Posts tagged "Sileo"
The so-called “Inheritance Scam” is resurfacing in Colorado, but it has a new look.
No longer do you simply receive an email claiming to be from the representative of a long-lost relative. The new format involves what security experts call the “Accomplice Ploy” in which the thieves attempt to engage you through a long series of queries (one method) reaching out to you as if they know who you might be.
We have developed five questions you should ask about any email or phone call you suspect might be a scam. They are called the 5 indicators of the inheritance scam:
Sileo’s Scam-Detection Questions
1. Were you expecting a windfall?
2. Is it too good to be true?
3. Are you being rushed/threatened?
4. Do they ask for secrecy?
5. Do they request more information?
Product Review on Password Manager Software
I’m often asked during my keynote addresses for specific, actionable items that will help keep personal and company data secure. I could reel off ideas for literally hours, but one of the easiest things anyone can do is utilize a password manager program. There are a lot to choose from but the one I personally recommend is the award-winning 1Password, which remembers and securely encrypts all of your passwords so you don’t have to. You merely come up with one secure master password and then train 1Password to log in to sites for you.
It often amazes me to find out how many people shy away from implementing ideas that they KNOW will make them safer. There are a multitude of reasons I know:
- Ignorance: “I didn’t know there was a helmet law in this state.”
Quite a while ago, not long after the Target data breach, I wrote a detailed blog about the importance of the United States catching up to more than 80 other countries who already employ EMV security measures for their credit and debit cards. (EMV refers to “Europay, Mastercard, and Visa” or “Chip and PIN” technology.) Why so important? This one statistic should answer that question: Almost half of the world’s credit card fraud now happens in the United States —even though only a quarter of all credit card transactions happen here.
As a consumer, you should be glad of the change because you will be much better protected than with traditional magnetic stripe technology we’ve clung to for so long. EMV authentication includes a cryptographic message that makes each transaction unique. Having a card that is difficult to hack or duplicate and requires something YOU know (a PIN) will provide extra layers of protection.
Data Breach Expert Alert: The restaurant chain P.F. Chang’s China Bistro has reported a security breach that may have led to the theft of customer data from credit and debit cards used at 33 restaurants. In addition to stolen card numbers, the intruder may have gotten names and expiration dates as well. The breach took place between October 19th of 2013 and June 11th of 2014 and supposedly has affected 33 locations.
If P.F. Changs follows in the footsteps of the recent Target breach, you can expect an expanding number of stores and customers affected over the coming days. It seems that the data breach playbook suggests that companies initially under-report the severity of the security lapse in order to keep customer shock and defection to a minimum. Once the news cycle has worn out the topic (generally 3-5 days), the breached company generally issues news on additional stores affected, customer data lost, increases in the actual data affected, etc. Let’s hope P.F. Chang’s does a better job of communicating damage the first time.
When you read the recent blog post from Facebook about how they’re going to “Make Ads Better” and “Give People More Control”, you really want to believe them. You want to believe that they’re really just trying to make your life easier by providing ads relevant to your “likes” and apps you choose to install. Sure, if I have the MLB app, why wouldn’t I want to know about a sale on caps for my favorite ball team? Or if I’m an exercise nut, getting the latest gear for my next triathlon might be really important to me and save me the time of searching for it.
But the bottom line is this: Facebook is going back on something they promised years ago. Not only are they using our likes and apps to market to us, they’re also using our browsing history to target ads. They can “only” use information from sites that have Facebook buttons (to like, recommend or share) or that you can login to with your Facebook account, but these days, that’s practically any site!
Facebook Privacy Settings… Some may say it’s too little, too late. I’m relieved that Facebook is finally responding to concerns about their confusing and weak privacy settings. The social media giant (who has been losing customers of late) has recently made several changes to their settings.
Facebook Privacy Settings Update
- Additional photo settings. Your current profile photo and cover photos have traditionally been public by default. Soon, Facebook will let you change the privacy setting of your old cover photos.
- More visible mobile sharing settings. When you use your mobile phone to post, it is somewhat difficult to find who your audience is because the audience selector has been hidden behind an icon and this could lead to unintended sharing. In this Facebook privacy settings update, they will move the audience selector to the top of the update status box in a new “To:” field similar to what you see when you compose an email so you’ll be able to see more easily with whom you are sharing.
It’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014. They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name. Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.
KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each. This data is being sold in hundreds of online “stores” advertised in cybercrime forums. A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.
Self-censorship on Facebook
Do you ever delete the words you type on Facebook before you hit post?
Have you ever started to type a status update that you thought was hilarious…until you realized your boss might not appreciate your 8th-grade humor? So what’d you do? You quickly hit the delete key and watched your comment disappear forever, right? Not exactly.
What if you are ready to make a snarky comment to Greg, the upperclass jerk who stole your high school girlfriend (and is about to get a divorce, ha ha), but decide to take the high road just before hitting the “post” button and instead, wish him well on his pending journey of love (despite the fact that it’s bound to fail)?
No harm done, right? You never hit the post button, so no one ever saw it! Well, it turns out that’s not quite how it works in Facebook Land.
The latest scheme to target unsuspecting consumers aims right at the core of what matters to the average person on an average night: our entertainment! In a scheme unveiled by Jerome Segura in a blog post on the site Malwarebytes.org, scammers are going after the personal information and financial resources of Netflix users.
Here’s how it works:
You are on what looks like the real Netflix home page. You enter your information, but instead of taking you to Netflix, you are redirected to a page telling you your account has been suspended for “unusual activity”. You are given an 800 number for “Netflix Member Services” and a very authentic looking error code.
If you call this number, a real live human being answers sounding much like a real typical tech support person. They will be happy to help you (even if you give them bogus account information!) if you’ll just give them that error code. This then allows them to remotely access your computer.