The Reign of Spain? Riskiest Vacation Destinations for Hacking Mobile Devices

The Reign of Spain? Riskiest Vacation Destinations for Hacking Mobile Devices

Photo credit: iStock/Jasmina007

If you’re heading overseas this popular vacation month, don’t underestimate the risks of your smartphone, tablet or other portable devices being hacked…even when visiting countries not typically associated with cybercrime.

True, the U.S. leads all popular vacation destinations in overall mobile threats, where hacking of files and data on hand-held devices occurs about 5 million times per year, according to Keeper Security, a Chicago-based password manager firm. (Previous research by Symantec, which makes Norton antivirus products, indicates the riskiest American cities are Seattle, Boston, Washington, San Francisco and Raleigh).

The United Kingdom is a distance second with 2 million threats, followed by Spain (1.7 million), France (700,000), Poland (475,000), Canada and Italy (400,000 each), Portugal (375,000), the Netherlands (320,000) and Greece (75,000).

But considering our nation’s population, use of mobile devices and availability of public WiFi, only about 1.5 percent of Americans and tourists are victimized – putting us solidly in the middle of the “at-risk” pack. With those factors in the mix, Spain reigns, followed by Portugal and the United Kingdom; each has a population-based mobile hacking rate at least twice as high of ours, according to Just About Travel – a U.K. based website. The Netherlands ranks number 4 with a nearly 2 percent gotcha rate, and following the U.S. at number 5 are Poland, Canada, France and Greece.

What about China, India, Brazil and Russia, which along with America, claim the world’s highest rate of smartphone use? Mobile threats are less likely to occur within those countries, says Keeper CEO Darren Guccione, because they are not as prosperous as the U.S or U.K. (and cyber-crooks prefer to follow the money). Meanwhile, language barriers make Japan, Germany and other countries less attractive targets, he tells the Fraud Watch Network.

No matter your destination, some additional advice to prevent mobile threats beyond these must-know strategies for on-the-road online security:

Take charge when you recharge. Don’t charge your devices with anything other than your own chargers plugged directly into the wall or into your adapter. “It’s easy for cyber thieves to install malware onto hotel and other public docking stations,” notes Guccione. “And never connect any USB drive or other removable media that you don’t personally own.”

Avoid “house” computers. Crooks can (and do) install malware on machines made available to the public at libraries, hotels and other businesses. If you do use them, don’t utilize them for tasks where you need to supply log-in or financial credentials such as online shopping, online banking or other sensitive accounts, or even your personal email.

Pack new passwords with your passport. Before leaving, change log-in credentials and passwords for all mobile device apps; with a password manager, you won’t have to remember them. “When doing this, use two-factor authentication if possible,” adds Guccione. Passwords should be no less than eight characters, with a combination of nonsensical letters, numbers, and symbols. “And don’t use the same PIN for hotel room safes that you use for your device password.

Don’t take a vacation from vigilance. Most travelers won’t consider not using portable devices on vacation, and when using them, don’t even consider if a WiFi connection is secure. Follow these tips to detect potentially problematic public WiFi when abroad or even at the local coffee shop.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump

Caption: iStock/GCShutter

Skimming fraud has been around for more than a decade, and continues to evolve. Today’s skimmers – illegal card-reading devices placed on ATMs, gas pumps and other public-area machines that process debit cards – are stealthier and more sophisticated than ever.

These devices “skim” information from the card’s magnetic strip as a nearby hidden camera, also placed by skimming scammers, records the PIN that you enter. Although you get your cash or can make a purchase – none the wiser of a skim scam flim-flam – the crooks can get more: Using information from the skimmer and camera, they make duplicate cards to drain cash from your accounts, or sell your card number and PIN for others to fleece you.

The good news: In most cases, stolen funds are usually reimbursed provided you report the fraud to the card-issuing bank within 60 days (another reason to keep close and timely tabs on accounts).

