What they’re up to
The latest online crimes, threats and trends, as well as information on the scams currently on the rise. Brought to you so that you can stay one step ahead of trouble.
This just in
The regional director of Microsoft and professional cybersecurity blogger Troy Hunt has just published the biggest data breach to date: the appearance of over 772 million unique email addresses -21 million of which include their passwords- on a file dubbed Collection 1, which has been posted on a known hackers’ site in the dark web. To find out more about this breach, you can read the full article here. To find out if you’ve been hit and need to update passwords, visit Hunt’s page Have I Been Pwned and enter your email addresses. It will let you know if you’ve been affected so that you can take action.
Netflix’s uber convincing phishing email
There’s a very, very convincing Netflix phishing email that’s making the rounds. It informs you that you need to update your payment method, and tells you that your account has been suspended until you update. On this article you will see an image of the email in question.
The FTC asks that you report if you have receive this phishing scam or any other type of fraudulent emails. I’ll post instructions on how to do it at the end of the article.
The Social Security call scam
The victim receives a call from the Social Security Administration. The caller informs that the person’s social security number has been used in illegal money remittances or drug smuggling abroad. The caller also informs the victim that his/her SSN has been blocked; the victim can unblock it by paying a fee. During the call they ask the victim to confirm His/her Social Security Number.
With the call they’re able to get the victim’s full name and address and social security number. They also get full information on a payment method.
The SSA informs that they will never ask a consumer for their Social Security Number. They won’t ever ask for money, either. Additionally, they ask that if we don’t trust our caller ID since their number has been ‘spoofed’ before.
Finally, they remind us all to:
- Never provide our SSN by phone, not even the last four digits for confirmation purposes.
- Not provide any type of payment information to a Social Security Administration employee by phone.
- Never provide payments to anyone who asks us to pay with a prepaid card, wire transfer or wallet service. That’s an unequivocal sign of scams.
The employment as secret shopper scam
Unfortunately, this type of scam is on the rise, so I’m bringing it up again.
The victim receives by mail a check with a letter with an employment offer to work as a secret shopper in one or several companies. The person is supposed to deposit an enclosed check into his/her account. After, he/she will go as a secret shopper (under the pretense checking on the quality of service) to a money transfer company such as Western Union; there, they’re supposed to send some money to somebody, using part of the funds that they received by check.
Here’s the catch: The check is a fake, and a few days later it will be returned. In the meantime the person has already sent the money.
The tech assistance scam
It seems this type of scam is on the rise across all segments of the population as well.
The victim receives a phone call from –supposedly- the technical support department of a very well-known software giant. This tech support person informs them of one of the following scenarios:
- His/her computer is under attack by malware/hackers
- A friend’s computer has suffered an attack by malware/hackers
- That person’s neighborhood/building/area is under by malware/hackers
The caller indicates that there’s software that the victim can download from a seemingly legitimate webpage, for a price. Other times, the caller asks for remote access to the victim’s PC. These persons sound very qualified and convincing, and it’s easy for people without tech savvy to fall for it. If they do, the end result is that they end up paying to have malware installed in their computers.
The software giants inform that they will never initiative contact with a consumer about his/her equipment, and ask the public to please ignore these calls.
By the way: these scams have an alternate starting point, when the victim is online. The person can get a pop-up window that his/her computer is infected with a virus. Other times, while visiting a webpage, a chat will open with someone claiming to be from the software company that is contacting the victim because his/her PC is under attack.
Please don’t respond to any chat like that, and close any pop-up window without pressing the “fix# button.
Insurance calls after natural disasters
This is a cruel type of scam. After a natural disaster that starts after a local natural disaster: forest fires, earthquakes, blizzards, etc. They often start with robocalls that spoof an insurance company’s number. At times they offer the victim last-minute insurance to cover them from a natural disaster. Others propose starting a quick claim process and ask for a payment for that, or for the deductible.
If you or your family is victim of a natural disaster, please don’t provide any information over the phone to your insurance unless you yourselves started the call.
If you suspect you received a fraud call, FEMA is asking that you inform them. You can call or write to the 1-866-720-572 email address disaster@leo.gov. Also, you can inform the FTC here.
How to report cybercrimes of all types
Forward the message to the following two addresses:
- spam@uce.gov is an official mailbox for the FTC, and
- reportphishing@apwg.org, which is the address for the Anti Phishing Working Group, a public-private Alliance that has a joint task force to prevent and thwart phishing attempts via email.
Additional resources
I wanted to remind you that OAS FCU has an Online Security Center. There you can find handy tips on many things, such as:
- How toy protect your privacy while online;
- How to keep your devices safe from malware; and
- How to speak to your kids about their online privacy and safety.