World Emoji Day is on July 17 with fun and more than a little emoji mayhem. Fun fact: the reason for this date is that it’s the one depicted in Apple’s emoji of a calendar. With all the attention on emojis heading to smartphone screens everywhere, and more than five billion emojis sent every day via the Facebook Messenger app alone, there’s no time like the present to set the record straight on some privacy pitfalls associated with the darling little characters.

Apple was one of the first major smartphone retailers to incorporate an emoji keyboard into its devices back in 2011. For years, users had to physically type the characters that would result in the understood emotion, such as 😛 or 😉 to express the point. Once the emoji keyboard appeared, though, scammers found a way to embed viruses and other malware into downloadable “aftermarket” emoji keyboards that can get into users’ devices. The enticement was access to additional emoji characters that the manufacturers hadn’t thought to include, and as a result, consumers fell into the trap of downloading malicious software in these files.

Since that time, emojis have become the bait-of-choice for scammers hoping to convince internet users that their posts are genuine and trustworthy. By filling their spammy announcements with hearts, flowers, smiley faces and other tiny symbols, they hope to lure unsuspecting users who think they’re dealing with someone who is friendly and trustworthy. Instead, the false front of light-hearted communication can lead to a far more sinister trap.

Emojis have also been found to be a common indicator in online romance scams. First, predators who are still in the grooming stage might send dozens of periodic messages throughout the day in order to convince the victim they’re thinking about them. Many such messages have been long strings of romance-themed emojis, like hearts and little bouquets of flowers. Also, with the understanding that romance scams are accomplished by crime rings who may have several different people operating as a single personality in shifts, some experts have suggested you can spot the differences in the people who are posing as that one person by how often and which emojis they use.

It’s also worth noting that the use of emojis has become a “language” all its own. Unlike rampant conspiracy theories about what different characters mean, there is some truth to the belief that certain characters have been co-opted and are indicative of sexual or even criminal behavior. Make sure you know which symbols really mean what you meant to say before hitting send!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Why would someone simply give you free access to a brand-new blockbuster movie or an album download from a chart-topping artist?

 There are a lot of different reasons why someone might engage in piracy of copyrighted material and sadly, the internet has enabled a lot of people to distribute protected material to a mass audience. Rest assured though, no one is doing it for free. Even if they’re not charging you money for it, they’re getting something in return, either in the form of traffic to their website, advertising or affiliate link dollars or worse, by stealing your information.

Sites that offer “free” content are notorious for filling your computer with viruses and malware, and now, your Amazon Fire TV or Fire Stick may be at risk. Users who have “sideloaded” apps and other content to their connected televisions through their Amazon devices may have infections with malware that can take over their entire networks.

The term sideloading, which isn’t necessarily wrong or illegal, simply means adding content to a device without going through the device’s designated app store. Some early devices, like pre-Kindle e-readers, required users to add their own digital content with an included cable, much the same way that people might have moved digital photos from their cameras to their hard drives.

Sideloading a device that does have a platform and app store is tricky and could leave your network vulnerable. Amazon’s Fire TV and Fire Stick, for example, are intended to use the Amazon website to maintain a membership; sites like Netflix and YouTube are there for users to enjoy, but unauthorized third-party sites do not come with any kind of guarantee that the material is safe. Adding any apps that let you watch pirated shows is not only wrong, but it’s also a gateway to a virus.

One strain of malware in, particular, ADB.Miner, has already been found infecting Amazon devices through this kind of activity. This malware mines cryptocurrency, meaning it will hijack your computer or television in order to force it to waste precious energy and processing speed creating cryptocurrency for the criminal who installed it. This malware also can infect any other Android device running on that network; if you have an Android smartphone or tablet that’s connected to your home Wi-Fi, those might be at risk once ADB.Miner takes hold.

It’s tempting to blame the criminals who established the malware, but there’s an awkward truth that must be stated: anyone who downloads pirated content is a criminal too, no matter what their intentions were. Copyright laws exist not to just protect the financial interests of the actors, musicians or other “big name” people involved, but also to make sure that the janitor who empties the studio trashcans at night has a job. Make sure you’re doing the right thing by protecting yourself from a network infection and ensuring that content creators can continue producing great material for the public to enjoy.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Privacy concerns like data tracking, selling your information to third-parties and advertisers, hacking and even potential changes to how companies allow you to access the internet are all factors that put you at risk by just logging in.

So how do you protect yourself while living in an increasingly connected world?

