Ransomware attacks have risen steadily in the past few years to become a widespread, costly form of cybercrime. This attack, which happens when someone infects a computer or network with harmful software and demands payment to remove it, has hit every kind of industry and business and can affect companies and consumers alike.

The first problem with ransomware is there is no guarantee that paying the ransom will restore access to your files, hardware or network. It is a dangerous gamble, and while sometimes it pays off, other times the hacker refuses to unlock the access even after making off with your money.

Some industries seem to have more of a problem with ransomware than others. The healthcare industry has long been a favorite target. This could be attributed to the hefty fines and penalties that medical centers can face for allowing outsiders to infiltrate information that is protected by HIPAA laws. As history has shown, the ransom is often less than the fines would be, so the hospital attempts to pay up.

Cybercrimes like data breaches and computer scams have been known to come and go. However, with ransomware, there has been a very slight decrease. In fact, ransomware attacks and the financial losses associated with them have been steadily rising with no end in sight.

The city of La Porte, Indiana, just paid a Bitcoin ransom of $130,000 to restore access to their city’s network of computers. Without access, many city functions were at a standstill. Unfortunately, that amount is pocket change compared to some ransom demands. For example, Monroe College recently lost access to everything, including email, learning systems and grades, until the hackers receive $2 million in Bitcoin.

The FBI recommends against paying ransomware attackers, and the U.S. Conference of Mayors recently passed a resolution that tells cities they should not pay a ransom in these cases. However, it is ultimately up to the victims to decide how they are going to respond.

Fortunately, there are a few steps businesses and individuals can take to reduce the risk of harm from a ransomware attack:

Backup everything on your computer

If you store all of your important files like documents or photos in an external storage source, then the worst that happens is you have to buy a new computer. For businesses, that expense can be more significant, but usually not more than the ransom would cost. The stored files are put on the new computer, and the money you would have given to a criminal is instead spent on brand-new hardware.

Up-to-date cybersecurity software

Keeping your antivirus and anti-malware software updated and installed can go a long way towards preventing harmful software from infecting your computer or network in a ransomware attack. It is not going to stop every single threat, but if you regularly update your security software with the latest fixes sent to you by the developer, you will be protected from a lot of harmful software.

Never click unknown links or attachments

One of the easiest ways for ransomware to infect your computer is through a phishing attempt. When a hacker sends an email that says something like, “You won’t believe these photos I found,” or “Click here to get your free $100 Target gift card,” you may be installing the ransomware for the hackers.

With proper training and good habits, you can work to avoid ransomware. If an attack does occur, contact law enforcement and IT professionals if you need assistance.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

Payment apps like Venmo have become increasingly popular lately, for good reason. However, if users are not careful about how they use and secure their information the Venmo payment app, it can be a privacy pitfall.

Venmo Privacy

One concern is password strength. If you are reusing an old password, your app could be infiltrated by someone who then wipes your bank account clean. Some platforms also allow you to set up an optional PIN number in addition to your password, which can add another layer of security. However, as one security researcher reported, the way you are using your app could also put you at serious risk.

Venmo is one payment app that allows users to share their Venmo payments with the public. The company has stated there is a social element to using a payment app. You might have bought concert tickets, movie tickets or just gone out for pizza with your friends. This kind of behavior might be something you would already post on social media. Venmo allows you to keep your Venmo payments set to “public.” Anyone who opens the app can see the most recent Venmo payments, even if they do not know you.

Venmo Payment Scrape 

One researcher made a project of “scraping” this data. He used a program he wrote to compile the information and stored it in a database. For months, this researcher downloaded payments from specific IP addresses.

Researcher Dan Salmon was able to copy and store the usernames and IP addresses of the smartphones that were used. At first, it was simply to see if Venmo payment information could be accessed, but then he started to wonder what possible nefarious use a malicious hacker could have with it.

It turned out to be surprisingly easy to download a specific IP address’ most recent Venmo payments, compile them into a professional-looking email and then use those to target the customer with a phishing attack. If you were to receive an email that appeared to come from Venmo and included your most recent Venmo transactions, including the date, amount, purpose and the message you would have typed yourself, you might be more willing to comply with instructions in the email.

It is important to understand that everything this researcher did was legal and not difficult for someone with a little bit of know-how. It required some patience and dedication to the outcome, which is something that hackers and identity thieves seem to have in abundance.

