It is back to school time, or as many college students know of it, back to debt time. One of the many mounting costs associated with higher education is the price of textbooks. However, thanks to the internet, there many websites offering free and cheap digital versions of the real thing. Because of that, students should beware of malware hidden in eBooks.

As with other websites that offer premium content like first-run movies and new video games for little to no cost, there is a hidden threat: viruses and malware tucked inside the file. In some cases, you do not even get to download the content before the virus from the malware hidden in the eBook attacks your computer.

This used to be a simple issue: you steal some content, you take the risk. With more and more schools helping students cut costs by promoting the real digital versions of the required textbooks, you could accidentally infect your computer or the network with malware hidden in eBooks while trying to do the right thing.

In order to avoid malware hidden in eBooks, there are some important steps you can take.

Do not give in to the temptation to save a lot of money

The price of textbooks is a burden, but there are steps you can take to offset, reduce or avoid the cost that do not put you at risk. Some libraries keep copies of popular textbooks, and there are retailers who now offer textbook rentals for a fraction of the cost. You can even split the cost with a friend and share the book. With that said, trying to get it for free online is a recipe for a virus from malware hidden in an eBook, and that can end up costing you almost as much as the book would have cost.

If you are going digital, know the source

Digital textbooks are great. They are portable, often cheaper and can even include extras like additional resources and homework help. Make sure you are getting it from a trusted retailer or website and not a site that promises free or cheap eBooks.

This can also affect supplemental materials

There is nothing wrong with searching online for additional materials to help you study unless it is pirated content. However, this same threat can hide embedded in other kinds of course materials, too. Even if you are not stealing anything, downloading free study materials or essays could be a great way to spread some malware hidden in eBooks.

Keep your security software updated

Even if you would never download pirated content, that does not mean someone else on the network won’t. Your roommate, a student down the hall or someone in the campus computer lab. If you are all connected to the same network, you stand a chance of “catching” someone else’s infection. Keep your antivirus and antimalware software installed and up-to-date and remember to run a scan regularly to avoid malware hidden in eBooks.

If you are infected…

Remember that the goal of a lot of malware is to steal data from your device or lock the device until you pay the ransom. Change your passwords on important accounts regularly to avoid having your account access stolen and back up your important files to a cloud storage or external hard drive. That way, if you are infected with ransomware, your important documents are still accessible.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Back to School, Back to Scams

FAFSA and Student Loan Identity Theft

The Pros and Cons of Peer-to-Peer Payment Apps

The first case of AI fraud has been reported after a perpetrator created an audio clip of a company’s CEO and used it to inform someone else within the company to release funds to the scammers.

In the world of artificial intelligence, a “deepfake” is a completely fabricated audio or video clip in which someone’s real voice or image is used in a situation the person was never in. With relative ease, skilled computer designers and editors can often create videos of a famous person saying or doing things they have never done.

Now being called a “vishing” attack, also known as voice phishing, this AI fraud case involves the head of a German company who supposedly contacted the CEO of one of its UK branches and requested a transfer of funds, stating that they would be reimbursed. The UK employee complied, sending around $243,000 to an account in Hungary. The callers made a total of three calls to the UK company but were eventually refused. Fortunately, the company carries insurance against this kind of AI fraud crime and it was covered.

While the entire point of a deepfake is that it is very difficult to discern from the real thing, there are things consumers and businesses alike can do in order to protect themselves from AI fraud.

Never comply with any kind of sensitive request without prior authorization.

It does not matter if the request comes as an email, a text message or now an audio-based call. Simply take down the caller’s name and the instructions and then verify it with the individual using a known contact phone number or in person.

Establish a company coding system for sensitive requests.

Institute a policy that all money transfers, file sharing or other sensitive activity must include the company “code word” in the instructions. The code should be changed frequently to avoid any threat from hackers.

Make sure that this information is shared throughout the company.

One of the best ways to pull off a successful phishing attack is to target a lower-level employee. It is important to make sure that everyone in the company knows and follows the security protocols.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Yahoo Breach Settlement Proposed for $117.5 Million

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 

 

If you are one of the millions of smartphone or tablet users in the U.S. who rely on their devices while traveling, there are little-known airport technology risks that can attack your identity. The convenience of available charging options and public connectivity tools can lead right back to hackers and identity thieves, but too many consumers are not aware of the danger.

