Ransomware attacks have risen steadily in the past few years to become a widespread, costly form of cybercrime. This attack, which happens when someone infects a computer or network with harmful software and demands payment to remove it, has hit every kind of industry and business and can affect companies and consumers alike.

The first problem with ransomware is there is no guarantee that paying the ransom will restore access to your files, hardware or network. It is a dangerous gamble, and while sometimes it pays off, other times the hacker refuses to unlock the access even after making off with your money.

Some industries seem to have more of a problem with ransomware than others. The healthcare industry has long been a favorite target. This could be attributed to the hefty fines and penalties that medical centers can face for allowing outsiders to infiltrate information that is protected by HIPAA laws. As history has shown, the ransom is often less than the fines would be, so the hospital attempts to pay up.

Cybercrimes like data breaches and computer scams have been known to come and go. However, with ransomware, there has been a very slight decrease. In fact, ransomware attacks and the financial losses associated with them have been steadily rising with no end in sight.

The city of La Porte, Indiana, just paid a Bitcoin ransom of $130,000 to restore access to their city’s network of computers. Without access, many city functions were at a standstill. Unfortunately, that amount is pocket change compared to some ransom demands. For example, Monroe College recently lost access to everything, including email, learning systems and grades, until the hackers receive $2 million in Bitcoin.

The FBI recommends against paying ransomware attackers, and the U.S. Conference of Mayors recently passed a resolution that tells cities they should not pay a ransom in these cases. However, it is ultimately up to the victims to decide how they are going to respond.

Fortunately, there are a few steps businesses and individuals can take to reduce the risk of harm from a ransomware attack:

Backup everything on your computer

If you store all of your important files like documents or photos in an external storage source, then the worst that happens is you have to buy a new computer. For businesses, that expense can be more significant, but usually not more than the ransom would cost. The stored files are put on the new computer, and the money you would have given to a criminal is instead spent on brand-new hardware.

Up-to-date cybersecurity software

Keeping your antivirus and anti-malware software updated and installed can go a long way towards preventing harmful software from infecting your computer or network in a ransomware attack. It is not going to stop every single threat, but if you regularly update your security software with the latest fixes sent to you by the developer, you will be protected from a lot of harmful software.

Never click unknown links or attachments

One of the easiest ways for ransomware to infect your computer is through a phishing attempt. When a hacker sends an email that says something like, “You won’t believe these photos I found,” or “Click here to get your free $100 Target gift card,” you may be installing the ransomware for the hackers.

With proper training and good habits, you can work to avoid ransomware. If an attack does occur, contact law enforcement and IT professionals if you need assistance.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

Savvy online shoppers look forward to the veritable Christmas in July that is Amazon Prime Day, but scammers look forward to this event too. Amazon scams account for a significant percentage of internet retail fraud so it is important that consumers know what to look for. Armed with the ability to spot an Amazon scam, you can work to avoid them while still saving big during online shopping.

Amazon scams are so prevalent simply because they tend to work. With the sheer number of Amazon and Amazon Prime customers using the website, there is a good chance that any phishing attempt hiding behind the Amazon name and logo will find its way to a customer. There is no single type of Amazon scam, but they can take on so many different forms that it can be hard to tell what is real and what is a trap.

Many online shoppers are about to embark on a two-day shopping spree full of great deals for Amazon Prime Day. However, good deals could also mean lots of scammers. This Amazon Prime Day, which runs through July 15 and 16, make sure you know how to protect yourself from these scams:

Phishing Scams

There are several different phishing scams involving Amazon, especially on Amazon Prime Day, and other retailers, but some of the more common ones include:

  • “There is a problem with your account, please click here to verify your account or change your password”
  • “Here is your receipt and shipping confirmation” for a product you never ordered
  • “Please verify your payment method”

The goal is always to get you to click an included link then enter your sensitive account information for the scammers. The link may even install a virus or other harmful software on your computer.

Discount and Coupon Scams

Amazon is not the only retailer whose name and logo are used for fake coupons and discounts. This tactic offers phony discounts of up to $100 to use on the website in exchange for filling out an online form. The coupon is not real, and the scammers have just stolen all of the information you supplied to them. These can often be seen making the rounds on social media sites like Facebook and in consumers’ email inboxes.

Review Scams

After a big shopping event like Black Friday or Amazon Prime Day, you might suddenly be inundated with requests for product reviews, whether you bought anything or not. Some of these offers will even sweeten the deal with promises of cash in exchange for your review. Paying someone for a review is a clear violation of Amazon’s terms and conditions and can lead to problems with your account. More importantly, these offers are not real. The scammer may steal your personal information, launch a spam email campaign, install malicious software on your computer or worse.

