Our Blog

Scams and Tech, Part 3: Kicking Scammers to the Curb

By Mason Crane-Bolton

Make yourself a to-do list for completing these tips | photo via stock photos

We’ve already given you some tips to protect yourself against the scammers we’ve listed in this series, but what else can you do? How can you best ensure you’re safe from scams and scammers?

Sadly, there is no silver bullet, no perfect solution that will guarantee you’ll never be in contact with scammers or never fall victim to a scam. But there are many steps you can take to help protect yourself. These steps can be easily divided into two categories: proactive and reactive. Proactive steps are ones you can take to help ward off scammers—these are the best steps to take because they help prevent financial and/or identity loss. Although reactive steps aren’t as ideal, they’re a good way to handle scams after you believe you’ve been contacted by a scammer or have been scammed.

Proactive

  • Consider opening an account for your Social Security number (SSN) at https://www.ssa.gov/myaccount/ to monitor your Social Security account.
  • Consider freezing your credit—this option may help prevent identity theft, but don’t freeze your credit if you plan on making a major purchase in the near future, such as a car, boat or home. Credit checks run while your credit score is frozen will hurt your credit score.
  • Monitor your credit throughout the year. You’re entitled to free credit reports from Experian, TransUnion, and Equifax once per company per year. Rather than get all three at once, spread these reports out every four months to stay vigilant. You can learn more at https://www.annualcreditreport.com/index.action.
  • Never email or text your Social Security number or banking information, such as credit card, account, or routing numbers.
  • Never give your SSN or credit/banking information to someone who reaches out to you.
  • Educate yourself on the latest scams—scams tend to come in droves, so it’s helpful to learn what scammers might approach you with.
  • Install virus and malware protection on any device connected to the internet, including (but not limited to) computers, tablets, and smart phones.
  • Consider adding a trusted contact to your bank accounts—if unusual spending is noticed, your bank can alert you and your trusted contact (this may be particularly useful if you’re the victim of a romance scam).
  • Read reviews for organizations and businesses that send solicitations before engaging with them.
  • Look for the fine print on solicitations you receive. If a solicitation references a relationship with another business you know (say, your mortgage company or landlord/apartment management), contact that business directly to investigate the mail/email/text/phone call you’ve received.
  • Double-check any potential romantic/friend dates before pursuing a meeting or relationship. Let people you’re close to know about anyone involved in your life (even if the relationship is online-only).
  • Don’t open any emails or click on links or attachments you’re not expecting. This goes not just for emails from strangers but emails from loved ones—Scammers can hack into accounts or disguise their email address as coming from someone in your list of contacts.
  • Use your caller ID on your phone and let calls from unknown numbers go to your answering machine or voicemail. If you’re worried about missing an important call, you can always use the general principle, “If it’s important, they’ll leave a message.”

 

But maybe you’ve already gotten a suspect phone call, or a strange voicemail. Maybe you’ve realized, too late, that the person you gave your credit card number or sent money to wasn’t who they said they were. If these things have already happened, then it’s time to take reactive steps.

Reactive

  • If you receive a call you believe is a scam, hang up the phone immediately. If caller claims to be a from a legitimate business or organization, hang up the phone—reverse search and contact the actual organization. Ask if the organization has contacted you.
  • If you’ve opened an email that seems fishy, delete it immediately. DO NOT click on any links in the email!
  • If you’ve given your credit or banking information to someone you later suspect is a scammer, report this to your financial institutions and request new card and account numbers.
  • Report any attempted scams.
  • If you’ve been a victim of a scam, report it—your report will help you AND might prevent someone from being scammed in the future.
  • You can report fraud to the Federal Trade Commission at ftc.gov/complaint.
  • To report Social Security scams, call the Office of the Inspector General at ?1-800-269-0271 or report online at https://oig.ssa.gov/report.
  • If you or someone you know has been the victim of an online scam, register a complaint with the Internet Crime Complaint Center (IC3) at https://www.ic3.gov/default.aspx or with the New Jersey Division of Consumer Affairs at http://www.njconsumeraffairs.gov/ or by calling 800-242-5846 (toll-free in NJ) or 973-504-6200.
  • Don’t be embarrassed or ashamed to report it if you’ve been the victim of a scam—scams can happen to anyone.

 

While this is not a comprehensive list, these suggestions can help guard you against tech-based scams or help you even after you’ve found yourself to be victim of a scam. Remember, scams can pop up anytime, from anywhere, and are especially prevalent through all of our tech-devices. Remaining vigilant and working to minimize your exposures to scams is the best way to prevent being scammed. But if you are the victim of a scam, report your scam to the proper authorities—your report could help you and could prevent someone else from being scammed!

