To keep you and your money safe, I make it a point to always let you know about spreading scams, from crypto catfishing to AI deepfakes. I bet you’re going to be surprised by this news: The crime that shot up 400% last year is old-school check fraud.
We’re giving away a $500 Amazon gift card. Enter to win now. No purchase necessary.
It’s not high-tech, but it is highly effective. In 2023, check scammers stole $26.2 billion from Americans like you and me, right out of our mailboxes. You need to make sure you don’t become a statistic.
Scammers coordinate in private groups on Telegram, Facebook or TikTok to share tips and sell tools that make it easy for scams to spread. One of their tricks? Buying universal keys that can open any USPS drop box or snapping up books of blank checks from the Dark Web.
But plenty of crooks just swipe checks right from your mailbox. Then, they use simple household chemicals like acetone to dissolve the ink and write themselves (or their alias) some spending money.
Fraudsters deposit their haul at an ATM or right from their couch through a banking app, then they withdraw the cash in chunks so it doesn’t trigger alerts. Before you or your bank know it, they’re on their way to the casino, buying designer goods or investing in real estate — you name it.
Banks are cracking down on fraud with stricter deposit policies and extended hold times on deposits. So, if you’ve noticed your funds aren’t clearing as fast as they used to, it’s because banks are taking extra time to verify deposits for potential fraud.
A recent viral TikTok glitch exploited J.P. Morgan's instant access feature for deposits from bad checks. Scammers flooded in, and many ended up being sued — proof crime doesn’t pay.
If any of your checks go missing or you suspect fraud, file a report immediately — not just with your bank, but also with USPS and your local police department. Be sure to ask for a case number so you can track the progress of your claim.
The biggest checkwriters are baby boomers. They don’t like change.
There are companies whose entire business model is built around collecting personal data, including criminal records, employment details, addresses and more. They use this data to offer background check services to other businesses and individuals. However, while they profit from this information, they often fail to adequately protect it. Earlier this year, the National Public Data made headlines for failing to secure 2.7 billion records of people whose data it collected. Now, on a smaller scale, another data aggregator has exposed the personal information of 600,000 Americans.
As reported by Website Planet, the exposed database contained 644,869 PDF files, totaling 713.1 GB of sensitive data. These documents mainly consisted of background checks but also included court records, vehicle ownership details such as license plates and VINs, and property ownership reports. The background checks alone revealed highly sensitive personal data, including full names, home addresses, phone numbers, email addresses, employment details, information about family members, social media accounts and criminal histories.
The worst part is that the database was left publicly accessible without password protection or encryption, allowing anyone to grab it. Anyone with the link could view and download the files. Plus, the files were named in a way that exposed personal details, using formats like "First_Middle_Last_State.PDF." This made sensitive information visible even without opening the files.
The database that exposed over 600,000 records belongs to SL Data Services LLC, an information research provider that appears to prioritize convenience over basic data security. The company operates a sprawling network of around 16 websites, including Propertyrec, which advertises real estate ownership data and property records. However, SL Data Services’ business goes far beyond property records, offering services like criminal background checks, DMV records and even birth and death records.
While Propertyrec promotes its affordability, claiming users can search for documents for as little as $1, customer reviews paint a different picture. Many users report being unknowingly enrolled in subscription services, resulting in recurring charges instead of the promised one-time fees. This predatory business practice raises further questions about the company’s ethics and transparency.
The exposure of sensitive personal info in this breach is a big deal for the people involved. The database has detailed data about them, and that’s basically a jackpot for cybercriminals. This kind of leak can lead to various dangerous outcomes.
For one, attackers could use this info to run phishing scams or social engineering tricks. If they know details like your job, family or even criminal history, they can send super convincing messages to trick you into sharing even more sensitive details, like your financial info. That’s not all. Criminals could also use this leaked data to impersonate someone and apply for loans, credit cards or other services in their name.
What really gets me, though, is that most people whose info got leaked probably won’t even find out about it unless they’re using a service to remove their data. A lot of them might not have even known they were being background-checked in the first place. For those with criminal records, this kind of leak could cause major reputational damage or lead to discrimination, even if the info is outdated or flat-out wrong.
We reached out to SL Data Services/Propertyrec for a comment but did not hear back before our deadline.
1) Remove your personal information from the internet: While no service can promise to completely erase your data from the internet, using a data removal service is one of the best steps you can take. They do the heavy lifting by actively scanning and removing your personal information from hundreds of websites. This helps protect you from scammers who may cross-reference data from breaches with other information they find on the dark web. Check out my top picks for data removal services here.
2) Be wary of mailbox communications: With your address exposed, bad actors could try to scam you through physical mail. They may impersonate companies or people you trust and send fake urgent letters about things like missed deliveries, account suspensions or security alerts. Be skeptical of unexpected communications and verify any claims before taking action.