Airport Charging Stations

You may have seen handy charging stations in places like airports or shopping malls. These stand-alone kiosks let you plug up your device for a quick battery boost while you wait. However, how do they work? Rather than simply being a typical electrical outlet, some of them actually have a computer housed inside the kiosk. When you plug in your device, you could be connecting it to that computer. If a hacker has tampered with either that computer or the provided charging cord, they could be stealing information from your device. That is a huge airport technology red flag.

Using Other Devices at the Airport

Other airport technology risks can arise from using convenience tablets in restaurants, especially those in airports. These tablets allow you to check your social media, place food orders, make a payment and shop and scan your boarding pass for check-in. However, when you enter your personal information or log into your accounts, you do not control where that information ends up or how it is used.

Skip the Convenience

It is handy to use a free charger cord and a kiosk, and it is nice to check your accounts over free public Wi-Fi while you wait for your food. With that said, the convenience does not outweigh the airport technology risks to your identifying information, social media profiles and sensitive accounts. Instead, carry your own cord and stick to regular wall outlets to charge your devices. Also, use your own secured devices to log into your accounts. If the Wi-Fi is not free, just wait until you are somewhere that it is safe to connect over your own devices.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

If you are one of the millions of consumers who use a voice-activated assistant in your home or through your smartphone, your personal data and activity may become more secure due to new data privacy regulations like the European Union’s GDPR and recent privacy-related legislation. Virtual assistants and chatbot tools will now have to tighten up their security to protect your information.

Siri, Alexa and Google Home are just a handful of the artificial intelligence tools that interact with live people every day. We rely on these devices for everything from looking up a phone number or a favorite song to controlling the utilities that power our homes. Because of that, they are fertile ground for hackers who are looking for private information or who seek to get a picture of our day-to-day activities. The amount of use they get is another reason AI data privacy is so important.

Even if you do not own or use a voice-activated virtual assistant, you have probably interacted with a chatbot online. You may not even know it. These tools use artificial intelligence to provide customer support for businesses. You may have visited a retailer’s website and found a “live chat” button to click or had a pop-up box open with the words, “Hi! How can I help you today?” on the screen. While some businesses still use human customer service reps to provide support, a growing number of companies are already relying on computers to carry on the conversation and solve any problems.

Some experts are already at work helping developers create privacy-compliant AI tools that still have enough room to be useful. If your virtual assistant cannot store your shopping or search history, for example, how will it help you find that great brand of coffee you tried? How will it know what songs or movies to recommend when you tell it to play something “upbeat?” This kind of data collection is what makes AI-driven tools useful and easy to operate, rather than forcing human users to repeat themselves with every interaction.

The first step for developers is to draft a clear policy on what information is collected from users. From there, it is important to store it securely for data privacy. Some states are already requiring chatbots to disclose that they are not actual people and to request permission to record or save the chat conversation. It is a good idea for businesses in every state to start working in that direction since these data privacy laws are already being put in place. On a more personal note, it is important that companies develop AI tools that incorporate the ability to respond accordingly if a minor initiates the interaction. This can prevent a toddler from renting a movie on Amazon or a teenager from asking for critical medical advice from a robot.

The most important step is to remember that technology and innovation are fluid. There is no such thing as a one-and-done law or regulation where privacy and tech intersect. Any data privacy policies or upgrades, especially where AI and chatbots are concerned, must be revisited frequently to ensure they are still complying with the law and protecting the public.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

Shutterbugs Beware! DSLR Ransomware Attack Targets Digital Cameras 

 

As cybercrimes go, ransomware might be one of the nastiest, which is why lots of attention is being brought to recent DSLR ransomware attacks. Using one of several different avenues of attack, a hacker infects a piece of technology with harmful software that locks up the device. The only way to unlock it and restore access is to pay the hacker’s ransom. What makes it so terrible is that it works. Too often, the victim pays the ransom in order to avoid the inconvenience and expense of losing control over their files and devices.

There are many great reasons to own a fancy digital camera, namely that photographers can take great pictures no matter how skilled or novice the user may be. Some of the newer ones are even easier to operate and enjoy than older digital cameras because the pictures can be sent to your computer, emailed to a friend or relative or uploaded to a print service over Wi-Fi without the need to download them with a cable. Just like you can text a friend a picture that you took with your phone, the newer, more capable digital cameras can transmit pictures.

