One week after its launch, hacked Disney+ accounts are what is being discussed rather than the new video streaming service. A week ago, Disney launched a highly anticipated video streaming service, and hackers have already found a way to make a buck while ruining your fun. The service, called Disney+, contains not only Disney film favorites but also original content and new shows in the Star Wars universe. Social media sites have been flooded with overjoyed responses from happy customers, as well as complaints from unhappy customers who have lost control over their accounts.

Hackers have been able to infiltrate accounts, change the passwords to lock out the account owners and then post the credentials online for others to use or buy. Rather than the $7-per-month subscription fee, some forums have listed accounts for sale for as little as three dollars from the hacked Disney+ accounts.

There are a couple of ways hackers may have pulled this off, most of which customers can avoid if they are careful.

First, anyone who ever reuses an old username and password combination from another site is playing with fire. If you reuse the login credentials from your MySpace, Yahoo, Adobe, Ancestry.com, Bank of America or Capital One account, a hacker with the right information can break in. Again, any previous data breach in which usernames and passwords were stolen means that information may be available on the Dark Web. If you open any new accounts with old information, a hacker may already have access to it, which may be the case for some of the hacked Disney+ accounts.

Next, if you receive an email or text message that someone has changed your account login for any account, do not ignore it or treat it as spam. It can mean that someone is in your account at that very moment, and they are locking you out.

Also, there is some speculation that hackers may have used keylogging software to steal credentials. This can happen when you visit a harmful website and login, click a link or download a file in an email that installs harmful software on your computer or connect over public Wi-Fi and log into an account. By electronically gathering up your keyboard strokes as you type, hackers can grab your login credentials, go into your account and take control.

Once they change your password, you are not only locked out of your account, you are also powerless to delete the account or block the payment method. You must contact customer support immediately if you are ever locked out of an account you own since a hacker may be involved.

Remember, the Disney+ website was not breached. It is the individual users themselves whose accounts have been compromised. Another handy tip to avoid hacks like the hacked Disney+ accounts is to stop announcing on social media whenever you download a new game, try out a new service or some other hot commodity. No one needs to know that you have paid for a subscription, and hackers are standing by (through basic keyword searches online) to see who has got an account they can grab. It is important to avoid oversharing your personal business in this way.

Finally, all of this serves as a great reminder about password hygiene. Apart from never reusing a password on another account, it is a good idea to change up your passwords frequently. The same is true of your security questions, as those are often targeted in a data breach as well. That database of old information the hackers have will not work if you are updating your passwords from time to time.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Three-Pronged Web Service Data Breach A Cause For Alarm

Virtual Reality Privacy Concerns

Who is Responsible for Fraud Prevention? Join the Fraud Week Twitter Chat with ACFE!

If you have never heard of e-skimming before, you probably want to educate yourself, especially with the holidays right around the corner. You may have heard warnings over the years about criminals tampering with credit card swipe systems at stores, gas pumps and other point-of-sale consumer stations. This tampering, known as “skimming,” happens when someone inserts a thin film into the card reader that steals your information and allows the thief to use your account. It is rare that the process is instantaneous, though, as typically the thief has to come retrieve the skimmer in order to download all of the stolen data.

Cybersecurity experts have now uncovered a new threat that works the same way, e-skimming, although it gives the criminal instant access to your account. Even worse, the criminal does not have to tamper with any physical systems and can pull it off from anywhere in the world.

E-skimming happens when a hacker inserts malicious credential-stealing software into a retailer’s website. You think you are checking out with your credit card or debit card—because you are, and your items even arrive as intended—but the hacker is stealing your payment information from the shopping cart in real-time. They may even be using your card or selling the information on the Dark Web before you are done with the transaction.

Unlike physical card skimming, you cannot simply look at a website and tell that a hacker has tampered with the system with e-skimming. The website owner themselves may not even know unless there is an investigation. However, there are some things you can do to protect yourself.

Enable alerts on your cards

Card Not Present” transaction alerts are a good idea anyway, and they are one of your best defenses against e-skimming. This alert, usually sent by text or email, comes from your card issuer and lets you know anytime your card is used to make a number-only purchase. As soon as the transaction is processed, the alert is issued. You can contact your bank immediately and stop the payment from going through, as well as close that card and order a new one.