3) Be cautious of phishing attempts and use strong antivirus software: The leaked data could lead to phishing attacks via email, phone calls or messages from unknown sources. Be on high alert for any requests for personal information, especially if they seem urgent or ask you to click on suspicious links. Always verify the legitimacy of any request before responding.
To protect your devices from malicious links, make sure you have strong antivirus protection. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
4) Monitor your accounts: Given the scope of this breach, it’s crucial to start regularly reviewing your bank accounts, credit card statements and other financial accounts. Keep an eye out for any unauthorized transactions and report them immediately to your bank or credit card company to prevent further damage.
5) Use strong, unique passwords: Create complex passwords for each of your online accounts and consider using a password manager to keep track of them securely.
6) Enable two-factor authentication (2FA): Implement this extra layer of security on all accounts that offer it to prevent unauthorized access.
7) Regularly update your software: Keep your operating system, apps and security tools up to date to protect against known vulnerabilities.
It’s alarming how many companies profit from collecting personal data, yet fail to protect it adequately. Recent breaches, including one exposing the sensitive information of 600,000 Americans, highlight this negligence. With unprotected databases containing everything from criminal records to addresses, cybercriminals have a treasure trove of information to exploit. This situation underscores the urgent need for you to take proactive steps to safeguard your privacy and demand better security practices from these data aggregators.
Should companies face stronger penalties for failing to protect personal data? Let us know by writing us atCyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Scammers have various methods when it comes to getting their hands on your phone number. You might think, "Well, what's the big deal? Isn't it easy to find someone's number these days, no matter what?" Yes. And if you've already had your fair share of telemarketers call you, maybe you feel like you've got it under control.
The problem is that scammers with the right knowledge and the wrong intentions can wreak havoc just by having your phone number in their possession.
Once they do, they can use it to trick you in all sorts of ways.
The good news is that by familiarizing yourself with their tactics, you can be one step closer to preventing yourself from falling victim to them. Here's what you need to know.
In today’s digital age, your phone number is more than just a way for friends and family to reach you. It can be a gateway for scammers to access your personal information and wreak havoc on your life. From phishing attempts to extortion, the risks are numerous and varied. Here are nine ways scammers can exploit your phone number if it falls into the wrong hands:
Scammers can also use your phone number to launch rather easy phishing attacks. They might send text messages or make calls posing as your bank or a popular online service that you subscribe to. The goal is to call you and trick you into providing login credentials, credit card details or other personal information, which they can then use for fraudulent activities. And once they have all your other information, they can do a lot more damage just by having your phone number as that initial segue.
In some cases, scammers use your phone number for extortion or blackmail. They may claim to have compromising information about you and demand payment to keep it private. By contacting you directly, they can apply continuous pressure, making their threats seem more real and immediate.
One unique way they do this to target elderly people is by pretending to be your grandchild or another relative in distress. The scammer often claims that your grandchild is in an emergency situation — such as needing bail money or medical assistance — and urgently requests financial help. With AI voice cloning technology, they may even be able to use your grandchild's voice. This emotional manipulation usually gets the victim to pay up.
This one may not be as dramatic, but your phone number can be sold to robocall and spam message services. These automated systems bombard you with unwanted calls and texts, often promoting scams or fraudulent products. While these may seem like minor annoyances, they can lead to bigger scams if you engage with the messages or follow their instructions. Hang up on them.
Phone number spoofing is a common tactic where scammers disguise their caller ID to appear as a trusted contact by calling from what appears to be a familiar number as it may have the same area code where you live, an area code where your friends or family live or even the actual phone number of someone close which you can recognize.
This makes it more likely that you'll answer the call, giving them the opportunity to deceive you into revealing personal information or transferring money. This is, of course, the case when phone spoofing is used against you. But in situations where they use YOUR phone number, they can be scamming those close to you without you even knowing!
With these phone spoofing tactics, scammers can use your phone number to impersonate government officials, such as IRS agents or Social Security administrators. They may call you claiming there’s an urgent issue, like unpaid taxes or suspicious activity involving your Social Security number. This ploy often involves threats of legal action or arrest to pressure you into providing sensitive information or making immediate payments.
Instead of pretending to be from a government agency, another trick is for scammers to try their luck by posing as a representative from a utility company, like an electric or water company. Scammers will claim that you have an overdue invoice and threaten to cut off your service unless you pay immediately. Using your phone number, they can contact you repeatedly, making the scam seem more legitimate (and pressing).
SIM swapping or a port-out scam is when scammers transfer your phone number to a new SIM card in their possession. By convincing your mobile carrier to reroute your number, they can receive all your calls and messages, including those containing two-factor authentication codes. This allows them to bypass security measures and take over your online accounts.
