Cybercriminals are Stealing from you by Using these COVID-19 Scams

It is estimated that COVID-19 fraud has cost Americans more than $13 million, and it is rising. This comes from the US government.

The US Federal Trade Commission has added up the costs of all of these scams. They are looking from those that started from the 1st of January to the current week. What are these numbers made of? Mostly vacation and travel scams, as these have added up to $4.7 million lost. Online shopping scams are also out there, but they have only added up to $1.4 million.

The global spread of coronavirus has forced people to change the way they live, work, and even socialize. This is going to be the case for some time to come, and because of this, the cybercriminals have jumped onto the bandwagon, and they know…if they are lucky…this could be a lucrative thing for them.

These COVID-19 scams are definitely playing on the fears of the general public, and the goal of these cyber criminals is to get their targets to give them their personal information. Then, the bad guys use this information to commit fraud. In other words, they take money directly out of the hands of the people who need it the most.

What are the Tactics that People are Using to Hack Their Victims

There are a number of COVID-19 tactics that are being used to trick people into giving away their personal information, and in some cases, their hard-earned money.

Most of the tactics are combining phishing texts and emails with fake sites. Here are some of the things that are commonly found in a number of different languages:

  • Malware that is sent by “official” feeds, which are not really official. These include things like real time COVID-19 maps, which are actually meant to spread malware.
  • Messages that are offering an iPhone 11…for free…to help pass the time at home.
  • Messages offering payday loans to help people who are having problems with money.
  • Scams advertising products that are supposedly “cures” for COVID-19.
  • Coronavirus-themed domain names that seem to offer official information about the virus, but instead, simply spread viruses.
  • Emails from sources that show they are from WHO, the CDC, or even local governments.
  • Emails that ask for donations for COVID-19 research
  • Emails that look like they are coming from the government that have fake links allowing you to claim a tax refund.
  • People from the UK have reported getting fake emails saying they are from the BBC and the person’s TV license is expired. Then, they are asked to go to a website and update their details.
  • Phone calls are coming that are recorded and telling people that their broadband access will be cut off within 24 hours thanks to “illegal activity,” and the user must “press 1” to speak with a person to fix it. Once you are connected, they do all they can to get personal information from you.
  • Emails from people claiming to be “company officials,” that contain and attachment with the names of people within the organization that have tested positive for COVID-19.

No person nor industry is immune to this, so keep your eyes open and stay safe.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program and the home security expert for Porch.com

Deepfakes and the Impact on Cybersecurity Now and in the Future

Can you believe what you see in a video? Most people say ‘yes,’ but the truth is, you no longer can. We all know that photos can be altered, but videos? Thanks to artificial intelligence, these, too, are being altered at a very quick rate.

These videos, known as “deepfakes,” are out there, and they are doing a number on cybersecurity. In fact, leaders in the cybersecurity sector are warning consumers that high tech video alteration is here, and it is very difficult to tell with the naked eye whether or not a video is real or fake.

Leaders in cybersecurity shared an example of how this works. Basically, they created a video of a man, Steve Grobman, an executive from McAfee, speaking. However, the words he was speaking were not his own; they were the words of Celeste Fralick, a female data scientist, who had created this deepfake video to make a point. This might seem like a fun trick to play on your friends, but in reality, it could have a huge impact on cybersecurity, as things like phishing and social engineering will become easier than ever for hackers.

Deepfakes and artificial intelligence can also be used for audio too. Meaning a person’s words can be spliced together seamlessly to create full sentences. Joe Rogan the comedian and podcaster who has 1300+ podcasts was used as a demo. But even more disturbing is Joe Rogans voice with Taylor Swifts face.

What could this mean for you? Well, since it’s so relatively easy to make a video like this, it could cause some real issues for the public. One way that it could be used is to start with a photo, and then change a very small part of it. This change would be unable to be noticed by a human, but the change would be enough for AI to see the photo as something else. So, if you can confuse something like artificial intelligence, you could certainly confuse the systems that are built to stop cybersecurity.

This could have a lot of negative impact on all of us, and it could really give a boost to those who make a living in taking advantage of others via cybercrimes.

The good news is that though this type of technology could be used for bad, artificial intelligence could also be used for good things. For example, the technology could be used to create a crime map of where crimes have happened and where arrests could be made, which would make our streets, safer. At the same time, it could also be used by criminals to know where they could commit a crime without being arrested. You could also look at it like this. During World War II, more than two million people were killed by bombs that were dropped from airplanes. Based on that information, Orville Wright, the inventor of the airplane, was asked if he regretted this invention. He said ‘no.’ Why? Because he looked at the airplane as similar as to fire; it could cause terrible destruction, but at the same time, it is so very useful. This new technology is the same, and it will be interesting to see how it comes to truly be used in the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

The Shrimp Tank Podcast

I recently had the opportunity to join The Shrimp Tank Podcast hosted on iHeartRADIO. I discuss my background, and how I became interested in the security field, including when my first business was hacked. I talk about Safr.Me and recommendations for all of you out there who need help staying secure. Enjoy!

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Want to be a Cybercriminal? Try Facebook

When you think of a cybercriminal, you probably picture someone in a black hoodie in a dark room on the dark web, but most cybercriminals are out there in plain sight, including on Facebook.

facebook security

Talos, a cybersecurity firm, found that people can easily join Facebook groups, and then participate in cybercrime including buying and selling credit card info, obtaining spamming tools, or even getting account logins and passwords. All in all, these groups have almost 400,000 members.

Though that does sound like a lot, and it is a lot, you also have to remember that Facebook has about 2 billion users logging into the site each month. With that number of people, it is difficult for the social media giant to deal with these groups.

The failure of Facebook to remove these cybercriminals shows that it is struggling to keep bad online behavior at bay, and this also include hate speech, inciting violence, and sharing false information. This also, of course, show how this behavior can be amplified by the algorithms that Facebook uses.

These groups are easy to find on Facebook. All you have to do is type things like CVV or spam. Once you join one of these groups, Facebook’s algorithms come into play and suggest other groups that are similar in nature. Plus, Facebook doesn’t have a great way to catch these criminals, as it relies on reports from other users to stop this type of behavior.

Because of this, Facebook really has a long way to go before it stops relying on the reports of its users. It’s also true that these reports aren’t always taken seriously, and they often fall through the cracks.

One such example of this is with the recent terrorist attack in Christchurch, New Zealand. The gunman who was responsible for the attack streamed his murderous act on Facebook Live. Though Facebook eventually took the video down, it was seen by thousands of people. However, Facebook said that it had no report of the video during the attack, which is why it took so long to remove it.

Knowing all of this, Talos tried to take on some of these crybercrime groups through the reporting system at Facebook. Some of these groups were, indeed, removed from the platform, but others were not. Instead, only specific posts were removed, while the group itself was able to live another day. Talos kept reporting these groups, however, and eventually, most of them were removed. However, new groups are now popping up to take the removed groups’ places. Facebook has acknowledged that there is a problem, and it admits that these groups have violated its policies. It also said that it knows that more vigilance is required and that it is investigating all types of criminal activity on the platform.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How To Determine a Fake Website

There are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:

How Did I Get Here?

Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.

Are There Grammar or Spelling Issues?

Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.

Are There Endorsements?

Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets, for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.

Look at the Website Address

A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at https://www.Coach.com for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //www.C0ach.com, or //www.coachpurse.com.  Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is www.C0ach.com legit”, which may pull up sites debunking the legitimacy of the URL.

Can You Buy With a Credit Card? 

Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.

Are the Prices Amazing?

Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.

Check Consumer Reviews

Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like SiteJabber.com, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

10 Ways to Prevent Holiday Shopping Scams

The winter holidays: a time for festivities and … fraud-tivities.

Gift Card Grab

Never, ever enter your credit card or other sensitive information to claim a gift card that comes via email.

Never Buy Over Public WiFi

Shopping over public WiFi means your credit card, bank account or login data could get picked up by a cyber thief. Use a VPN.

Coupon Cautious

If a coupon deal seems too good to be true, then assume it is. End of story. Next.

Password Housekeeping

  • Change the passwords for all your sensitive accounts.
  • No two passwords should be the same.
  • Passwords should be a random salad of upper and lower case letters, numbers and symbols – at least 12 total.
  • A password manager can ease the hassle.

