Gamers Hit with Social Engineering Attack

Gamers Hit with Social Engineering Attack

Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.

The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employee. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More

If the term ‘social engineering attack’ is new to you … you are not alone.

Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.

Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:

– Phishing – fraud, impersonation and old-fashioned blackmail.

– Baiting – fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”

– Pretexting – this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.

– Spear Phishing – this is a very targeted email attack on specific employees (or sometimes organizations as a whole).

Tips:

– Only click on URLs that begin with https.

– Enable multi-factor authentication when available.

– Use a spam filter.

– Use a pop-up blocker.

– Do your research and check if a website or contact is legit.

– Never insert a USB into your device unless you know and trust exactly who it is from.

– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.

Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com

Financial Tips for 2024 Grads

Financial Tips for 2024 Grads

It’s that exciting time of year! Cap and gowns are coming in and Pomp and Circumstance is running through your head as you prepare for the big event. If you’re a parent of a soon-to-be high school graduate, dollar signs may be running through your head as well, along with advice … and lots of it!

If you’re a grad, get ready to hear life experience stories from your graduation speaker and many others. The Federal Trade Commission (FTC) has some advice for you as well. Learn how to recognize financial scams. Younger people report losing money to fraud more often than older generations. According to Colleen Tressler, Consumer Education Specialist, FTC, 43% of those who reported fraud were in their 20s, while only 15% were in their 70s. During the first six months of 2023, social media was the point of contact in 38% of fraud losses for people in their 20s. For those 18-19 years old, the figure was 47%.

What can you do to help avoid financial fraud?

Never give out money or any personal identifying information (PII) in response to an unexpected request. Be wary of texts, phone calls and emails. Scammers commonly pretend to be someone you trust.

Do your research. Be smart with your online searches and use terms like “complaint,” “scam” or “alert” along with the company name when you search.

Understand that there’s no such thing as truthful caller ID anymore.

Don’t wire money. Government and legitimate companies will not require you to pay for products or services with a re-loadable gift card. Even using cards like iTunes and Google Play are risky.

Recognize that robocalls are illegal and should be reported to the FTC. If you mistakenly answer one of these calls, hang up immediately.

Looking for a job after graduation can be quite stressful especially if you’re supporting yourself for the first time.

Check out job placement firms closely. These companies should not be charging high fees in advance for any type of service without a guarantee of placement.

Keep in mind that the promise of a job isn’t the same thing as job. If you have to pay for that promise, it’s likely a scam. Read More

Realize that there are many fake jobs listed on social media. Google the company name and visit their website along with the search term “career.” If jobs are not listed on their website and nothing comes up on Google, those are red flags.

Don’t give out any credit or bank account information over the phone to a company unless they have hired you and have agreed to pay you something.

Get job details in writing and take time to go over the small print. A legitimate company won’t pressure you into making an on-the-spot decision regarding your career.

CNN recently reported some smart money moves for graduates, such as aiming to live within your means and knowing what your means actually are. Check out their tips HERE.

Congratulations and make sure you enjoy your special day. We wish you the best of luck in your future endeavors!

For more information, visit https://www.consumer.ftc.gov.

Photo courtesy Jonathon Daniels via unsplash.com.

Consumer Fraud Losses Top $10 Billion

The Federal Trade Commission (FTC) recently released data showing that consumers reported losing more than $10 billion to fraud in 2023. This marks a 14% increase over reported losses in 2022. Fraud data came from 2.6 million consumers last year, nearly the same as 2022. Consumers reported to the FTC that they lost more money to investment scams – more than $4.6 billion – than any other category in 2023. The second highest loss category was imposter scams with losses of nearly $2.7 billion.

The following is a breakdown of the top frauds reported:

– Imposter scams (in business and government impersonators)

– Online shopping scams

– Prizes, sweepstakes and lottery scams

– Investment scams

– Business and job opportunity scams

The method scammers reportedly used to reach consumers most commonly was via email, which has displaced text messages. Phone calls are now the second most reported contact method. LEARN MORE

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

Help Spread the Word: Identity Theft Awareness Week

Help Spread the Word: Identity Theft Awareness Week

Welcome to Identity Theft Awareness Week. January 29th to February 2nd, otherwise known as #IDTheftWeek, exists to spread resources so you and your loved ones can stay ahead of identity thieves. Whether you’re a business owner, a young adult, a service member, an older adult or someone caring for a senior, understand that knowledge is power and identity theft knows no boundaries.

With tax season right around the corner, it is especially important to know that one of the biggest signs of identity theft is when you are unable to file your tax return because someone else has already filed one using your personal identifying information (PII). Other signs of identity theft include seeing unfamiliar transactions on one of your accounts and/or seeing new accounts you didn’t open on one of your credit report checks.

Here are five tips from the Federal Trade Commission (FTC) to help protect your identity:

– Read your credit card and bank statements carefully. If there is something that you don’t recognize, check into it. Even though you might have dreamed about a Louis Vuitton handbag, chances are you would know if you purchased one and certainly wouldn’t be footing the bill if you didn’t.

