Posts

8 Scams That go Beyond Pandemics

As you might know, scammers often take advantage of people during times of trouble, such as in the current atmosphere of the COVID-19 pandemic. Here are some of the scams that you should be on the lookout for:

pandemicAccount Takeovers

This is a scam where the cybercriminals take credentials obtained from data breaches to take over accounts. They are also trying to reach out to kids to give up their account credentials, as they know most of them are out of school.

Phishing

There are a lot of phishing scams out there that are taking advantage of peoples’ fears about COVID-19 pandemic. Right now, the most prolific are coming out about the World Health Organization, WHO. Preying on fears is a common tactic that people use, and when people click on links in emails that look like they come from WHO, they can get access to your devices, collect private information, and even steal address books.

Vishing

This is a tactic that scammers use to get access to people’s back account information. The scammer informs people that there is something wrong with their bank account, and that they should call a number. When they do, it is a VoIP number, and the victim can unknowingly give up their personal information, including their banking information.

Smishing

A smishing attack is similar to a vishing account, except it uses SMS instead of emails or phone calls to lure in their victims. Most of these smishing attacks are focused on the coronavirus and have a sense of urgency to them.

Social Media Attacks

Social media attacks are looking pretty legit these days, and that’s why it’s easy to fall for them. Essentially, they look like a social media post from a real retailer who is giving something away.

Fake e-Commerce Sites

There are also a ton of new fake e-commerce sites popping up, most of them claiming to sell things like masks, gloves, and other COVID-19 related products.

Rogue Mobile Apps

Fake mobile apps are also on the rise, and when downloaded, these apps can install things like spyware, malware, and ransomware on the person’s device.

Work at Home Scams

Finally, we have work at home scams, which are becoming very popular due to so many people being out of work. Often, these scams make people lose more money than they could make.

Don’t be a Victim

Here are some tips that you can use to stop yourself from becoming a victim of these scams:

  • Don’t respond to any texts or calls from numbers you don’t know or that seem suspicious
  • Don’t share any financial or personal information via text, email, or on the phone.
  • Be careful if you are asked to share information or make an immediate payment.
  • Scammers might try to spoof numbers to trick people into answering. Remember, there are no government agencies that will ask you for money or personal info.
  • Don’t click on links that you get in text messages. If you get one from a friend, make sure it is legitimate before clicking on it.
  • Always check that a charity is real before making any type of donation.

These cybercriminals are poised to profit from this pandemic, and they are doing all they can to take advantage of people. So, it’s important that you use caution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Working from Home Due to COVID-19? Protect Yourself from Cyberattacks

As we start to get used to living in a world where COVID-19 is changing everything, one of the differences that many have people are doing is working from home. With so many people now working on their home networks, cybercriminals are stepping up, and they are hoping to take advantage of people making security mistakes and doing more searches, specifically on COVID-19. This is a great opportunity for these thieves to target their victims.

COVID-19

Keep in mind that most people who are working from home are not working on a very secure network. Cyber attackers know this, and its important that both individuals and companies take the steps to protect themselves from COVID-19 and their information.

What Can Companies Do?

During this time, managers, owners, and supervisors should be setting clear expectations about how their businesses are going to work in these new environments. When these changes come down, they should come from the top. Here are some things to keep in mind:

  • You Must Understand the Threats – Business leaders should understand what threats are likely and prioritize protection methods based on that.
  • You Must Release Clear Guidance – It is also important that your organization’s at-home policies are easy to understand for all employees. This should include informing staff to communicate with security teams in the case of suspicious activity.
  • You Must Offer the Right Security – All business leaders should ensure that any company-owned devices are equipped with the best security capabilities. This includes the following:
    • The ability to connect securely to a business-owned cloud, and access to video teleconferencing apps that are important for remote workers.
    • Endpoint protection for all mobile devices and laptops including VPN tools and encryption.
    • Enforce the use of multi-factor authentication.
    • The ability to put a block on malware, exploits, and other threats using the best types of software and hardware.
    • A plan to filter any malicious domain URLS and stop any phishing attacks.