Monitor your account

It is important that all consumers take a routine peek at their bank and card accounts in order to make sure there is nothing suspicious going on. Your card may be used or sold by a hacker, and there can be a limited window of time for you to dispute any charges in order to avoid accepting responsibility for them.

Use trusted websites and look for HTPPS

Hackers have a fun game of seeing who can earn the most credibility by taking down bigger and bigger targets. However, the more trusted and secure the retailer, the more likely they are to have strong security protocols in place. Avoid sites you are not familiar with, no matter how great the advertised deals are.

Consider a low-limit card for online purchases

Especially with holiday shopping coming up, you might consider a low-limit credit card for use on the internet. It can help reduce the amount of damage a hacker can do if your card information is stolen online.

Pre-plan your holiday shopping

If you are doing a lot of online shopping in the next few weeks, it is a good idea to plan what you will be buying and from which retailers. First, it will help you stick to your holiday budget, but more importantly, you will not be lured into opening dozens of online accounts and spreading your spending around. Limiting where you shop can help reduce your risk of encountering an e-skimmer.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Don’t Get Scrooged by a Holiday Scam

Boss Phishing Bah Humbug: Don’t Fall for this Holiday Scam!

Millennials at Risk of Identity Theft – This Holiday and Year Round

Halloween is just around the corner, so what better time to talk about the scariest of all monsters? Zombies! And zombie apps.

Zombie apps are far more dangerous than the undead threat.

Worse, they move slowly, they can work in packs and if they get their teeth in you, you are done for. A zombie app or account is one that you do not use and may not even remember opening, but it is still lagging along out there in cyberspace with your identifying information. It might be a free trial you signed up for, a subscription service you cancelled but did not delete, a social media platform that is now defunct, a throwaway email you created that one time in order to bid on concert tickets or any other similar scenario. It can also be one of those multiple apps that take up space on your phone but you never use.

Unfortunately, just because you forgot all about it does not mean the zombie is not still sitting there. It is waiting to strike your zombie apps, or more accurately, waiting for the right hacker to bring it back to life and unleash it on humanity.

That is the real problem with zombies. You might have forgotten all about your old MySpace account, but the hackers who broke into MySpace’s servers and stole 360 million logins did not forget. If any of those 360 million account holders reused their username and password on another account—and, statistically, a lot of them did—the hackers now have access to that account, too. The MySpace zombie you forgot about came back, stalked around the internet slowly, then gave up access to your email, Facebook, Amazon or any other account where you reused your credentials.

There is another frightening thing about zombies on zombie apps: they may be slow, but they definitely move. The developer may have sold the zombie app to a company with different security protocols. Maybe the owner discovered a security flaw and issued an update, but since you have not opened it since 2009, you never installed the patch. Perhaps the company suffered a data breach and you never learned about it because you used a throwaway email when you created an account. Any of these scenarios can mean a zombie attack is coming for you.

How are you supposed to save yourself from the countless hordes of zombies out there?

If this was a horror movie, we would have to recommend taking them down and making sure you do not get bitten. Fortunately, the real answer is a lot easier and a lot less messy:

1. If you have apps on your device that you do not use, delete them. First, it will clean up some of your device’s memory and make it run better. Second, it will also be less of a chance that someone can work their way into your device via the zombie app. Don’t worry, you still own the zombie app and the account, it is just not accessible on your device until you reinstall it.

2. If it is an account that you created, either online or when you installed an app, that is a little trickier. You will need to go online to the company’s website and delete or deactivate your account. At the very least, make sure you change the password to something you will never accidentally reuse on another platform. If there is a profile section of your account, change any information that you can, like your email address, home address and phone number. Also, unlink your social media accounts from that account so that a data breach will not give the hackers access to your social media accounts as well.

3. Finally, develop good zombie defense practices to keep these creatures from coming for you in the future. If you are signing up for a new account or downloading an app, make sure it is one you need and plan to use, do not link your social media accounts to it, then make sure the password is completely unguessable and don’t reuse that password anywhere else.

Remember to just protect yourself and any tech users around you from these dangerous attacks.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Synthetic Identity Theft: The “Frankenstein” of Identity Crime 

The Dark Web is Actually the Boogeyman in Your Child’s Closet

Who’s Haunting You This Halloween? Spooky Scams and Cyber Nightmares

Be careful about what you are searching for online regarding your favorite celebrity because it could lead to malware attacks. Social media and the internet have given us unprecedented access to our favorite actors, singers, artists and other famous people. Celebrity searches, everything from fashions and the latest gossip to viral videos and streaming shows, let us follow our favorite stars everywhere they go.

