How to cope with latest scam surge: Internet Scambusters #929
If we didn’t already know that 2020 has turned into one of the craziest-ever years, crooks driving a new scam surge have delivered the proof.
Ninety percent of all health alert websites are fake, more than half a million web conferencing accounts have been compromised, and scammers have found a cunning way of using ID theft victims’ names to raise emergency loans.
We’ll give you the details in this week’s issue — plus the information you need on how to deal with them.
Let’s get started…
Home Working Network Attacks Lead 2020 Scam Surge
The past few months of this crazy year have seen a huge scam surge and changing the most common types of con tricks.
Ninety percent of all websites relating to current health alerts are fakes, while stolen details of an estimated half million web conferencing addresses are being offered for sale on the dark web.
That’s according to Internet intelligence expert David Gewirtz in a mid-September update.
He’s been researching how scam trends have changed in recent months and some of the most alarming traits. Here are some of the items from his list along with our tips on what to do:
* A rise of 40% in the number of insecure links between work-from-home computer users and their work networks. Separately, security firm Malwarebytes just reported that 1 in 5 of all firms say they’ve had a data breach directly as a result of home working.
What to do: If you’re working from home, use up to date security and network software and check with your work systems people on what else you need to do.
* Connected with the above, a four-fold rise in just two months in brute force attacks enabling scammers to “guess” passwords by trying as many as they can.
What to do: Use apps, software and individual site settings that allow you to limit the number of password tries before locking a user out. Also, use two-factor authentication where possible, which requires a further security code or other ID. See How to Easily Enhance Your Password Security for more on this.
* A near 700% rise in just one month (March) in email scams relating to current outbreak topics. Malwarebytes also reports an increase of more than 1,200% in this type of message from January to April this year.
What to do: All emails from people you don’t know should be suspect. Avoid clicking links, even in messages from people you do know. Consider messages telling you about cures and treatment as spam or worse. Use official health sites to monitor latest developments.
* More than 530,000 accounts using the web-conferencing program Zoom have been compromised. They’re being offered for sale on the dark web at a penny a pop!
What to do: Zoom is the most popular work-from-home conferencing software. The firm has previously been criticized about its security, which has improved recently. Follow the firm’s security guidance and the advice in our earlier issue: How to Beat “Zoombombers” — The New Breed of Video Hijackers.
* Name adding. Software firm Webroot says it has seen a twenty-fold rise in phony and suspicious files using the Zoom name. It’s being added to all types of attachments to try to trick people into opening them.
What to do: If you’re interested in or want to know more about Zoom, visit www.zoom.us. Treat all Zoom conference invitations with suspicion until you’ve confirmed them.
By the way, our own research shows that individuals are being targeted by crooks who add the word “farm” to their identity and them apply for grants or loans available to the agriculture industry from the US Small Business Administration (SBA).
What to do: The SBA has its own security procedures, but you should also regularly monitor your record with the Big Three credit reporting agencies for any indication that someone has taken out a farm loan in your name. Tell them, the SBA, or any bank that is named next to the suspicious activity, then freeze your credit record. For more. See the FTC’s Identity Theft site.
* Ransomware incidents, which lock up all the data on a computer or entire system until the ransom is paid (and sometimes not even then), have more than doubled so far this year.
What to do: Back up your system and data frequently and ensure your security software monitors for ransom attacks.
We can add to that list with:
* A big increase in pet scams as more and more people, isolated at home, opt to buy a cat or dog for some additional company. Most of these scams show up in online ads.
What to do: Adopt from your local animal shelter or buy only from breeders with a reputation you can check on and confirm.
* Scams targeting visitors to ‘adult’ sites. In the current stay-at-home climate, these sites are seeing a huge increase in visitors. Certain sites harvest details about visits that may be passed on or sold. In other cases, crooks posing as online security officials, such as “Apple’s Special Investigation Unit” call to say unpleasant or illegal photos have been found in your iCloud account. They demand payment to resolve the issue.
What to do: Just don’t visit these sites. Then if you get an “official” call, you know you can safely ignore it. Plus, firms like Apple and Microsoft don’t make these types of calls.
Interestingly, one positive aspect of recent events is that the number of unsolicited sales calls has dropped, probably because of the shutdown of call centers and furloughing of employees.
However, if and when our health picture starts to improve, we expect to see a resumption of these and of mostly-illegal robocalls.
Alert of the Week
If you’re moving home, be warned that there’s a new outbreak of fake or dubious services offering to handle your address change notifications.
They massively overcharge and, in some cases, use the payment information you provide for identity theft.
Save yourself time and money by visiting the real USPS. Unusually, the USPS does not use “.gov” in its web address; it uses “.com”. Start here.
That’s it for today — we hope you enjoy your week!