Preventing Scams and Cybercrime

Fraudsters and cybercriminals are getting sneakier – sometimes even claiming to be your bank or financial institution. Outsmart scammers with these tips.

With more than 2 billion people worldwide accessing the internet through smartphones, hackers have never had greater incentive to devise new scams. Getting scammed is an unpleasant experience, but you can be one step ahead.

For example, you look at your phone and you have a new text message saying it is from your bank or financial institution. The message tells you to click this link and download a new app to secure your identity or customer account. It’s strange because you’ve never received a text from your bank at this number before, and you already have your bank’s app downloaded, or at least you thought?

STOP! Don’t click that link. There are a number of red flags to watch out for to recognize a phishing attack. Although this trick is commonly employed over email, savvy thieves are now trying to install ransomware or steal your financial or personal information by impersonating a bank, credit card company or service provider by phone calls or even text messages. Phishing is when a fraudster tricks a consumer into providing their personal information through a fake app or website. The site may appear have a copy of your bank’s or another company’s logo and appears legit. So how do you tell it’s not?

  • With increasing number of cases related to cyber frauds or online scams, it’s recommended that you follow these tips to detect a scam by text and protect your identity:
    • Check the number and search for how your bank has texted you in the past. Are they different? Don’t click the link!
      Is this message irregular? If you have not recently conducted business, used your cards or logged into your bank via the app, mobile or desktop, it may feel out of context to be receiving this request. Don’t click it!
      Are they using the right terminology for you and your account? Does your bank refer to you as a member but this text message says “customer.” Don’t click it!

    REMEMBER: Do not download any software or click on unknown links sent to you by email or text! Banks will typically never ask you to download software in an email or while you are on the phone with us..

    Emails

    There are some easy ways to ensure the email is from bank. Bank emails typically include a Security Zone to help you distinguish a legitimate email from a fraudulent one. Here is what to look for to help identify authentic emails:

    • Always hover over the sender’s email address to verify who it is from. Banks will only send emails from an address that clearly indicates it is from your bank.
    • To be effective, you must verify the spelling of your first and last name and the accuracy of the last four digits of your USAA member number every time you receive an email from USAA.

    Phone Calls

    RING, RING, RING

    The caller ID says your bank across the top. It’s not a 1-800 or a 1-877 number, but when you answer, the caller says they are with your bank and now asks for your customer service identification number to verify you. The caller may offer to assist with installing software you need for your financial services … what do you do?

    STOP! Don’t share your personal information before verifying the caller. If your bank is calling you, they typically will never ask for your “customer” identification number, credit card number or other personal information.

    Follow these tips to detect a scam by a phone call and protect your identity:

    • Do not share security or personal data: Your bank will never call you and then ask you for your one-time verification code, PIN, password or other personal identification details.
    • Always realize that you can call your bank to determine if any request for information is valid. When you call us, know that we’ll use the multifactor identification code from your phone to verify you.

    “Grandpa, I need your help. My car won’t start. Please send me money using this app…” OR

    “Hi, how are you? I can’t deposit any money into my bank account because I am deployed. Can you send me some money for my phone card so we can continue talking? I really miss you.”

    STOP! Imposters have many tricks up their sleeves when they are trying to access your information or steal your assets. As discussed above, it could be by impersonating a company through a phone call, email or text, but now they are even trying to contact you on third-party social platforms, like Facebook or Twitter, or through dating apps and sites.

    Follow these tips to avoid a grandparent or romance scam:  

    • Never send money to someone you don’t know in real life, especially using a third-party app like Zelle, CashApp, etc.
    • If someone claims to be a family member, verify with that family member by calling them directly! If you think your grandson needs help, call him or call his parents before sending money unintentionally to a scammer.
    • Do your research. If you are getting to know someone online, make sure you look them up, validate they are who they say they are. Some also claim to not have access to common resources overseas because they are serving, which is often untrue.

    If any of these situations should happen to you, reach out for advice before giving out any personal information. And, if you get a suspicious email, text, instant message or phone call, you can report it to your bank or to the Federal Trade Commission at ftc.gov/complaint.

    If a scam does trip you up in real life, get help! The FBI has an Internet Crime Complaint Center at ic3.gov. You can also report identity theft to the Federal Trade Commission to 1-877-ID-THEFT (84338).