Unfortunately, there is a hidden cost for the fans if you click the wrong link. Hackers have learned that our obsession with famous people is a good way to spread viruses and other malware to a lot of people with very little effort, leading to malware attacks.

All they have to do is embed the harmful software in the code, then release that tidbit of information, a stolen article, a pirated episode of their show or any other similar content online. The very thing we are craving, information or entertainment involving these stars, is the mechanism for infecting our networks and devices, increasing the risk of malware attacks.

Security software developer McAfee tracked which celebrities were most likely to be used in this way. Each year, they compile a list that ranks celebrity search results by the number of infected hits there are. This year’s top spot, for example, goes to “Handmaid’s Tale” actress Alexis Bledel. That is followed by talk show host James Corden, actresses Sophie Turner, Anna Kendrick and Lupita Nyong’o, comedian and talk show host Jimmy Fallon, actor and martial artist Jackie Chan, performers Lil Wayne and Nicki Minaj and finally actress Tessa Thompson.

The celebrities in this list are in no way responsible for the malware attacks and the harmful software that is being linked to their names. The film studios or recording labels for actors or singers are not responsible either. This is solely the work of hackers who follow what is trending online, nab an article of video, embed the virus and post it online. As people use search engines to learn more about their favorite stars, they click on the hackers’ links and infect their own networks.

This is especially dangerous if you accidentally download a harmful virus or malware at work, as every computer on your network may be infected and suffer a malware attack. The same is true of downloading this content using a school campus’ network. Even worse, if you are simply using a shared Wi-Fi network at a coffee shop, hotel or airport when someone else downloads celebrity-linked malware, you could be at risk of a malware attack.

To avoid this danger, be careful where you search and clicking on spoofed accounts or links. Only click trusted sources for information, and make sure that your security software is installed and updated regularly. Also make sure that your security software has a malware blocker, not just a scanner. A malware blocker will actively stop harmful software from downloading rather than just locating it after it is installed.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

New Instagram Feature Fights Phishing Attacks

TikTok Platform Found to Be Full of Scams and Fake Accounts

The Harm in Hoaxes on Social Media

Two-factor authentication is a security protocol that requires users to take an extra step whenever they log in. For example, you open your online banking app and enter your username and password, and then wait a few seconds for a text message or email that contains a six-digit code. You enter that one-time code into your banking app, and you are in.

Two-factor authentication provides an extra layer of security for your accounts, especially ones that contain sensitive data or financial access. It is a great way to keep criminals out of your accounts, especially if your personal information has been stolen in previous data breaches. With two-factor authentication in place, a hacker who managed to steal your login credentials cannot sit at their computer half a world away and get into your bank account because they do not have your phone in order to receive that code.

Unfortunately, hackers work very hard to stay one step ahead. There are a variety of ways that two-factor authentication has been cracked, sometimes with disastrous results. Hackers might steal access to the entire inner workings of your smartphone by going through your cellular provider, and therefore getting the login codes as well. Other hackers have created fake websites that look like the real thing, tricking you into entering both your login credentials and your code, although this one is a little more difficult. Hardest of all, though, are the criminal operations where hackers are actually waiting at the time of login; you type your username, password and unique code, and hackers were “watching” the site while you typed.

Fortunately for most consumers, the effort it takes to breach two-factor authentication is so involved that it is usually reserved for things like cryptocurrency trading websites and online marketing. That does not mean you are completely safe if you do not trade in Bitcoin or make money from YouTube advertising, but it means that you are less likely to draw that kind of effort.

The important takeaway is that even with the potential for being breached, you are still far more protected from everyday cybercriminals if you use two-factor authentication than if you do not. Think of it like the safety restraints in your car; yes, in extremely rare and unpredictable circumstances, there have been vehicular deaths associated with the use of a seat belt or an airbag. However, seatbelts and airbags save lives literally every day, so you would never disengage them on the off chance that they could cause harm.

