Saturday, November 9, 2019

Cyber Security and Online Shopping

With the popularity of online shopping today, the importance of cybersecurity becomes essential to everyone. Shopping, even in the real world, involves money.  And where there is money, there are criminals ready to take advantage of unwitting people. Since much (most?) shopping is now happening in cyberspace, these criminals wasted no time in following the money trail straight to a valuable and highly exploitable target: online shoppers.

Online shopping became fashionable when people discovered one is free from stress and fatigue caused by crowds and traffic. There is also the convenience of searching whatever it is you want from your home, at your most convenient time and paying for it without waiting in line. All of these with just a few clicks of a mouse. 

How They Do It

The anonymity of the Internet and the ability to easily obtain easy to use exploitation tools provide an easy avenue for even unsophisticated or inexperienced cybercriminals to do their work. They can target online shoppers, fraudulently obtaining the information they can use for their own financial gains. Criminals use three common ways of attacking online shoppers.  These aren't the only methods to be sure, but the three below seem to be among the most common recurring avenues to exploit the unaware online shopper.

Unprotected Computers
Unprotected computers are an easy target for viruses and other malicious codes used by cybercriminals to gain access to the information inside it. On the other end, online vendors have to protect their computers, too, against attackers who may access their customer databases.

Fake Sites and Email Messages
In the virtual online world, a site (or an online store) can be faked by these criminals, with no one the wiser.   It isn't too difficult for them to get an email list of people who have shopped at a particular site and then send bogus emails to those shoppers.  These fake sites mimic the legitimate ones and inherit the business, at least until they are caught or noticed.  One way you can tell that these are fake sites is poorly worded language or improper formatting is seen in the email that they send you, the site descriptions, policy pages, and other parts of the website.

Playing on Consumer Emotion During Holidays or a Crisis
Charities have been misrepresented before, especially during natural disasters or holiday seasons where people pour in donation money and aid.  Holiday shopping seasons, especially those times closet to the holiday itself, allow the criminal to play on the consumer's sense of urgency in buying last-minute gifts.  Never click on a link sent to you in an email.  Always go to the charity's website by typing in their known good URL in the web browser address bar. 

What YOU Can Do - Cybersafety Measures

World's most effective door security solution.Maintaining an up-to-date anti-virus program, a firewall and anti-spyware is always the three-pronged first line of defense in cybersecurity. They protect you against viruses and Trojan horses that may steal or modify your data and make your computer vulnerable. Spyware may also give the attackers access to your data.

Update Your Web Browser
Browsers are the gateway between your computer and the Internet. They must be kept updated with the latest security patches and software versions.  Use automatic updates whenever possible that the operating programs and utilities are up to date.  Microsoft browsers will usually update each month during the regular patch cycle.  Browsers like Chrome and FireFox typically update when you open the browser after a new update has been released. 

It is likewise important to check the default settings of your computer and apply the highest level of security. This will preempt the attackers to use the default setting of the programs. This applies primarily to browsers, email clients, etc. because these are the connectors to the Internet. 

Only Visit Reputable Vendors
Cybercriminals are very good at mimicking the sites of legitimate vendors and make it appear genuine. You need to verify their legitimacy before supplying any information. Keep the phone numbers and the physical addresses of these vendors which you can use in case of problems.  Again - Never click on a link sent to you in an email.  Always go to the vendor's website by typing in their known good URL in the web browser address bar.

Personally,  I use Amazon for just about everything.   No, I don't work for Amazon, and this isn't a plug or endorsement for them.  It's just that many of the things that I buy aren't even available at my local stores, Amazon carries nearly every product that I can find elsewhere online, and having an account at Amazon decreases the need to create many accounts at the many other vendors online. 

Security Features and Privacy Policies
As always, passwords and other security features add protection, if correctly used. Never use the same username and password over and over for every site that you have an account.  A robust password management program can help you with this.  Check the site’s privacy policy before giving out personal or financial information. You have to understand how your information is stored and used. 

Encrypted Information
Make sure the information you give out is encrypted. To check if it is, see if it includes a URL that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted. Know where the padlock icon is located in your favorite browser because some attackers use fake padlock icons to trick users. 

Use your Credit Card
Credit card charges have laws that limit your liability in case of fraud. This may not be the case for your debit card. Because debit cards draw money directly from your bank account, unauthorized withdrawals could leave you penniless. Needless to say, a record of your purchases should be kept aside. Report any discrepancies immediately.