    There are also some easy ways to ensure a text message is from your bank.  Based on your request, many banks may send a one-time code as part of its multi-factor authentication process. If you suspect fraud, you should:

    •  REPORT! Even if you didn’t share personal information or click a questionable link, if you suspect fraud, let us know so we can help prevent it to protect you and other members in the future.
    • If you receive a suspicious call from someone claiming to be your bank and is requesting account information or security credential information, hang up immediately!
    • If you provided any personal identifiable information prior to hanging up, alert your bank.
    • If you did not provide any information, you should still send an email to your bank reporting the phone number or text message and message details. This helps them to actively work to shut down fraudulent callers, sites and emails.

    Imposters can come from the least expected places and they are constantly changing their tactics. That’s why it is so important to always be on alert. While financial institutions can use sophisticated detection processes, they are most effective in fighting fraud when they work together with their customers.

     

    Think Before You Click

    #ThinkB4UClick

    The global pandemic has tested the online security resilience and vigilance of people world-wide, while at the same time the pandemic is pushing more and more individuals to conduct their daily personal and work lives online.

    Unfortunately, cyber criminals have sought opportunities to create havoc and financial gain in the midst of the chaos caused by the pandemic.

    Since our lives have shifted into the digital dimension, educating the online user on cyber security has become more important than ever before.

    As a result, cyber security has become increasingly important domestically and globally. But we must all remember that cyber security begins with a few basic steps such as: being vigilant, changing your password often and most important… think before you click on or open a link.

    Tips for Securing Your Digital Accounts

    Like keeping our doors locked to keep our homes safe from burglars, keeping our online accounts secure is vital to help protect ourselves from cyber criminals – and passwords are the key.

    Here are some tips to help you keep your accounts safe online.

    1. Choose strong passwords

    The stronger your password is, the more difficult it is to hack your account.

    Create passwords that are at least 15 characters long and include a combination of upper and lower case letters, numbers and symbols if allowed.

    A good way to do this is to create a passphrase – use a sentence that includes unusual words, or words from different languages.

    In addition, always use unique passwords for all your online accounts.

    2. Use a password manager

    A password manager is a convenient way to take care of your passwords.

    Several very good password managers are free and easy to use. It will create strong passwords for you and keep them secure.

    If you’d prefer not to use a password manager, write your passwords into a notebook and keep it in a secure place away from your computer.

    3. Enable Multi-Factor Authentication (MFA)

    Multi-factor authentication (like 2FA) provides an extra layer of security to help protect your accounts.

    It is an electronic authentication method where you need to present two or more pieces of evidence (factors) to confirm your identity and access your account, for example a password and a code that is sent to your mobile phone. Your account cannot be accessed without entering this code.

    4. Do all of the above!

    For extra security, use a password manager that will create strong passwords for you and enable multi-factor authentication when available for your best chance to keep your accounts secure.


    References:

    1. https://cybersecuritymonth.eu/resources/top-tips-for-securing-your-accounts/

    Protecting Yourself Against a Cyberattack

    The Top Three Things That Anyone Should Do to Help Protect Themselves Against a Cyberattack

    The top three things that anyone should do to help protect themselves against a cyberattack.

    1. Incorporating multi-factor authenication (MFA)
    2. Understanding phishing and how to identify phishing attempts
    3. Discussing with colleagues, families and cyber professionals

    Cyber Security Awareness: Ransomware

    “Organizations and consumers are frequently exposed to the clear and present danger of sophisticated phishing and ransomware cyber attacks.”

    Over the last several years, ransomware has remained a “clear and present” cyber security threat for organizations and individuals around the world. As companies have gone increasingly digital, cyber criminals have sought to maximize their profits by exploiting the vulnerabilities that come with a rapidly expanding cyber ecosystem.

    Global cyber threats include ransomware, common hacks such as phishing and malware, or complex state- sponsored spying efforts like with SolarWinds. And, the frequency of today’s cyber attacks is growing and compelling companies to secure their networks with the most modern threat detection technology.

    Ransomware is a malware that infects computers (and mobile devices) and restricts their access to files, often threatening permanent data destruction unless a ransom is paid. It has reached epidemic proportions globally. According to the Cybersecurity and Infrastructure Assurance Agency (CISA): “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”

    These cyber attacks against U.S. companies and organizations result in shutdown of critical infrastructure, which can create shortages, increased cost of goods/services, financial loss due to shutdown of operations, and loss of money due to having to pay the ransom to the hackers, and worse.

    Ransomware costs include ransom payouts, damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.

    Source: Cybersecurity Ventures

    For example, the DarkSide hacker gang is an organized group of hackers set up along the “ransomware as a service” business model, meaning they develop and market ransomware hacking tools, and sell them to other cyber criminals who then carry out cyber attacks. Additionally, DarkSide steals private data and threaten to make it public unless the victim pays a large sum of money — typically in the range of $200,000 to $2 million, according to CNBC. The FBI has determined that DarkSide was behind the devastating Colonial Pipeline ransomware cyber attack which targeted the company’s billing system and internal business network. Subsequently, the company reportedly paid out $4.4 million dollars in bitcoin. Fortunately, US law enforcement was able to recover much of the $4.4 million ransom payment.

    Human element

    “Ransomware is expected to attack a business every 11 seconds by the end of 2021.” Steve Morgan, Editor-in-Chief, Cybersecurity Ventures

    Ransomware still uses social engineering as its main infection vector,” says KnowBe4’s Sjouwerman. “Some 91% of cyberattacks begin with a “spear phishing” email, according to research from security software firm Trend Micro.

    Spear phishing is an increasingly common form of phishing that makes use of information about a target to make attacks more specific,sophisticated and “personal”. These attacks may, for instance, refer to their targets by their specific name or job position, instead of using generic titles like in broader phishing campaigns.

    According to research firm Cybersecurity Ventures, ransomware damages will reach $20 billion this year, up more than 100% from 2018 and 57 times higher than in 2015.

    As cyber attacks and ransomware continues to grow in frequency and severity, it’s essential that individuals receive security awareness training that specializes in making sure they understand the mechanisms of spam, phishing, spear phishing, malware, ransomware and social engineering and apply this knowledge in their day-to-day online activities.

    Additionally, it’s imperative that organizations employ an endpoint detection and response (EDR) tool which can provide the visibility and cyber protection that organizations need.


    References:

    1. https://www.cnbc.com/2021/05/27/cybereason-ceo-was-in-israel-bomb-shelter-telling-world-about-darkside.html
    2. https://blog.knowbe4.com/bid/252429/91-of-cyberattacks-begin-with-spear-phishing-email
    3. https://illinois.touro.edu/news/the-10-biggest-ransomware-attacks-of-2021.php
    4. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/
    5. https://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/

    Avoid These 3 Cybersecurity Mistakes

    CISA warns of risky behaviours that leave networks exposed to cyberattacks

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA), which leads the national effort to protect and enhance the resilience of the nation’s physical and cyber infrastructure, warns that “”exceptionally risky” [cyber] behaviors that can put critical infrastructure at extra risk of falling victim to cyberattacks”.

    The three cyber security mistakes and behaviors to avoid are:

    1. Using unsupported software,
    2. Allowing the use of default usernames and passwords, and
    3. Using single-factor authentication for remote or administrative access to systems

    According to CISA, these are all dangerous behaviors when it comes to cybersecurity and should be avoided by all organizations.

    Using multi-factor authentication can help disrupt over 99% of cyberattacks. Microsoft

    Use of single-factor authentication – where users only need to enter a username and password – was recently added to the list of risky behaviors. CISA warned that single-factor authentication for remote or administrative access to systems supporting the operation of critical infrastructure “is dangerous and significantly elevates risk to national security”.

    Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks.

    Change default passwords as soon as possible, and use a sufficiently strong and unique password. CISA

    CISA describes that using fixed or default passwords as “dangerous” and should be avoided at all cost. Default or simple passwords are good for cyber criminals because there’s a much higher chance of them being able to simply guess passwords to compromise accounts.

    CISA also warns against the use of passwords that are known to have been breached previously, as that means they also provide cyber criminals with a simple means of gaining access to networks.

    One in three breaches are caused by unpatched vulnerabilities. ZDNet

    Finally, CISA warns that the use of unsupported or end-of-life software in critical infrastructure. By using software or operating systems that no longer receive security patches or updates, there’s the risk that cyber criminals could exploit newly discovered security vulnerabilities that emerge because old software often doesn’t receive security patches.

    The 2017 WannaCry ransomware attack stands a shining example of what can go wrong when patches aren’t applied. While a patch for the vulnerability exploited by the ransomware had existed for several months, many organizations failed to install the it.

    Takeaway

    Reducing your organization’s cyber risks requires a holistic approach. CISA

    Avoiding the use of single-factor authentication, default passwords and unsupported software will also help protect you and others from falling victim to cyberattacks.

    To reduce risks, here are three cyber security actions that organizations should do first:

    • Backup Data – Employ a backup solution that automatically and continuously backs up critical data and system configurations.
    • Multi-factor Authentication – Require multi-factor authentication (MFA) for accessing your systems whenever possible. MFA should be required of all users, but start with privileged, administrative and remote access users.
    • Security Patch and Update Management – Enable automatic updates whenever possible. Replace unsupported operating systems, applications and hardware. Test and deploy patches quickly.

    References:

    1. https://www.zdnet.com/article/dont-want-to-get-hacked-then-avoid-these-three-exceptionally-dangerous-cybersecurity-mistakes/
    2. https://www.zdnet.com/article/microsoft-using-multi-factor-authentication-blocks-99-9-of-account-hacks/
    3. https://us-cert.cisa.gov/ncas/alerts/TA13-175A
    4. https://www.cisa.gov/sites/default/files/publications/Cyber%20Essentials%20Starter%20Kit_03.12.2021_508_0.pdf

    October is Cyber Security Awareness Month

    “Do Your Part. #BeCyberSmart.”

    Cybersecurity Awareness Month was created as a collaborative effort between government and industry. Its objective is to raise awareness about the importance of cybersecurity across our Nation, ensuring that all Americans have the resources they need to be safer and more secure online.

    You can make a difference during Cybersecurity Awareness Month.

    Whether you have a minute, an hour or a day – or all month long – Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance encourage that you check out ways you can participate and support Cybersecurity Awareness Month on social media, at home, at work or school and in the community.

    #BeCyberSmart Tip: If you connect it, protect it. Outsmart cyberthreats by regularly updating your software.

    Important Cybersecurity Tips to Protect Your Personal Information

    • Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
    • Make  your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
    • Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords. 
    • Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of your passwords.
    • Don’t overshare on social media – Cyber criminals can learn all about you, social engineering, on social media! #BeCyberSmart and make it harder for them by avoiding posting real names, places you frequent and home, school and work locations.

     


     
    Cyber Security Research Findings

    These cybersecurity findings are derived from two national studies – a national survey on online behaviors and attitudes for the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG). The findings reveal that:

    • 93 percent of Americans believe their online actions can protect not only friends and family but also help to make the internet safer for everyone around the world.
    • 96 percent of Americans feel a personal responsibility to be safer and more secure online.
    • 61 percent believe that much of online safety and security falls under their personal control, and consistent with those feelings, 90 percent said they want to learn more about keeping safer on the Internet.
    • 48 percent feel their actions to stay safe and secure can have a positive impact on financial, economic, and national security of the country, indicating Americans are open to making the bridge between their own safety and the nation’s security.

    Finally, when respondents were asked why they don’t always do all the things they can or should do to stay safer online, they said they simply lacked the information or knowledge, which was a surprising finding for researchers. Moreover, 12 percent said online safety was too expensive and 5 percent said they were too busy to take the extra step.

    STOP. THINK. CONNECT.


    References:

    1. https://staysafeonline.org/cybersecurity-awareness-month/get-involved/
    2. https://www.stopthinkconnect.org/research-surveys/research-findings

    Avoiding Investment Fraud

    Financially savvy and experienced investors, along with inexperienced investors, fall prey to investment fraud frequently.

    Researchers have found that investment fraudsters hit their targets with an array of persuasion social engineering techniques that are tailored to the victim’s psychological profile.

    Here are several “red flags” to look for:

    • If it sounds too good to be true, it is. Any investment opportunity that claims you’ll receive substantially more could be highly risky – and that means you might lose money. Be careful of claims that an investment will make “incredible gains,” is a “breakout stock pick” or has “huge upside and almost no risk!” Claims like these are hallmarks of extreme risk or outright fraud.
    • “Guaranteed returns” aren’t. Every investment carries some degree of risk, which is reflected in the rate of return you can expect to receive. If your money is perfectly safe, you’ll most likely get a low return. High returns entail high risks, possibly including a total loss on the investments. Most fraudsters spend a lot of time trying to convince investors that extremely high returns are “guaranteed” or “can’t miss.” They try to plant an image in your head of what your life will be like when you are rich. Don’t believe it.
    • Beware the “halo” effect. Investors can be blinded by a “halo” effect when a con artist comes across as likeable or trustworthy. Credibility can be faked. Check out actual qualifications.
    • “Everyone is buying it.” Watch out for pitches that stress how “everyone is investing in this, so you should, too.” Think about whether you are interested in the product. If a sales presentation focuses on how many others have bought the product, this could be a red flag.
    • Pressure to send money RIGHT NOW. Scam artists often tell their victims that this is a once-in-a-lifetime offer and it will be gone tomorrow. But resist the pressure to invest quickly and take the time you need to investigate before sending money.
    • Reciprocity. Fraudsters often try to lure investors through free investment seminars, figuring if they do a small favor for you, such as supplying a free lunch, you will do a big favor for them and invest in their product. There is never a reason to make a quick decision on an investment. If you attend a free lunch, take the material home and research both the investment and the individual selling it before you invest. Always make sure the product is right for you and that you understand what you are buying and all the associated fees.