With SIM swapping techniques/port-out, scammers can also use your phone number as a key to access sensitive data stored in your online accounts. By initiating password resets and intercepting verification codes sent via SMS, they can gain unauthorized access to your email, social media and banking accounts, leading to significant personal and financial damage.
Finally, scammers can use all the tactics above to not only access the accounts you already have but also create fake online accounts in your name. These accounts can be used for a variety of malicious purposes, such as spreading malware, launching further scams or conducting identity theft. The presence of your phone number makes these accounts appear more legitimate, increasing the chances of deceiving others.
To protect your phone number from falling into the hands of scammers, here’s what you can do:
1. Be cautious about sharing your phone number publicly: Avoid posting your phone number on public forums, websites or social media platforms where it can be easily accessed by scammers.
2. Limit exposure of your phone number on social media and other online platforms: Use privacy settings to restrict who can see your contact information. Most social media platforms and online services offer privacy settings that allow you to control who can view your personal information. Make sure to review and adjust these settings regularly. Only share your phone number with trusted contacts.
3. Consider using a secondary number for online registrations and transactions: Services like Google Voice can provide you with a secondary number that you can use for online activities, keeping your primary number private.
4. Monitor your accounts regularly for unusual activity: Check your bank accounts, email and other online accounts for any signs of unauthorized access or suspicious activity.
5. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
6. Use two-factor authentication apps instead of SMS-based verification where possible:Two-factor authentication (2FA) provides an extra layer of security that is more difficult for scammers to bypass compared to SMS-based verification.
7. Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
8. Remove your personal information from the internet: While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with the information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.
If you suspect that scammers already have your phone number, take the following steps:
Contact your mobile carrier to alert them of the scam calls, especially if they come from the same number. Your carrier may be able to block the number or provide additional security measures.
Consider changing your phone number if the issue persists: If scam calls continue despite your efforts, changing your phone number may be the best solution.
Report any suspicious activity to the appropriate authorities: Contact your local law enforcement or consumer protection agency to report scams and seek advice on further actions.
Consider placing fraud alerts on your accounts: Fraud alerts can help protect your credit and financial accounts from unauthorized access.
Monitor your phone for unusual calls or messages: Keep an eye out for any unexpected calls or messages, and do not respond to them.
Check your phone bill for unauthorized charges: Regularly review your phone bill to ensure there are no unexpected charges, which could indicate that your number has been used fraudulently.
By following these steps, you can significantly reduce the risk of falling victim to phone number scams and protect your personal information.
Scams have become much more sophisticated these days, especially with artificial intelligence, making it easier for scammers to target more people and get away with it. Always be wary of a scam. If you think something seems strange, it's probably best to go with your gut.
Have you ever experienced a scam involving your phone number? If so, how did you handle it? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Black Friday is around the corner, and by the time you finish your Thanksgiving leftovers, Christmas will already be knocking. That might be an exaggeration, but what’s not is the rise in impersonation scams as the holiday season approaches.
With shopping in full swing, Amazon becomes an especially big target. Expect to see bad actors pretending to be trusted contacts, trying to access sensitive information like Social Security numbers, bank details or Amazon account credentials.
To help you enjoy a scam-free shopping experience this holiday season, we spoke with Scott Knapp, VP of Worldwide Buyer Risk Prevention at Amazon, to learn how scammers impersonate the platform, what Amazon is doing to fight holiday scams and how you can stay safe.
Amazon is the world’s largest e-commerce platform, and it becomes even more relevant during the holiday season. With so many of us hunting for deals, scammers are well aware and ready to take advantage. They often use impersonation scams to trick shoppers into handing over card details or other sensitive information.
"During the 2023 holiday shopping season (Black Friday through Christmas Day), the most commonly reported impersonation scam by Amazon customers involved fake order or shipping confirmations claiming that payment was required in the U.S. There was nearly a 1.5x increase in reports of this scam from three weeks prior," Knapp said.
Another common impersonation scam around this time involves fake purchase alerts for popular tech products. Knapp said that Amazon saw about a 13x spike in customer reports compared to three weeks earlier.
It’s clear that many scammers are trying to target Amazon customers, so I wanted to understand what the company is doing to keep them safe. I asked Knapp a bunch of questions about how the e-tail giant is staying ahead of the latest online holiday scams, and you can read his responses below.
How is Amazon working to take down phishing websites and phone numbers used in impersonation schemes?
"Our goal is to ensure that customers are protected when they shop on Amazon. That is why we are initiating the takedown of scammers with public-private partnerships to hold bad actors accountable. We have a team – including machine learning scientists and expert investigators – who protect our store and consumers from fraud and other forms of abuse.
