Showing posts with label Fraud and Scam. Show all posts
Showing posts with label Fraud and Scam. Show all posts

Sunday, August 20, 2023

I troubleshoot software and these are Steps you can take secure your phone, tablet, laptop

   ,
I work in an industry where part of my job is to ensure a company's equipment and devices are secured to meet industry security standards and protect clients and consumers against digital attacks and the loss of company and individual data.

Here are some measures we take every day that you or anyone else can also use to protect your electronic devices so that hackers do not gain unauthorized access to your device and tamper with your data and information.

  1. Everyone needs to be using Two-Factor Authentication (2FA). Everyone. No exception. Personal or small business, it doesn't matter. You should be using 2FA. Everyone should. If you think you are a nobody or your business is too small to be hacked, think again because we see attempts to hack just regular individuals and normal people who consider themselves "a nobody" or not so important or wealthy for anyone to waste their time trying to hack them, but it happens. Hackers may target a random person to practice on or as a conduit to get into their employer's company system. It is very important to enable 2FA whenever possible for your accounts to make it harder for hackers to get into your device. You need a second form of verification, for example, a code from an app such as Google Authenticator, Authy, Microsoft Authenticator, etc. If you are unable to use an authenticator app (which is more secure), you can set up your phone number or email address to receive a code via text message, phone call, or email as a 2FA in addition to your passphrase or password.
  2. Do this simple thing: No sharing of PINs, passwords, or passphrases Please, just don't.
  3. Do not write your PINs, passwords, or passwords anywhere. The best practice is to use a password manager such as KeePass, Bitwarded, LogMeOnce, Avira Password Manager, Enpass Password Manager, 1Password, etc. to store your passwords and passphrases and you will have to remember only one master password or passphrase. It is very convenient, easy to use, and not complicated as people who have not used it think.
  4. Passwords, passphrases, and PINs: Use passphrases whenever possible, then a password, PIN, or pattern lock for your device. Avoid using information that can be guessed easily, such as your date of birth, street address, zip code, P.O. Boxes, plate number, name of a city, school, place of worship, or personal names. Longer passphrases are great for added security. If you are bilingual, using a password containing words from more than one language can be an added advantage. For example, instead of using PIN = 1986 or password = Moon345 or passphrase = I met her in Moshi, you could use a passphrase = In1986/WemetinMosh!
  5. Use Biometric Authentication if possible: Newer smartphones, tablets and laptops offer fingerprint or facial recognition. Use them whenever possible for an additional layer of security to make it a little difficult for hackers to bypass.
  6. Update your device's operating system and apps: If your device or apps are not set up to automatically download and install updated versions of the operating system or apps, make it a habit to manually check for updates, download them, and install in order to apply the latest bug fixes and security patches which fix vulnerabilities that hackers could use to exploit your device. Installing updates and upgrades may also improve the efficiency of your device. Caution: Please, backup data before installing updates because some updates may break stuff and cause issues, including the loss of data.
  7. Install and enable Security Apps: Always use reputable security applications, antivirus, or antimalware software to detect and prevent virus and malware attacks. Check your device settings and each application to ensure they are only granted permissions they truly need to perform what the app is intended to do. Some applications or operating systems will even allow you to only allow certain permissions when using the application itself. Revoke any permission you may think the app doesn't need. Some permissions you want to limit include location, camera, microphone, storage, files, etc.
  8. Make it a habit to review App Permissions by regularly reviewing app permission settings to ensure that only the necessary permissions that an app requires to function are granted.
  9. Lock SIM Card: This is very important, especially if you want to avoid phone or tablet SIM card jacking for 2FA. Contact your mobile carrier to enable a SIM card lock with a PIN or other security measures instituted by your carrier in order to block someone from porting, switching, and using your SIM card on another device.
  10. Be Careful with Downloads: Only download apps from official app stores, such as Microsoft's Windows Apps, Apple's App Store, or Google's Play Store, and from reputable websites for applications you may need on your computer. Avoid apps from third-party sources or attachments in an email or text.
  11. If you have to use a public Wi-Fi network, do not access sensitive data on your device while connected to the public Wi-Fi because it is less secure and more vulnerable to hacking. Use a Virtual Private Network (VPN) instead if it is urgent and you do not have any other option.
  12. Data Backup: Schedule a regular data backup of your device's data to a secure location such as the cloud storage service, an external storage device, or an isolated computer for data backup, and make sure the last two are offline or using a separate network or internet connection from the main. This is to ensure that, in the event of an attack, you are able to recover data that was stored separately offline or off the main grid. If you store data in the cloud, use a reputable and secure cloud storage service that offers strong encryption.
  13. Enable Remote Device Lock, Erase, or Wipe. This is very important, especially for a phone. In your Apple or Android device settings, check and enable the option that will let you remotely lock or wipe your phone, tablet, or laptop's data if it is lost or stolen to prevent unauthorized access to some sensitive information that can be used against you or for fraudulent activities.
  14. Send Secure emails if you have to share some sensitive information, such as Personally Identifiable Information (PII), Protected Health Information (PHI), Social Security Number (SSN), Date of Birth (DOB), physical address, a phone number, an email address, etc.
  15. Use Encrypted Messaging Apps: If you are unable to send a secure email or are concerned about messages being intercepted, if applicable, by your company, use encrypted messaging apps like Confide, Signal, WhatsApp, Threema, Voxer, Element, Wickr Me, Skred, Briar, Viber, etc.
  16. Screen Calls and Texts: Not all are genuine, especially if they come from an "unknown" or from a number not in your contact list, or an anonymous call or text. If you receive a call, text, or email and in the middle of the conversation you are asked to share some sensitive information or read a code sent to you, hang up or stop responding to a text. Legitimate companies do not call you asking for this information so they can stop a transaction or process one because they already have it. Some legitimate companies may ask for some information to confirm your identity if you call them first to report suspicious activity in your account. Do not share your information or confirm anything, especially if you didn't initiate the communication and you are being pressured or threatened.
  17. Those Bluetooth and NFCs. Disable them when they are not in use, as they can be used to gain unauthorized access.
  18. Do not use public USB charging ports. You want to always bring and use your own charge on the available electric outlet instead of free USB ports in airports, shopping centers, hotels etc. to avoid becoming a victim of "juice jacking" where hackers can load malware onto those USB ports.
I may have missed some tips, but these are also some of the most common practices that, if followed correctly, can significantly reduce the risk of getting compromised or hacked. You can stay informed about the latest security threats and best practices for mobile device security by following tech news websites, blogs, and social media accounts.

Wednesday, July 26, 2023

Common scams

   
Some scammers take their time to persuade you by using stories to play on emotions in order to gain trust before they steal from you.

Here are some examples to learn from:


  • A deal via social media or online shopping websites such as eBay, Amazon, Craigslist, OfferUp, Swappa etc., by selling stuff you may be interested in but ask that you must pay using cash or an app other than the app from the site you're purchasing through.
  • Imposters such as pretending to be from the tax agency because you owe some taxes and a lawsuit is pending if you don't pay right away. Others pretend to be from tech companies and say they need to update your computer system, while others pretend to be from your utility company inquiring about a late payment where they ask you to supply personal and financial information so they can compare it in the system.
  • Grandma, Grandpa calls - they pretend to be a grand kid that's stranded somewhere, or in some sort of trouble, or kidnapped and nee money fast.
  • You've won! - Some scammers will tell you that you've won a large sum of money from lottery or raffle, or money left under your name or money entitled to you from example a class action settlement or unclaimed money from the past, etc. They will ask for your personal and financial information in order to collect tax on the money before they "pay you."
  • Investment pitch. Scammers will try to tell you about a "once-in-a-lifetime" opportunity to invest and reap big rewards. You will be promised massive profits and guaranteed great returns in a short and long term. You will be asked to invest immediately.
  • Romance scams. Scammers play with emotions and feelings, especially online when they can promise anything you desire after learning about your situation. They do not care if you've been looking for a soulmate for a long time, or you've recently separated or divorced and trying to heal, or you've lost your spouse and are vulnerable. The promise to mee you in person but first, they need some money because they cannot afford to travel or are trapped on a mission somewhere.
  • Business compromise emails (BCE). Some scammers will infiltrate the institution you're doing business with for a home, property, car, office or business equipment, by phishing and spoofing their email address and tell you of a change in closing information and you have to wire money to a new account.

How to try and protect yourself


  • Do not share your personally identifiable information (PII) with anyone
  • Do not share your bank information
  • Do not click links in emails or text messages - go to the company's website directly or call them from the number in your statement or in the back of your card.
  • Do not access your financial accounts information using a public internet.
  • Trust your instincts or gut feeling. Think before you act. Genuine people will understand if you need time to double check and verify. It is better to be late or laughed at than be sorry.
  • Protect others by sharing information about scams and how to stay ahead. Listen and from others as well, you may learn or get reminded of something.

Tuesday, July 25, 2023

"Pay Yourself" scams

   

In general, no bank will ever ask you to send money in order to resolve or reverse fraud on your account.

Any text message, phone call, or email stating that it is from your bank and asking you to send money by wire or pay via Zelle, CashApp, Venmo, Apple gift cards, PayPal, or any other forms of payment for a service that you do not remember or recognize or solve an issue in your account it is a scam.

Try to stay safe by:

  1. Knowing the person, you're talking to. If you are not comfortable with the questions or information being asked, or you're feeling that something is not right, trust your intuition and hang up the phone before providing such information as full names, phone number, bank account number, debit number, credit number with 3-digit verification number, username, password, verification code from a text message or from your 2-factor authentication app (2FA). Go to your account and check the number (can also be found on your statements) for your financial institution provider and call them directly. This is also a good habit that can be applied to any suspicious form of communication even if it doesn't involve money at first.

  2. Take a deep breath and think through. Scammers may take time to persuade you into doing something, but usually most of them will create a sense of urgency and trigger your emotions so that you react without thinking thoroughly. They use this method to force you into doing something without realizing it at the moment. 

  3. Don't send money before you know for sure why you're sending money and why. Some trained or experienced bank employees may be able to spot a scam and try to warn you. Stop and listen to them even if the scammer told you not to. They may help you save your money.

Monday, July 24, 2023

Check (cheque) fraud

   
When using checks, be aware that the checks you write most of the time will include your name, your address, and your bank account number. If they fall into the wrong hands, you may lose your personal information stolen and financial loss.

How do scammers get your check?
  1. by taking them your checks from the mailbox
  2. by getting them from the trash cans if they were not disposed of properly
How do they get money from this fraud?

By rewriting your check to themselves after using chemicals to erase your information.
  1. by selling your personally identifiable information (PII) to other scammers
  2. by using your PII to forge checks 
  3. by using your PII to create profile that they can use to apply for services as if they were you
Some tips to help with making it harder to alter your check
  1. User a permanent pen
  2. In the payee field, fill out the name in the entire space or make a line to the end of the space
  3. Use the same signature every time to be consistent
  4. Go to the post office and mail it from inside, and not dropping them in the drop boxes outside