Amazon Prime Day can also lead to account takeovers. It is important to monitor your debit card and credit card accounts for any suspicious activity, and report anything unusual to your financial institution or the retailer immediately.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How To Spot a Fake Website

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

A newly disclosed smart home breach has consumers and tech manufacturers concerned. Luckily, it appears to be the work of the good guys or “hacktivists.” These cybersecurity experts infiltrate networks and find security flaws to inform the companies so they can fix these problems. In this case, they found a database containing private, sensitive information that all led back to more than one million consumers’ smart home devices.

2 Billion Records Left Exposed

Noam Rotem and Ran Locar from vpnMentor discovered a large database of information that had been left unsecured online. The database belonged to a Chinese smart home management company, Orvibo. This company’s platform allowed users of smart devices like light switches, outlets, and video cameras to manage all of their home electronics. Orvibo had left a database with more than 2 billion separate lines of information open to the internet without any kind of password protection, resulting in a smart home breach.

Anyone who knew to look for it, or who happened to stumble across it online, could find usernames, passwords, reset codes and even video recordings from home cameras. Precise GPS locations to the homes that had these devices were also included in the list, as well as the IP addresses to the homes’ computers.

How It Happened

To understand how this smart home breach happened, just look at other accidental exposure breaches that have made recent headlines. Cloud-based storage solutions like Amazon S3 web servers are automatically set to a “no password,” open default. It is up to the server account’s owner to change that setting and enable a password. In this case, companies have stored massive amounts of sensitive information online but failed to password protect it.

Potential Harms

While any data breach has the potential for some kind of harm, this kind of breach allows attackers to literally infiltrate your home through your technology. Smart locks on doors, security cameras, video baby monitors and thermostats are just a few of the devices that a malicious hacker could take over by resetting the device and changing the email address on the account.

Protecting Your Smart Home Privacy

So what can you do when it comes to keeping your smart home safe?

  • Password protecting everything at the home level, not just a once-and-done password on your account or internet connection, is a good place to start.
  • It is also important to make sure your Wi-Fi router and internet connection are password protected.
  • Be sure to, change your passwords frequently and never reuse a username and password combination.

Orvibo recommends that its customers change their device passwords immediately. This is a good idea for all smart home device users from time to time. That way, if someone stumbles on sensitive information online, it will be outdated and less likely to cause you harm.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Government Cracks Down on Robocalls

Millions of Venmo Payment Apps Accessed Publicly

Rental Car Risks: What it means for Your Identity

Dominion National, a US-based health and dental insurance provider, has recently made a startling discovery concerning a breach of its stored information. As better cybersecurity tools are developed, the time it takes to discover a breach incident, like the Dominion National data breach, and inform the victims is getting shorter. Some breaches have been discovered just hours after the fact, while others have actually minimized the damage by recognizing an attack while it was in progress.

Anything that can shorten the amount of time between a cyberattack and the discovery of one is a good thing. However, it is not always typical. In fact, Dominion Nationals’ data breach began nearly ten years ago.

An internal investigation with the help of cybersecurity experts is ongoing, but the investigation first began due to an internal alert. The findings revealed that a lot of client information was potentially accessible by unauthorized outsiders. The information included names, addresses, birth dates and Social Security numbers. In some cases, the information also included linked bank account numbers and routing numbers. Dominion National is sending out data breach notification letters but has not disclosed how many of its customers were affected by the Dominion National data breach. It is also unclear whether or not any of the compromised information was accessed by outsiders and used maliciously.

The Dominion National data breach is not necessarily isolated to just them. Any company, even ones who have suffered other data breaches or cyberattacks in the past, could uncover evidence that their data was not secure and had not been for quite some time. Even as better security tools and protocols come along, old and long-term events like this one are not disappearing.

For affected consumers, it is important to follow the instructions in the Dominion National data breach notification letter precisely. The company is offering two years of credit monitoring to those whose information is known to have been compromised. It is vital that you follow the letter’s recommendations in order to protect yourself from any further possible harm.

