5 scams to watch for in 2015

Jan 5, 2015

Original Article: http://www.nj.com/business/index.ssf/2015/01/bamboozled_5_scams_to_watch_for_in_2015.html

Author: Karin Price

fake-fbi-block-virus

A screen shot of one of the many “ransonware” messages that say your computer or device is locked — often because you allegedly downloaded child pornography — until you pay a fee. (Courtesy FBI)

 

We’d love to say that scams will be on the decline in the new year.

Not so.

Scammers may change how they target you and your money, but unfortunately, they’re not going anywhere.

Here’s what to watch out for in 2015.

1. Ransomware

Cybercriminals certainly are creative. While some still outright hack to try to get your private account data or personal information, others have taken it to the next level.

They hold access to your computer, or even your handheld device, for ransom.

How does it happen? Most often, the user clicks on a link in an email or on social media, or opens an attachment, that appears to be innocent or to have come from a trusted source.

But it’s a fake. Called “ransomware,” the user has unleashed a program that encrypts files, making it impossible for the user to access anything on the machine. Then, the program demands payment to unlock them. 

These kinds of thieves sometimes impersonate law enforcement such as the FBI, and they say your computer has been locked because you viewed child pornography. Others are less specific about why your machine has been locked, but they all demand payment via hard-to-trace systems such as Bitcoin or MoneyPak.

So while we can tell you to avoid clicking on anything you don’t recognize, we know these swindlers impersonate trusted sources and fool you into thinking what you’re clicking on is safe.

So what do you do?

“Unfortunately, in most cases there is little that a consumer can do once their computer has been compromised, which is why it is so important to remain vigilant and prepared,” said Clinton Karr, a senior security strategist with online security firm Bromium, which conducted a study on the issue.

“In the case of an attack, the best hope for a consumer is that a security team has broken the encryption, but for most of the recent variants this is nearly impossible,” he said. “Consumers that consider paying the ransom should be aware that the more profitable these attacks become, the more common they will become and there is no guarantee that they won’t be attacked again.”

He said most anti-virus programs are of marginal use against some of these sophisticated attacks, so the best answer is to avoid clicking questionable URLs or opening attachments that may be infected. Consumer should also diligently install the newest patches and updates for their anti-virus programs, and frequently back up their files and folders on an external storage device.

2. Mobile Payments

Mobile payment systems are a relatively new frontier for both consumers and criminals, but it’s a veritable goldmine for the hacker who figures out how to scam the system.

Apple Pay

In this photo taken Friday, Oct. 17, 2014, Eddy Cue, Apple Senior Vice President of Internet Software and Services, demonstrates the new Apple Pay mobile payment system at a Whole Foods store in Cupertino, Calif. Apple launched the payment system that sidesteps wallets, the latest way for people to use their phones instead of cash or plastic to pay stores.AP Photo/Eric Risberg, File

“Many of the concerns expressed about mobile payments are overblown. The James-Bond-esque stealing of wireless data as it transmits between phones and payment terminals is – while technically possible – pretty unrealistic,” said consumer protection expert Bob Sullivan. “The real concerns I have about mobile involve consumers getting used to a whole new way of paying for things, which always opens the door for confusion and scams.”

Sullivan said the most likely problem will be consumers downloading what look like payment apps to their phones – and ending up with viruses that steal money instead.

Indeed, it seems that the easiest way to trick a consumer into transmitting their payment information is by creating fake payment apps. If a crook can get you to give out your information willingly, it’s a heck of a lot easier than stealing it.

And if you get used to paying for things by showing your phone, or having it scanned, or whatever the latest method will be, you might find yourself less worried about security.

Don’t be. It’s still your private financial information. Or, it was, until you handed it over to a huckster.

Stay vigilant, and don’t download every app that gives you a warm greeting.

And be sure you know where your phone is, and set up a solid password, otherwise anyone who gets their hands on your phone can go on a shopping spree.


3. Credit card chips

The newest trend in credit cards is chip-enabled cards. These have an actual computer chip inside, with the hopes that it will cut down on fraud.

Research firm Aite Group said that by the end of 2015, 70 percent of credit cards and 41 percent of debit cards in the U.S. will have these chips, known in the industry as EMV, short for Europay, MasterCard and Visa.

“Chip cards are good because they basically end the potential for hackers to clone cards – to steal account numbers and place them on mag stripes on fake plastic, and buy things with that fake plastic,” Sullivan said. “Criminals can’t make chip cards. Yet.”

If you have a credit card that’s expiring this year, or your card is lost or stolen, there’s a good chance your replacement card will have this chip.

The cards may be safer, but you will have to be smart. Watch out for emails that tell you it’s time to register your card, or ones that say your card has been compromised. Traditional phishing methods will apply here, so call the number on your card before you offer any information online.

“Chip cards don’t do anything to stop `card not present’ fraud online or on the phone,” Sullivan said. “And gas stations won’t have chip readers until 2017. So it’s going to be a very slow, steady march towards chip cards.” 


4. Social media scammers

Social media sites will remain a favorite of fraudsters.

Security company Proofpoint expects “inappropriate or malicious social media content to grow 400 percent.” In 2014, the company found a 650 percent increase in social media spam compared to the year before, and it found that 99 percent of malicious URLs led to malware installation or phishing sites.

phone on facebook

In this May 10, 2012 file photo, a view of an Apple iPhone displaying the Facebook app’s splash screen in front of the login page on a computer. AFP/Getty Images

That doesn’t mean you have to stay off social media, but don’t be so click-happy.

Online security firm BitDefender said in 2014, the most common Facebook scams included those that enticed you to click by promising nude photos and videos of — gasp! — your Facebook friends or celebrities. But nope. You’d just get a bad case of malware.

The study also found popularity in scammy posts that offered to show you who has been looking at your profile, and even fake ads that offer cheap pharmaceuticals, designer replicas, or prizes like cars and electronics.

You can expect more of the same in 2015.
5. The same old

Scammers are sure to keep trying to trick you into paying money — usually via MoneyPak or Western Union — to:
— avoid fines and prison because of overdue tax payments
— avoid jail time for skipping jury duty
— help your grandson or other relative get out of jail
 pay for a car on a phony version of eBay Motors
— pay for any product, listed on Amazon.com, but the third party seller wants to accept payment in a way that’s not Amazon Payments
— pay fees associated with a lottery or sweepstakes it says you’ve won

And there will be more ways they try to entice unsuspecting consumers. If anyone tells you to pay for anything via MoneyPak, assume it’s a scam. Because of frauds like these, Green Dot, the company that makes MoneyPak, is pulling the cards from shelves,but they won’t be completely gone until the end of the first quarter of 2015, Green Dot told us last week. It wouldn’t say, though, how many retailers were still selling the cards.

And if anyone sends you a check for a job or a sweepstakes win, and they want you to deposit the check and withdraw the money to pay any kind of fee by buying MoneyPak cards or Western Union, assume it’s a scam.


PROTECT YOURSELF

If you have concerns that any of these scams could lead to identity theft, be proactive.

Be sure to regularly check your bank and credit card statements regularly. Make sure you know what charges appear. If you’re not sure, contact your financial institution.

Also check your credit report regularly. You can get copies of your reports from the three major credit bureaus for free once a year at AnnualCreditReport.com. Some consumers like to check and compare all three at once, or you could check one every four months, spacing it out over the year. Look for any new accounts you don’t recognize, and if there’s a mistake, contact the credit bureaus immediately.