How to Avoid ATM Fraud – 11/28/16

As the Christmas shopping season goes into full swing, cyber criminals are upping efforts to steal your hard earned cash. Most people have heard the horror stories of devices called card skimmers being placed on ATM card slots. These devices scan the magnetic strip on your card while tiny cameras capture your finger movements as you enter your pin. The majority of you have been educated enough to not use ATMs that have large plastic thingy’s sitting over the card slot.

However, the latest card skimmers are so thin they are inserted inside the card slot and are impossible to detect. Check out this video.

How do you protect yourself from such ingenious technology? Simple, cover the pin pad as you enter your pin number. The information that a skimmer scans from your card is useless without the pin. If you cover the pin pad, the criminals camera is unable to record your pin regardless of where it is placed.

Want to reduce your chances of encountering skimmers at all? Only use ATMs that are physically installed in a bank, they are harder to hack. Also, try and avoid using ATMs on weekends. Thieves tend to install these devices on a Friday when they know the bank won’t be open for a while.

Technology is every changing and so are the criminals methods. As careful as we may be, a breach may still happen. Reduce the damage by keeping an eye on your bank statements and disputing any unauthorized charges immediately.

Happy Shopping!!

Downloading Browser Extensions – 11/24/16

Just like apps, music and video; browser extensions should only be downloaded from official reputable sources. Some Mount Royal students found that out the hard way this week when they downloaded a browser extension being offered outside of the Chrome Web Store. The extension spammed fellow students within Blackboard causing a lot of embarrassment and annoyance. Unfortunately, due to the method of email delivery ITS was unable to simply filter out the annoying emails.

No matter how legitimate a download seems to be, if it is not downloaded from an official source there is a greater chance the download could be malicious. Official sources are manufacturer’s web stores like iTunes, the Google Play store and the Chrome Web Store as well as brand websites like Starbucks.

Although downloading from official sources decreases the chance that you will download a malicious app, there are no guarantees. Malware designed as fake apps can also be found on these sites. However, by checking reviews and choosing apps that have a documented history, you can usually spot fake apps before they end up on your device.

Happy Safe Downloading!!

Online Holiday Shopping Tips – 11/22/16

Just in time for Black Friday and Cyber Monday. Here are a few tips to help you stay safe while you shop online.

You are a victim of online financial crime…now what? – 11/21/16

Okay, some cyber criminal has scammed you and stole your funds, information or identity…what do you do now? According to the Calgary Police Service:

File a complaint with the Calgary Police Service and obtain a police case number.
Contact your bank/credit card company if any of your financial information was used. Give your police case number to your bank/credit card company to place on file.
Provide the police case number and have fraud alerts placed on your credit reports to either of the two credit bureau companies, Equifax (1 800 465-7166) or TransUnion in Canada.
Report the incident to the Canadian Anti-Fraud Centre or 1-888-495-8501.

What happens when a cyber criminal steals your account? – 11/21/16

So, the worst has happened…someone has hacked your account and taken it over. You have called the help desk and had the password reset. All is good right? Wrong. When a cyber criminal gets ownership of your account whether it is an email, social media profile or gaming account they typically do the following:

Change your name
Forward any mail to another account
Delete/steal your mail or delete/steal content or credits
Change your signature
Add secondary email addresses to the account
Steal any stored credit card data.

This means when you get your account back you have to:

Make sure the correct name is associated with the account
Check to see if mail is being forwarded
Ensure the email signature is correct
Look for secondary email addresses that have been added and delete them
Cancel any credit cards associated with the account

If that isn’t irritating enough, lets add one more goody to the list of annoyances that come with a compromised account…if your account was used for spamming, you will have the joy of receiving hate mail as well as having a lot of messages that you send to others bounce back due to spam blockers. Unfortunately there is no way to re-mediate that. For this reason, most people who have their accounts hacked will end up abandoning them and creating a new one. But hey…you got your account back.

AdultFriendFinder Hacked! – 11/16/16

A massive data breach of the adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts, including (and this is really bad) over 15 million “deleted” records that were not purged from the databases. Over the weekend it became clear that 339 million names, addresses and phone numbers of registered users at the AdultFriendFinder site were hacked. All these records are now owned by cyber criminals, exposing highly sensitive personal information. On top of the AdultFriendFinder records, 62M accounts from Cams.com, and 7M from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company.

Cyber criminals are going to leverage this event in a lot of different ways: (spear-) phishing attacks, bogus websites where you can “check if your spouse is cheating on you”, or ways to find out if your own extramarital affair has come out.

Any of these 339 million registered AdultFriendFinder users are now a target for a multitude of social engineering attacks. People that have (had) straight or gay extramarital affairs can be made to click on links in emails that threaten to out them.

There will be phishing emails that claim people can go to a website to find out if their private data has been released. This is a nightmare that will be exploited by spammers, phishers and blackmailers who are now gleefully rubbing their hands, let alone the divorce lawyers and private investigators that are going to pour over the data.

Be on the lookout for threatening email messages which slip through spam filters that have anything to do with AdultFriendFinder, or that refer to exposing your activity on the site and delete them immediately, both in the office or at the house.

Do not click on any links or open attachments in emails that appear to come from AdultFriendFinder. Instead, go directly to the website to change a password or get more information.

Please forward this to friends, family, colleagues and peers.

Watch out for Fake Apps!!!! – 11/16/16

retail_apps

The holidays are here and the scammers are out in force. Their latest trick is fake apps. Starbucks started the first “retail app” it, and many stores have followed.
But scammers are now creating fake retail apps, trick you into downloading them to your smartphone or tablet, and ask you to load your credit card information in these apps. You can guess what happens next.

Here are 5 things to keep in mind about this Scam:

Be very judicious in deciding what app to download. Better safe than sorry.
If you *do* decide to download an app, first thing to check is the reviews,
apps with few reviews or bad reviews are a big Red Flag.
Never click on a link in any email to download a new app. Only go to
the website of the retailer to get a link to the legit app on the AppStore
or Google Play.
If you want to download a retail app, get the link from the app on the retailer’s website. If they don’t advertise an app on their website, they don’t have one.
Give as little information as possible if you decide to use an app.
Be very, very reluctant to link your credit card to any app!

There is more information about this at the New York Times:
http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html

New Tech Support Scam – 11/07/16

The latest tech support scam pushes malicious code through a compromised webpage ad. When you visit a site instead of seeing a regular ad, you get a large pop that appears to be from Microsoft warning you that your system has been infected and asking you to call tech support to resolve the issue. No matter how your try you cannot get rid of the pop up. The malicious code uses up all your computer resources freezing your computer.

The pop up looks just like it comes from Microsoft…how do you know for sure that it is a scam and not a legitimate warning from Microsoft? There are several tells that indicate this is not a legitimate warning:

Anti-virus/malware warnings do not appear from within a web page or browser.
Microsoft does not send warnings of systems being infected.
Legitimate anti-virus/malware warnings from your anti-virus software do not ask you to call tech support.
You cannot get rid of the pop up.

If you encounter this annoying scam, what do you do? The good news is all the code is doing is using up computer resources, it isn’t actually harming your computer. To get rid of the pop up and free up your computer, just launch your Task Manager and shut down the browser. If you cannot launch the Task Manager, turn the computer off. Whatever you do, do not call the tech support number. They are scammers and will simply rob you of hundreds of dollars.

Securing your Mobile Devices – 11/03/16

Here are 5 simple tips on how to keep your mobile devices secure.

Cybersecurity Blog