What Can Individuals Do?

People working from home should also take steps to ensure that they are remaining safe when working remotely.  Here are some things to do:

  • Create Strong Passwords – You should always create strong passwords and consider a password manager to facilitate multiple passwords opposed to the same passwords across multiple accounts.
  • Update Software and Systems – Install any system updates or patches as soon as you see them.
  • Make Sure Your Wi-Fi Access Point is Secure – Look at your Wi-Fi access point and make sure to change the passwords and default settings.
  • Use a VPN (Virtual Private Network) – A VPN is a good way to create a safe connection between a home computer and the worker’s organization.
  • Be Smart About COVID – 19 Scams – There are a ton of scams out there, including fake apps, so be smart.
  • Don’t Mix Work and Personal Tasks – Use your work device for your work and your personal device for personal tasks.

By taking these steps into consideration, either as a business leader or an employee, you can help to address some of the most common risks that you might face when working from home. Keep all of these tips in mind, and if something seems a little weird or strange, it’s probably best to report it to your company’s IT professional.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

This is Why We are Irrational In Times Like These

Though we, as humans, are supposed to be pretty smart, we do a lot of things that might not seem rational.

For example, we do things like text and drive, we don’t get flu shots that can stop us from getting sick, and we hoard things like toilet paper…Dan Ariely, a professor from Duke University, has some reasons for this.

Ariely has released a book called “Predictable Irrational,” and it takes a look at why we do these irrational things…especially in a time of crisis. One of the most mind-boggling things is why we have all become such toilet paper hoarders and why, when we see empty shelves, we start to panic.

According to Ariely, when we are in these situations, you are saying to yourself “This must be something I need to get very quickly and let me get a lot of it so I don’t run out.” But, in general, our responses to things like this are flawed.

On top of this, we don’t do a good job at thinking ahead. Ariely says, “We don’t pay much attention to things that will happen in the future, even if the future is two weeks from now.” He also says that we “don’t pay attention to things that are invisible like viruses.”

All of this is compounded even more as COVID-19 started to spread, and this led to a slow government response and the population’s collective apathy to the threat. Another thing that compounds it is that we, at our core, are also pretty selfish.

“We do what is selfishly good for us and not what’s good for other people,” Ariely says. This means that people who should be staying home because they are sick, go out anyway, and then they contaminate others. This is a normal impulse to defy the stay-at-home orders that many of us are under. And wearing a mask is NOT a sign of weakness, it’s a sign of caring for others than yourself.

Ariely says, “What’s interesting about public goods problems is, as long as everybody participates, everybody gets a lot of benefits, and when people start defecting or betraying the public good, lots of bad things happen. And in a situation like a pandemic, it’s enough that a small percentage of people don’t adhere to the rules and they can hurt everybody.”

Now, we also have the issue of some government officials and health experts being at odds with themselves. President Trump is pushing governors to open their states back up quickly, while public health experts are warning that doing this could quickly cause a huge uptick in cases.

What does Ariely say about this? He says, “The sad reality is that we’ve always had a tradeoff between money and saving lives. This is not something new.”

He also adds that the best thing we can do right now is make the best of our quarantine:

“It’s an opportunity to start new habits, new routines like exercise, eat better, spend time with your family,” he says. “It’s also an opportunity to start worse habits, like not exercising, overeating and developing addiction to social media and the news.”

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Protecting Your Company and Yourself from COVID-19 Hackers

Many people are asking how they can not only protect themselves, but also their organizations, from all of these COVID-19 hacks that are currently popping up.

As with any other phishing scam, vigilance is extremely important. We are certainly going to have to keep on our toes for months, or even years, as this fallout from the pandemic could be around for a long time.

You have to be suspicious of each and every unsolicited email, phone call, or text, especially if someone is looking for account or contact details, or they ask to share personal information. If you feel like information seekers are asking for too much, you should vet the email, dig deeper, do some web searches, and make sure its legitimate.