The Identity Theft Resource Center has been tracking data breaches since 2005, looking for patterns, new trends and any information that may better help us to educate consumers and businesses on the need for understanding the value of protecting personal identifying information.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Government Cracks Down on Robocalls

Millions of Venmo Payment Apps Accessed Publicly

Rental Car Risks: What it means for Your Identity

A virtual private network (VPN) is a digital tool that keeps outsiders, such as hackers, identity thieves, spammers and even advertisers from seeing your online activity. VPN is an installed piece of software on your laptop or desktop that is either stand-alone or bundled with your antivirus or security software. For mobile devices, VPN can be a downloadable app from your manufacturer’s preferred app store.

Everyone needs one, especially people who use their computers or devices for any kind of sensitive activity like business or data management. It might be work-related communications, file sharing with your team members or collaborating on a project. From a personal-use stance, using a VPN protects you while online banking, shopping at your favorite websites or just surfing online.

VPNs can have a few issues, namely that they are simply a safety net and not a catch-all for security. You can still end up hurt if you do not follow the rules of smart internet use, like good password hygiene and being careful of untrustworthy websites.

There is another problem with using VPNs: blocking. When you are traveling for business, for example, some hotels and airports may block the ports for a VPN, meaning you cannot use your VPN if connected to their Wi-Fi.

If your VPN is blocked and you need to rely on a public connection, your personal identifying information (PII) can be picked up by someone monitoring the connection. This is not just a concern for airport or airplane Wi-Fi. In one event, hackers used luxury hotel Wi-Fi to steal business executives’ data.

How serious is the problem? According to the Identity Theft Resource Center’s monthly data breach reporting of publicly available breach notifications, there have already been 246 business breaches this year. Of those, 23 percent of the exposed records involved unauthorized access attempts like phishing attacks. Another report stated hackers were able to infiltrate the public Wi-Fi of hundreds of different hotels, convention centers, and data centers in 29 different countries, including the U.S.

Fortunately, there are some steps you can take if you are having no success using your VPN:

  • Disguise your VPN traffic as regular web browser traffic, which makes it impossible for the hotel’s network to block your VPN service
  • Check with your office IT administrator about your computer’s configuration so they can log the situation and troubleshoot it for you
  • If you cannot connect your computer to your VPN, try connecting your VPN to your hotspot on your phone for sensitive internet activities 

NOTE: While a VPN can have performance issues like taking longer to connect or slowing down the browser, it is still a good way to keep your information safe and reduce your risk of falling victim to a crime. The slow-down “cost” is outweighed by the benefit of protecting your information.

Finally, whether you are using your VPN or not, it is important to never leave your device unattended at a conference, hotel, coffee shop, or other location, even for a moment. Make sure your passcode is enabled to help keep others out of your device, and enable the “find my device” option in your settings if the manufacturer provides it. You can also set up a pre-installed or downloaded tool to wipe your device remotely if it falls into the wrong hands.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Government Cracks Down on Robocalls

Millions of Venmo Payment Apps Accessed Publicly

Rental Car Risks: What it means for Your Identity

A newly discovered MedicareSupplement.com data breach has been identified, exposing a lot of sensitive information. The unfortunate reality is many companies are relying on cloud-based web storage without properly securing that storage with a strong password.

MedicareSupplement.com is not an insurance company. They are a marketing connection point that enables consumers to look for affordable insurance plans that their typical insurance coverage does not provide. When customers would look for additional coverage providers in their area through this platform, they had to enter a lot of personal information.

Information Accessed

The stored information for over five million users was left visible for anyone to find in the online database. It included names, addresses, email addresses and birth dates.

Cloud-based storage has its benefits if companies know how to protect it. By using third-party online storage providers, businesses do not run the risk of losing their customers’ information to theft, damage, natural disaster or any other physical cause. For many cloud storage providers, the default setting is “open” and non-password protected. It is up to the businesses to change that setting and close the gates on their data.

Identity Threats

There are a handful of dangers with this kind of accidental overexposure, as the MedicareSupplement.com data breach illustrates. Anyone who found the information could see names, IP addresses and email addresses, and use those for spam email campaigns, phishing attempts and other harmful activities. Since the types of insurance the customers were interested in was also visible, someone could have connected the dots to get a picture of consumers’ health care needs and medical information.

There is another serious threat to breaches like the MedicareSupplement.com data breach. Since the database was accessible to anyone who discovered it, a malicious hacker could have inserted malware into the database. The next time someone from the company legitimately accessed the stored database, it could potentially install that malware on the company’s network, leading to a far more serious data breach.