Review Your Venmo App Settings

In order to protect themselves, consumers have to remember that their private business is just that, private. You would hopefully never run through a crowded shopping mall shouting, “I just bought a sweater with a check issued by First National Bank!” So why would you inform all of Venmo’s users that you bought pizza last Thursday, or that you paid your friend for some movie tickets? Remember to adopt an air of caution when it comes to sharing your personal details, especially online or on social media.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

Payment apps, like Venmo, Apple Pay, Zelle and even Facebook Messenger, are used by over 90 million Americans, but are they actually secure? This touch-of-a-button technology lets you use actual funds from your bank account or your credit card to send money instantly to friends, family and retailers.

At first glance, some consumers might be a little reluctant to install and use a payment app. After all, anyone who gets a hold of your smartphone could wipe out your bank account, at least in theory. There are safety protocols in place – like two-factor authentication and one-time use PIN numbers – that help make these apps possibly safer than traditional payment methods. A lot of consumers have their smartphone on them at all times and treat it with the utmost safety concerns, so having payment information stored on their device might not seem all that farfetched.

Remember, convenience and security come with a price. Scammers have already victimized payment app users in a variety of ways including in-person scams and account takeover. Before using payment applications, it’s important to understand how to protect yourself.

Lending Your Phone

In this era of always-connected activity, everyone has a phone, but there is still the occasional instance when someone might ask to borrow your device. Many of us might not think anything of it, but when you allow access to your device you are opening up the door to your payment apps. Scammers have been known to ask to use strangers’ phones to make a call, but instead open payment apps and send themselves money.

You can avoid this one—and still be a generous person—by always logging out of your payment app when you are not using it. Also, if someone does need to make a call or send a text, dial the number for them before handing over your phone.

Scams

According to Javelin, more than $500 million was lost overall to fraud in 2017 involving a variety of peer-to-peer payments. Remember, all payment options are storing your information and are vulnerable to attacks. One woman had $9,000 debited from her account in increments after a thief gained access to her login. Plus scammers could ask for payments via app to eliminate traceability.

Never send money to individuals you don’t trust or who claim to be a business or government agency; many peer-to-peer transactions are instantaneous and irreversible.

Enhanced Security

No matter which app you choose, make sure you have enabled all the security features you can. If the app offers one-time PIN numbers or multi-factor authentication, for example, use them. This can keep hackers from accessing your login credentials and stealing your money.

Remember, access to all of your accounts usually starts with your email address or social media accounts. You have to make sure that you are using solid password hygiene on all of your accounts in order to minimize risk of hacking.

With every new type of technology, there are undoubtedly criminals out there who have found some way to take advantage of it. Practice good security protocols that protect your tech tools and be ready to adjust your usage to fit the latest scam reports.

Don’t fall for fake phishing emails or websites asking you to “verify your login.”


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There are two specifically related but not interchangeable threats to your identity, and the terms can often get confused. Credential cracking and credential stuffing both involve someone getting their hands on your personal data, especially your usernames and passwords, but how those two things take place are somewhat different.

Credential Cracking

Credential cracking happens when a hacker targets you or your company specifically. They spend a significant amount of time and tech resources on breaking into your accounts by undermining your password defenses. While victims of credential cracking can absolutely be random citizens caught up in a hacker’s trap, the effort behind it often means that the victim was targeted specifically. It might be a business account or a company’s social media accounts, financial accounts, or even the personal finances for someone within a company.

Credential Stuffing

Credential stuffing, on the other hand, usually occurs when a hacker casts a wider net. They either steal a database filled with information, buy it on the Dark Web, or even stumble upon it in an unsecured web-based storage server. Then, they use software that lets them attempt thousands of “matches” at a time, cross-referencing the stolen usernames and passwords that work on one website with many other websites. When they land on a match—meaning the victim’s username and password from PayPal, for example, are the same one they use on Amazon—they can use that information to steal money and even more identifying information.

Read next: TurboTax Security Breach Cause by Credential Stuffing

Who’s Targeted

Another major difference between these two forms of attack is in how the tech-using public can take action. Credential cracking is potentially in your own hands, unless a cybercriminal targets your place of employment; a lot of your preventive strategy will involve practicing good password hygiene. Credential stuffing, on the other hand, is a result of finding a treasure trove of information that someone else did not properly secure. You often have no way of knowing whether or not your information was included in such a database until you receive a notification letter from the company who allowed it to become compromised.

How to Protect Yourself

As always, one of the best defenses against either of these attacks is to use strong, unique, unguessable passwords that you change routinely. Changing your password can actually prevent credential stuffing since your old (and stolen) information would no longer be valid; by keeping your passwords unique—meaning they are valid on one account only—you can also work to avoid credential stuffing since they will not work on any other account.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The Force Has Awakened this #StarWarsDay! May the Fourth Be With You as you break out your lightsabers and prepare to do battle against the Dark Side of our cyber world with tips from the Identity Theft Resource Center and National Cyber Security Alliance.

