not with links promising details.

Also beware of mailed postcards about “undeliverable” packages. Although less used because of required postage, they’re sometimes an attempt to get you to make an expensive overseas phone call – most commonly used area codes include 809, 876 and 284 – or to reveal personal and financial information. And if someone shows up at Mom’s doorstep with a package and request for payment, no matter how small, know this ruse: The deliveryman claims he can’t accept cash – only a credit card, and it’s a scheme that can run up unauthorized charges on the provided plastic. Besides, what self-respecting offspring would send Mom a gift by cash on delivery (COD)?

Gift card scams. Whenever choosing that most requested present of all – gift cards – choose wisely: In-store, thieves can remove gift cards from end-cap racks, copy codes with portable scanners or pen and paper, and then dial toll-free numbers listed on gift cards to learn when those cards were activated and their value for online spending or to cloned cards for in-store use. The safer move: Purchase gift cards directly from a store cashier, customer service counter or the company’s website. And make sure the cashier scans and activates the card in your presence and that you get a receipt in case there’s a problem.

Online, buy directly from websites of retailers, restaurants or Groupon, or through gift-card exchanges such as GiftCardGranny.com, Cardpool.com and Raise.com, which buy unused cards at a discount of their face value and resell them at a profit but at a still-reduced price. Avoid low-ball offers on Craigslist or auction websites like eBay, where buyers may purchase already-redeemed gift cards or pay for cards that are never delivered.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.



Source link

Fear by Phone: High Anxiety for You, High Profits for Scammers

Fear by Phone: High Anxiety for You, High Profits for Scammers


The telephone is a scammer’s best weapon, used in 77 percent of money-netting schemes, reports the government’s latest scam-tracking data. The best ammo: Fear, and here’s how it bangs best for the biggest bucks:

“Official” intimidation. The most profitable and most-played schemes have fraudsters posing from a government agency – Medicare, the Social Security Administration, FBI, local police and, of course, the IRS. (Until busted last year, one India-based ring of IRS imposters was netting $150,000 per day preying on retirees and other Americans.)  These self-described G-men threaten dire consequences – lost benefits, impending arrest and hefty fines – for supposed (even minor) offenses unless a fine is immediately paid and/or ID theft-worthy personal information is “verified.”

Why hang up: If there’s really an issue, government agencies will contact you by U.S. mail – not phone. Arrests aren’t pre-announced. Tax-supported agencies do not demand, or may even accept, scammer-requested payments such as prepaid debit and iTunes cards.

“Friendly” fraud. Along with emotions, the fear factor climbs with scare tactics made by those you supposedly know and trust: Grandchildren claiming trouble while traveling (which nets some imposters $10,000 per day) or in a recent resurgence, subject to a telephoned virtual kidnapping. Online sweethearts with a sudden overseas emergency that requires financial help. Your bank, credit card or utility company, supposedly warning of account problems and lost service.

Why hang up: So you can verify the claim and contact your loved one or institution before providing money or information to those just claiming to be. Scammers can glean call-convincing information like relatives’ names from social media and online directories.

Robocalls. The messages are terrifying in many of 2.4 billion robocalls made each day: You are being sued. You can fall and die without that “free” medical alert device. You are overpaying interest on your plastic. You need quick action to avoid these and other problems.

Why hang up: Notice what isn’t mentioned in these robocalls? Your name. Autodialers are programmed to blast millions of prerecorded calls per day; until recipients respond, fraudsters typically have no idea of who gets their robocalls, or if dialed numbers are active. So don’t say anything after “Hello” or push any key, not even to supposedly “opt out” of future calls; that only alerts callers that your number is live. Meanwhile, the Federal Communications Commission recently proposed new rules, expected to take effect in coming months, to allow phone companies to block robocallers that “spoof” Caller ID numbers to conceal their actual area codes and identities or make them appear as to belong to a trusted entity.