One popular tool is a virtual private network or VPN. This app for PCs, laptops and mobile devices acts like your own tunnel onto the internet, keeping everyone from hackers to advertisers from seeing what you’re doing or knowing how you’re connecting. There are times when a VPN should be an absolute essential, such as logging into your bank account or email over a public Wi-Fi connection. Other times, this app is a safety blanket that lets you access legal content without any blocks that might be in place for geographic licensing reasons. This includes: trying to use your own Netflix subscription or uploading a YouTube video while traveling abroad.

There are some things to look for before you decide to invest in a VPN, though:

Does it cost anything?

Yes, there is a price to pay with using a VPN however, most major-name providers offer a free trial too.

What happens to your IP address?

Before installing, find out what the VPN does to your IP address or your computer’s personal “name.” Some VPNs only mask your IP address so that other people theoretically shouldn’t be able to find it or track it, but other VPNs actually assign you a brand-new IP address that does not belong to your computer. That’s important because it means you can’t be accused of specific internet behaviors since your computer’s own IP address isn’t used to connect. Anyone who wanted to track your internet activity would be tracking a made-up number instead of your actual address.

Is your activity still being monitored online?

Again, some companies have a policy of not storing their logs about your internet activity, while other companies don’t actively monitor it in the first place. It’s up to you to decide how sensitive you are to be monitored online. Don’t make the mistake of thinking that only criminals have something to hide: even sites like Facebook have admitted to selling users’ information to third-parties (perfectly legal and outlined in the terms and conditions) only to have those companies turn around and sell it to someone who didn’t have your permission.

Is the company using a foreign server?

A VPN works by connecting you to a server that the company controls, then connecting you to the internet. The number and location of those servers are where the different VPNs set themselves apart from their competition. If you never travel abroad, for example, you might not need to pay more for a service that offers 1,800 servers in more than 200 countries. However, the number and location of the servers can also have an impact on how fast your connection is, so that’s why taking advantage of free trials can be a good idea.

How many devices can you connect to?

Another area where VPNs differ is in the type of device you can connect, as well the number of devices. Some VPNs let you connect unlimited devices but will only let you use five of those devices at once. If you want your entire household protected and you have different devices—a Windows laptop for your work, a MacBook for your home, your iPhone and your spouse’s Galaxy phone, your kids’ iPads and Kindle Fire tablets—then the VPN you choose should allow different operating systems and a number of simultaneously connected devices.

When considering a VPN, don’t forget about your router.

This is especially important if you have sensitive internet-of-things connected devices, like a video doorbell or voice-activated virtual assistant. Router hacking has led to the theft of data from other connected devices, so it’s a good idea to wrap your router’s connection in a private tunnel too.

Remember, there are free trials of VPNs so you can test them before committing. See which ones you prefer based on features, ease of use and internet speed before sending anyone your payment.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Mistyping a domain name in an email or website can lead to disaster, as one Australian bank recently found out.

 

If you’ve used the internet, been in a room when someone used the internet or even just seen a commercial about (yes) using the internet, you’ve been exposed to a domain name. What is it? It’s

what many of us refer to as a website or web address. If you’ve ever said, “I’m shopping on Amazon,” or “I’ll PayPal you the money,” you were using a domain name.

Individuals who wish to create a website purchase domain names. There’s a legal but somewhat disingenuous practice of purchasing a domain name in anticipation of something becoming popular, such as buying the web address for “www.appletoaster.com” if rumors circulate about Apple getting into the kitchen gadget industry. The goal, of course, would be to sell the domain name to Apple for a nice profit.

However, there’s another legal practice involving domain names that can lead to illegal activity: masking. It’s easy for a scammer to purchase “amaz0n.com” or “citybank.com” or “paypaI.com” (that’s a capital I instead of the L, in case you couldn’t tell), then send you emails pretending to be the real company. You land on a fake website where they steal your information, accept payments for products you’ll never receive or even install viruses on your computer.

Unfortunately, not all domain name issues like this are the work of scammers, even though the consequences can still be severe. Mistyping a domain name in an email or website can lead to disaster, as one Australian bank recently found out. They thought they were sending sensitive customer data to the correct entities within their own company, bank employees had sent out more than 600 emails with the wrong domain. Rather than using the Commonwealth Bank of Australia’s own domain for emailing of “cba.com.au,” the employees simply typed “cba.com.”