To celebrate this #MayTheFourthBeWithYou, use the messages below on Twitter, Facebook and LinkedIn to join the cyber force on May 4th, 2019. Don’t forget to use the #MayTheFourthBeWithYou hashtag!

Download all images and messages here.

 

Tweet: It’s #StarWars Day and the cyber force has awakened! Use our tips for protecting your identity from the dark side. #MayTheFourthBeWithYou @ITRCSD @StaySafeOnline https://idtheft.center/MayTheFourth

More resources: Identity theft impacts 17 million individuals every year and unfortunately, can impact you at anytime. Learn about the different types of identity theft and how you can protect yourself with help from ITRC.


Tweet: “Do. Or do not. There is no try.” Taking steps to protect your digital identity & privacy every day is a must. #MayTheFourthBeWithYou @ITRCSD @StaySafeOnline https://idtheft.center/MayTheFourth

 

More resources: The National Cyber Security Alliance’s (NCSA’s) CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online.

 

Tweet: You don’t have to go Solo. Get help from the cyber force with tips from @ITRCSD & @StaySafeOnline #MayTheFourthBeWithYou https://idtheft.center/MayTheFourth

More resources: Learn how to protect yourself, your family and devices with these Online Safety Basics

 

Tweet: A new hope for your digital identity is here. We have a plan to help you recover from identity theft. @ITRCSD & @StaySafeOnline #MayTheFourthBeWithYou https://idtheft.center/MayTheFourth

 

More resources: For free one-on-one assistance with identity theft, scams, fraud, cybersecurity, privacy and more, contact the Identity Theft Resource Center toll-free 888-400-5530 or LiveChat

 

Tweet: Think you have what it takes to be a digital jedi? Train with steps to empower your privacy & identity. #MayTheFourthBeWithYou #RiseOfSkywalker @ITRCSD & @StaySafeOnline https://idtheft.center/MayTheFourth

More resources: Take privacy into your own hands with a privacy quiz. Then learn how to update your privacy settings on popular devices and online services.

 

Even after May The Fourth, you can safeguard your information from the Empire all year-long by staying up to date with the latest threats to your identity and tips by signing up for our newsletters:

Stay Safe Online Email Sign-up: https://staysafeonline.org/email-signup 

Identity Theft Resource Center Email Sign-up: https://www.idtheftcenter.org/newsletter-signup/ 


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

Gear up for your next vacation with advice on how to travel safe when it comes to technology and cybersecurity.

Be honest, show of hands who is ready to put this winter weather behind them and take a nice vacation? No matter if it is a glowing sandy beach escape or a picturesque mountain retreat, a vacation can be an instant pick me up after the winter blues.

Unfortunately, as too many travelers already know heading out of town can be filled with pitfalls. Lost luggage, sudden cancellations, unexpected illnesses are just the tip of the iceberg when it comes to potential problems. However, there is a far more serious danger lurking for the would-be traveler with consequences that take years to recover from – identity theft.

Cybercriminals do not take vacations, so you cannot let your guard down where your identity, your financial data, even your gadgets are concerned. In fact, in many ways, traveling brings a whole new kind of cybersecurity threat, one that specifically targets people when they are away from home.

Once you have planned your getaway, there are a number of steps you must take to travel safe. Whether you are traveling within the country or abroad you should consider taking the below actions to protect your information.

Update and Backup all of Your Technology

If you are bringing any devices with you, now is the time to make sure they are updated to the most recent operating system. The same is true of your apps. When you continue to use an outdated piece of software or an old app, you are leaving yourself wide open to a data breach; developers often issue updates specifically because they have uncovered a security hole. While you are at it, make sure you save all of your important files, documents, or photos to a secure source at home, just in case someone does attack your device.

Disable your Wi-Fi

A simple slide with your fingertip is all it takes to prevent your mobile device from automatically connecting to unknown networks. These are the kinds of free Wi-Fi connections found in coffee shops, hotels, restaurants, airports, and more. Turning off the Wi-Fi will not only save your battery, it will stop lurkers from infiltrating your device over unsecured networks. Do not worry, you can turn it right back on whenever you are in range of a safe connection.

Power Up with Confidence

Avoid public charging stations if you can help it. Whether you use your own cord or use one that is provided, you cannot know where the cord’s connection will lead. In a scheme called “juicejacking,” criminals lure travelers into plugging in their devices for a quick charge, but the cord is actually connected to a hidden computer. The computer is downloading all of the files and information off the devices while you charge up, including usernames, passwords, account numbers, and more. If you can carry your own external charger battery or a “block” to plug into a regular power outlet, that would be much safer.

