Gamers Hit with Social Engineering Attack

Gamers Hit with Social Engineering Attack

Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.

The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employee. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More

If the term ‘social engineering attack’ is new to you … you are not alone.

Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.

Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:

– Phishing – fraud, impersonation and old-fashioned blackmail.

– Baiting – fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”

– Pretexting – this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.

– Spear Phishing – this is a very targeted email attack on specific employees (or sometimes organizations as a whole).

Tips:

– Only click on URLs that begin with https.

– Enable multi-factor authentication when available.

– Use a spam filter.

– Use a pop-up blocker.

– Do your research and check if a website or contact is legit.

– Never insert a USB into your device unless you know and trust exactly who it is from.

– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.

Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com

ALERT: Toll Smishing Text Scam – Do Not Click!

ALERT: Toll Smishing Text Scam – Do Not Click!

The Ohio Turnpike and Infrastructure Commission, the FBI and SunPass are warning drivers of a text message smishing scam that requests payment for unpaid tolls. The FBI is recommending that if you receive a message like the one shown below, to take the following actions:

– Do not click the link in the text.

– Contact the FBI’s Internet Crime Complaint Center, also known as IC3, at www.ic3.gov, and include the phone number the text came from and the website listed within the text.

– If you have an EZ-Pass or SunPass account, check it via their legitimate website and let them know about the text.

– Delete the smishing text you received.

– If for any reason you accidentally clicked the link in the text and made a payment, contact your financial institution immediately to help secure your personal information and financial accounts. Contact our Member Services team at 1.888.966.4827 (GUARD) or email [email protected].

Screenshot image of a sample scam on an iphone

Being informed of what steps you may need to take before a slip up happens can help ease the potential damage (and your stress level) if it does occur. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 1.888.966.4827 (GUARD) and [email protected].

Investment Opportunity or Not? Keeping Eyes on Your 💰

Investment Opportunity or Not? Keeping Eyes on Your 💰

One of the top scams of the century involving investments is making a comeback in 2024. A fixed deposit, otherwise known as a term deposit, has traditionally been an investment plan that allows you to earn a safe guaranteed rate of interest for a lump sum over a fixed period of time. Funds can be withdrawn during the fixed term but there are fees to do so. Unfortunately, anyone with access to your personal identifying information and banking credentials can withdraw the money from these accounts.

Scammers desiring to cash in on anyone’s deal are offering fake investments that the masses are falling for. Here is how to get on the band wagon of what you need to know about fake fixed term deposit investment scams so you don’t fall victim:

– Understand that there is no such thing as easy money and it definitely doesn’t grow on trees.

– Every investment has some degree of risk. There is also risk in not investing at all so working with a reputable company registered with the Financial Industry Regulation Authority (FINRA), the Securities and Exchange Commission (SEC) or your state securities regulator is imperative.

– Get it in writing. If there isn’t any documentation that can mean that the investment may not be registered with the SEC and is not legit.

– An unsolicited phone call, text or email promising guaranteed profits is a really good reason to block the number or sender. With artificial intelligence (AI) having entered the pictured the last couple of years, it is understandably confusing as to who is real and who isn’t.

– If you are rushed to make any type of investment decision so you ‘don’t lose out’ and your gut tells you this investment is smelling fishy, then it’s probably ‘phishy,’ a scam technique that isn’t going away anytime soon. To learn more about phishing scams, check out the Federal Trade Commission’s article on the subject HERE.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy credit: Micheile Henderson on Unsplash.com

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

Our security teams have recently discovered that over 25 million people have been impacted by data breaches involving TruthFinder, Instant Checkmate and Gemini.

Both TruthFinder and Instant Checkmate are subscription-based websites owned by PeopleConnect that allow users to do background checks on people by utilizing public records. The breaches for both companies occurred on April 12, 2019. While TruthFinder’s breach involves eight million account holders, Instant Checkmate’s is even larger impacting 12 million. Stolen account holder information includes users’ email addresses, phone numbers and passwords for both sites. Parent company PeopleConnect has confirmed that all customer accounts created between 2011 and 2019 have been impacted and that the published list originated inside their company. Learn More

Gemini (Gemini Trust Company, LLC) is a cryptocurrency exchange and custodian that allows customers to buy, sell and store digital assets. The American-owned company operates in the United States, Canada, the United Kingdom, South Korea, Hong Kong and Singapore. The breach size of 5.4 million originated December 13, 2022 as a result of a third-party incident. The company has declared that some customers have been the target of phishing campaigns from that third-party vendor exposing millions of email addresses and partial phone numbers. Learn More

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo by https://unsplash.com Erfan Parhizi

 

The Top Scams of 2022

The Federal Trade Commission (FTC) is a United States federal agency that works to prevent deceptive, fraudulent and unfair business practices. Their first objective is to identify fraud that cause the greatest consumer injury. Their second objective is to stop the fraud, deception and unfair practices through law enforcement. Finally, their third objective is to prevent consumer injury from happening in the first place through education.

Every year the FTC reports the top scam highlights of the previous year. This is how 2022 stacked up:

– Investment scams had the largest losses at $3.8 billion. Investment scams promise that you will make a lot of money quickly, easily and with low risk. The FTC reported that these scams involve the investment in financial or real estate markets. Learn how to research investment opportunities HERE.