We hope you’ve enjoyed this series on tech-based scams! Come back in April for our newest blog!


Mason Crane-Bolton is Communications Manager for the New Jersey Foundation for Aging. His writing has appeared in EpiphanyUU WorldTo Wake/To Rise, and others. 

Cybersecurity: Where does it begin? Where does it end?

Mitchell Feather, Vice-President, Creative Associates

 

It seems like every day brings news of more cyber threats and breaches, which seems to leave you with more questions than answers. Has my information been stolen? How should I respond? What can I do to protect myself? What can I do to detect and avoid threats?

Companies may take measures to protect – or share – your information. Regardless of new technologies, tools, patches, laws, and regulations, there is one unwavering fact: Cybersecurity begins with you – and ends with you. What you do or don’t do is critical and that cannot be overemphasized. When it comes down to it, you control what you do or don’t do to protect yourself, your money, and your information. And you cannot delegate that responsibility.

Protect Your Tools and Toys: The first thing you should do, if you haven’t already, is to ensure that you have installed the appropriate software and that the appropriate settings have been enabled (or disabled) to protect your computers, smartphones, tablets, etc.

You should have antivirus/antimalware software/apps installed on all of your devices. There are a number of very good products to choose from such as Sophos, McAfee, and Malwarebytes. Even though it might be tempting to install just free versions of some of these, you should look at the paid versions. They generally offer more features that can enhance your security and peace of mind.  

One thing that you must NOT do is respond to pop-up alerts that warn you that your device has been infected and recommending that you click on a link or button to install software to protect your computer or device. If you click on that link or button, you will probably achieve just the opposite and infect your device. More about this later.

Sometimes, while browsing websites, you may end up on a malicious web page that that results in your computer or device becoming infected. This is why a utility like McAfee’s WebAdvisor can be very helpful, and it is a free download which offers a number of protections. If you are looking for similar utilities, be careful with what you find in your search results. Some malicious threat actors have paid ads for product names that sound very legitimate but, in reality, are carefully thought-out schemes that are designed to trick you into installing malicious software.

Plan For the Worst: Sometimes, no matter how hard you try, bad things still seem to happen such as lost or stolen smart phones or computers or ransomware infections. This is one of the reasons you should always make backups of your devices – and keep the backups current. Procedures vary depending on the type of device. For Windows and Apple computers, you can backup hard drives you have physically connected to your computer or you can back up to a number of cloud services. For Android and Apple devices, there are settings on the devices to allow for automatic backups to Google or iCloud, respectively. Whether you are backing up to a USB-connected hard drive or to a cloud storage service, you want to make a practice of disconnecting it from the computer after you make the backup. Some variants of ransomware are “smart” enough to not only access all of your computer’s files, but they will also seek out any backups you may have and gain access to those as well.

Now, Assume the Worst: It is not unrealistic to assume that your personal and/or financial information has already been compromised by one or more of the many breaches that have occurred last year or prior. This means that you should be monitoring your financial assets.

You are entitled to a free copy of your credit report from Equifax, Experian, and TransUnion every 12 months. Nobody says that you have to take them all at once. Spread them out so you are getting a copy of your credit report every 4 months and review them carefully for signs of unusual activity or identity theft. You can order the free reports from annualcreditreport.com. That same website can also help explain what you should be looking for when you review your credit report. And do not think somebody is too young or too old to bother with this task. If somebody has a social security number, then their credit reports should be monitored.

Also, many banks now offer free credit score monitoring for their credit card customers. Depending on the bank, the information they offer will vary. But, generally, they will tell you if your credit score has moved up or down and provide some insight as to why it changed.

Talking About Credit Cards and Banks, most banks offer notification options, so you can be kept informed regarding any activity. Some banks will allow you to set an alert so that you can be notified if there is any credit card charge activity, even as small as a few cents. This may seem a little extreme but some fraudsters will run extremely small charges to test if credit card numbers are still valid while maintaining a low profile.

If you have not already, you should take other steps to secure your credit card and online banking accounts. Specifically, you should seek out if your online banking websites offer two factor authentication. If they offer two factor authentication, also known as 2FA, I strongly recommend you implement it. This advice extends beyond just online banking. You should implement 2FA for any of your online services that offer it: banks, brokerage accounts, telephone company, gas/water/electric utilities, email, Google, Facebook, etc. What if your bank does not offer two factor authentication? You may want to consider changing banks. You can find a list of banks, as well as other business and services, which support 2FA at https://twofactorauth.org.