Passcodes, Passwords, and Pass it On

You might want to update your passcode lock on your mobile devices and your account passwords on sensitive accounts before you leave. That way, you are not enjoying a day out on the waves—and away from a phone or computer—when a hacker steals a database of old usernames and passwords, or steals access to your online bank account and credit card. If you can leave these passwords with a trusted family member, they can help you out if something goes wrong while you are out of pocket.

The Trip is Only Part of the Equation

Remember, your vacation basically starts (at least from a cybercriminal’s perspective) from the day you book the trip through the weeks after you have returned. Make sure you are booking your travels through a reputable company over a safe online connection, and that you are monitoring your accounts before, during, and long after your trip in order to watch out for suspicious activity.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

Consumers have been warned for years about the potential danger of compromised payment card readers. Whether in a store, at a gas pump, or even an ATM, a thief simply has to tamper with the keypad and card reader a little bit, install a micro-thin skimming device, then gather up your card information.

Now, a recently uncovered threat called formjacking is basically doing the same thing, only it is happening when you enter your payment details on a website. By inserting malicious code into the site, cyberthieves can swoop in and steal your card number, security code, zip code, and much more.

According to security software developer Symantec, “The number of instances of formjacking blocked by Symantec more than doubled, jumping from just over 41,000 to almost 88,500—a percentage increase of 117 percent.” The company estimates it blocks nearly 7,000 formjacking attempts every day.

This might sound like a problem that only targets less secure websites, but that’s not who thieves are going after. With websites like Ticketmaster being a victim, formjacking targets large e-commerce companies. By gaining access and injecting the harmful code into a website payment page or form, the hackers steal your information without you realizing it and without you ever leaving the trustworthy site you visited. Hackers can gain access to these trustworthy sites through supply chain attacks or by going through a third-party integration like payments, analytics or chat. If a third-party integration is compromised by hackers that is used widely, multiple websites could be at risk from just one infiltration.

That means consumers have to protect themselves from an invisible threat. Fortunately, a comprehensive security suite can often include additional features like suspicious URL blockers which keep you from landing on unsafe websites as well as payment card protections. With options out there to meet every budget—from free to car payment-sized—you can certainly find a solution that offers you greater protection and still fits your finances. If your card information is stolen, you can find out about it immediately by launching “card not present” transaction alerts from your financial institution.

On the other side of the web, it’s up to businesses to ensure they are not putting their customers at risk. It’s important to fully vet any third-party provider that connects to your company’s website, no matter what kind of service they offer. Companies should also ensure they are taking proactive steps to prevent these attacks and perform regular security checks.

Symantec is a proud financial sponsor of the Identity Theft Resource Center


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

In the age of the #selfie, there are millions of apps for users to apply teeth whitening, air brushing and the perfect filter for a flawless pic to be shared on social media. Unfortunately, downloading apps can also pose a security risk, depending on the app and the platform from which is was accessed.

Four million Android users who downloaded a popular app from the Google Play store are believed to have been infected with malware that has a variety of consequences. Some of these involve stealing access to your contacts list and pictures, while others actually redirect any popups to pornography websites. Trying to get rid of the app doesn’t work since the app remains hidden after deleting it, making it impossible to drag it to the delete garbage can icon.

The Google Play store for Android users and the App Store for iOS (Apple) users are two of the biggest app sources in the world, and they have two very different structures. Google believes in a more open-source approach, meaning any developer can list an app and users have a responsibility to read the reviews before downloading. Apple, on the other hand, has a reputation for being far more secure, but that comes at a price: listing an app on the iOS store can mean a lengthy wait while the app is tested and approved and a laundry list of requirements for developers to adhere to.

For better or worse, most of the affected apps in this case were downloaded in Asia. However, that doesn’t mean there aren’t malicious apps that are targeting US users with similar harmful tactics. Logically, Android users stand to be at a somewhat higher risk than Apple users due to the open nature of the Google Play store, but that doesn’t mean iPhone and iPad users are immune to this threat.

No matter which mobile operating system you use, you’ve got to be careful with your device. Read the user reviews before you download an app, and make sure there aren’t any specific privacy concerns mentioned. Also, read the app description itself and get a good idea of what kinds of access the app needs. If an app wants too much information or access that it shouldn’t need in order to function, then it’s best to skip it.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Fortnite Bug Let Hackers Into Players Accounts