However, that capability is where the vulnerability lies. Security researchers have uncovered malicious software that can be sent to your camera as part of a recent DSLR ransomware attack, such as over free hotel or airport Wi-Fi at a popular tourist spot. Once there, the hackers just have to alert you that all of your photos have been encrypted. The only way to unlock them is to pay the significant ransom.

There is an easy fix to prevent a DSLR ransomware attack, but you have to be aware of the threat first. If your camera allows, simply turn off the Wi-Fi in order to prevent it from accidentally connecting over these suspicious Wi-Fi options. As an added bonus, turning off the Wi-Fi in the camera’s settings except when you are actively using it to transmit your photos will save your battery life while you are using the camera.

It is worth noting that researchers were also able to encrypt someone else’s photos if they had already infected the user’s laptop. If you are plugging in your camera with a USB cable but a hacker has already infected your computer, they can still lock up your photos. Make sure your antivirus software is installed and up-to-date to avoid that threat in a DSLR ransomware attack. Also, camera manufacturers should now be working on security patches that block this vulnerability. That makes it just that much more important to download any software updates that they issue for your devices.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

On Wednesday, July 24, 2019, people could begin filing Equifax claims for the recent data breach settlement, which included filing an Equifax breach settlement claim for a minor. In 2017, Equifax, one of the three largest credit reporting agencies in the world, announced they suffered a data breach. More than 148 million consumers’ identities had been stolen. A settlement was reached in the class-action lawsuit filed with a federal court. As a result, Equifax launched its claims process to help anyone who may have been a victim, including minors.

If you were a minor affected by the Equifax breach settlement but are now over 18-years-old, you must file your own claim and can do it online.

If the minor is still under 18-years old, a parent or legal guardian can make a claim for Credit Monitoring Services on the child’s behalf. However, it must be filed manually and sent out via direct mail. If you file an Equifax breach settlement claim for a minor, you must provide documentation to prove you are the parent or legal guardian of that minor.

Credit Monitoring Services will allow parents to receive alerts when certain personal data appears on suspicious websites, alerts when the Social Security number is associated with new names or addresses or the creation of a consumer report at one or more of the three nationwide Consumer Reporting Agencies. Finally, the minor will receive Identity Restoration Services if their identity is compromised.

The parent or legal guardian can elect to enroll the minor in one-bureau credit monitoring services provided by Equifax that would begin after the Credit Monitoring Services expire for a period of up to 14 years. According to the Equifax breach settlement page, a minor can receive monitoring services as follows: alerts when data elements like Social Security number submitted for monitoring appear on suspicious websites, including underground websites, a file is created, locked, and then monitored and for minors with an Equifax credit file, their credit file is locked and then monitored. The Experian Credit Monitoring Services and the optional one-bureau credit monitoring provided by Equifax together will cover 18 years.

The parent or legal guardian filing an Equifax breach settlement claim for a minor must opt for the minor to receive the one-bureau services when submitting a claim for the Credit Monitoring Services, and the parent or legal guardian will be sent instructions for how to enroll in the one-bureau monitoring before the Credit Monitoring Services expire. The cost of these services will be paid separately by Equifax, not out of the Consumer Restitution Fund.

Before finding out what support your minor may be eligible for while filing an Equifax breach settlement claim for a minor, it is important to know whether or not their information was affected. The website for consumers concerned about the Equifax data breach settlement has a button that will provide that information for you.

Enter your minor’s last name and the last six digits of their Social Security number, and the site will tell you whether or not their data was compromised.

If you discover that your minor’s personal identifiable information (PII) was compromised, your next step is to choose whether or not to participate in the class action suit. Your minor may be eligible for credit monitoring, identity restoration if their information was fraudulently used and a partial refund if they had already been an Equifax credit monitoring customer.

If you decide to file an Equifax breach settlement claim for a minor, you must do so by January 22, 2020. If you wish to state that your minor is not participating, the deadline is November 19, 2019.

The Identity Theft Resource Center recommends you consider all of your minor’s personal circumstances and how the breach and any subsequent identity crime issues impacted your minor before submitting a claim. While the process of recovering after an identity theft incident is costly in time, personal impacts and financial ramifications, filing without thinking through all the possibilities or having all the supporting documentation could short-change your minor’s identity hygiene in the long-run. Potential issues that may arise could include the inability to get financial aid for college, approval for a first apartment or being able to get a loan for a first car.

After determining what kind of Equifax breach claim you need to file for your minor, you can either claim free credit monitoring for up to ten years or a cash payment of $125 if you already have credit monitoring that includes the minor’s social security number – such as a family credit monitoring service.