"In 2023 alone, we initiated takedowns of more than 40,000 phishing websites and 10,000 phone numbers being used as part of impersonation schemes. We can take down reported scam phone numbers the same day and phishing websites in just a couple of hours. We also partner with law enforcement across the globe to ensure scammers are held accountable, including having referred hundreds of bad actors to authorities."
Can you explain how Amazon's email verification technology helps identify phishing attempts?
"We’ve made it harder for bad actors to impersonate Amazon communications through implementing industry-leading tools, including the adoption of a secure email capability to make it easier for customers to identify authentic emails from Amazon and avoid phishing attempts. Customers using Gmail, Yahoo, and other common email providers can be confident that when they receive an @amazon.com email with the smile logo in their inbox, that email is really from us."
Can you explain Amazon's A-to-z Guarantee and how it protects holiday shoppers?
"More than 60% of sales in Amazon’s store are from independent sellers—most of which are small and medium-sized businesses—providing a vast selection of amazing products, competitive prices, and convenience for consumers. When customers shop in the Amazon store, they can do so with peace of mind knowing that we stand behind the products sold in our store with the A-to-Z Guarantee.
"When a claim is filed, Amazon combines our advanced fraud and abuse detection systems with external, independent insurance specialists to analyze filings, take on the investigative work for our selling partners, present valid claims, and deny unsubstantiated, frivolous, or abusive claims. By doing this work on behalf of sellers, we save them from having to investigate these claims on their own. Innovating this process enables customers to shop confidently, which in turn drives selling partner success.
"Amazon’s protection applies to physical products purchased in our store worldwide, and in the unlikely event that customers experience issues with timely delivery or the condition of their purchase, whether purchased from Amazon or one of our approximately two million selling partners, Amazon will make it right by refunding or replacing it. Whether during the holiday shopping season, or anytime throughout the year, customers can confidently shop Amazon’s vast selection of amazing products with the A-to-z Guarantee."
1. Watch out for red flags: Some telltale signs of an impersonation scam include requests for account or payment information and creating a false sense of urgency. Amazon will never ask for your password, payment or bank transfer through phone, email or any external website. Scammers might reference a purchase (real or fake), a giveaway, a prize or claim that "your account is locked," urging you to click a link, make a payment or buy a gift card.
2. Verify the email: For any questions related to an order, always check your order history on Amazon.com or via the "Amazon Shopping" app. Only legitimate purchases will appear in your order history. If you are ever unsure about the legitimacy of an email, go to Amazon’s website or app to access the Message Center and review authentic communications.
In addition, you should always check the sender’s email address by hovering over the "From" name and verify it’s a genuine Amazon email, which will come from "@amazon.com."
3. Beware of phishing links: Avoid clicking on random links, especially in messages about shopping deals, order confirmations or account issues. Scammers often use fake links to mimic legitimate retailers and steal your information.
The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
4. Don’t fall for "too good to be true" offers: Scammers often lure victims with irresistible deals, such as huge discounts on popular products or "exclusive" offers. If an offer seems too good to be true, it probably is. These offers might be tied to fake websites or phishing attempts designed to steal your personal and financial details. Always double-check the legitimacy of any deal before making a purchase. If you’re unsure, visit the official Amazon site or app to search for the product and compare prices.
5. Use a personal data removal service: Scammers can obtain your information from various online sources, including data brokers, people search sites and public records. Using a data removal service can help reduce your digital footprint, making it harder for scammers to access your personal information. This proactive step can be crucial in preventing identity theft and minimizing the chances of falling victim to scams during the busy holiday season.
While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.
6. Report suspicious activity: If you encounter an impersonation scam, your best course of action is to report it to Amazon. Knapp says, "The more consumers report scams to us, the better our tools get at identifying bad actors so that we can take action against them and protect consumers. If consumers suspect that they have encountered a scam, they can report suspicious communications to us at amazon.com/ReportAScam, so that we can protect their accounts and refer bad actors to law enforcement to help keep consumers safe."
Scammers will do their best to ruin your holiday season, but most of their tactics can be easily avoided with the right tools and a little common sense. Be cautious of unsolicited texts, emails or phone calls offering deals, discounts or asking for your personal information. If you're shopping on Amazon, track everything through the Amazon app and reach out to their customer support for any concerns or questions.
What features or tools do you wish online retailers would implement to enhance customer security during peak shopping times? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
With the holiday season just around the corner, many of us are gearing up to spread some cheer with gift cards.
However, it’s important to remember that these convenient gifts are also a favorite target for scammers. We're going to break down six sneaky gift card tricks that could leave you out of pocket during this time of year.
Don’t worry, though. We’ve got your back with solid tips on how to outsmart these scammers and keep your hard-earned cash safe.
One of the latest gift card tricks involves tampering with the gift cards on the display racks at retail stores. Scammers will record the activation code on the card or place a custom barcode sticker over the real barcode, which allows them to secretly load the cash onto their own card immediately after you purchase the gift card. This means that when you or your recipient try to use the gift card, it will be empty or invalid.
Check the packaging of the gift card before buying it. Look for signs of tampering, such as the wrapping being torn or resealed or stickers placed over the barcode or card number. Also, choose a card from the back of the rack, as scammers often place their fraudulent cards at the front of the display.
Another common gift card trick scammers use involves impersonating someone you know or trust, such as a family member, a romantic interest, a company or the government. Scammers will contact you by phone, text, email or social media and create a fake story or emergency that requires you to send them money urgently.
They will ask you to buy a gift card or multiple gift cards and then send them a photo of the card or the numbers on the back of the card. Once they have the gift card information, they will disappear with your money and cut off contact.
Never send money or gift cards to anyone you don’t know personally or haven’t met in person. If someone claims to be someone you know or trust, verify their identity by contacting them directly through a different channel.
Don’t trust caller ID, as scammers can spoof phone numbers. Don’t be pressured by threats or promises, as scammers use emotional manipulation to get you to act quickly and without thinking. And remember, no legitimate company or government agency will ever ask you to pay them with a gift card.
Another gift card trick involves buying or selling gift cards on online platforms, such as websites, apps or social media groups. Scammers will offer to sell you gift cards at a discounted price or buy your unwanted gift cards for cash.
However, they will either send you a fake or empty gift card or take your gift card information and money without sending you anything in return. They may also use stolen credit cards or hacked accounts to buy or sell gift cards, which can put you at risk of fraud or identity theft.
Only buy or sell gift cards from reputable sources, such as official retailers, authorized resellers or trusted friends and family. Avoid buying or selling gift cards from strangers online, especially if they offer a deal that sounds too good to be true.
Don’t share your gift card information or personal details with anyone you don’t know or trust. And use a secure payment method that offers protection, such as a credit card or PayPal, instead of a gift card, wire transfer or cash.
A very popular gift card trick this holiday season involves phishing, which is a type of online fraud that tries to trick you into revealing your personal or financial information. Scammers will send you an email, text or pop-up message that looks like it comes from a legitimate company, such as a retailer, bank or tech support service.
They will claim that there is a problem with your account, your order, your device or your security and that you need to verify your identity, update your information or fix an issue. They will then ask you to click on a link, open an attachment or call a number and then request that you pay them with a gift card or provide them with your gift card information.
Never click on links, open attachments or call numbers from unsolicited messages, as they may lead to fake or malicious websites or software. Don’t provide any personal or financial information, such as your passwords, PINs, account numbers or gift card numbers, to anyone who contacts you unexpectedly.
Don’t trust messages that create a sense of urgency, pressure or fear, as they are designed to make you act without thinking. If you have any doubts about the legitimacy of a message, contact the company directly using a verified website, phone number or email address.
Using antivirus protection will help to protect you against scammers and hackers who try to steal your money and personal information using gift card tricks, especially through phishing. The best way to protect yourself from clicking on any malicious links, fake websites, phishing emails and text messages is to have strong antivirus protection installed and actively running on all your devices. It’s the best to help stop and alert you of any malware in your system and ultimately protect you from being hacked.
This gift card trick involves loyalty programs, which are rewards programs that offer you points, discounts or freebies for being a loyal customer. Scammers will pretend to be representatives of a loyalty program that you are a member of or that you are eligible to join.
They will tell you that you have won a prize, sweepstakes or a promotion and that you need to pay a fee, a tax or a shipping cost to claim it. They will then ask you to pay them with a gift card or provide them with your gift card information.
Be wary of any unsolicited offers or notifications that claim that you have won something, especially if you don’t remember entering or signing up for anything. Don’t pay any money or fees to receive a prize, as legitimate loyalty programs will never ask you to do that. Don’t provide any personal or financial information, such as your passwords, account numbers or gift card numbers, to anyone who contacts you unexpectedly.
Don’t trust messages that create a sense of excitement, curiosity or greed, as they are designed to make you act impulsively. If you have any doubts about the legitimacy of a message, contact the loyalty program directly using a verified website, phone number or email address.
In this scam, fraudsters set up fake websites or phone services that claim to check the balance of your gift cards. Victims are lured into providing their gift card numbers and PINs under the guise of verifying their balance. Once the information is entered, scammers can drain the funds from the card almost immediately.
To avoid this scam, always use official websites or apps from reputable retailers to check your gift card balance. Be wary of unsolicited calls or messages asking for your gift card information, especially if they claim to be from a legitimate company. It is important never to enter your gift card details on unfamiliar websites.
3. Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Some of the best parts of using an identity theft protection service include identity theft insurance to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
5. Get the professional advice of a lawyer before speaking to law enforcement, especially when you are dealing with criminal identity theft and if being a victim of criminal identity theft leaves you unable to secure employment or housing.
6. Alert all three major credit bureaus and possibly place a fraud alert on your credit report.
7. Run your own background check or request a copy of one if that is how you discovered your information has been used by a criminal.
If you are a victim of identity theft because of a gift card scam, the most important thing to do is to take immediate action to mitigate the damage and prevent further harm.
As we head into the holiday season, it’s important to keep an eye out for these six gift card scams we’ve talked about. If something feels off or sounds too good to be true, trust your gut and don’t be afraid to ask questions or walk away. Gift cards are meant to bring joy, not stress, so keep these tips in mind as you shop and share this season.
Have you ever fallen victim to a gift card scam? If so, how did it happen, and what did you do? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Protecting your financial future goes beyond smart investing and saving. It's crucial to safeguard your retirement accounts from cyber threats. While many believe that using public Wi-Fi to check their 401(k) or IRA is harmless, the reality is that without proper protection, you could be putting your hard-earned savings at risk. Let's explore why using a VPN (virtual private network) is essential for securing your retirement accounts and how you can implement this extra layer of security.
VPNs operate through two primary mechanisms: IP address masking and data encryption. When you connect to a VPN, it hides your real IP address by assigning you a new one from their server network, effectively preventing websites and cyber criminals from tracking your location or identifying you based on your IP address.
Simultaneously, VPNs encrypt all data transmitted between your device and the internet, rendering it unreadable to anyone who might attempt to intercept it. This encryption process ensures that sensitive information, such as credit card details, remains confidential throughout your online activities. By combining these two powerful features, VPNs create a secure tunnel for your internet traffic, significantly enhancing your online privacy and security.
When you access your retirement accounts online, especially through public Wi-Fi networks, you're potentially exposing sensitive financial information to cybercriminals. These hackers can intercept your data, steal your login credentials and potentially drain your accounts. What's more concerning is that retirement accounts are often less frequently monitored than regular bank accounts, making them an attractive target for cybercriminals.
By creating an encrypted tunnel for your internet traffic, a VPN makes it extremely difficult for hackers to intercept your sensitive data. Here's a deeper look at why VPNs are indispensable for safeguarding your retirement accounts:
VPNs employ military-grade encryption protocols, such as AES-256, to scramble your data. This means that even if a cybercriminal manages to intercept your information, it would appear as an indecipherable jumble of characters. For your retirement accounts, this translates to an extra layer of security for your login credentials, account numbers and financial transactions.
By masking your IP address and replacing it with one from their servers, VPNs make it significantly harder for malicious actors to track your online activities. This anonymity is crucial when accessing financial accounts, as it prevents cybercriminals from identifying you as a high-value target based on your browsing habits or the financial institutions you visit online.
The ability to check your accounts while traveling or using public Wi-Fi is convenient but risky. A VPN provides a secure connection, essentially creating a protected tunnel between your device and the financial institution's servers. This is particularly important for retirement accounts, which may not have the same level of fraud protection as checking or savings accounts. However, check if your retirement fund platform permits VPN usage, as some might flag it as unusual activity.
VPNs are excellent safeguards against man-in-the-middle attacks, where hackers position themselves between you and the website you're trying to access. By encrypting your data from end to end, VPNs make it nearly impossible for attackers to insert themselves into your connection and steal your information.
If you're traveling abroad and need to access your U.S.-based retirement accounts, some financial institutions may block access from foreign IP addresses. A VPN allows you to connect through a U.S.-based server, ensuring you can manage your accounts securely from anywhere in the world.
2) Always use VPN on public Wi-Fi: Never access financial accounts on public networks without activating your VPN first.
3) Enable two-factor authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA.
4) Use strong, unique passwords: Create complex passwords for each of your accounts and consider using a password manager. Consider using a password manager to generate and store complex passwords.
5) Regularly monitor your accounts: Check your retirement accounts frequently for any suspicious activity.
6) Keep software updated: Ensure your devices and apps are always up to date with the latest security patches.
7) Be wary of phishing attempts: Don't click on suspicious links or provide personal information in response to unsolicited emails. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
Securing your retirement accounts is not just about protecting your current savings; it's about safeguarding your future. By implementing a VPN and following best security practices, you're taking proactive steps to ensure that the nest egg you've worked so hard to build remains safe and secure. Remember, the small investment in a quality VPN service is negligible compared to the potential losses from a compromised retirement account.