    What You Can Do to Avoid Investment Fraud

    • Ask questions. Fraudsters are counting on you not to investigate before you invest. Fend them off by doing your own digging. It’s not enough to ask for more information or for references – fraudsters have no incentive to set you straight. Take the time to do your own independent research.
    • Research before you invest. Unsolicited emails, message board postings, and company news releases should never be used as the sole basis for your investment decisions. Understand a company’s business and its products or services before investing. Look for the company’s financial statements by searching SEC’s EDGAR filing system.
    • Know the salesperson. Spend some time checking out the person touting the investment before you invest – even if you already know the person socially. Always find out whether the securities salespeople who contact you are licensed to sell securities in your state and whether they or their firms have had run-ins with regulators or other investors. You can check out the disciplinary history of brokers and advisers for free using the SEC’s and FINRA’s online databases.
    • Be wary of unsolicited offers.Be especially careful if you receive an unsolicited pitch to invest in a company, or see it praised online, but can’t find current financial information about it from independent sources. It could be a “pump and dump” scheme. Be wary if someone recommends foreign or “off-shore” investments. If something goes wrong, it’s harder to find out what happened and to locate money sent abroad.
    • Protect yourself online. Online and social marketing sites offer a wealth of opportunity for fraudsters. For tips on how to protect yourself online see Protect Your Social Media Accounts.

    You should strive to become an educated investor and to know what to look for. Make yourself knowledgeable about different types of scams and red flags that may signal investment fraud.


    References:

    1. https://www.investor.gov/protect-your-investments/fraud/how-avoid-fraud/what-you-can-do-avoid-investment-fraud
    2. https://www.investor.gov/protect-your-investments/fraud/how-avoid-fraud/protect-your-social-media-accounts

    Ransomware Attacks and Cyber Scams Surge in 2020

    Ransomware attacks surged 300% in calendar year 2020, according to Chainalysis. And in 2020, $406.3 million was paid out in cryptocurrency ransoms, 337% more than the previous year. This calendar year’s ransom payments are on pace to pass seven figures.

    The attacks have crippled supply chains and critical infrastructure by holding digital information hostage.

    • Colonial Pipeline, one of the largest fuel pipelines in the US, was forced offline for six days in May.
    • An Iowa grain co-op was hit by a cyberattack, and hackers demanded $5.9 million to unlock the organization’s data.

    Ransomware is something that government agencies are extremely focused on these days. They’re viewing it on par with terrorist financing attacks. The victims of ransomware attacks are mostly big businesses, where more sophisticated attack appear to be sanctioned by foreign governments such as Russia, China, North Korea or Iran.

    However, big business are not the only victims of cybercriminals. Nearly 7,000 individual investors lost a collective $80 million to cryptocurrency scams from October 2020 to March 2021, according to the Federal Trade Commission.

    Currently, the biggest type of cybercriminal activity in terms of volume is scamming: your investment scam, your Ponzi scheme, or just a phishing attack. Retail investors are oftentimes more vulnerable to being taken advantage of by scammers. But these scams impact the government as well, because the SEC is chartered to make sure they’re protecting consumers.

    The bottomline is that “illicit activity on the blockchain is heating up, from minor scams to elaborate ransomware attacks”, explained Kimberly Grauer, director of research at Chainalysis.

    The majority of cryptocurrency activity is legal according to the U.S. Treasury Department. But, cryptocurrency can be exploited by cybercriminals and leveraged for ransomware attacks. Crypto’s decentralized nature can make it more difficult to track down hackers.

    The SEC’s Office of Investor Education and Advocacy issues periodic Investor Alerts to help investors identify signs that what is offered as an investment may actually be a scam or fraud. They urge investors to be on high alert in order to protect themselves and others from becoming victims of investment cyber fraud.

    The key to avoiding investment fraud and scams is to be an educated investor. Below are five tips from the SEC website investor.gov to help you avoid investment fraud:

    1. Be Wary of Unsolicited Offers to Invest – Cybercriminals look for victims on social media sites, chat rooms, and bulletin boards. If you see a new post on your wall, a tweet mentioning you, a direct message, an e-mail, or any other unsolicited – meaning you didn’t ask for it and don’t know the sender – communication regarding a so-called investment opportunity, you should exercise extreme caution.
    2. Look out for Common “Red Flags” – Wherever you come across a recommendation for an investment – be it on the Internet or from a personal friend (or both), “red flags” such as (a) It sounds too good to be true since any investment that sounds too good to be true probably is; (b) The promise of “guaranteed” returns since every investment entails some level of risk, which is reflected in the rate of return you can expect to receive; and (c) Pressure to buy RIGHT NOW because should not be pressured or rushed into buying an investment before you have a chance to research the “opportunity.”
    3. Look out for “Affinity Fraud” – Never make an investment based solely on the recommendation of a member of an organization or group to which you belong, especially if the pitch is made online. An investment pitch made through an online group of which you are a member, or on a chat room or bulletin board catered to an interest you have, may be an affinity fraud. Affinity fraud refers to investment scams that prey upon members of identifiable groups, such as religious or ethnic communities, the elderly, or professional groups. Even if you do know the person making the investment offer, be sure to check out everything – no matter how trustworthy the person seems who brings the investment opportunity to your attention (think Bernie Madoff). Be aware that the person telling you about the investment may have been fooled into believing that the investment is legitimate when it is not.
    4. Be Thoughtful About Privacy and Security Settings – Investors who use social media websites as a tool for investing should be mindful of the various features on these websites in order to protect their privacy and help avoid fraud. Understand that unless you guard personal information, it may become available for anyone with access to the Internet – including cybercriminals.
    5. Ask Questions and Check Out Everything – Be skeptical and research every aspect of an offer before making a decision. Investigate the investment thoroughly and check the truth of every statement you are told about the investment. Never rely on a testimonial or take a promoter’s word at face value. You can check out many investments using the SEC’s EDGAR filing system or your state’s securities regulator.

    Investors on the Internet and social media should always be on the lookout for cyber scams and fraud. If you have a question or concern about an investment, or you think you have encountered fraud, you should contact the SEC or FINRA,


    References:

    1. https://www.morningbrew.com/daily/stories/2021/08/23/blockchain-expert-fights-crypto-crime
    2. https://www.sec.gov/oiea/investor-alerts-bulletins/ia_5redflags.html
    3. https://www.investor.gov/introduction-investing/general-resources/news-alerts/alerts-bulletins/investor-alerts/updated-11
    4. https://www.sec.gov/oiea/investor-alerts-and-bulletins/investment-scam-complaints-rise-investor-alert

    Apple Issues Emergency Security Update

    Apple released critical software patch to fix latest security vulnerability

    Apple issued an emergency software update to fix a security flaw that researchers said allowed hackers and governments to invisibly spy on Apple users without so much as a click.

    The “zero-click” exploit was discovered by cybersecurity research group Citizen Lab. The researchers said Israeli cybersecurity group NSO Group has been exploiting the software vulnerability since February.

    To install the software fix, ensure your iPhone is plugged in or has at least 50 percent battery life. Then:

    • Go to Settings.
    • Click General.
    • Click Software Update.
    • Click Install Now to update to iOS 14.8.

    Although cyber security experts contend that the retail iPhone, iPad and Mac users generally need not worry, since such attacks are highly targeted, the discovery still alarmed cyber security experts. “Users of mobile and computing platforms need to make checking for security updates a part of their weekly, if not daily routine,” wrote Steve Turner, an analyst at the tech consulting firm Forrester.


    References:

    1. https://www.huffpost.com/entry/cybersecurity-apple-security-update_n_613faff0e4b0628d095f108
    2. https://support.apple.com/en-us/HT201222
    3. https://us-cert.cisa.gov/ncas/current-activity/2021/09/13/apple-releases-security-updates-address-cve-2021-30858-and-cve

    Millions of Americans Fall Victim to Identity Theft

    While online, your personal information is constantly exposed to bad actors. Take actions to protect your identity and prevent the theft of your identity.