Next Steps

Right now it is unknown if anyone found or used the information in this stored database, so the MedicareSupplement.com data breach should be treated as a very serious event. Customers who have entered their information on this website need to be very mindful of potential spam, fraud attempts and medical identity theft. Furthermore, businesses who rely on cloud storage and online servers must secure their information with the proper security protocols.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Government Cracks Down on Robocalls

Millions of Venmo Payment Apps Accessed Publicly

Rental Car Risks: What it means for Your Identity

Payment apps like Venmo have become increasingly popular lately, for good reason. However, if users are not careful about how they use and secure their information the Venmo payment app, it can be a privacy pitfall.

Venmo Privacy

One concern is password strength. If you are reusing an old password, your app could be infiltrated by someone who then wipes your bank account clean. Some platforms also allow you to set up an optional PIN number in addition to your password, which can add another layer of security. However, as one security researcher reported, the way you are using your app could also put you at serious risk.

Venmo is one payment app that allows users to share their Venmo payments with the public. The company has stated there is a social element to using a payment app. You might have bought concert tickets, movie tickets or just gone out for pizza with your friends. This kind of behavior might be something you would already post on social media. Venmo allows you to keep your Venmo payments set to “public.” Anyone who opens the app can see the most recent Venmo payments, even if they do not know you.

Venmo Payment Scrape 

One researcher made a project of “scraping” this data. He used a program he wrote to compile the information and stored it in a database. For months, this researcher downloaded payments from specific IP addresses.

Researcher Dan Salmon was able to copy and store the usernames and IP addresses of the smartphones that were used. At first, it was simply to see if Venmo payment information could be accessed, but then he started to wonder what possible nefarious use a malicious hacker could have with it.

It turned out to be surprisingly easy to download a specific IP address’ most recent Venmo payments, compile them into a professional-looking email and then use those to target the customer with a phishing attack. If you were to receive an email that appeared to come from Venmo and included your most recent Venmo transactions, including the date, amount, purpose and the message you would have typed yourself, you might be more willing to comply with instructions in the email.

It is important to understand that everything this researcher did was legal and not difficult for someone with a little bit of know-how. It required some patience and dedication to the outcome, which is something that hackers and identity thieves seem to have in abundance.

Review Your Venmo App Settings

In order to protect themselves, consumers have to remember that their private business is just that, private. You would hopefully never run through a crowded shopping mall shouting, “I just bought a sweater with a check issued by First National Bank!” So why would you inform all of Venmo’s users that you bought pizza last Thursday, or that you paid your friend for some movie tickets? Remember to adopt an air of caution when it comes to sharing your personal details, especially online or on social media.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

The Federal Trade Commission has been tackling the plague of robocalls for a long time and has had victories against this menace in the past. Now, a new report demonstrates that their initiative has had even more successful results. The program has been taking aim at robocallers and reminding them that their actions are illegal, especially if they are calling consumers who have placed their numbers on the national Do Not Call registry.

Operation Call It Quits

Operation Call It Quits has already resulted in action against 94 separate robocallers, many of whom were fronting for other businesses and contacting people on the Do Not Call registry. These groups were responsible for more than one billion robocalls in the U.S., ranging from credit card offers to utility companies. The FTC has initiated 145 cases against these callers.

“We are all fed up with the tens of billions of illegal robocalls we get every year,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, in a press release on the program. “Today’s joint effort shows that combatting this scourge remains a top priority for law enforcement agencies around the nation.”

While robocalls are certainly annoying, with some households receiving multiple calls per day at inopportune hours, a lot of people do not realize the danger that some of these calls present. Scams and bogus offers have been associated with robocalls, especially ones that pose as credit card, medical health coverage and utility offers.

Tracking down and stopping the robocallers is only one part of Operation Call It Quits. The initiative also gives these tips on how to respond to unknown or unwanted phone calls:

Do not answer the phone

If you do not recognize the number on your caller ID, ignore the call. If it is a genuine or important caller, they will leave a voice mail. You can also return the call later, which will result in a “number not valid” message.

Do not trust the caller ID

With spoofing software, a caller can put any phone number and name on your phone’s screen. They could lure you into thinking the call is from your child’s school, your neighbor up the street, the IRS or the local police. Never go by what is on the screen when making a determination about a call.

Take advantage of call blocking

If your phone carrier offers call blocking, consider signing up for it. You might also install a call blocking app on your phone, but be sure to read the reviews on the app first. You might find that the free version of the app is just as good as the paid version.