Two factor authentication is based on two pieces of information rather than just a password. These factors can be various combinations of things like something you know (e.g., passwords or PINs), something you have (e.g., ATM card, smartphone), or something you are (e.g., fingerprint, voice print, or facial recognition). For greater security, we sometimes use more than 2 factors. This is referred to as Multi-factor authentication, or MFA. This is an area that is always changing in an effort to try to create more secure but also easier for you to use. Currently, the most common 2FA implementations you will find include sending you a security code by text message (SMS), by telephone call, or by email. Be careful if you are access any of your online sites from a smartphone and you have the security code sent to the same smartphone. If your smartphone gets lost or stolen, you may find yourself or your accounts a little vulnerable.

Many online websites also take advantage of security questions (e.g., In what town was your elementary school?, where did you meet your spouse?, etc.). I strongly advise you to lie when you answer these questions. Use answers that are totally irrelevant (e.g., What is your favorite color? Answer: “Outer Mongolia”) and meaningless to you or somebody else. Nobody says you have to tell the truth. All you have to do is remember your answers. And do not use the same questions or answers among different websites.

Let’s Pass on Passwords: Probably as far back as you can remember, you’ve been saddled with the task of creating and remembering passwords to access all sorts of information. Some of you used easily-remembered personal details like your anniversary date, your spouse’s name, your pet’s name, your mother’s maiden name, etc. Some of you may have just used easily remembered words such as your favorite food or flower. Some of you still use “password12345” or “qwerty” as your password. Even worse, many of you use the same password for many of your online login passwords.

There are serious security risks associated with these practices: If you use personal information as a password, a threat actor can figure out that password just by researching your personally identifiable information. Common words as passwords are also easily determined by threat actors by use of tools called password crackers, which use large dictionaries.

You are better protected by using complicated collections of letters, numbers and symbols, such as “P^MP2F7~HRnZ)LU”. You can also better protect yourself by using passphrases instead of passwords, complete with spaces when allowed. Additionally, replace some letters with numbers and symbols. You can go with lyrics to a song, poetry lines, etc. As an example, consider the lyrics of Over the Rainbow: Start with “Somewhere over the rainbow Way up high.” Replacing letters with numbers and/or symbols, this can become “50meWh3r3ov3rther@!nb0w#wAyupHi!”. Or you can take just the initial characters of each word and put those together and similarly swap out some letters. This can become: “50TrWuH!” Just use your imagination: the more complicated it is, the safer you are.

Remember not to use the same password or passphrase with more than one account. And change your passwords regularly. Also, if you get notified or read that any service that you use has been breached or compromised in any way, immediately change that password/passphrase.

Also, it is very important to remember to change the default passwords on any software service to which you subscribe or any hardware that you purchase. This is especially true for any internet routers, switches, wireless cameras, televisions, appliances, etc. The FBI and other agencies have released alerts warning about the threat actors from foreign countries that are trying to penetrate these devices.

You Expect Me To Remember This?: You have no decided to follow all of my advice about passwords. Remembering all of these passwords may prove to be more than challenging. Fortunately, there are some very good password managers available to you. Some are available for free, some you have to pay for. Two of the better password managers are Dashlane and LastPass.

Reign In Your Privacy: Now that we’ve covered the basics, let’s turn attention to keeping your information more private and less at risk. You should review and adjust some of your web browser settings. Additionally, you should review and adjust your privacy settings on your social media sites and other online accounts.

Check your web browser settings for privacy and security settings. There, you will find a number of options that would be useful to you. With Chrome, for example, you will find settings like “Protect you and your device from dangerous sites” and “Send a ‘Do Not Track’ request…”. I recommend enabling both of them. You will also find settings like “Automatically send usage statistics…” I recommend that you seriously consider whether or not you want to share this private information with Google.

You will also find a section to enable or disable the capability to Autofill information when you need to fill out online forms. I strongly recommend that you disable this functionality. Among the many reasons is the possibility that a threat actor can setup a web page to secretly retrieve all the fields of information that you have stored in the autofill feature. You should also NEVER store credit card information in a web browser’s autofill feature.

With your online accounts like Google and Facebook, you will see features like privacy checkup and security checkup. You should perform these checkups and appropriately limit which features are enabled and what information you are allowing to be tracked. In the case of Google, as an example, this may include actual recording of your voice. You can – and should – purge any of this tracking information that you do not wish to be shared and/or stored. Also check your social media settings such that you only share information and files as you desire.

Time To Be Diligent: Now that you have addressed many of your hardware, software, and account settings tasks, you now come to the never-ending task: Be Diligent! The greatest risk to you is social engineering. Threat actors are always trying to take advantage of you by getting you to lower your guard, cause you to panic, take advantage of your trusting nature, etc. All it takes is one click on a link or opening one attachment to cause all kinds of problems for yourself and possibly others. These social engineering attempts, also known as phishing, can appear as very legitimate-looking emails or websites. It might appear as a PDF attachment in an email, or a Docusign email, a link to a dropbox document, an alleged invoice, or a multitude of others.