– Know your payment due dates. If a bill you pay regularly, such as your electric or water bill, doesn’t appear in your mailbox (or inbox), contact the provider immediately. The last thing you want is to have anything shut off in the dead of winter or an energy bill that is three times what you were expecting.

– Shred any documents that contain your PII, medical or financial information. Many national chains provide shredding services if you don’t own a personal shredder. Check out your local UPS store or FedEx Office for options.

– Review each of your three credit reports at least once a year. Visit our credit report check for more information.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

Photo courtesy credit: Dylan Gillis via Unsplash.com

 

Scammers are Impersonating FTC Inspector General Katsaros

Scammers are Impersonating FTC Inspector General Katsaros

The Federal Trade Commission (FTC) has released that scammers are using the names of their employees, including the Inspector General Andrew Katsaros to trick people into sending money or giving up their personal identifying information (PII).

What you need to know:

The FTC won’t threaten you or demand a payment. If you receive a phone call or mail with the name of the FTC Commissioner or staff member that threatens some dire consequence if you don’t pay immediately, it’s a scam. Don’t pay.

The FTC doesn’t give out prizes. If someone contacts you claiming that you need to pay to get your prize, it’s a scam. Don’t pay.

FTC employees won’t identify themselves with a badge number. If someone claiming to work for the FTC gives you a badge number, it’s a scam. Don’t fall for it and keep your PII safe!

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Source: Federal Trade Commission

Photo Credit: Courtesy of Bermix Detail via unsplash.com

Consumers Lost Nearly $8.8 Billion to Scams in 2022

The Federal Trade Commission (FTC) has recently released data showing that consumers lost over $8 billion to scams in 2022. This massive loss is an increase of more than 30% compared to 2021.

The majority of the crimes came from investment scams ($3.8 billion) and imposter scams ($2.6 billion). Online shopping scams were more commonly reported of the 2.4 million fraud reports from consumers. The FTC also noted that the highest reported losses came from social media, and then followed by phone calls with the highest per person median loss of $1,400. Learn more HERE.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827.

 

Hurricane Ian Scams: Protecting Yourself from Charity and Disaster Fraud

Hurricane Ian Scams: Protecting Yourself from Charity and Disaster Fraud

On September 28th, Ian, the fifth strongest hurricane on record in the United States, slammed into Florida as a category four. Devastation, flooding, loss of life and significant property damage along the rest of Ian’s path occurred in multiple states over the next few days. Following natural disasters like Ian, charity and disaster schemes from scammers quickly come to surface to those who were directly impacted and others that want to help.

The Federal Bureau of Investigations (FBI) has sent out reminders and tips on how to avoid falling victim to charity and disaster fraud.

– All government officials are required to carry official identification and show it if requested. If you are hesitant to believe them, contact the FBI directly to confirm their identity.

– All Federal Emergency Management Agency (FEMA) and assistant agencies will not ask for money to apply for assistance and they will not ask you for any financial information. If someone comes door-to-door, calls, texts or emails you, do not immediately give out your personal identifying information (PII), such as your social security number or bank account information, without first confirming their identity as legitimate and not a scammer.

– If you would like to donate to the many charities that are assisting survivors, understand that there are some fake charities out there. Unless you are giving to a charitable agency that you know and trust, go online and research the reviews and ratings as established by the Better Business Bureau (BBB). If you do donate, use a credit card. Gift cards and wire transfers are highly discouraged. Also remember that no legitimate agency is going to pressure you to donate.

We would like to remind you to not click on links from sources you do not know. The FBI suggests to manually type out the links instead of clicking them to prevent attempts to download viruses on your cell or laptop/computer.

As always, if you have any questions or concerns or suspect that you or a family member has been a victim of fraud, please contact Member Services immediately. We are open and always available for you 24/7/365 at 888.966.GUARD (4827).

 

Photo credit: NASA under license via unsplash.com.

How to Spot a Hacker Going After Your Business

How to Spot a Hacker Going After Your Business

When you think of a “bad guy,” what comes to mind? Someone sitting alone hunched over a keyboard in a dark hoody in a dark basement with fast typing fingers and maybe sporting a three-day-old beard? And what do you picture this anti-social “bad guy” doing? Are they only going after huge corporations and corrupt politicians? Nope! But that is what pop society has been assuming cybercrime is and that the everyday individual or smaller organizations aren’t being targeted.

 

The reality is that many of the faces of modern cybercrime don’t look like what we have read in fictional books and seen on tv and in the movies. These cybercriminals are much harder to spot because “they look a lot like legitimate businesses than you might expect,” Hubspot reported. “The work they might do day-to-day to steal personal information and disrupt businesses is pretty boring.”

 

So why do they hack? Money! Cybercrime has cost the world just under a trillion dollars in 2020.

 

The fact is that your Personal Identifying Information (PPI) is just like a currency. When stolen and aggregated, PPI can be sold for a hefty profit and “it’s a lot easier to try to get into your business’s data than to try to gather their own to sell.” Many websites sell aggregated collections of email addresses and passwords that have been gathered from past data breaches. From there, all it takes is a bit of unsophisticated scripting to use these emails and passwords to try to log into different websites across the internet.