The same is true of two-factor authentication. Enabling two-factor authentication on your accounts will not hurt you more than not having it, as hackers were trying to get into the account for some reason. Not having it in place, though, could invite lower-level hackers who do not need special tools and know-how to steal from you.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

One Simple Way to Not Get Your Twitch Account Hacked

Do Your Boss a Favor and Don’t Fall for a Gift Card Scam

Instagram Creates New Feature That Fights Phishing Attacks

Those fun quizzes you can take on social media where you have to identify characters from ‘90s TV shows or figuring out what kind of pasta you would be based on your answers are not the only online tests that make security experts cringe. While those are often fraught with danger, such as viruses or data mining, a recent  quiz from the Pew Research Center tackled different aspects of digital knowledge.

Could you answer the ten questions correctly? Do you know what “https” indicates on a website? Do you know how social media platforms earn money to stay in business? Do you even know who Jack Dorsey is?

Unsurprisingly, the majority of the survey’s 4,272 American adults lack digital knowledge and did not do as well as they might have hoped. For example, only 28 percent of the respondents could correctly identify an example of two-factor authentication; not explain it or tell why we need it to protect ourselves, but even point to an example of it. Only 24 percent knew what “private browsing” really means—and no, it does not mean that companies cannot track your internet history and use that information—and less than half of the respondents knew what net neutrality is.

As you might expect, the correct answers varied with things like age and educational level. To be fair, Mark Zuckerberg might be more recognizable than Jack Dorsey (owners of Facebook and Twitter, respectively) simply because Zuckerberg has been in the news a lot more for some of the data gathering and privacy foibles that have been linked to Facebook.

Fortunately, this is not the kind of test you need to cram for. If you do not know all the ins and outs of net neutrality or phishing scams, you can read up on those online. No, you do not really need to be able to recognize Jack Dorsey’s picture unless you plan to pick him up at the airport, and even then, you could just hold up a sign with his name on it.

However, you have to have digital knowledge on how to protect yourself online. That means avoiding oversharing on social media platforms, locking down your important accounts with both strong passwords and two-factor authentication, spotting a scam or fraud attempt that arrives digitally or by phone or mail and knowing how to respond to a data breach notification letter. Do you know how to freeze your credit report? Do you know why “password” is a terrible password? Do you know that connecting your social media accounts to other apps you use can result in having your personal information gathered and sold?

If you do, congratulations! You passed!

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Facebook Lottery Scam Brings Attention to Hoaxes, Phishing Attempts and Account Takeovers 

One Simple Way to Not Get Your Twitch Account Hacked

Instagram Creates New Feature That Fights Phishing Attacks

Online streaming video game service Twitch has been the subject of recent discussion about account hacking. A significant number of Twitch account users have reported that their accounts were taken over by someone without access. The company, however, did not suffer a data breach.

According to an article in TechCrunch, the connection seems to be a January 2019 data breach of a specific game elsewhere online known as “Town of Salem” (ToS). Apparently, players of ToS who reused their login credentials on their Twitch accounts, meaning they used the same username and password on both websites, accidentally handed access to their Twitch accounts to the hackers.

Reusing Passwords Leads to Account Takeover

Experts have long warned the tech-using public about reusing their passwords and using passwords that are too common or too easily guessed. With the Twitch account takeovers, though, the sheer volume of user complaints shows that hackers may be using automated bots that can search the web in rapid-fire for any possible account matches.

Fortunately, avoiding a threat like the Twitch account hack is one of the easiest things gamers can do: stop repeating your passwords.

With the number of online games, streaming services and gaming platforms that are available to avid players, it is important to secure every single account with a unique set of login credentials. If you are concerned about memorizing countless unique, lengthy passwords, you can use a password manager service. These companies usually require you to use two-factor authentication to log into your single account, then they autogenerate intensely difficult, unguessable passwords for all of the accounts you link to them. You only have to get through one big security door each day, then all of your accounts are protected.

Create a Unique Password

However, gamers are some of the more tech-savvy users out there, and a single-login system might feel a little “exposed” to some players. If a password manager does not feel very secure, you can create a unique system for establishing all of your passwords. You start with a random phrase or character combination that means something to you, like the name of your favorite song or the reverse-order of all the first initials for every pet you have ever owned. Get creative, but make it memorable. Then, for every single account you create (or password you update), add different numbers and letters to your lengthy catchphrase. One game platform login might be [name of the platform in reverse order + name of song + #1], while another platform could be [name of platform backwards + name of song + #2], and so on.