    A shocking amount of information about you can be found online. From Social Security numbers to bank account numbers to social media profiles, a savvy thief potentially has access to all the data he or she needs to assume and steal your identity.

    Identity theft is a serious crime. It happens when someone uses your Social Security number or uses other personal information about you without your permission to open new accounts, make purchases or get tax refunds. They could use your:

    • Name and address
    • Credit card or bank account numbers
    • Social Security number
    • Medical insurance account numbers

    Many Americans whose information was compromised did not realize their identity was stolen until years later when they tried to buy a car, file tax returns or purchase a home.

    Experts warn that identity thieves can use social engineering to steal your information. Social engineering is the art of manipulating someone to divulge sensitive or confidential information that can be used for fraudulent purposes.

    Social engineering can happen everywhere, online and offline. And unlike traditional cyberattacks, whereby cybercriminals are stealthy and want to go unnoticed, social engineers are often communicating with you in plain sight. Consider these common social engineering tactics that one might be right under your nose.

    • Your “friend” sends you a strange message. Social engineers can pose as trusted individuals in your life, including a friend, boss, coworker, even a banking institution, and send you conspicuous messages containing malicious links or downloads. Just remember, you know your friends best — and if they send you something unusual, ask them about it.
    • Your emotions are heightened. The more irritable we are, the more likely we are to put our guard down. Social engineers are great at stirring up our emotions like fear, excitement, curiosity, anger, guilt, or sadness.
    • The request is urgent. Social engineers don’t want you to think twice about their tactics. That’s why many social engineering attacks involve some type of urgency, such as a sweepstake you have to enter now or a cybersecurity software you need to download to wipe a virus off of your computer.
    • The offer feels too good to be true. Ever receive news that you didn’t ask for? Even good news like, say winning the lottery or a free cruise? Chances are that if the offer seems too good to be true, it’s just that — and potentially a social engineering attack.
    • You’re receiving help you didn’t ask for. Social engineers might reach out under the guise of a company providing help for a problem you have, similar to a tech support scam. And considering you might not be an expert in their line of work, you might believe they’re who they say they are and provide them access to your device or accounts.
    • The sender can’t prove their identity. If you raise any suspicions with a potential social engineer and they’re unable to prove their identity — perhaps they won’t do a video call with you, for instance — chances are they’re not to be trusted.

    A thief can get your personal information in person or online. Here are some ways thieves might steal someone’s identity. A thief might:

    • Steal your mail or garbage to get your account numbers or your Social Security number
    • Trick you into sending personal information in an email
    • Steal your account numbers from a business or medical office
    • Steal your wallet or purse to get your personal information

    Identity experts share five recommendations for how to protect your identity:

    • Once a year, order and closely review a free credit report from each national credit reporting agency: Experian, Equifax and Transunion.
    • Browse and purchase online while only using a secure connection. Never use autofill features when filling out online forms, unless it is on a trusted site.
    • Refrain from giving solicitors personal or financial information over the phone, by email or through pop-up message.
    • Opt out of pre-screened offers of credit and insurance by mail.
    • Avoid oversharing on social networking sites so you’re not sharing a potential scam with others.

    If you do think you’re a victim, call the three major credit bureaus and place a credit freeze and file a report with law enforcement.

    Even if you don’t believe it’s that big of a deal, reporting these crimes can help law enforcement prevent others. It took identity theft victims an average of 10 hours to resolve the fraud in 2020, according to LifeLock.

    Moreover, you may be responsible for what the thief does while using your personal information. You might have to pay for what the thief buys. This is true even if you do not know about the bills.

    How can that happen?

    • A thief might get a credit card using your name.
    • He changes the address.
    • The bills go to him, but he never pays them.
    • That means the credit card company thinks you are not paying the bills.
    • That will hurt your credit.

    This is the kind of trouble identity theft can cause for you.

    Your best defense against identity theft and social engineering attacks is to educate yourself of their risks, red flags, and remedies. To that end, stay alert and avoid becoming a victim.


    References:

    1. https://www.consumer.gov/articles/1015-avoiding-identity-theft#!what-it-is
    2. https://us.norton.com/internetsecurity-emerging-threats-what-is-social-engineering.html
    3. https://www.usnews.com/360-reviews/identity-theft-protection