While filing an Equifax breach settlement claim for a minor, it is important to organize your minor’s case with dated notes, receipts and a summary. The free ID Theft Help App provides an electronic case log feature to track the details of the case.

Depending on the state you live in, credit freezes were not free to all American consumers prior to September 2018. If you decided to pay to freeze your minor’s credit prior to 2018, you could be reimbursed those expenses. NOTE: if you want to submit a credit freeze for a minor now, it must also be done manually. It cannot be done online.

Due to the breach occurring in May 2017, your minor could be reimbursed for costs, expenses or losses due to identity theft even though the breach was announced in September 2017.

Your minor is eligible for identity theft restoration services for the next seven years, regardless of if you decide you do not want them to take part in the class-action suit.

Whether or not your minor takes part in the suit, it is a good idea to place a freeze on their credit report. Remember, you can only do this manually with a minor. You cannot place a freeze online.

All of the documents, dates, claims process and FAQs can be found on the website that has been built to support Equifax claim. If you are not sure if your minor’s information has been affected, visit EquifaxBreachSettlement.Com.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Don’t Fall for Equifax Settlement Scams 

Capital One Data Breach – What To Do If You’re Impacted 

New Tool Helps Consumers Make Sense of Data Breaches

 

 

Ransomware attacks have risen steadily in the past few years to become a widespread, costly form of cybercrime. This attack, which happens when someone infects a computer or network with harmful software and demands payment to remove it, has hit every kind of industry and business and can affect companies and consumers alike.

The first problem with ransomware is there is no guarantee that paying the ransom will restore access to your files, hardware or network. It is a dangerous gamble, and while sometimes it pays off, other times the hacker refuses to unlock the access even after making off with your money.

Some industries seem to have more of a problem with ransomware than others. The healthcare industry has long been a favorite target. This could be attributed to the hefty fines and penalties that medical centers can face for allowing outsiders to infiltrate information that is protected by HIPAA laws. As history has shown, the ransom is often less than the fines would be, so the hospital attempts to pay up.

Cybercrimes like data breaches and computer scams have been known to come and go. However, with ransomware, there has been a very slight decrease. In fact, ransomware attacks and the financial losses associated with them have been steadily rising with no end in sight.

The city of La Porte, Indiana, just paid a Bitcoin ransom of $130,000 to restore access to their city’s network of computers. Without access, many city functions were at a standstill. Unfortunately, that amount is pocket change compared to some ransom demands. For example, Monroe College recently lost access to everything, including email, learning systems and grades, until the hackers receive $2 million in Bitcoin.

The FBI recommends against paying ransomware attackers, and the U.S. Conference of Mayors recently passed a resolution that tells cities they should not pay a ransom in these cases. However, it is ultimately up to the victims to decide how they are going to respond.

Fortunately, there are a few steps businesses and individuals can take to reduce the risk of harm from a ransomware attack:

Backup everything on your computer

If you store all of your important files like documents or photos in an external storage source, then the worst that happens is you have to buy a new computer. For businesses, that expense can be more significant, but usually not more than the ransom would cost. The stored files are put on the new computer, and the money you would have given to a criminal is instead spent on brand-new hardware.

Up-to-date cybersecurity software

Keeping your antivirus and anti-malware software updated and installed can go a long way towards preventing harmful software from infecting your computer or network in a ransomware attack. It is not going to stop every single threat, but if you regularly update your security software with the latest fixes sent to you by the developer, you will be protected from a lot of harmful software.

Never click unknown links or attachments

One of the easiest ways for ransomware to infect your computer is through a phishing attempt. When a hacker sends an email that says something like, “You won’t believe these photos I found,” or “Click here to get your free $100 Target gift card,” you may be installing the ransomware for the hackers.

With proper training and good habits, you can work to avoid ransomware. If an attack does occur, contact law enforcement and IT professionals if you need assistance.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

Payment apps like Venmo have become increasingly popular lately, for good reason. However, if users are not careful about how they use and secure their information the Venmo payment app, it can be a privacy pitfall.

Venmo Privacy

One concern is password strength. If you are reusing an old password, your app could be infiltrated by someone who then wipes your bank account clean. Some platforms also allow you to set up an optional PIN number in addition to your password, which can add another layer of security. However, as one security researcher reported, the way you are using your app could also put you at serious risk.

Venmo is one payment app that allows users to share their Venmo payments with the public. The company has stated there is a social element to using a payment app. You might have bought concert tickets, movie tickets or just gone out for pizza with your friends. This kind of behavior might be something you would already post on social media. Venmo allows you to keep your Venmo payments set to “public.” Anyone who opens the app can see the most recent Venmo payments, even if they do not know you.

Venmo Payment Scrape 

One researcher made a project of “scraping” this data. He used a program he wrote to compile the information and stored it in a database. For months, this researcher downloaded payments from specific IP addresses.

Researcher Dan Salmon was able to copy and store the usernames and IP addresses of the smartphones that were used. At first, it was simply to see if Venmo payment information could be accessed, but then he started to wonder what possible nefarious use a malicious hacker could have with it.

It turned out to be surprisingly easy to download a specific IP address’ most recent Venmo payments, compile them into a professional-looking email and then use those to target the customer with a phishing attack. If you were to receive an email that appeared to come from Venmo and included your most recent Venmo transactions, including the date, amount, purpose and the message you would have typed yourself, you might be more willing to comply with instructions in the email.

It is important to understand that everything this researcher did was legal and not difficult for someone with a little bit of know-how. It required some patience and dedication to the outcome, which is something that hackers and identity thieves seem to have in abundance.

Review Your Venmo App Settings

In order to protect themselves, consumers have to remember that their private business is just that, private. You would hopefully never run through a crowded shopping mall shouting, “I just bought a sweater with a check issued by First National Bank!” So why would you inform all of Venmo’s users that you bought pizza last Thursday, or that you paid your friend for some movie tickets? Remember to adopt an air of caution when it comes to sharing your personal details, especially online or on social media.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

Payment apps, like Venmo, Apple Pay, Zelle and even Facebook Messenger, are used by over 90 million Americans, but are they actually secure? This touch-of-a-button technology lets you use actual funds from your bank account or your credit card to send money instantly to friends, family and retailers.

At first glance, some consumers might be a little reluctant to install and use a payment app. After all, anyone who gets a hold of your smartphone could wipe out your bank account, at least in theory. There are safety protocols in place – like two-factor authentication and one-time use PIN numbers – that help make these apps possibly safer than traditional payment methods. A lot of consumers have their smartphone on them at all times and treat it with the utmost safety concerns, so having payment information stored on their device might not seem all that farfetched.

Remember, convenience and security come with a price. Scammers have already victimized payment app users in a variety of ways including in-person scams and account takeover. Before using payment applications, it’s important to understand how to protect yourself.

Lending Your Phone

In this era of always-connected activity, everyone has a phone, but there is still the occasional instance when someone might ask to borrow your device. Many of us might not think anything of it, but when you allow access to your device you are opening up the door to your payment apps. Scammers have been known to ask to use strangers’ phones to make a call, but instead open payment apps and send themselves money.

You can avoid this one—and still be a generous person—by always logging out of your payment app when you are not using it. Also, if someone does need to make a call or send a text, dial the number for them before handing over your phone.

Scams

According to Javelin, more than $500 million was lost overall to fraud in 2017 involving a variety of peer-to-peer payments. Remember, all payment options are storing your information and are vulnerable to attacks. One woman had $9,000 debited from her account in increments after a thief gained access to her login. Plus scammers could ask for payments via app to eliminate traceability.

Never send money to individuals you don’t trust or who claim to be a business or government agency; many peer-to-peer transactions are instantaneous and irreversible.

Be sure to also not receive money from individuals you do not know as scammers will try to take advantage of you. As described in this article, “If it turns out that there’s a problem, the payment will be reversed, and you’re responsible for that money. If you haven’t used the funds, Venmo will take the money back. If you already spent the money, you’ll need to replace it.”

Enhanced Security

No matter which app you choose, make sure you have enabled all the security features you can. If the app offers one-time PIN numbers or multi-factor authentication, for example, use them. This can keep hackers from accessing your login credentials and stealing your money.

Remember, access to all of your accounts usually starts with your email address or social media accounts. You have to make sure that you are using solid password hygiene on all of your accounts in order to minimize risk of hacking.

With every new type of technology, there are undoubtedly criminals out there who have found some way to take advantage of it. Practice good security protocols that protect your tech tools and be ready to adjust your usage to fit the latest scam reports.

Don’t fall for fake phishing emails or websites asking you to “verify your login.”


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.