Keep Separate from Other Accounts

That way, if hackers did manage to find out your Twitch account password, for example, they do not have access to your Gamefly or email account. Updating your accounts regularly is also a great idea, and with a system like this, the only part you have to change is the number at the end, the name of the song or some other keyword in there. Remember, it might just a game to some people, but real gamers know that their accounts are serious business. No matter how you choose to protect yourself, you must take your gaming account security seriously and stay up-to-date on your password safety.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Video Gamers Targets By Cyber Attacks and More

TikTok Platform Found to Be Full of Scams and Fake Accounts

Zynga Data Breach Spells Trouble for 200 Million Users

 

The second Wednesday in October is one of the most important holidays we have since it impacts every single citizen in the world. National Stop Bullying Day is not only an awareness campaign about a crucial global issue, it is also one that impacts young and old, rich and poor, every race and nationality.

There was a time when bullying meant schoolyard taunts or some rude graffiti. Now, it encompasses horrific crimes like cyberbullying, including sextortion, doxxing, identity theft and account takeover.

The first step to stopping these and other cyberbullying problems is to understand when it is even happening. For too many people, especially parents of younger victims, the truth only emerges after something far more serious occurs. This guide contains more details, but some common signs include withdrawing emotionally, repeatedly missing school or work for no apparent reason, increased need for funds and dramatic behavior changes.

The organization Stomp Out Bullying has some great resources for this year’s important campaign, which can be found on their website. This article by the Cybercrime Support Network can also help. However, recognizing that cyberbullying is a very serious matter, one that can affect adults as well as young people, is the most important step anyone can take to avoiding this threat.

Stay Safe Online also offers a lot of helpful solutions, such as:

Be aware of the threat and who is at fault

Cyberbullying can encompass a lot of different behaviors, including identity theft. Knowing when you or someone else is being bullied online is important. An innocent person can be targeted by a hateful “keyboard commando,” but it is important to examine our own behaviors and make sure our interactions are positive and supportive, and do not lead to escalating behavior.

Keep a record

Too often, the issue escalates but the posts that began the problem get lost. Without evidence, there is little that schools or law enforcement can do to the offender. Screenshot and save these posts in order to provide proof so that action can be taken.

Talk, talk, talk

Without open, ongoing conversation about cyberbullying, many victims feel powerless to put a stop to it. Make sure to have numerous conversations with your family before and after allowing computers and devices in the home.

File a complaint when a problem is detected

It can feel like cyberbullying is a faceless crime, but it is actually not. Someone is behind it, whether it is a stranger or someone you know. Even if there is not much that can be done to prosecute an offender in a given situation, having a record of it with the police will be important if it escalates or involves identity theft.

Shut it down

A lot of people love their devices, and technology addiction is a recognized problem. However, when it comes to someone’s health and happiness, stopping the bullying is more important. You can start by blocking the offender on these platforms, but that might not be enough. It might mean avoiding a certain account or platform altogether, or simply creating a new account. That will be far healthier in the long run than enduring others’ abuse.

The single most important thing you can do if you or someone you know is being bullied online is to take it very seriously. There is no such thing as “harmless” insults in a world where anonymity combined with access to personal information affords perpetrators the ability to hurt people. Talk to the people you care about and provide support when it is needed.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

National Cybersecurity Awareness Month (NCSAM): Own It. Secure It. Protect It.

Are You Cyber-stressed?

New Study Shows Millennials are More Likely to Fall for Scams

 

Halloween is not the only celebration to look forward to at this time of year. Every October, the National Cybersecurity Alliance hosts a consumer-awareness event, National Cybersecurity Awareness Month, also known as #CyberAware month, based on protecting you from harm. This month-long celebration of digital security and privacy promotes safer connectivity, healthy device use and a better understanding of how to keep your identity and data from falling into the wrong hands.

This year’s theme is “Own It. Secure It. Protect It.” In other words, the tech public is being cautioned to take more of a sense of control over their own protection, starting with how they engage online.

#CyberAware month is dedicated to understanding how you can have ownership over your privacy and security, and StaySafeOnline has the following tips:

Never Click and Tell: Staying Safe on Social Media

Social media is one of the biggest pitfalls to our privacy, partly due to the way different platforms collect, store and sell information. However, a lot of users also have to take some of the blame for oversharing and not locking down their accounts.

Oversharing is when you tell too much about yourself online. It might be spreading around your full name, address, or email or giving away too many details about where you live or work. You might be revealing too much about your family members, even your children. Some users even give away too much information about their present locations, including the exact coordinates and street address.

