Equifax has reported a data breach which has exposed non-public consumer information. As a courtesy to our customers, please see the Equifax Notice to Consumers that provides additional information. Consumers may also visit The Federal Trade Commission (FTC) website page for more information about this breach.
The Department of Homeland Security warns users to remain vigilant for malicious cyber activity that may use Hurricane releif as a method to exploit consumers. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to a Hurricane, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.
They encourage users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
Cybercriminals often use publicly available phone directories, so they might know your name and other personal information when they call you. They might even guess what operating system you're using. Once they've gained your trust, they might ask for your user name and password or ask you to go to a legitimate website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information are vulnerable. Do not trust unsolicited calls. Do not provide any personal information. If someone calls you and is claiming to be tech support do not purchase any software or services from them. Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer. Never provide your credit card or financial information to someone claiming to be from tech support.
E-mail Account Compromise (EAC) is a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. In EAC scams, criminal actors use social engineering or computer intrusion techniques to compromise the e-mail accounts of unsuspecting victims. In many cases, a criminal actor first gains access to a victim’s legitimate e-mail address for reconnaissance purposes. The criminal actor then creates a spoofed e-mail account that closely resembles the legitimate account, but is slightly altered by adding, changing, or deleting a character. The spoofed e-mail address is designed to mimic the legitimate e-mail in a way that is not readily apparent to the targeted individual. The criminal actor then uses either the victim’s legitimate e-mail or the spoofed e-mail address to initiate unauthorized wire transfers. To help protect yourself, do not open e-mail messages or attachments from unknown individuals and be aware of small changes in e-mail addresses that mimic legitimate e-mail addresses.
Has someone asked you to go get a gift card to pay for something? Lately, people have been asked to pay with gift cards – by a caller claiming to be with the IRS, or tech support, or a so-called family member in need. If you’ve gotten a call like this, you know that the caller will then demand the gift card numbers and PIN. And, poof, your money is gone.
Scammers are good at convincing people there really is an emergency, so lots of people have made the trip to a box store or convenient store to buy gift cards to send these callers. And scammers love gift cards – it’s one of their favorite ways to get your money. These cards are like giving cash – and nearly untraceable, unless you act almost immediately.
So here’s the most important thing for you to know: anyone who demands payment by gift card is always, always, always a scammer. Try this gift card buying exercise out at home – especially when anyone asks you to pay with a gift card:
Q: Should I buy an iTunes, Google Play, Food Lion, Acme, Walgreens, BestBuy, Amazon, CVS, Rite Aid or ANY OTHER gift card for someone who demands payment? For any reason?
Gift cards are for gifts, not payments. If you’ve bought a gift card and lost money to someone who might be a scammer, tell the company who issued the card. (The contact info might be on the card, but might require some research) Call or email iTunes or Amazon or whoever it was. Tell them their card was used in a scam. If you act quickly enough, they might be able to get your money back. But – either way – it’s important that they know what happened to you. And then please tell the FTC about your loss. Your report helps them try to shut the scammers down.
Many phishers actively target Gmail users and attempt to steal their credentials. Phishers will often say that you need to update your Gmail account information or your account will be suspended. The link provided in the email will appear to be https://accounts.google.com, but in reality the link will take the user to a site controlled by the phisher. Beware of these types of emails, and always double check that the URL in the address is what you expect before entering personal information or passwords. If you have Gmail, consider turning on two-step verification to add an extra layer of security to your Google Account.
Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries over the course of the past year.” Dorkbot-infected systems are used by cyber criminals to steal sensitive information (such as user account credentials), launch denial-of-service (DoS) attacks, disable security protection, and distribute several malware variants to victims’ computers. Dorkbot is commonly spread via malicious links sent through social networks instant message programs or through infected USB devices. To protect yourself you should use and maintain anti-virus software. You should also change your passwords often.