Have you ever experienced a security breach? If so, what happened, and how did you respond to it? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Macs are safer than Windows PCs, but they’re not foolproof. Hackers occasionally find ways to infect Apple devices, and in most cases, we’re the ones who allow it. Since infiltrating Apple’s App Store is difficult, hackers trick people into downloading apps from third-party stores or random websites.
These apps look legitimate but are actually tools for infecting devices with malicious software. A recent incident highlights this issue, with North Korean hackers targeting Macs by hiding malware in seemingly harmless macOS apps.
Recent discoveries by Jamf Threat Labs have unveiled a sneaky form of malware targeting macOS computers. While it may sound technical, understanding the basics of how this malware operates can help you stay safe online.
This malware hides in seemingly harmless applications, such as a game called Minesweeper and a note-taking app referred to as a Notepad. These apps function as expected, but behind the scenes, they run malicious programs that could allow hackers to take control of your computer.
The apps use a technology called Flutter, a tool often used to create apps that work on multiple devices like phones and computers. Flutter makes it easier for app developers to design their software, but its unique structure also helps hackers hide their malicious code, making it harder for experts to detect.
Once installed, the malware connects to a remote server (think of it as a command center for hackers) to receive instructions. These instructions could include running commands on your computer without your knowledge. One trick this malware uses is running AppleScripts, a type of script built for macOS systems, which can quietly execute commands to steal your data or even control your device.
Even scarier, some versions of this malware had been signed and approved by Apple’s security system before experts caught on. This means the hackers were testing how far they could push their schemes without raising suspicion.
This malware isn’t just a random act of cybercrime, it has ties to tactics and techniques often associated with North Korean hackers. Experts have identified similarities between this malware and previous attacks linked to North Korea, including the use of certain coding methods and domains that the country’s cyber teams are known to exploit.
North Korea has a history of using cyberattacks to fund its operations or disrupt systems worldwide, often targeting financial systems or vulnerable individuals. In this case, the malware seems to be in the testing phase, potentially laying the groundwork for a larger attack in the future.
The apps containing the malware were designed to look harmless. These tactics suggest a focus on tricking people through social engineering, a method North Korean hackers have used in the past.
By embedding the malware within apps that appear useful or fun, the attackers can increase the chances of someone downloading and using the infected software. While this particular malware has not yet been linked to active attacks, its connection to North Korea’s cyber playbook is a strong indicator of potential risks ahead.
1) Use reliable antivirus software: A strong antivirus program is your first line of defense against malicious links and malware that could steal your private information. Avoid clicking on random links, especially in emails or messages that claim to be urgent or demand updates. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. It can also warn you about phishing emails and ransomware scams, helping to keep your personal data and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Be careful with downloads and links: Only download apps from trusted sources like the Mac App Store or official websites of known developers. Hackers often disguise malware as legitimate updates or harmless apps.
3) Keep your software up to date: Regular updates for macOS and installed apps are essential because they patch security flaws. Apple frequently rolls out updates to address vulnerabilities, so enabling automatic updates ensures you stay protected without the hassle of manually checking for them.
4) Use strong, unique passwords: A strong password can help keep your Mac safe from unauthorized access. Avoid reusing passwords across different accounts. A password manager can be incredibly helpful here—it generates and stores complex passwords for you, making them difficult for hackers to crack.
It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches. Get more details about my best expert-reviewed Password Managers of 2024 here.
5) Enable two-factor authentication (2FA): Activate 2FA for key accounts like your Apple ID, email, and financial services. This adds a second layer of security, making it much harder for attackers to access your accounts—even if they have your password.
I've noticed a significant rise in malware hiding in seemingly harmless apps, whether it's related to Mac, Windows, Android, or even iPhones. It just shows that no device is completely safe, not even one made by Apple. Hackers, including those backed by North Korea, are constantly finding new ways to trick users into downloading malicious software. These attacks often fly under the radar because they look like regular, safe apps. With these threats becoming more sophisticated, it’s more important than ever to stay aware of the risks and be cautious about what you download and click on.
Do you trust third-party app stores or only use official app marketplaces? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
The Federal Aviation Administration (FAA) confirmed Tuesday it issued two flight restrictions following questionable drone activity in the area of President-elect Trump's New Jersey golf club.
On Nov. 18, the FAA first received reports of drone activity within Morris County, the border of which lies about two miles north of Trump National Golf Club Bedminster in Somerset County.
Upon request from "federal security partners," the agency issued two TFRs, or temporary flight restrictions, and several reports of drone sightings continued into this week in Central Jersey.
One restriction covers an area near Solberg-Hunterdon County Airport that consists of airspace above Trump Bedminster. Flights are also banned over Picatinny Arsenal, a major U.S. Army hub in Dover, N.J., geared toward research and development via its CCDCAC armaments center.