Two Step Verification

  • A login attempt will send a one-time numerical code to the user’s phone.
  • The user must type that code into the account login field to gain access.
  • Prevents unauthorized logins unless the unauthorized user has your phone AND login credentials.

Think Before You Click

  • Never click links that arrive in your in-box that supposedly linking to a reputable retailer’s site announcing a fantastic sale.
  • Kohl’s, Macy’s, Walmart and other giant retailers don’t do this. And if they do, ignore them.
  • So who does this? Scammers. They hope you’ll click the link because it’ll download a virus.
  • The other tactic is that the link will take you to a mock spoofed site of the retailer, lure you into making a purchase, and then a thief will steal your credit card data.

Bank and Credit Card Security

  • Find out what kind of security measures your bank has and then use them such as caps on charges or push notifications.
  • Consider using a virtual credit card number that allows a one-time purchase. It temporarily replaces your actual credit card number and is worthless to a thief.

Job Scams

Forget the online ad that promises $50/hour or $100 for completing a survey. If you really need money then get a real job.

Monthly Self-Exam

For financial health: Every month review all your financial statements to see if there is any suspicious activity. Even an unknown charge for $1.89 is suspicious, because sometimes, crooks make tiny purchases to gage the account holder’s suspicion index. Report these immediately.

Https vs. http

  • The “s” at the end means the site is secure.
  • Do all your shopping off of https sites.
  • In line with this, update your browser as well.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Protect Yourself From Gift Card Scams

So maybe Christmas now means the very predictable gift card swap, but hey, who can’t use a gift card? But beware, there are a ton of scams. This includes physical, not just digital, gift cards.

Regardless of who gave you the card, you should always practice security measures. Below are two common ways that fraudsters operate.

Transform Gift Card to Cash Twice.

If someone gives you a $200 gift card to an electronics store and then it’s stolen, you technically have lost money, as this is the same as someone stealing a wad of cash from your pocket.

Nevertheless, you’ll feel the loss just as much. Crooks who steal gift cards have numerous ways of using them.

  • Joe Thief has plans on buying a $200 item with your stolen gift card from your gym locker.
  • But first he places an ad for the card online, pricing it at a big discount of $130 saying he doesn’t need anything, he just needs money.
  • Someone out there spots this deal and sends Joe the money via PayPal or Venmo.
  • Joe then uses the $200 gift card to buy an item and sells it on eBay
  • And he just netted $130 on selling a stolen gift card that he never shipped.

Infiltration of Online Gift Card Accounts

Joe Thief might also use a computer program called a botnet to get into an online gift card account.

  • You must log into your gift card account with characters.
  • Botnets also log into these accounts. Botnets are sent by Joe Thief to randomly guess your login characters with a brute force attack: a computerized creation of different permutations of numbers and letters – by the millions in a single attack.
  • The botnet just might get a hit – yours.

Here’s How to Protect Yourself

  • Be leery of deals posted online, in magazines or in person that seem too good to be true and are not advertised by reputable retailers.
  • Buy gift cards straight from the source.
  • Don’t buy gift cards at high traffic locations, at which it’s easier for Joe to conceal his tampering.
  • Change the card’s security code.
  • Create long and jumbled usernames and passwords to lessen the chance of a brute force hit.
  • The moment you suspect fraudulent activity, report it to the retailer.
  • Spend the card right away.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

10 Internet Security Myths that Small Businesses Should Be Aware Of

Most small businesses don’t put as much focus on internet security as they probably should. If you are a small business owner or manager, not focusing on internet security could put you in a bad spot. Are you believing the myths about internet security or are you already using best practices? Here’s a few of the most common myths…take a look to see where you truly stand:

Myth – All You Need is a Good Antivirus Program

Do you have a good antivirus program on your small business network? Do you think that’s enough? Unfortunately, it’s not. Though an antivirus program is great to have, there is a lot more that you have to do. Also, keep in mind that more people than ever are working remotely, and odds are good that they are working on a network that is not secured.

Myth – If You Have a Good Password, Your Data is Safe

Yes, a strong password is essential to keeping your information safe, but that alone is not going to do much if a hacker is able to get it somehow. Instead, setting up two-factor authentication is essential. This is much safer. Also make sure that your team doesn’t write their passwords down and keep them close to the computer or worse, use the same passwords across multiple critical accounts.