The better news: With a few simple steps before you use your card, you may be able to detect skimmers and tampered machines to avoid potential trouble. Here’s how:

  1. Pull on the slot. The latest generation of card-reading devices, used with increasing frequency by skimming scammers, are thin “insert skimmers” that fit inside the card slot at an ATM or gas pump. “New evidence suggests that at least some of these insert skimmers – which record card data and store it on a tiny embedded flash drive – are equipped with technology allowing them to transmit stolen card data wirelessly via infrared, the same communications technology that powers a TV remote control,” reports noted cybersecurity blogger Brian Krebs (who provides photos of insert skimmers). So before using the machine, squeeze, wiggle and tug the insert slot to remove insert skimmers, along with some old-school models placed over the card slot that protrude outward. In general, card slots should be flush against the machine; be suspicious of those where the entire or half of the slot sticks out.
  2. Check for spy cameras. Although skimmers record data from a credit or debit card’s magnetic stripe, fraudsters also need your PIN in order to withdrawal cash or sell cloned cards. To glean PINs, they place pinhole “spy” cameras that collect numbers as they’re being typed on the keypad. Look for small holes just above the display screen, on an attached brochure or other type of box, or even on protruding covers placed over the cash dispenser. Even if you can’t detect evidence of a camera, cover your hand when entering your PIN.
  3. Avoid “void” stickers. To help spot skimmer tampering at gas pumps, many stations now place security seals over the cabinet panel as part of a voluntary program, notes the Federal Trade Commission. If the pump panel has been opened – an indication of possible skimmer placement – the label will read “void” and take that clue to fill your car elsewhere. Still, whenever you use a debit card at the pump, you’re safest by pressing the “credit” button instead of “debit.” This way, you can still use your debit card without having to enter a PIN, and the purchase amount is processed through a credit card network that provides greater protection if fraud occurs.
  4. Inspect the keypad. False keypad overlays that look exactly like, and fit directly over, the real McCoy are another way fraudsters can collect PINs as accompanying skimmers get card data. So before entering your card, check the keypad – and think twice before using if it feels loose, spongy, or the keypad panel appears raised or thicker compared to the rest of the machine. Also before using, give several buttons a test run and be suspicious if they feel sticky. Crooks have been known to place glue on and around certain buttons – particularly “enter,” “cancel” and “clear” – to prevent customers from completing a transaction after inserting a cash card and keying in a PIN. (When customers go inside a bank to report the problem, the waiting thief “unsticks” the buttons with a knife to complete the withdrawal.)
  5. Check the audio jack. Most ATMs have an audio jack that goes unnoticed to the average customer – and that works to their advantage. If not perfectly centered inside the plastic overlay cover, it suggests the machine has been tampered with. Another tampering tipoff: Look for cracks or cuts on the plastic covering the receipt slot, cash dispenser or other portions of the machine; these coverings should be completely smooth.


For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.


Source link

“Smishing” Self-Defense: How to Prevent Trouble that Comes in Text Messages

Photo credit: iStock/Natali_Mis

Each day, about 20 billion text messages are sent to two billion smartphone users worldwide. Most of these texts are opened within three minutes, and many within a few seconds.

The massive number of text messages and their rapid-fire response rate – by comparison, only one in four email messages are opened within 10 minutes of arrival – amounts to unbridled opportunity for fraudsters exploiting the du jour device for deception: the pocket-held computer that also happens to make phone calls which many of us carry or have nearby 24/7.

Called “smishing” (named after Short Messaging Service technology that sends text messages), it’s an attempt to trick you into revealing private information via SMS or text message. Angling for credit and debit card numbers, PINs, usernames and passwords, even Social Security numbers, smishing texts often purport to be from a government agency, your bank or other respected companies. Typical ploys allege a problem with your account; promise free gift cards; offer low-cost merchandise, mortgages and credit cards; and click-bait like customer satisfaction surveys that lure you to open imbedded links or attachments that can also harbor malware. Today, nearly half of clicks on malicious URLs are made from mobile devices – more than doubling the long-running rate of 20 percent, notes cyber security firm Proofpoint.

Although smishing has been around since last decade, it’s on the rise – and increasingly even more dangerous. Studies show that the rate of text spam specifically designed to defraud is seven times higher that of spam arriving by email. And with small screens and the inability to hover a mouse to preview a link, it’s harder to spot text-sent trouble. Your smishing self-defense:

  • Don’t reply to text messages from senders you don’t recognize. Even sending a “remove,” “stop” or “opt-out” response tells SMS senders that your mobile number is active, and ripe for more messages. Be especially wary of texts from a “5000” or other shortened number (versus a complete 10-digit phone number) indicating the message is actually an email sent to a phone.
  • Never reply to text messages asking you to “confirm” or provide personal or financial information. Legitimate companies don’t text requests for account numbers, log-in details, and other sensitive data. Government agencies don’t correspond by text (and are unlikely to even have your mobile phone number).
  • Slow down. Most people instinctively deal with text messages ASAP – and smishing scams work best when creating a false sense of urgency. Rather than calling back numbers provided in text messages (doing so is another tipoff of your working cell number), take a few minutes to verify the actual contact numbers of legitimate business that may need to contact you.
  • Forward suspicious text messages to short code 7726 (which spells “SPAM” on your keypad), which allows cell phone carriers to identify and block smishing messages.
  • Be stingy with your cell phone number. Don’t post it online, on social media, or provide it for contests, surveys, touted “deals” or “free trial”
  • If you haven’t already, install anti-malware software on your Android phone; some products also can block smishing texts. (Apple’s iPhones have built-in protection.) When you receive a bona fide notification of an upgrade to your phone’s software, install it immediately.
  • Keep tabs of your phone bill, looking for suspicious charges – even if you don’t respond to unknown texts.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

In general, you don’t want to reply to text messages from people you don’t know. That’s the best way to remain safe. This is especially true when the SMS comes from a phone number that doesn’t look like a phone number, such as a “5000” phone number. This is a sign that the text message is actually just an email sent to a phone.

You should also exercise basic precautions when using your phone. Don’t click on links you get on your phone unless you know the person sending them. Even if you get a text message with a link from a friend, consider verifying they meant to send the link before clicking on it. A full-service Internet security suite isn’t just for laptops and desktops. It also makes sense for your mobile phone. A VPN such as Norton WiFi Privacy is an advisable option for your mobile devices. This will secure and encrypt any communication taking place between your mobile device and the Internet on the other end. Never install apps from text messages. Any apps you install on your device should come straight from the official app store. These programs have vigorous testing procedures to go through before they’re allowed in the marketplace. Err on the side of caution. If you have any doubt about the safety of a text message, don’t even open it.

Source link

Don’t Be a Scam Mark When You Park

Don’t Be a Scam Mark When You Park

There are many routes to a ripoff, including several schemes that can occur when you park your car:

Fake fines. A longtime ruse, phony parking tickets have resurged in recent months. The “classic” con involves windshield-left violations that appear authentic. Thanks to inexpensive hand-held printers, scammers can produce on-the-spot thermal printouts that look like actual tickets produced by police-used machinery, either standalones or placed in brightly colored envelopes, purchased online, like those used by some law enforcement. Motorists who receive these phony tickets are usually directed to pay the fine at scammer-run websites that also appear authentic, where sensitive personal information including bank account details may be solicited. These websites could also harbor malware.

Joining these schemes is the latest ruse: Bogus emails received by residents in several states that falsely claim a newly issued or past-due parking or traffic violations. Usually spoofed to appear to come from a local police department or state DMV, this conning correspondence demands personal information, payment (often by credit card or prepaid debit card) and can include links or attachments that “direct unsuspecting users to a malicious download that may expose your computer to a virus,” warns the New York State Department of Motor Vehicles.