Don’t use any links or phone numbers within the email of based on the call until you do this. If you get a recorded message, make sure you don’t press any button when asked. If you do, you may be giving them some type of approval and you end up being a victim.

  • In response to ransomware, you should make sure that you are totally backing up your data on all of your devices.
  • For any online account you have, set up or turn on two-factor or multi-factor authentication when you can. This, at least, makes those accounts less likely to be breached, even if someone does get ahold of some of your information.

You might think this is a pain right now, but it definitely won’t be a pain if your information is breached and you start to lose money.

There are many organizations that are being forced to give their employees access to their networks from home…and in most cases, they never planned for that. This working from home increases the criminals attack surface. So, the network is probably more vulnerable, and in some cases, security policies and processes are even being bypassed to ensure all employees have access to it. This comes at a big risk, and with every employee who has access to the company network, there is an opportunity for a hacker to get inside.

Most cybercriminals who go for this type of hack want to get access to this so they can get sensitive information and turn it into cash. Other hackers want to go big time, and they will use the credentials that they are hacking to use in attacks like “password stuffing/spraying,” to access multiple critical user accounts. With a larger “attack surface”, these companies are definitely at risk and because of staff working from all over the place, any attempt to break into the network could go unnoticed until it is too late.

Corporate cybersecurity and IT teams are working hard, but they, too, are generally working from home. With even more workload and more remote information to go over, this also means that they don’t have the time to pay as close attention as they should. This makes things even more dangerous, so keep your eyes open.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Beware of these Pandemic Phishing Scams

These days, even though we are all, for the most part, stuck at home, trying to be safe from COVID-19, that doesn’t mean that we are safe from cybercrime. Cybercriminals continue to target victims, even in this environment, and many of these scams are related to COVID-19. This is pretty common when something like a crisis comes down, so you have to remain vigilant as you go through your daily life. Here are some of the things you should be looking for and being aware of:

phishing scamRelief Fund Scams

As we look towards our government officials for help, they have been sending out money to people who have lost their jobs or become impacted financially by the COVID-19 crisis. Criminals have started to create phishing scams that look identical to the correspondence that might come from the government. They do this to trick people into revealing their personal information. Currently, if you are in the UK, Australia, or the US, you are probably being targeted.

Infection Maps that are Malicious

Cybercriminals are also taking advantage of the public’s interest in COVID-19 infection maps. Organizations like Johns Hopkins are creating these maps, but cybercriminals are following close behind and releasing their own. All they have to do is set up their own websites, and then stick malware in them. They can do this for little to no money, and then they can make a huge profit thanks to ID theft and other dastardly deeds.

Impersonating Official Health Organizations

You also need to keep an eye out for cybercriminals who are impersonating official health organizations, including WHO – the World Health Organization, or the CDC – Centers for Disease Control. They are doing this by designing a number of different phishing scams. These started all the way back in February, and they are continuing to be sent. The criminals are setting up a sense of urgency, so that people are more apt to give up their information.

Scams with COVID-19 Testing Kits

There is also a lot of interest in COVID-19 testing kits, and as you might imagine…the bad guys are targeting these people, too. Not only are these scams spreading via email, according to the FCC, Federal Communications Commission, but also with robocalls, text smishing, and more. The FCC has even announced that it has found a big range of robocall scams that are associated with coronavirus, including things like debt consolidation, work at home opportunities, and even student loan repayment plans. There are also specific scams that are targeting small businesses.

Medical Supply Scams

Finally, we have medical supply scams. These are similar to the testing kit scams but the cybercriminals are using these medical supplies, like masks and gloves, as a lure to get people to give them money. There are more and more of these websites popping up with huge discounts on medical supplies. Many of these sites are offering limited-time sales and want Bitcoin for payment, which is a big sign that you could be getting scammed.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program and the home security expert for Porch.com