Don't Give Them Unnecessary Information
When you do create an account at a vendor's website and fill out your profile, don't feel obligated to give personal information above and beyond that which is needed for them to properly process your order.  For example, they may ask for your birthday, which is not needed to process your order, but to send you an email on your birthday to get you to shop there again.  And unless you actually want to receive a barrage of emails from them, be sure to uncheck the box saying that you want to receive email from them in the future.  This is one way to help alert you to suspicious emails claiming to be from that online vendor.  If you opted out, but then receive a bunch of emails from them, either they are violating the law, or a scammer is using that business's image to try to attack you.

Log Out!
Don't just close your browser, log out of your account and then close the web browser.  Logging out will close the open session, and if you have your browser set to delete cached sessions, closing the browser will delete all of your cached information.  This is particularly important if you are using public computers, such as those found at a library or "cyber cafe" type of setting.

Wrapping it all Up

Shopping online is truly a time-saving, hassle-free, and fun way of buying whatever you want on the Internet. The presence of the ubiquitous cybercriminals stalking at every cyber corner, however, necessitates the need for good cybersecurity and awareness practices as well.  Pay attention to links sent to you in email.  Ensure that you only visit reputable charities and online businesses.  Use your credit card instead of a debit card.  Use proper password security and ensure that you are only visiting encrypted websites.  These simple ways will help you stay safe online, and help to keep you from becoming of these cybercriminal activities.

Stay Safe!



The #1 Writing Tool

Saturday, November 2, 2019

Telephone Scammers - They've Got YOUR Number!

All of us have experienced the frustrating ordeal of receiving call after call every day from phone numbers that are either junk sales calls or outright scammers trying to get our information.  Some calls are just recordings that start the minute that your voice is detected.  Some are just dead silence and the "caller" hangs up after you answer.  Sometimes I will pick up the phone and just wait without saying a word.  No background noise or anything, just dead silence.  Then after several seconds, they hang up.

Most likely, the number calling you is spoofed - that is that the number that pops up on your caller ID is not the actual number calling you.  Ever notice that many of these calls are from your same area code?  There are several types of software and calling systems that can be used to do this.  In fact, many political organizations who set up phone banks to make calls for their candidates and issues set these up so that their callers can sit at home and make these calls without their home pr personal cell phone numbers being revealed.  Some uses are indeed legitimate.  But the ones that are legitimate at least spoof a number that belongs to a legitimate office number or designated extension for the organization from which they are calling.

Easy enough to deal with this situation:  Just don't answer if the number that pops up on caller ID is not in your contact list or looks funny.  If it is a legitimate call, they will leave a message and you can call them back.

But what if the number they are using IS in use?  What if the number they are using to robocall thousands of people is YOUR phone number?  Now all of a sudden, you are receiving huge numbers of angry calls and angry text messages telling you to stop calling them.  Now people are threatening YOU because they think you are trying to scam them or harass them.

How They Do It:

Often, they will have found your number simply by using a random number generator combined with an autodialer. They just plug in the area code and start calling. They then record which numbers result in someone answering the call. If the call is answered, that person’s number can be used to spoof the scammer’s ID.

What you can do:

Essentials Survival Kit Unfortunately, not much.  There is no way to block this, and there is no way to stop them from using your number in their scam campaign.  About all, you can do is notify your contacts, and then hope that the scammers will get tired of using your stolen number after enough people block your number on their phones.

  • You can try to prevent this from happening in the first place by simply not answering calls that are not in your contact list or that don't look familiar.  If you are able, set it so that your voicemail will not answer until several rings - like 10.  You'll have to tell your contacts you did this and that they will have to be patient in order to leave a message.  This will hopefully result in your number not being flagged as answered and therefore they will not use your number as a spoof candidate.
  • Report this to the Federal Communications Commission (FCC).  Even though they can't do anything about it, at least they will have a record of you making the complaint.
  • If your number did get selected as a spoof candidate, change your voice message so that your incoming callers know that it is not YOU that called them.

“Hello, you have reached <your name>.  If you are calling with regards to <your desired info here>, please leave a message. However, if you have received a suspicious call and my number showed up on the caller ID, please note: this number is being used in a spoof/phone scam campaign whereby suspicious callers are calling you, and my number is showing up in the caller ID.  I am not the one who called you.  If you have received such a call, or get any calls like this in the future, do not follow their instructions and immediately hang up.  Please block this number from receiving further calls” 

  • If it doesn't stop, you might have to change your number as a last resort and let all of your contacts know about the change - this can be a real headache. 

 Telephone scammers should all be strung up and made to endure medieval tortures as far as I'm concerned.  This is not a legitimate income source, in my opinion, and all they are doing is annoying people and making thousands of victims by their one simple act.

Be aware, be vigilant, and don't fall for the scams.

Resources Used in This Article: