Ransomware
In 2017 ransomware has come to eclipse all other types of cybercrime, worldwide. The victims are both companies of all sizes and government agencies. In some cases, it affected infrastructures that could have endangered lives. This trend is very unlikely to change.
This is why, government agencies, business owners of any sized-company and employees, must consider the safety of their equipment and network at all times (yes, even employees who aren’t in charge of IT security). What costs our employers time, money, and sometimes their reputations can hurt those of us who work for them.
OAS FCU has published a brochure on what ransomware is and how you can protect
 |
| If it's online, it can be used for cyberattacks. Photo: Annie Spartt |
Botnet alert
This year the first botnet has surfaced that actually uses the Internet of Things (IoT) to route its attacks. A botnet is a network made of many infected devices that is controlled by a malicious bit of software with the intent of perpetrating DDOS attacks or hacking systems with worms, in order to steal or corrupt data. This specific botnet attack is called Reaper and it has been using routers, webcams, security cameras and advanced printers for its attacks.
This may seem that something you need not worry about but, if you have a home network that is used as part of a botnet attack because your network’s security was breached, you may find your IP address blocked form any site that was attacked through that botnet. This could be streaming services, large online retailers, news, social media… It’s your responsibility to keep your home network safe. Consider changing your password every few months.
There is also a new type of advanced DDOS. DDOS stands for distributed denial of service; in this attack many infected computers are used -without the owners’ knowledge- to all request service from the same website all at one. The escalated amount of traffic slows the website until it has to be taken offline and rebooted. There have been several major -global- DDOS attacks. Keep in mind that just as with the IoT, if your IP is found to be among those involved in the attack, your business could suffer.
This new type of attack is particularly clever and noxious. It attacks with a high pulse of data (we’re talking 300 gigabytes per second) and only attacks for a few seconds, and then it powers down. During the down time it’s able to hit other targets with the same DDOS pulse attack. It has two major advantages that are likely to make it a trend in the future of this type of attacks:
- Low traceability;
- It has the ability to attack many, many more targets; once a server has been swamped -which takes only moments using a pulse of this scale-, it has to be rebooted before it can be accessed by users, in a process that takes hours. Therefore, a pulse attack is just as effective as a sustained DDOS but it allows the attacker to focus on many different targets in a fraction of the time.
If you get a call form an official Medicare agent, keep in mind that there is no such thing.
Speaking of the FTC…
Scammers are spoofing the FTC’s main number and using it to steal personal and financial information from consumers. If you receive a call from the number 877-382-4357, hang up. However, if you do need to call the FTC to inform of a fraud, that number works just fine and you can call it. Strange one!
Western Union scams
There are many variants, but they all involve sending money via Western Union. These are the most common styles:
- Fake emails and spoofed text messages from relatives who live far away (grandchildren and nieces/nephews are the most typical);
- A buyer sends you extra money (more than the purchase price) to cover shipping costs, especially for large expensive-to-ship items. They ask you to send, in good faith, whatever funds you didn’t use back;
- Somebody from out of town was “planning” to rent your apartment, but things fell through, and they want the security deposit back;
- Your buyer accidentally got a cashier’s check for the wrong amount, but they trust you to send back any excess funds.
These scammers will ask you to send the money via Western Union. The catch here is that Western Union transfers are gone, undoable and untraceable the moment the receiver gets the funds. Keep an eye out.
How do you protect yourself when selling?
Use your local Craigslist and insist on accepting only in-person cash payments. If you’re contacted about the item you’re selling, keep an eye out for both bad grammar/spelling, and
If you decide to ship something you’re selling, beware of buyers asking you to ship it using their FedEx, UPS or shipping agent; once you turn the package over, it is in the buyer’s hands for good, and they could reroute it to any address they choose and you’d lose any chance of tracking it.
The ripple effect of the Equifax data breach
Did you know that data breaches and thefts are the expected outcome of the increased security from our credit and debit cards now having chip technology that makes them so far, impossible to clone? Cybercriminals always seem to adapt to whatever barriers we put in front of them!
Anyway, let me state the obvious; because of that data breach, identity theft is on the rise. Big time.
I am not going to explain today how you can protect yourselves, I already did so on two very informative articles that you can find here, and here. By the way, that second one has important information on protecting your kids from the aftereffects of the data breach, because they are also susceptible.
Puppy scams
Puppies, kittens and exotic animals are a big idea for Christmas presents. And so, the number of scams around this time of the year related to pet sales is going up. This is what the FCT advises:
- Don’t buy a pet without seeing it in person.
Image: Zairo Alcate. - Research pure breed prices. If you find a purebred for free or with a large discount, it’s most likely a scam.
- Do not pay for a pet with cash, a money order, Western Union or MoneyGram. If you were scammed, you’d never get the money back. Instead, always pay with credit card.
- You can always check for a possible fraud involving pet purchases by checking the BBB Scam Tracker system. By the way, since this is a useful tool, if you find a fraud or have been scammed buying a pet, please report it on that site. You’ll be helping others.
These are also big items on people’s shopping lists during the holidays. Shows, events, sports, concerts, you can find many tickets for these online.
Ideally, avoid using sites that are not established sellers. If you buy from an individual, get the name and address, and verify them online. If you’re supposed to meet at his/her work, confirm that the person works there. Finally, before buying, google the event name and check for ticket sales scams.
And this is it, folks. When I wrote the first article of this series, I never thought it’d become a series. But because OAS FCU cares for our financial prosperity, so they want to keep us informed of what lurks out there.
Happy Thanksgiving!
No comments :
Post a Comment