The rule is a simple one: if you are sent an attachment or an email telling you to click on a link and you do not recognize the source, do NOT open it nor click on the link. If you recognize the sender of the email but you are not expecting the attachment, call the sender by telephone and ask him/her if he/she really sent you the attachment or link. Do NOT just reply to the email and ask if it is legitimate because you may not be sending the email to the individual that you think you are sending it to.

There are a many websites that you can visit to learn more about phishing or where you can take phishing quizzes. A good starting point is www.phishing.org.

Don’t Be Proud or Shy: Some phishing attacks are so realistic and so well done that trained professionals can sometimes be fooled. So do not be embarrassed if you are not sure what to do or you are afraid your device or your information may have been compromised. As someone you trust for help. Or file complaint with agencies like The Internet Crime Complaint Center (www.ic3.gov) or the Federal Trade Commission (www.ftc.gov). If you really don’t know where to turn, you can always reach out to your local police department for assistance. If they cannot help you, they can help steer you to appropriate individuals for help.

 

©2018 by The LBC Group, Inc. All rights reserved

Scammer Lingo

Scammer Lingo

Here on NJFA’s blog we have featured a few posts about scams, we’ve also done articles in Renaissance and posted scam warnings on Social Media. It seems there is always a new scam or the resurgence of an old scam to be on the lookout for.

But that got us thinking… do we really know what all the terms associated with scams mean? The tactics that scammers use come with their own little lingo. In order to be more prepared and aware- we thought, why not share some of the terms most commonly associated with scams? That way you know what we are talking about when you read about a new scam or a warning of a scam to look out for.

Here is a sampling of terms and their definitions.

Pharming:¬†When hackers use malicious programs to route you to their own websites (often convincing look-alikes of well-known sites), even if you’ve correctly typed in the address of the site you want to visit.

Phishing: The act of trying to trick you (often by email) into providing your personal data or credit card numbers, usually a scammer will pose as a trusted business or other entity.

Ransomware:¬†A malicious program that restricts or disables your computer, hijacks and encrypts files, and then demands a fee to restore your computer’s functionality.

Scareware: A program that displays on-screen warnings of nonexistent infections on your computer to trick you into installing malware or buying fake antivirus protection.

Skimming:¬†The capture of information from the magnetic strip on credit and debit cards by using a¬†“skimmer” devices. These skimmers are secretly installed on card-reading systems at gas pumps, ATMs and store checkout counters.

Spoofing:¬†Scammers can use technology to pose as a specific person, business or agency, this technology allows them to manipulate a telephone’s caller ID to display a false name or number, so that it appears they are calling from a legitimate business or from a local number.

Spyware: A type of malware installed on your computer or cellphone to track your actions and collect information without your knowledge.

As a reminder, if you have been the victim of a scam, contact your local Police Department and/or the Federal Trade Commission  https://www.ftccomplaintassistant.gov/#crnt&panel1-1  or the NJ Division of Consumer Affairs 1-800-242-5846 or www.njconsumeraffairs.gov  

 

Communication

Communication

¬†I recently read an article from the LA Times, that was run in the Living section of the Trenton Times on July 3rd. It was titled ‚ÄúGrandma, you’ve got mail‚Äù and told the story of seniors taking computer classes. The article was very interesting and there were some great quotes from both the student volunteers teaching the courses and the seniors taking advantage of them.

We’ve known for awhile that there is a “digital divide” among the generations. Certainly there are some more mature users of such technology was email, cell phones and even Facebook, gasp! But there are also those older adults that either fear the computer, or just have no interest. One quote from the LA Times piece that really caught my attention was this, “It scares me”, Edythe Eisenberg said of her iPad. “But when I call my kids and grand kids they don’t call me back, so I have to use e-mail.” This really touched me as a sad aspect of our growing reliance on computer technology and non-verbal communication.

I think technology is great and offering seniors a chance to learn how to use and not fear some of these new technologies is also great, if they want them. However, those of us that are caught up in the fast paced world of communicating with our friends and colleagues through mostly email, text or online chats should not forget the seniors in our lives that want to hear from us. Your mother, father, grandmother or grandfather shouldn’t feel forced to use a technology they don‚Äôt like just because it is the only way to hear from you. Pick up the phone and say, ‚Äúhey, how are you today?‚Äù Don‚Äôt miss that chance to learn something, help out with something or just connect, with an actual voice. It will be good for them and for you.

Technology is good for those who like it, but let’s remember to communicate to each other in the best way possible, which sometimes may be using the old fashioned telephone or dropping by for a face to face. But by all means if you grandma wants to be on Facebook, teach her how to get online! Who knows, maybe she’ll log on to match.com!