Myth – Hackers Only Target Large Businesses, So I Don’t Have to Worry

Unfortunately, many small business owners believe that hackers won’t target them because they only go after big businesses. This isn’t true, either. No one is immune to the wrath of hackers, and even if you are the only employee, you are a target.

Myth – Your IT Person Can Solve All of Your Issues

Small business owners also believe that if they have a good IT person, they don’t have to worry about cybercrime. This, too, unfortunately, is a myth. Though having a good IT person on your team is a great idea, you still won’t be fully protected. Enlist outside “penetration testers” who are white-hat hackers that seek out vulnerabilities in your networks before the criminals do.

Myth – Insurance Will Protect You from Cybercrime

Wrong! While there are actually several insurance companies that offer policies that “protect” businesses from cybercrimes, they don’t proactively protect your networks, but will provide relief in the event you are hacked. But read the fine print. Because if you are severely negligent, then all bets may be off. In fact, it is one of the strongest growing policy types in the industry.

Myth – Cyber Crimes are Overrated

Though it would certainly be nice if this was false, it’s simply not. These crimes are very real and could be very dangerous to your company. Your business is always at risk. Reports show as many as 4 billion records were stolen in 2016.

Myth – My Business is Safe as Long as I Have a Firewall

This goes along with the antivirus myth. Yes, it’s great to have a good firewall, but it won’t fully protect your company. You should have one, as they do offer a good level of protection, but you need much more to get full protection.

Myth – Cybercriminals are Always People You Don’t Know

Unfortunately, this, too, is not true. Even if it is an accident, many instances of cybercrimes can be traced back to someone on your staff. It could be an employee who is angry about something or even an innocent mistake. But, it only takes a single click to open up your network to the bad guys.

Myth – Millennials are Very Cautious About Internet Security

We often believe that Millennials are very tech-savvy; even more tech-savvy than the rest of us. Thus, we also believe that they are more cautious when it comes to security. This isn’t true, though. A Millennial is just as likely to put your business at risk than any other employee.

Myth – My Company Can Combat Cyber Criminals

You might have a false bravado about your ability to combat cybercrime. The truth is, you are probably far from prepared if you are like the majority.

These myths run rampant in the business world, so it is very important to make sure that you are fully prepared to handle cybercrime.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

The Mind of the Misunderstood Cybercriminal

There are a number of misconceptions about cybercrime and those who engage in it. To a cybercriminal, there is no target that is special unless they have a grudge or beef with a particular entity, and as a rule, they will often cast their net wide and then move to attack the easiest prey they find.

11DSecurity specialists must never underestimate the actions of a cybercriminal. Records are easily shared and sold, and they are highly valued. This is especially the case when personal and medical information is the focus.

Any plan that the security professionals design must be focused on these types of crimes. They must also be aware of any upcoming threats and ensure that all proper backups of data are in place.

What are the Common Misconceptions Associated with Cybercrime and Cybercriminals

The most common misconception about cybercriminals that is often observed is that these people have diverse experience and skills, which allow them to initiate a huge range of cyberattacks. This would mean that they would earn a large amount of money as a result. However, the truth is, many of the cybercriminals out there use automated software, which means they don’t require much training at all. According to a recent survey, the vast majority only make from $1,000 to $2,000 a month. But as many as 20 percent of cybercriminals are making more than $20,000 a month.

Who are the Criminals Behind Cyber Crimes?

For the most part, those who commit cybercrimes have a clean criminal record and do not have any ties to any organized groups. These criminals usually also have a stable job during the day and participate in these cybercrimes in their free time. Often, these people are introduced to cybercrimes during college, and many remain active in the industry for several years after they begin.

The other cybercriminals have a bit of a different background. These people belong to cybercriminal syndicates that work within a hierarchy. There are highly skilled members of these groups, and each have certain responsibilities to ensure the success of their organization.

Generally, these groups are controlled by a “boss,” who is the mastermind. They are typically highly educated, intelligent, and some are often connected with the banking industry, as they must arrange for things like money laundering. Additionally, these groups often include people who are professional forgers, as they often require fake documents to serve as paperwork to “prove” their schemes, and then the group needs those skilled in hacking, software engineering, and other technical operations. Some of the groups also include those familiar with law enforcement, as they are skilled with things such as gathering information and counter-intelligence.

