Keeping you safer online

Fraudsters got more sophisticated...

and so did we. 

Think about all the personal information you post on Facebook, LinkedIn, and Instagram. Crooks do. They scan social media comments and send personalized phishing emails and texts that look convincing. At first, they targeted CEOs, instructing them to wire “past-due” payments. That worked so well, scammers targeted others in leadership positions. Then this year, they expanded their schemes to include rank-and-file employees. 

Hacking technology has become so advanced, crooks are using charging cables and fake charging stations that record keystrokes that victims type on their smartphones and tablets. These cables and power outlets look exactly like the ones that come with phones. But embedded in one end is a tiny device that records passwords, texts, and emails. The fake devices then transmit data back to the crooks who use it to access private information stored on the device. Mass production of these dangerous cables and plugs is now underway, so fake cables will be an even bigger problem in 2020.

This holiday season, there are four times as many fake stores claiming to sell merchandise on the web as there are real stores! Some sites sell counterfeit merchandise and others exist just to steal credit card information. Many fake sites use web addresses that are close to familiar addresses except for the substitution of a random letter like a “0” instead of an “O”. Others use a name that’s close to the real thing like “amazon-deals.com” instead of “amazon.com. Most claim to offer super low prices on popular items like fragrances, sporting goods, Ray-Ban sunglasses, and shoes but only accept PayPal as payment.

This year, because phone technology has become so inexpensive, the number of robocalls in the US jumped to nearly 2,000 per second. Many fake calls follow this format: the urgent recording on the other end claims to be from the IRS, social security administration, the FBI or local police department. If you remain on the line, a real person takes over and threatens you with a steep fine, arrest and jail time if you don’t comply with their instructions immediately, which usually involves sending them money in the form of gift cards or wire transfers to a “secure” bank account, usually located overseas. Robocalls are common because so many people take the bait and send fraudsters money.

If you’re like most people, you click “Accept” when a website asks you to approve the way they collect and use your personal information. The US doesn’t yet have a national privacy law to govern how that information is used. As a result, states are creating their own regulations that govern how much time companies have to alert their customers to a security breach, how consumers’ information is bought and sold, and the consequences when a consumer's information is stolen.

Sources: Check Point, Wall Street Journal, ProofPoint, Aware Force

Click on the image to download and print a copy.

NTSC _ 5 Cybertrends.001.jpeg

Thousands of users have been locked out of their new Disney+ streaming video accounts. Wired reports hackers got access because many customers used the same names and passwords for Disney+ as they used with other online accounts that had already been breached. 

Those who made purchases on macys.com between October 7th and 15th should review credit or debit card statements in the coming months. Macy’s website was hacked, exposing financial information of customers who made purchases during the period.

In the upcoming edition of Cybersecurity News
for subscribers of Aware Force: 
The gift card scam designed to
rip off employees and consumers.

December 2019 a • Edition #84

Masthead photo by Candis Hidalgo

Macy's and Disney+ logos are trademarks of their respective companies. 

Cartoon © Milt Priggee

Original content © 2019 Aware Force LLC

Aware Force is a registered trademark