Before paying a parking ticket, verify its legitimacy by contacting the issuing agency – either calling or looking up its website yourself; don’t rely on what’s printed on tickets, and be suspicious of any website that doesn’t end in .gov or .org. Police don’t email citations (or news about them), so don’t risk malware by clicking on links or attachments.

Parking lot posers. It can cost a small fortune to park in the official lot of a stadium or other event venue, and that’s what helps those guys who eagerly direct you to a nearby lot to park at a fraction of the price. Some are legitimate, but others are there to collect your upfront payment, point you to a space, and then hit the road. Problem is you may not know the difference until after that ballgame or concert to find your vehicle gone. Reason: The parking lot poser took the money and ran – and the lot’s real owner called a towing company. If you don’t want to spring for “official” parking in designated venue-owned lots, ensure surrounding lots have signs of legitimacy – such as booths, uniformed attendants and real signs noting the name and phone number of the company versus “Park Here” painted on plywood.

Car rescue and repair ripoffs. Stranded in a parking lot? Before relying on the kindness of strangers, make sure a help-offering Good Samaritan isn’t angling for a quick payment to “fix” a problem he caused. Such malevolent mechanics typically wait in parking lots, looking for their top targets – women in their 70s and those whose vehicles have out-of-state license plates. After their prey parks, they disable vehicles by deflating tires or disconnecting wire or cables after popping the hood of older or unlocked vehicles…then offer help when their mark returns. Advice: Before accepting assistance, politely inform parking lot helpers that while you appreciate any assistance they can provide, you cannot pay for their services. The crooks will likely drive off, and if you’re not a member of AAA, realize that police can lend a hand, and many auto insurers and vehicle manufacturers (especially for newer models) offer emergency roadside assistance.

Home heists help. Parking lots at movie theaters and shopping malls can help burglars pull off a successful heist. How? After waiting until a car’s occupants go inside, they can break into cars specifically to get addresses from vehicle registrations and auto insurance cards. Knowing they at least a two-hour window of opportunity (at least for movie-goers), these crooks then drive off to burglarize the victims’ homes. Although this isn’t how most home burglaries occur, it does happen. To prevent potential problems, keep your address-revealing documents and GPS in a locked glove compartment, hidden under a seat or truck wheel well, or carry these items with you.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

2 New Twists in IRS Impostor Scams

2 New Twists in IRS Impostor Scams

Photo credit: iStock/max-kegfire

Despite crackdowns that busted several crime rings and resulted in scores of arrests in what reigned as the top scam for three consecutive years, IRS impostors are still going strong, launching two new twists in their long-running schemes that have already bilked U.S. taxpayers of at least $55 million since 2013.

In one ploy scammers posing as IRS agents are phoning citizens about a supposed tax debt, but are now claiming that the agency has already mailed them two certified letters about overdue taxes and that those letters were returned as “undeliverable.” In these phone calls, fraudsters threaten immediate arrest unless immediate payment is made — with a prepaid debt card only.

Swindlers falsely claim that prepaid debit cards are required to be linked to the government’s Electronic Federal Tax Payment System (EFTPS), an automated system for paying federal taxes electronically using the internet or by phone using the EFTPS voice response system. EFTPS is offered free by the U.S. Treasury Department and does not require the purchase of a prepaid debit card. And because this system is automated, taxpayers won’t receive a call from the IRS, the agency notes.

The other new ploy, revealed last week, targets tax preparers with bogus emails “seeking extensive amounts of sensitive preparer data” that the IRS warns could enable scammers to steal client data and to file fraudulent tax returns. These bogus emails, purportedly from a major tax software education provider in the U.S. (which the IRS did not identify), claim that problems with its database require accountants and other tax preparers to provide an extensive amount of sensitive information.

In addition to professional identifiers such as the preparer’s electronic filing information number and preparer tax identification number, these fake emails, which may originate in the U.S., seek preparers’ log-in credentials, answers to secret security questions, birth dates, Social Security numbers, even mothers’ maiden names. “The email is unusual for the amount of sensitive preparer data that it seeks. The IRS reminds all tax professionals that legitimate businesses and organizations never ask for usernames, passwords or sensitive data via email. Nor should a preparer ever provide such sensitive information via email if asked.”