Debt collectors. Generating more complaints than any category – including identity theft – debt collectors often try to scare targets into paying a debt…whether legitimately theirs or not.

Why hang up: It’s illegal for collectors to threaten or be abusive. Despite their lies, police don’t arrest for unpaid debts and garnished wages or Social Security benefits can only occur for delinquent state or federal debts such as unpaid student loans, taxes, government-backed mortgages or child support – not private debt.

If you really owe, you may want to talk once with calling collectors to try to resolve the matter. If it’s not your debt or you don’t wanted continued calls, write a letter saying so – sent by certified mail with “return receipt.” Once receiving your letter, collectors may not contact you again, with two exceptions: to tell you there will be no further contact or to let you know that they or the creditor intend to take a specific action, like filing a lawsuit. (Your letter doesn’t get rid of legitimate debts, only calls related to them). Report violators to the Federal Trade Commission or Consumer Financial Protection Bureau.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Photo: ponsulak/iStock

Also of Interest

 

See the AARP home page for deals, savings tips, trivia and more.



Source link

Why and How College Students are Scammed

Why and How College Students are Scammed


College students are ideal victims for identity theft, with clean or still non-existent credit histories ripe for exploitation…and often clueless to their risks and value to scammers.

They are more likely to boast birth dates and other personal nuggets on social media that can be pieced together by Facebook-trawling identity thieves. Use public Wi-Fi for risky online shopping, banking, and to access email. Open links that hide computer malware touting free music and games, information-requiring surveys and prizes, or intriguing text messages and emails.

If they have credit, it’s usually free of problems being jointly held or otherwise supervised by a parent; if they don’t, even better for scammers to use their identities to open fraudulent accounts for credit cards, loans and utility service. In between classes and keggers, few college students check their credit reports, explaining why those 18 to 24 take five times longer than other age groups to detect identity theft that’s already occurred – and that discovery is often made when they apply for car loans, mortgages and post-degree jobs.

How are college students scammed? The top ruses targeting your children and grandchildren include:

Fake employment. In the latest, fast-growing scheme, scammers place advertisements for phony job opportunities (often administrative work) on college employment websites, and/or recruit students via hacked school email accounts, warns the FBI. Gleaning Social Security numbers, bank account details and other sensitive information, “hired” students (often interviewed in nearby hotel lobbies or other non-workplace locations) are paid with counterfeit checks, instructed to deposit them and wire-transfer a portion to a provided vendor under the guise of job-necessary software or other equipment. Students lose the money wired, any funds drawn from the bogus deposit, and their bank account could be frozen. Plus their SSN and other valuable info is in enemy hands.

Pay now imposters. Using caller ID spoofing to make calls appear to be from the IRS or school financial aid office, scammers phone those with student loans threatening dire consequences – including arrest or non-graduation – unless they immediately pay a non-existent “federal student tax” or other bogus fees. Again, scammers make a quick buck and glean personal details for possible identity theft.

Scholarship and grant scams. These services claim to have lists of “secret” or “guaranteed” awards for current and future college students, or will provide no-fail help with paperwork. They demand upfront fees and then don’t deliver. The better route: Get reputable scholarship info for free at websites like FinAid and FastWeb, or directly from individual colleges.

 

False freebies. From must-have gizmos touted in surveys and bogus social media giveaways to free-trial offers of acne creams, gym memberships and you-name-it, expect attached strings, such as having to provide ID-worthy personal details, credit cards and hard-to-cancel memberships.

 

Credit card cons. Offers are all over campus and the internet, but beware. Plastic pitched heavily to college students often have sky-high interest rates and/or annual fees. Others are from identity thieves who merely pose as credit card companies. When shopping for credit and prepaid debit cards, stick with recognized and reputable names; run from anything with an APR near or above 25 percent or an annual fee of $30 or more.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Photo: Martin Dimitrov/ iStock

Also of Interest


See the AARP home page for deals, savings tips, trivia and more.



Source link

Pin It on Pinterest