The ban remains in place over Trump Bedminster for the rest of this week and over Picatinny Arsenal until Dec. 26.
"Safely integrating drones into the National Airspace System is a key priority for the FAA," the agency said in a statement Tuesday.
"We look into all reports of unauthorized drone operations and investigate when appropriate," the agency said, adding drone pilots who endanger aircraft or people can have their certification revoked and/or face $75,000 in fines.
Local media reported law enforcement has also been probing continued drone activity in the area.
Sightings have also occurred a few miles north of Bedminster in Mendham and Parsippany, where I-80 meets I-287.
A Parsippany woman told the Morristown Record she saw as many as five drones overhead Sunday night.
Morris County Sheriff James Gannon told New Jersey Patch there is "no advisable immediate danger to the public at this time" and asked the public to send law enforcement clear photographs of the drones.
An FBI spokeswoman told the outlet the bureau’s Newark field office and New Jersey State Police are investigating.
Fox News Digital reached out to Team Trump as well as the U.S. Army’s garrison at Picatinny for comment.
The drone sightings in New Jersey come as unidentified drones have been seen over British-American joint bases in the United Kingdom.
"Swarms of small drones" have been seen over Royal Air Force (RAF) Lakenheath, RAF Mildenhall, RAF Fairford and RAF Feltwell in England. Some of those bases house F-15 and F-35 fighter jets.
The British military sent dozens of personnel to protect the bases, and a Pentagon spokesman said Nov. 26 none of the incursions affected the base’s buildings, personnel or assets.
Nineties punk rock band Green Day also paused a September show in Detroit after a drone was spotted overhead. Frontman Billie Joe Armstrong rushed backstage as he closed out "Longview."
The show resumed about 10 minutes later, and Detroit Police said a man was detained.
Fox News’ Jennifer Griffin, Liz Friden and Bradford Betz contributed to this report.
The federal judge overseeing Hunter Biden’s gun trial terminated further court proceedings in his case on Tuesday, in the wake of President Biden’s sweeping pardon that shields his son from being prosecuted for all offenses that he "has committed or may have committed" from Jan. 1, 2014, through Dec. 1, 2024.
U.S. Judge Maryellen Noreika, the presiding judge in Biden’s trial in Delaware, announced Tuesday the termination of all further proceedings in the case, citing the clemency grant signed by the outgoing president.
Judge Noreika stopped short of dismissing the case outright, however, as requested by Hunter’s legal team.
A Delaware jury found Hunter guilty this summer on all three federal felony firearm charges that had been brought before the court by prosecutors.
Prior to the sweeping pardon announcement, his sentencing date had been scheduled for Dec. 12.
In announcing the pardon, President Biden criticized the unfair investigation and prosecution of his son, a process he said was "infected" by politics and led to a "miscarriage of justice."
"No reasonable person who looks at the facts of Hunter’s cases can reach any other conclusion than Hunter was singled out only because he is my son — and that is wrong," the president said in a statement Sunday.
However, some critics also noted the pardon broke with Biden's longtime promises not to pardon his son and risks further eroding the public's view of the Justice Department.
Hunter also pleaded guilty on tax evasion charges in California, which the pardon also covers.
The judge in that case, Judge Mark Scarsi, has not yet announced whether he will terminate the proceedings against Hunter or dismiss the case in full.
This is a breaking news story. Check back soon for updates.
A House Democratic staff member has lost his job after allegedly trying to bring ammunition into the Cannon House Office Building this week.
Michael Hopkins, the 38-year-old communications director for Rep. Joe Morelle, D-N.Y., was arrested Monday morning by the U.S. Capitol Police.
"In response to this morning’s incident, Mr. Hopkins is no longer employed by Representative Morelle’s office effective immediately," Jo Stiles, Chief of Staff to Rep. Morelle, said in a statement obtained by Fox News Digital.
Capitol Police told Fox News on Monday that "At approximately 8:45 a.m., a House staffer entered the Cannon House Office Building and put his bag through screening. USCP officers noticed what appeared to be ammunition on the x-ray screen."
"After a hand search of the bag, officers found four ammunition magazines and eleven rounds of ammunition. The staffer told the officers that he forgot the ammunition was in the bag," the statement continued.
Capitol Police say Hopkins is now facing charges for unlawful possession of ammunition, including one charge for possession of a high-capacity magazine.
Morelle's office said prior to the announcement of Hopkins’ firing that it was gathering more information about the arrest.
"As Ranking Member of the Committee on House Administration, Congressman Morelle is devoted to ensuring a safe and secure workplace for all," it said in a statement.
Fox News’ Chad Pergram contributed to this report.
Login