Report any robocallers to the FTC

Operation Call It Quit’s success depends on going after the robocallers, but the FTC has a hard time doing that if consumers are not informing them of the problems. Report any robocalls to the FTC at donotcall.gov.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

With so many digital ways to attack someone’s personally identifiable information, it might seem strange that “old-fashioned” methods of mail fraud are still prevalent. A new report of mail scams in southwest Florida shows how easy it can be to attack an unsuspecting victim and steal their identity.

Change of Address Tactic

Using the change of address cards from area post offices, scammers target individuals by filling out the cards and redirecting their mail to a new address. After receiving the victim’s mail, the scammer can access sensitive documents that arrive by post and take advantage of credit card offers.

Security experts used to tell the public to be on the lookout for any strange activity whether it was collections phone calls, hits to their credit score or notifications from financial institutions. Perhaps the most telling sign of all was simply that their mail would stop arriving. If your regular mail does not appear for three or more days, someone may have changed your address without your knowledge.

According to the recent report, scammers have begun targeting two-person households for mail fraud. By changing only one spouse’s address, the victims are less likely to notice anything unusual. Meanwhile, the scammers are receiving the mail that should go to the other party.

Once a criminal controls the mail delivery, they can request new credit cards, sign up for utilities in your name and use the utility bills with your name and address to enroll kids in school or sign up for government benefits for example.

Other Signs

In order to prevent mail fraud, it is important to be on the lookout for suspicious changes to your mail delivery or any other signs of fraud. Do not assume a debt collector just has the wrong person, determine why they think you are the right person instead. Report any suspicious matter to your financial institutions and confirm the information they have on file is correct.

Preventative Steps

You can also take preventive steps with your credit card companies by signing up for eBills instead of paper and blocking mailed credit card offers, just make sure you. If there are any odd communications from your utility company, that could be another sign of mail fraud.

Social Media 

Social media is the other aspect of this recent wave of mail fraud, which has saved a few more victims. Once residents began posting online about being victimized, other people began to look into their own mail. Some victims only learned someone had stolen their mail after reading about it online.

Do not ignore the little red flags. Check up on them to be sure no one has used your address.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

Pucker up for a selfie and set your Snapchat filter with dog ears – it is World Social Media Day! If we divide tech users into two groups, the casual account holders and the social media fanatics, this event can mean very different things. The casual user might see social media as a necessary evil, a tool that everyone seems to have to have, even if they do not use it regularly. To the ultra-fans, social media is a way of life, every day is truly World Social Media Day to these users.

Each viewpoint is valid and a matter of personal choice. However, when it comes to protecting yourself online, there are different concerns for each kind of user.

The Casual User

If you have a Facebook account but never use it, or you signed up for Twitter but cannot remember the last time you tweeted something, you might be a casual user. You might use social media for group communications once in a while or post the occasional photo. For those reasons, you might be at risk of being hacked or spoofed.

When someone hacks into or copies your account, they can target your friends and family for information and money. They can also turn the tables by pretending to be you, and ask for sensitive information about your identity or comprise your reputation.

If you are a casual user, there is good news. Your password is your best friend. Since you will not be logging in and out regularly, feel free to make an unbreakably long, complicated password. If you did need to log in and are no longer able to access your account with this impossible password, simply click Forgot My Password and sign in via the password change link in your email – make sure it is a password reset you actually requested before clicking any link. You can also choose difficult security questions that are not very common, to keep a hacker from accessing the answers and using them on your other accounts. Celebrate World Social Media by taking these precautions on your accounts.

The Social Media Fanatic

Congratulations, your obsession with online updates is now considered practically commonplace. Like millions of Americans, you think of social media as a way of life, a handy tool and just plain fun. But there is nothing fun about being targeted by a social media scammer or hacker.

If someone is checking their accounts routinely, you might think it would be easy to spot something out of the ordinary. Instead, people with high friend or follower counts and lots of posts are an easy target for someone to spoof their account. Instead of trying to hack into an unused account, scammers create a new one that looks just like the original. They reach out to the original account’s followers and lure them in with a new friend request, trying to capitalize on their reach.

One way to avoid a spoofer is to make sure your privacy settings are as strict as your comfort level. If you are trying to meet and connect with new people, your settings might be a little more open. But if you are only want to connect with people you know, there is no reason to leave your posts open to the public.

Depending on the platform, you may not have much control over who can see them. Therefore, it is important to avoid oversharing, something that can become a real problem when you spend so much time letting others see glimpses into your daily life. Avoid personal details, overly specific references to your home and workplace, photos that include geotags or identifiable locations and stay safe this World Social Media Day!


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft