TOP 3 SCAMS TO RUIN YOUR HOLIDAYS
With more and more people engaging in online shopping during the holidays, the criminals are making it harder to spot a scam. Now, fake shipping notices, gift card scams, and online social media ads are just a few of the deceptive ways they are trying to ruin your holiday.
SCAM ONE: FAKE SHIPPING NOTICES
With more and more people engaging in online shopping, fake shipping notices can be increasingly difficult for consumers to identify. These deceptive messages often arrive through various channels, including text messages and emails, making them particularly aggravating and challenging to recognize. This type of scam is particularly effective during the holiday season when so many individuals are eagerly awaiting their deliveries. However, if you pay close attention and observe the details, you will notice that they all tend to follow the same predictable script. Here are signs of a fake shipping scam:
Generates a Sense of Urgency
Usually they will tell you your package is delayed (for some reason) and offers the opportunity to take care of it by clicking the link that they have helpfully included in their message. Here is an example (minus their scam website) I pulled off my phone: U.S. Customs: You have a USPS parcel being cleared, due to the detection of an invalid zip code address, the parcel can not be cleared, the parcel is temporarily detained, please confirm the zip code address information in the link within 24 hours.
Unsolicited Message
If you have ordered items for the Holidays, you may worry that this text/email might be a legitimate notice of failed delivery. However, stop and do not click the link. Instead, check with the place you ordered the product from directly and check shipping status with them. Don’t engage w/ the unsolicited message.
Threat of some “bad outcome” if you do nothing.
Putting a time limit, trying to force you to act quickly.
The web address is usually a random looking that doesn’t match the sender.
SCAM TWO: GIFT CARD SCAMS
This one is easy! Anyone emailing or texting you to buy gift cards and send them the numbers off the back of the card is scamming you. Guaranteed. More info from the FTC: https://consumer.ftc.gov/articles/avoiding-and-reporting-gift-card-scams
SCAM THREE: SOCIAL MEDIA ADS
Finally, my least favorite category of online content: the ever-popular misleading social media ads. We’ve all seen thousands of these ads to the point where I truly hope we’ve developed a certain immunity to their allure, but there must be people out there who are still clicking on these enticing offers. An honorable mention in this realm would certainly be Wish, Temu, and Shein. The only guarantees with these platforms seem to be that what you see in their advertisements is often not what you actually end up receiving.
FOR MORE INFORMATION ON SCAMS, VISIT THE FTC LINKS BELOW:
https://consumer.ftc.gov/articles/avoiding-and-reporting-gift-card-scams
IT Breaches for July 2020
This month, healthcare data breaches keep climbing, Twitter apologizes for its breach and more. Read some of the incidents in the articles below:
CYBERSECURITY NEWS
Social Media, Healthcare and Higher Education struggle in cybersecurity
This month, healthcare data breaches keep climbing, Twitter apologizes for its breach and more. Read some of the incidents in the articles below:
Industry: Social Media
Exploit: Accidental Data Sharing
Twitter sent a notification to business clients last week acknowledging a data breach that exposed the personal and billing information of some users. The breach occurred due to an issue that led to some users’ sensitive information being stored in the browser’s cache. Twitter explained that it recently became aware of this issue. Business users were warned that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter your account’s billing information may be at risk.
Twitter did not release an estimate of the accounts affected, but it did specify that only business customers were at risk, and only a percentage of business customers had any details exposed. The leaked information potentially included email addresses, users’ contact numbers, and the last four digits of credit card numbers used for Ads accounts. Twitter business customers should monitor potentially affected payment accounts.
Industry: Healthcare
Exploit: Internal Email Account Compromise
AMT Healthcare revealed this week that it had experienced a data breach affecting a large pool of customers in December 2019 that was discovered through suspicious activity on an employee email account. The California-based company recently completed an investigation into the incident and contacted those who were affected. Potentially compromised data includes patient names, Social Security numbers, medical record numbers, diagnosis information, health insurance policy information, medical history information, and driver’s license/state identification numbers.
Anyone that may be at risk of compromise was informed this week. Extremely sensitive data was compromised in this breach, and those affected should beware of the potential for fraud, identity theft, and spear phishing attempts that this stolen data creates. A filing of the account posted to the breach portal at the U.S. Department of Health and Human Services noted that potentially affected patients are being offered free credit monitoring services.
When clients choose to do sensitive business with a company, they’re also trusting that company to guard their information. This imperative is even stronger for companies that collect health information. Not only does a data breach cost healthcare organizations patient confidence, but it also costs a fortune in HIPPA-related fines.
Industry: Higher Education
Exploit: Ransomware
The University of California San Francisco (UCSF) confirmed this week that it paid cybercriminals $1.14 million to decrypt data following a ransomware attack. Although UCSF was able to detect the incident quickly, it was not fast enough to allow cybersecurity teams to quarantine the affected servers, and a significant portion of its medical school and research data was encrypted. The ransom was demanded to free essential COVID-19 research data that was captured in an intrusion on June 1. Reports indicate that UCSF was one of four academic institutions targeted in a single week by the Netwalker ransomware group.
Ransomware is a growing menace to every organization, and it’s not just sensitive business or financial data that Dark Web criminals are after. Research data has become an increasingly hot commodity. Paying ransoms to cybercriminals to decrypt research data sets a dangerous precedent. Collecting large sums will embolden other groups that can take down big fish to score big paydays.
Merry Christmas from RealTime!
View our 15 second TV Commercial we made for the Christmas Season.
Never Click and Tell.
Everyone seems to be posting their information on social media - from personal addresses to where they like to grab coffee. You may figure, if everyone’s doing it, why can’t I?
October is Cyber Security Awareness Month
Oversharing and Geotagging
Never click and tell.
Everyone seems to be posting their information on social media - from personal addresses to where they like to grab coffee. You may figure, if everyone’s doing it, why can’t I?
What many people don’t realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and even your physical belongings—online and in the real world. Avoid posting names, phone numbers, addresses, school and work locations, and other sensitive information (whether it’s in the text or in the photo you took). Disable geotagging, which allows anyone to see where you are—and where you aren’t—at any given time.
While it’s tempting to do otherwise, limit your social networks to people you actually do know in real life, and set your privacy preferences to the most restrictive settings.
*This information is courtesy of the Department of Homeland Security as part of the 2018 National Cybersecurity Awareness Month.
Don't Give Your Apps An All-Access Pass!
Have you noticed that apps you recently downloaded are asking for permission to access your device’s microphone, camera, contacts, photos or other features? Or that an app you rarely use is draining your battery life?
October is Cyber Security Awareness Month
APP SECURITY
Keep tabs on your apps
Have you noticed that apps you recently downloaded are asking for permission to access your device’s microphone, camera, contacts, photos or other features? Or that an app you rarely use is draining your battery life?
Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved - gathering your personal information without your knowledge while also putting your identity and privacy at risk. Don’t give your apps an all-access pass. The following are some steps to avoid “over-privileged” apps:
Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use.
Learn to just say “no” to privilege requests that don’t make sense.
Only download apps from trusted sources.
Enable automatic app updates in your device settings or when they pop up, because having the most up-to-date software doesn’t just make things run smoother—it helps keep you patched and protected against ever-evolving cyber threats!
*This information is courtesy of the Department of Homeland Security as part of the 2018 National Cybersecurity Awareness Month.