Scams and Fraud
Security Threats
Social Networking Sites
Everyone seems to be on a social networking site these days. Between Facebook, Twitter, Instagram, Tubmlr, and the countless other ones out there, you can be connected to anyone and everyone with just a few clicks. Social networking sites help us stay connected to friends and family close and far, lets us virtually "meet" new people through our existing friends, and they even give us the opportunity to connect with public figures. While social networking sites are popular for these reasons and many more, they also come with unique dangers.
Social networking sites allow you to create and personalize an account. People often share information about themselves, post photos, and update statuses of where they're at at any given moment. While this may seem like a fun way to update your friends and family about your life, sometimes more than just your friends and family are watching. When providing information on a social networking site, people tend to share more personal information than they might when meeting someone in person. These sites provide a false sense of anonymity and security due to the lack of physical interaction. With the majority of people now on at least one type of social networking site, it's important to understand how they work and the security dangers you could face while on one.
Here’s what you can do:
- Be cautious about the amount of information you provide. Avoid sharing information such as your address or your schedule that could make you more vulnerable to scammers and strangers.
- Keep in mind that the Internet can be accessed by anyone. Anything posted online is kept forever. Even after it is deleted from the site, a saved or cached version may still exist somewhere.
- Be skeptical of information obtained on a social networking site. People can post false or misleading information and create fake profiles on these sites as well. Be wary of strangers trying to connect with you online and always try to verify information read on social networking sites with a second and more reliable source.
- Research your social networking site's privacy settings and policies. Sometimes the default settings don't hide as much information from the public eye as you may think and their privacy policy may not prevent them from sharing information from your account with other companies.
- Be careful when giving third-party applications access to your account. Many of these third-party apps are used for entertainment, but they may also be gathering information from your account when they are downloaded. Make sure you trust the app before downloading it or giving it access to your account.
- Make sure your password is strong and changed immediately if you think someone may have gained access to your account without your permission.
Click Here for More Information from Cybersecurity and Infrastructure Security Agency
Social Engineering Attacks
Someone shows up to your business and says they are with your security company and are here to do a routine check on all of your security cameras. The company this individual claims to be with is in fact your security company, but you don't remember them saying anything about routine checks of equipment. Nonetheless, you allow this person access to your security cameras, footage, and computers, as well as answer any questions they have.
This is an example of how easy it is to fall for a social engineering attack. The person claiming to be from your security company was lying, but used their social skills and human interaction with you to gather private information about your business, and even possibly about your customers as well.
Here’s what you can do:
- Do not give any information out to someone unless you are certain they are who they say they are.
- When scheduling repair work, always ask for the name of the individual that will be doing the work and confirm this individual's name when they arrive.
- If someone claiming to be with a specific company is there to do maintenance or work that you were not expecting, call the company's trusted number to confirm that this individual is with them and can be trusted.
Click Here for More Information from CISA
Phishing Attacks
A phishing attack is a type of social engineering attack done through the computer, either through email communication or malicious websites. A phishing attack may be an email that looks like it's from your bank or credit card company claiming there is an issue with your account. They request that you reply back to their email with your account information to correct the issue. Unfortunately, when that information is sent in response to a phishing attack, the scammer now has access to your bank account or credit card information.
Another popular phishing attack goes hand-in-hand with charity scams. An email appears to be from a popular charity or in relation to a current event, like a natural disaster or a political election. The email is asking you to click on a link in the email to donate money on their website; however, the website the link takes you to is malicious. After entering your card information on the malicious site to donate money to what you think is a worthy cause, the attacker steals your information and can now use your card and access your computer.
Here’s what you can do:
- Do not share any personal information through email, including bank account and credit card numbers.
- If you receive an email that is requesting your bank or credit card information, always call the company directly to confirm from a trusted number that is not listed in the email. Ask why they need your information and if you can provide it over the phone instead of in email.
- Avoid clinking links in emails that are unsolicited. The link could be malicious, giving your computer a virus and allowing access to your personal information.
- If you receive an email asking you to donate money by clicking on a link, always search for that organization's legitimate website on a search engine and donate from there instead of using the link in the email.
- See Trustworthy and Reliable Site Criteria above for more information on how to confirm that a website is safe.
- Remember that the IRS will never contact you through email, text, or social media. Never release any personal information to the "IRS" through these channels.
- Always "Think Before You Click!"
Click Here for More Information from CISA Click Here for More Information from the IRS
Learn More About Phishing Attacks From the FTC
Online Banking & Data Security
Online banking has grown rapidly into a major new way to bank. Some surveys show more people prefer to bank online than in the traditional ways. This phenomenal growth has been accompanied by increases in the safety and security measures undertaken by banks and their customers. But cyber-criminals are always looking for new ways to electronically break into the bank and steal your money.
Safe online banking depends on continuing and strengthening this partnership for safe online banking.
Click Here for More Information about Online Banking & Data Security
Caller ID Spoofing
Here’s what you can do:
- Do not answer the call if you don't recognize the number. This will send the caller to your answering machine or voicemail where they can leave a message if it is important.
- If you receive a strange call from a government agency asking you for personal information, do not comply. Hang up and call back on a phone number listed on their official government (.gov) website.
- Be suspicious of any calls requesting personal information or money for a time sensitive reason. Do not give into their pressure for the information they want. This is a scare tactic scammers use to trick you into giving up your personal information or credit card numbers without thinking it through.
- Join the National Do Not Call List. This list may not stop all calls, but it should stop most. If you are still receiving scam calls after you have registered your phone number, the scammers are disregarding the law and should be reported.
Learn More About Caller ID Spoofing From the FTC Report Unwanted called and Join the National Do Not Call List
Sources
https://www.consumer.ftc.gov
https://www.bbb.org/en/us
https://www.fbi.gov
https://www.usa.gov/
https://www.consumerfinance.gov
https://www.ipata.org
https://www.us-cert.gov
https://www.irs.gov
https://www.usmarshals.gov
https://www.donotcall.gov
Provided for informational purposes only.