Remember, strong privacy settings on all of your accounts can help keep others from seeing too much, but with shareable content, someone else might be able to get in. You do not have to tell all you know when you post, and you certainly do not have to post birthdates, locations, the names of your children’s schools and your maiden name if you have one. Guard that information and remember that all of those little details are pieces of your complete identity puzzle.

Update Privacy Settings

The privacy settings mentioned above determine who can see your posts and your profiles, and they also determine which of your friends can share your content. If you post a nice family photo of a relative’s birthday, depending on your privacy settings, one of your friends can innocently share it to their profile so that other family members can see it. From there, it can make the rounds and end up in a hacker’s inbox.

On some platforms, there are default settings that you have to manually adjust to your comfort level. On others, some of your posts are public and some can be kept private. It is important that you understand how each platform works and what your privacy settings are before you use them.

Keep Tabs on Your Apps

The apps you install on your devices and the accounts you establish online might be just another part of using technology, however they can also come back to haunt you. If you have reused your username and password on multiple apps and accounts, if you have connected your social media profiles to your apps in order to log in faster or if you have not updated your apps or accounts in a while—just to name a few of the potentially harmful problems—then you may not be protected.

Remember, hackers want information. They use that information to get even more information, and then they can go after bigger payoffs. It is important that you understand what you are installing, what accounts you are creating and how to protect them and when you must update these things in order to stay safe online.

National Cybersecurity Awareness Month is about welcoming fall and enjoying some spooky fun, but there is nothing fun about cybersecurity lapses. Take the time this NCSAM month to protect yourself and develop good habits that will keep you safe all year.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Zynga Data Breach Spells Trouble for 200 Million Users 

Steps to Take After Doordash Data Breach

10,000 Breaches Later: Top Five Retail Data Breaches

 

It is back to school time, or as many college students know of it, back to debt time. One of the many mounting costs associated with higher education is the price of textbooks. However, thanks to the internet, there many websites offering free and cheap digital versions of the real thing. Because of that, students should beware of malware hidden in eBooks.

As with other websites that offer premium content like first-run movies and new video games for little to no cost, there is a hidden threat: viruses and malware tucked inside the file. In some cases, you do not even get to download the content before the virus from the malware hidden in the eBook attacks your computer.

This used to be a simple issue: you steal some content, you take the risk. With more and more schools helping students cut costs by promoting the real digital versions of the required textbooks, you could accidentally infect your computer or the network with malware hidden in eBooks while trying to do the right thing.

In order to avoid malware hidden in eBooks, there are some important steps you can take.

Do not give in to the temptation to save a lot of money

The price of textbooks is a burden, but there are steps you can take to offset, reduce or avoid the cost that do not put you at risk. Some libraries keep copies of popular textbooks, and there are retailers who now offer textbook rentals for a fraction of the cost. You can even split the cost with a friend and share the book. With that said, trying to get it for free online is a recipe for a virus from malware hidden in an eBook, and that can end up costing you almost as much as the book would have cost.

If you are going digital, know the source

Digital textbooks are great. They are portable, often cheaper and can even include extras like additional resources and homework help. Make sure you are getting it from a trusted retailer or website and not a site that promises free or cheap eBooks.

This can also affect supplemental materials

There is nothing wrong with searching online for additional materials to help you study unless it is pirated content. However, this same threat can hide embedded in other kinds of course materials, too. Even if you are not stealing anything, downloading free study materials or essays could be a great way to spread some malware hidden in eBooks.

Keep your security software updated

Even if you would never download pirated content, that does not mean someone else on the network won’t. Your roommate, a student down the hall or someone in the campus computer lab. If you are all connected to the same network, you stand a chance of “catching” someone else’s infection. Keep your antivirus and antimalware software installed and up-to-date and remember to run a scan regularly to avoid malware hidden in eBooks.

If you are infected…

Remember that the goal of a lot of malware is to steal data from your device or lock the device until you pay the ransom. Change your passwords on important accounts regularly to avoid having your account access stolen and back up your important files to a cloud storage or external hard drive. That way, if you are infected with ransomware, your important documents are still accessible.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Back to School, Back to Scams

FAFSA and Student Loan Identity Theft

The Pros and Cons of Peer-to-Peer Payment Apps