As IRS impostor scams continue, your defense plan stays the same. No matter what new ruse follows — or what threats or claims are made — avoid being a victim by keeping in mind these telltale indicators of what scammers do but the IRS will not.

  1. Telephone or email to demand immediate payment, or call about taxes owed without first having mailed you a bill. Although the IRS now uses private debt collectors, those four companies (CBE Group, ConServe, Performant and Pioneer Credit Recovery) chase only extremely delinquent taxpayers after several past-due notices have been mailed. And unlike scammers, those collectors will not identify themselves as IRS agents.
  2. Demand a specific payment method such as prepaid debit card, gift card or wire transfer. The IRS does not use these methods for tax payments.
  3. Request that tax payments be made to a third party. All federal tax payments should be made payable only to the U.S. Treasury.
  4. Ask for credit or debit card numbers over the telephone.
  5. Threaten to immediately bring in local police or other law enforcement groups to have the taxpayer arrested for not paying.


When in doubt about claims you owe taxes, contact the IRS at 1-800-829-1040. If you know you don’t owe taxes or have no reason to believe that you do, report requests for payment (and scam calls and emails) to the Treasury Inspector General for Tax Administration at 1-800-366-4484 or at

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

‘Found’ Money for a Fee? Beware of New Surge in Unclaimed Property Scams

‘Found’ Money for a Fee? Beware of New Surge in Unclaimed Property Scams

A longtime scam is back with a vengeance: Claims that state officials are holding money or property that belongs to you, and all you need to do is pay a fee to claim it.

Actually, the first part could be true. You could be entitled to a slice of some $43 billion in “unclaimed property” that sits in state treasuries – money from forgotten bank accounts, insurance policies, stock dividends, utility security deposits, even contents from abandoned safe deposit boxes.

But you don‘t have to pay anyone to get it. The only cost is spending a few minutes at,, or websites of the treasurer’s office in each state where you lived.

Ignore “pay-for-payment” requests that come via mailed letter, email or telephone calls because they are from scammers, and reports about the come-on cons have increased ten-fold this year compared to 2016…and in recent weeks, have exploded in many parts of the U.S.

There are several variations in unclaimed property scams, each angling for personal information (that could be used for later identity theft) and upfront payment to secure missing money that, if actually awaits you, can always be claimed for free:

  • Fraudsters lie about being an employee or affiliate of a State Treasurer’s office where you currently live, or a state where you previously resided.
  • Fake correspondence comes on letterhead from the National Association of Unclaimed Property Administrators (NAUPA), a legitimate organization that represents state unclaimed property programs but does not directly contact citizens.
  • Self-described “finders” or “locators” who say they have already located your missing money or will do the legwork on your behalf. Some are legal but unnecessary middlemen who charge commissions up to 40 percent (although some states cap allowed fees at 10 percent); others are crooks who do nothing more than collect your payment and personal information – including Social Security number – to direct you to publically available websites…if they do anything at all.

Most targets in unclaimed property scams are chosen randomly. Fraudsters buy mailing lists to reach hundreds or thousands of citizens with the same bogus claim. (Last year, it was a letter claiming to be from NAUPA or the “Office of the State Treasurer” that falsely stated that recipients had unclaimed sweepstakes winnings whose allocation would require a $2,250 service fee.)

But for a more convincing con, some would-be victims are contacted after fraudsters search or to unearth specific details such past addresses or actual entitlements.

In addition to those two websites, DIY (and no-cost) due diligence for other missing money can be done for:


All of these websites will require your Social Security number and other sensitive information. But unlike scammers, you will not be asked for bank or credit card information. Don’t reveal personal information unless you initiate contact with these agencies or use their websites.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Also of Interest


Photo Credit: iStock/Pogonici

See the AARP home page for deals, savings tips, trivia and more.

Source link

Pin It on Pinterest