It’s never a good thing when emails with sensitive data goes is emailed to the wrong person. Luckily, “cba.com” is the domain name for a U.S.-based cybersecurity company; also, the chances of the prefix or the person’s name within the company email, matching up to someone at cba.com weren’t very high. If important information had to end up in the wrong mailbox, at least it was a business that deals with security.

Commonwealth Bank took immediate action by blocking the cba.com domain from its network, meaning it’s no longer possible to send an email to that domain name and suffix from their computers. As an added precaution, the bank also purchased the cba.com address in order to prevent any further information from going to that address. This step would also prevent scammers from later buying “cba.com” and using it to send malicious phishing emails to unsuspecting customers.

For typical tech users, though, there’s no network or IT department to make sure you’re only using trusted domain names. That’s why it falls to consumers to protect themselves. If you receive an email that seems like it might not be genuine, you can check by hovering your mouse over the sender’s name. It will pop up and show you the actual domain. If you can’t be sure it’s not typed wrong, copy and paste it into a Word processing program and change the fonts until you can read it more clearly. If you’re the one sending the email, make sure you’ve typed it correctly in order to avoid embarrassment and security risk by messaging the wrong person.

Remember, the domain name can be identical, but the suffix at the end (such as .com, .net, or .org, just to name a few) can change, too. You might think you’re emailing your bank or work, but if someone has purchased the domain name with “.net” instead of the .com you meant to use, you may still be contacting a scammer.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Cell phone customers have been warned about a lot of different pitfalls when it comes to protecting their privacy and their data.

Using a passcode to lock your phone, logging out of sensitive apps and making sure you’re only downloading vetted content are still important ways to avoid a lot of common threats. Recently, word got out about the danger from phone number porting (when a scammer convinces a cellular provider employee to move your phone number to a new handset) and consumers have been warned to be vigilant about any unusual activity with their phones as a result.

Now, there’s a new threat: SIM swapping. Your SIM card (Subscriber Identification Module), the tiny little microchip that tells your phone what number it responds to and what information it contains, is transferable to another phone. That’s how you can upgrade to a new phone or  buy another phone if yours is damaged, while still keeping your phone number, photos, music downloads and more. But much like phone number porting, SIM porting is easy to do if you can convince a cellular employee to do it.

This new hacking threat came to light when an Instagram user began receiving notifications about his account. He checked his phone and didn’t notice anything out of the ordinary, but later realized he was using it on his home Wi-Fi connection (not cellular…smartphones will work as mini tablets even without mobile plans as long as they’re connected to Wi-Fi). Only after he was locked out of his Instagram account and Snapchat account did he realize there was a serious problem.

After checking with his provider, he learned that his SIM card information transferred to a new SIM card and inserted into a different handset. It’s not certain yet if the cellular employee did this maliciously or was truly unaware that the person who attempted it was not the account holder.

Of course, there’s more to the story: the person who did this didn’t want the victim’s personal information, email account or mobile wallet. They simply wanted to take over that individual’s social media accounts so they could have the username. Again, it’s not certain what the person planned to do with that username once they took control of it since loading any Instagram images themselves would have implicated them, but that is the only thing the thief did with the access to the phone.

This incident and others like it should serve as a warning about taking strange activity seriously. It doesn’t matter if it’s a weird charge on your credit card statement, notification from a company you do business with, a strange message on Facebook that indicates someone has broken into your account or a medical bill for the care you didn’t receive. If you learn that something unusual has occurred, it could be a sign of a much bigger problem. Take immediate action by contacting the entity directly and find out just how far the suspicious activity goes.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

If you know anything about cryptocurrency and the supposed investment opportunities that go along with it, you’ve probably run across more than a few shady details so far.

Originally created as an anonymous payment currency—for people who want to make purchases that don’t leave a financial paper trail—these non-existent “coins” are now the stuff of ransomware payment, Dark Web purchases, crypto jacking and investment scams.

In this newest scam, someone launches an Initial Coin Offering or ICO. This is much like starting a business or purchasing property, then offering “shares” for sale to investors. The weird thing about even the most genuine, legal ICO of cryptocurrency is that the shares the investor buys are for an object that doesn’t exist.

Many states are cracking down on cryptocurrency and ICO scams in order to protect consumers who are lured in by “strike while the iron is hot” sales pitches from dealers. This multi-state effort, known as “Operation Cryptosweep,” has already involved 70 ICOs, resulting in the prosecution of 34 separate cases.

Investing has a long history of producing both financial gains and losses for those who participate. If you think of investing as not only benefitting the investor but also the company—helping it to grow, expand, bring in new people and technologies and more with the money made from the sale of shares—then it makes sense for those who’ve done their homework. But investing in cryptocurrency is one-sided, meaning the goal is to buy as much as possible of this non-existent token and hope that its value somehow increases, despite the fact that it’s not a business that offers a product or service. The entire investment is based on the hope that more people will be enticed into buying it later, driving its value up.

Some experts worry that the flash-in-the-pan craze associated with cryptocurrency investing will result in so many burned investors that typical, sounder forms of investing will be damaged by associating with the losses.

North American Securities Administrators Association (NASAA) President Joseph Borg has announced, “The persistently expanding exploitation of the crypto ecosystem by fraudsters is a significant threat to Main Street investors in the United States and Canada, and NASAA members are committed to combating this threat.”

If you’re ever interested in an investment opportunity—whether in a real commodity, real business or crypto-item—you’ve got to do your homework. It’s not just a matter of accidentally losing your investment when it doesn’t pay off (which is part of the stakes in any speculation), but the real danger is in the anonymous nature of ICOs and cryptocurrency. As unsecured forms of currency, there is no agency to back you up and protect your investment if it turns out bad.


For toll-free, no-cost assistance, contact the Identity Theft Resource Center at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

In the race to come up with even more secure forms of protecting your technology and your accounts, researchers have been experimenting with a variety of methods. Everything from two-step authentication to advanced biometrics (think fingerprint sensors) have been used in some way.

A new facial recognition sensor from a company managed to fall a little short, though. One of its new phone models allowed the user to store a “selfie” as the phone’s standard, then use the camera to scan the stored image alongside the live face for comparison. If the phone detected a match, it unlocked the device for use.

Unfortunately, a picture was worth a thousand words, or at least a thousand logins…

Prior to a security patch for that phone, the camera would readily accept a photo of the person instead of their actual face. The unlock process was a little slower but wasn’t halted completely. This is a departure from a fairly old aspect of facial recognition that requires the user to blink during the scan in order to prove the camera isn’t seeing a still image (unfortunately, even that level of security wasn’t hard to override). The test a user conducted in this case actually involved pointing the Samsung Galaxy 8 at another phone which displayed the picture.

This news is the latest in a long, questioning road to better biometric security protocols. What level of protection can our fingerprints, retinas, even our DNA provide, but more importantly, what can the bad guys do with it?

It’s important to understand that Samsung says this was never meant to be a security or “lock” feature, but rather is more like swiping the phone screen with your fingertip to wake it up. Rather than put down any items you might be holding or look at the screen while you’re busy, you could simply turn your face toward the phone or hold it up and point, and it would give you access to the phone screen.

With every new technology, it can often feel like we’re playing catch up. The innovation comes first, the security violation comes next, and then the fix follows on its heels. We can work to halt that process by asking the hard questions: how does this actually keep me safe? who else can interfere in the process? is this actually a step towards greater security, or just flashier tech? By knowing the answers to those questions and taking a good look at how the functionality works, you just might ward off any unexpected privacy problems.


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

“Cell phones are so convenient that they’re an inconvenience.” ― Haruki Murakami

In the past fifty years, humans have gone from computers that took up entire rooms and were strictly the domain of governments and corporations, to having computers conveniently located on your wrists that even children can use. “Typing class” of the 20thcentury has been replaced with coding, robotics, app development and other STEAM curricula for students as young as elementary school.

That is a lot of innovation in a short amount of time, practically the blink of an eye. One of the drawbacks to having such incredible advancements in a relatively small window is that security and privacy considerations have struggled to keep pace with the new capabilities.

Kaspersky has now released a new report on a phenomenon called “cyber-stress,” which refers to the very tangible emotional toll that things like identity theft, data breaches, and hacking events can take on consumers. The Identity Theft Resource Center, which operates a toll-free call center and a live chat app for victims of identity theft, has also tracked the emotional fallout from discovering that someone has stolen your personal identifiable information.

According to the findings in the Kaspersky survey:

– 81 percent of Americans and 72 percent of Canadians report that news of data breaches causes them to feel stressed

– The average respondent reports that they manage at least sixteen different username and password combinations, which can lead to weak password security and “reusing” passwords

– 46 percent of Millennials find it stressful to manage the number of passwords they maintain

– The average household now has more connected devices than people, and 75 percent of respondents say that protecting all these devices from outside threats has caused them stress

This might seem like overkill or a lot of reactionary worry over statistically minor issues. However, the opposite is true; the ITRC tracked more than 1,500 separate data breaches last year alone and 46 percent of the respondents to the Kaspersky survey said they had been personally impacted by some kind of cybersecurity threat. Thirty-three percent of those who’d been affected by a cyber-attack stated that they continue to experience stress about protecting themselves from future attacks.

Part of this ongoing emotional impact may be attributed to the fact that new data breaches continue to occur. The Equifax data breach compromised more than 145 million consumer records, while new point-of-sale hacking shows that the “old school” method of targeting consumers’ payment cards is not going away. This stress may even be an opposing reaction to a recognized form of apathy towards protecting yourself known as data breach fatigue, which occurs when the news surrounding too many data breaches is simply overwhelming.

Fortunately, there are resources for consumers to turn to and trustworthy options to provide help. Significant numbers of respondents stated that they trusted friends, family members or spouses with their personal data, which means they have someone they can turn to in a cyber-stress situation. Many young adults and teenagers claimed that they would immediately turn to their parents in a cyberattack situation, providing them with a trustworthy outlet for support. Of course, advocates like those at the ITRC can provide consumers of any demographic with solid resources in the event of a cyber-related issue.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Too often, the apps we use on a daily basis can lead to issues with privacy and security. In many cases, the culprit is none other than the function of the app itself.

The recent news about Facebook losing control of millions of user profiles is a testament to that, but now, a new feature in many Apple devices has led to a complete and permanent vulnerability for users who are affected.

Called “trustjacking,” this vulnerability occurs when you click “yes” to trust a device. In this particular case, iPhones that have been enabled to sync their iTunes accounts over wifi—as opposed to only when the cable is plugged into both the phone and a computer—have given permission to “trust” the connection. Trusting the connection is the mechanism for letting the device and the computer talk to each other… and that’s when hackers with the right know-how can strike.

Security experts Roy Iarchy and Adi Sharabani of Symantec* presented their findings about iOS trustjacking at a recent conference, stating that not only can a hacker access the user’s photos, text messages, and iTunes backup, but can also “use this access to the device to install malicious apps, and even replace existing apps with a modified wrapped version that looks exactly like the original app, but is able to spy on the user while using the app and even leverage private APIs to spy on other activities all the time.”

Fortunately, there was an easy fix to this: the researchers alerted Apple to the possibility that a hacker can take over someone’s device via trustjacking, so now users must enter their passcodes in order to “trust” a new plugin. If the device has not been connected to the computer before, the passcode will be required. This should put a dent in the occurrences of “juice jacking,” too, which happens when someone tampers with a free charging station like the ones at airports or retail shops in order to steal information from the patrons’ phones.

However, there’s one more alarming aspect to this scenario: if your own computer becomes infected with malware, plugging it in to sync your iTunes or iCloud could compromise your device this way. Make sure you’ve got strong anti-virus software installed and kept up-to-date, and run a virus scan from time to time to ensure that your computer isn’t the source of the infection.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Peer-to-peer payment apps, or P2P apps, are a convenient way to share funds with people but come with some identity risks.

It might be a friend who bought those Taylor Swift concert tickets for your kid’s birthday present on your behalf, someone who owes you money for picking up the tab at lunch last week, or even a way to conduct business transactions like selling a piece of furniture or handmade crafts. One of the increasingly popular uses for P2P apps is when multiple people have to “chip in” to pay for a single item, like a hotel room, cruise ship cabin, or baby shower gift for a co-worker.

Though convenient, P2P platforms have been scrutinized for their potential security concerns. As a platform that is connected to some type of payment account, they’re a golden ticket for hackers. When you create your account on a P2P site, you will link a credit card, debit card, or bank account in order to deposit and withdraw funds; if a hacker gains access to your P2P account, they have access to a more serious form of your finances.

If you plan to take advantage of this handy payment method, you’ve got to use some precautions. The very first is your password security, which is always a good idea. Whether it’s an app account, your email account, or any other online portal, a strong and unique password is a must. A strong password contains a lengthy combination of uppercase letters, lowercase letters, numbers, and symbols, typically between eight and twelve characters in length. A unique password means that you don’t use it on other sites, no matter how tempting that may be.

Once your account is secured with a strong, unique password, it’s important to monitor all activity in case someone still manages to get in. You can set up transaction alerts to let you know right away if your account has been used, and you can schedule some time to log in and take a quick look each week. If you see activity that you don’t recognize, report it immediately.  Deposits you weren’t expecting, not just withdrawals or purchases, can still be a sign that someone is in your account.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.