What is often so surprising is that members of these groups are often highly respected members of their communities, and many are seen as successful people in business. These people are also often connected to hospitality, real estate, or the automotive industry.

These people do not think of themselves as regular criminals, and they rarely cross paths with others whom the general public might deem as “criminal.” They usually hide in the shadows and avoid any actions that might bring attention to them.

To avoid all of this, it is best to use the assistance of a professional. They are familiar with how these communities run and how they react to certain actions. There are a number of way to research the dark web in a secure and safe manner without risking the integrity of your organization, but the professionals are best for this job. It is also important for businesses to utilize security teams. This ensures that they are capable of obtaining the data and stimulating the environment.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

What is Sextortion?

A Massachusetts man is on trial. His crime? Stalking. But, it’s probably not what you think. The 48-year-old was chatting and sharing photos with a 16-year-old girl, and these chats and photos were “sexual in nature.” The pair met on social media, and when the girl asked to stop these exchanges, the man threatened to send the shared photos to her friends. This is a case of sextortion.

10DThe Definition of Sextortion

Sextortion is a type of sexting that can have serious consequences. Sexting, of course, at a basic level, is the sharing of nude or sexually explicit photos and chat, usually from one cell phone to another or on social media. The practice is legal when done between consenting adults, but when those under 18 are involved, child pornography and sexual exploitation laws come into play.

Sextortion usually refers to the act of extorting someone by using digital photos that are sex-related. The party doing the extorting will usually demand something like property, money, sex, or another service from the victim. If the victim doesn’t meet the demands, the one doing the extorting threatens that they will share or distribute the sexually explicit photos.

What Can You Do If You are Being Sextorted?

If you believe that you are being sextorted, there are some things that you can do depending on the conditions. First, if you are under 18, you are protected by child pornography and child sexual exploitation laws will come into play. If you are over the age of 18, you might be protected by various laws including stalking, sexual harassment, extortion, or wiretapping.

For those who are under 18, the first thing to do is tell a parent or adult. However, keep in mind that some people are “mandated reporters,” such as teachers. This means that they are required by law to report any instance of sexual victimization of anyone under the age of 18. Keep in mind charges in some cases can be brought against anyone involved, even hypothetically, whether they are guilty of a crime, or not. I’ve seen cases where two 15 year olds consented to sending each other sexting pics and each of them were charged, and each were victims, even though they consented, but were under age. So, it’s better to work directly with a parent or other close adult.

Your Options for Sextortion Help

You have a number of options when seeking out help for sextortion:

  • Contact a Crisis Hotline – There are crisis hotlines and chat services available that will allow you to remain anonymous during this process. Usually, these organizations will refer you to local people who can help.
  • Contact a Victim Advocate – Many counties, police stations, and crisis centers have victim advocates and social workers available for these situations. These people can help you put together a plan and get a protection order against the person who is threatening you.
  • Contact a Legal Aid Organization – Simply doing a Google search will help you to find a local legal aid organization. In this case, just search “legal assistance” or “legal aid.”
  • Reach Out to a Lawyer – If you have a case and have gotten legal advice and evidence, you can contact a lawyer. They will help you to remove any photos that have been posted online.
  • Contact the Police – File a report by contacting local law enforcement.
  • Tell a School Counselor – You will get the wheels turning when telling a school counselor. Remember, they are required by law to report the incident.

Advice for the Parents of Victims

Many young people are reluctant to tell adults about sextortion and sexting for several reasons. They might believe they will make the situation worse or they might believe that they will be judged. Some might also believe that they will face criminal actions, too.

If your child does tell you about possible sextortion, make sure that they know you are there for them no matter what. With this type of loving and supportive communication, you will be able to deal with this situation as a team.

Ask your child to tell you their side of the story, and then take it from there. You might want to communicate with people you both have trust in. This way you can fill the gaps. You might also consider contacting any social media services where photos were shared, such as Facebook. They will usually help. It is also a good idea to contact a victim advocate, as they know what type of evidence to look for that can be used in court. Finally, make sure to report the person via social media, which will help to block the accused account.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.