 

“These folks aren’t looking to hit the biggest, most valuable businesses. It’s a case of quantity over quality.” These villains take a few thousand emails and passwords and see how many of them work out against high value services (such as email providers or CRMs) to see what data can be pulled out of those accounts to sell or how they can use those accounts for phishing emails or ransomware.

 

Look at the statement released by Darkside, the group whose ransomware attack brought down the Colonial Oil Pipeline and caused gas prices to spike in May this year. They released: “We are apolitical, we do not participate in geopolitics, do not need to tie use with a defined government and look for other motives. Our goal is to make money and not creating problems for society.” They want cash flow not world domination.

 

Hubspot reported in a blog last month written by Ryan DiPetta, “A lot of hackers look and behave like legitimate businesses, even if they do illegitimate things. Maybe they work a regular nine to five schedule. Maybe they take vacations with their kids. They’re trying to build a business just like you, too … but their business is built on theft and exploitation of your business and the data and trust of your customers.”

 

Are you and your employees protected? For more information on how to protect your company’s bottom line and employees by providing this must-have voluntary benefit, please click HERE.

 

Our team at Guard Well Identity Theft Solutions is available 24/7/365. Contact us at 888.966.GUARD (4827) or email [email protected] if you suspect fraud or have any concerns. We are here to help!

 

Photo credit: Markus Spiske via Unsplash.com

The Steps We Take to Protect Your Identity

The Steps We Take to Protect Your Identity

Identity theft is inevitable. If it hasn’t already, it will victimize you, a family member, or an employee’s life in the near future. ‘Data Harvesting’ has become a major threat to identity protection. Browsing history, online shopping, and messaging data is being used against you.

 

The statistics are overwhelming. Cyber attacks, malware, and phishing scams have increased over 1000% since Covid-19 began. There are 3.5M Google searches every minute and 4.4B Facebook messages each day … all of that information is collected, stored, and sold. Essentially, your data is being stolen then sold back to you.

 

As a leader in the identity protection space, we are advocating for laws to protect the American consumer from Data Harvesting. Additionally, of the 8.5 billion IP addresses worldwide, 3.5 billion of them are malware. It is our hope that stronger IT security efforts are implemented in America (and worldwide) to block the thieves from stealing your information.

 

Protecting identity includes five main steps:

 

1. Implementing proactive safeguards with Guard Well fraud specialists.

2. Protecting personal identifying information (PII), such as social security number, date of birth, driver’s license ID number, financial institution account numbers, passport number, IP addresses, passwords, etc. Remember that even the smallest amount of stolen PII can be used against you.

3. Browsing in incognito or private mode, deleting unused email accounts, using two-factor authentication whenever possible, changing your passwords every 60 days, and removing your information from ‘people finder’ sites.

4. Monitoring credit and identity to quickly detect theft/fraud when it occurs.

5. Resolving all theft/fraud issues completely and continuously monitoring for recurrence.

 

Finally … we always strongly recommend that you DO NOT CLICK on any online link that you are not 100% certain is safe, secure and legit.

 

For more information on how to protect your employees by providing this must-have voluntary benefit, please click on the flyer: GW_Flyer_070821_OnePageMktgPiece

 

Our team at Guard Well Identity Theft Solutions is available 24/7/365. Contact us at 888.966.GUARD (4827) or email [email protected] if you suspect fraud or have any concerns.

Bogus COVID Vaccine Survey

Bogus COVID Vaccine Survey

As millions of Americans are being vaccinated against COVID-19, scammers are working hard to steal their money and personal information through bogus COVID vaccination surveys. This can be confusing especially since there is a ‘v-safe’ after vaccination health checker that you are asked to download at the vaccination site after your first dose. V-safe is a legitimate app, which is a smart-phone based tool that uses text messaging and web surveys to provide personalized health check-ins after you receive a COVID-19 vaccination. Literature from v-safe says, “Through v-safe, you can quickly tell CDC if you have any side effects after getting the COVID-19 vaccine. Depending on your answers, someone from CDC may call to check on you. And v-safe will remind you to get your second vaccine dose if you need one.” For more information, visit https://vsafe.cdc.gov/en/.

 

Although v-safe is safe and legitimate, scammers have developed a new trick to steal. It doesn’t matter if the vaccine received was Pfizer, Moderna or AstraZeneca, people all across the country are being asked to complete a one-time survey in exchange for a free reward but one that requires the victim to pay shipping fees. According to the Federal Trade Commission, “No legitimate surveys ask for your credit card or bank account number to pay for a ‘free’ reward.”

 

What should you do if you receive an email or text you’re not sure about?

– In order to prevent malware that steals your personal information, don’t click on any links or open attachments.

– Don’t call or use the number in the email or text. The first thing you can do is run a search of the company that supposedly sent the message by looking up their phone number online.

– Don’t give out any bank information, credit card or other personal information to any organization that contacts you out of the blue.

– Consider adding a filter to prevent unwanted text messages on your phone by contacting your wireless provider and/or utilizing a call-blocking app.

 

Be vigilant. Be strong. If you have any concerns or think you have been a victim of a COVID vaccination scam, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.GUARD (4827).

 

Photo by National Cancer Institute on Unsplash.com