– Impersonator scams were, once again, the most reported scam. Losses from these scams total $2.6 billion for 2022. The FTC reported that the major difference in this type of scam from the previous year is that there were higher losses to business imposters to the tune of $660 million in comparison to last year’s $453 million. Scams in this category include social security, IRS, romance, caregiver, family emergency, tech support and grandchild scams. Learn how to identify a scam happening to you or a loved one by viewing the short videos HERE.

How were scams identified and processed? Some losses were through bank transfers. Others started on social media and phone calls. Young adults in their 20s reported losses more often than seniors in their 70s. Unfortunately, the seniors lost more money than any other age group.

The FTC has a PDF available for download with a visual snapshot of the top frauds of 2022. Click HERE to learn about the rest of 2022’s top scams and view the PDF.

Guard Well Identity Theft Solutions exists to protect you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827.

Guarding Against Business Identity Theft

Guarding Against Business Identity Theft

Individuals aren’t the only targets for identity theft. Corporate, also known as commercial identity theft, saw a 46% increase last year according to the National Cybersecurity Society (NCSS). Although businesses of all sizes are at risk, small businesses are particularly vulnerable. “Small business identity theft—stealing a business’ identity to commit fraud—is big business for identity thieves,” remarks Mary Ellen Seale, CEO of NCSS.

 

She explains, “Unlike larger corporations, small businesses don’t always have the required security controls in place to detect and deter fraudulent activity, which can make them easier targets. There is also a general unawareness, among large and small businesses alike, of the magnitude of the threat and the devastating effects that business identity theft can have.”

 

Stealing an organization’s identity takes a lot less work than one might think. State laws require the public disclosure of proprietary business information in annual reports, names and addresses of key company personnel as well as the employee identification number (EIN). All of this information can be used by thieves to apply for a line of credit or loan as well as intercept business credit card information.

 

What can business owners do to help mitigate their risk?

 

– Educate your employees about phishing scams. Phishers aren’t just targeting your business … they are grabbing your customers, employees, partners and vendors. Make sure your employees know what red flags to look for when they receive an email that is asking for an action from them. Examples include bad grammar, misspelled words, links to unfamiliar websites and attachments.

 

– Don’t post sensitive company information on your website.

 

– Stay on top of computer security updates.

 

– Check your credit reports regularly.

 

– Follow the IRS new procedures to protect businesses. Visit https://www.irs.gov/individuals/identity-theft-guide-for-business-partnerships-and-estate-and-trusts for detailed information.

 

– File your company’s annual report on time and regularly check the secretary of state’s website. Keep in mind that if you operate your business in more than one state, each state may have their own due date.

 

Unfortunately, identity theft is here to stay. With the number of incidents growing each year, and financial losses piling up, it’s more important than ever for businesses to be vigilant. Do you have an anti-phishing plan for your business? Please contact us if you need assistance developing one or educating your employees about the topic.

 

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

Photo by Artem Beliaikin on Unsplash

How to Spot a Hacker Going After Your Business

How to Spot a Hacker Going After Your Business

When you think of a “bad guy,” what comes to mind? Someone sitting alone hunched over a keyboard in a dark hoody in a dark basement with fast typing fingers and maybe sporting a three-day-old beard? And what do you picture this anti-social “bad guy” doing? Are they only going after huge corporations and corrupt politicians? Nope! But that is what pop society has been assuming cybercrime is and that the everyday individual or smaller organizations aren’t being targeted.

 

The reality is that many of the faces of modern cybercrime don’t look like what we have read in fictional books and seen on tv and in the movies. These cybercriminals are much harder to spot because “they look a lot like legitimate businesses than you might expect,” Hubspot reported. “The work they might do day-to-day to steal personal information and disrupt businesses is pretty boring.”

 

So why do they hack? Money! Cybercrime has cost the world just under a trillion dollars in 2020.

 

The fact is that your Personal Identifying Information (PPI) is just like a currency. When stolen and aggregated, PPI can be sold for a hefty profit and “it’s a lot easier to try to get into your business’s data than to try to gather their own to sell.” Many websites sell aggregated collections of email addresses and passwords that have been gathered from past data breaches. From there, all it takes is a bit of unsophisticated scripting to use these emails and passwords to try to log into different websites across the internet.

 

“These folks aren’t looking to hit the biggest, most valuable businesses. It’s a case of quantity over quality.” These villains take a few thousand emails and passwords and see how many of them work out against high value services (such as email providers or CRMs) to see what data can be pulled out of those accounts to sell or how they can use those accounts for phishing emails or ransomware.

 

Look at the statement released by Darkside, the group whose ransomware attack brought down the Colonial Oil Pipeline and caused gas prices to spike in May this year. They released: “We are apolitical, we do not participate in geopolitics, do not need to tie use with a defined government and look for other motives. Our goal is to make money and not creating problems for society.” They want cash flow not world domination.

 

Hubspot reported in a blog last month written by Ryan DiPetta, “A lot of hackers look and behave like legitimate businesses, even if they do illegitimate things. Maybe they work a regular nine to five schedule. Maybe they take vacations with their kids. They’re trying to build a business just like you, too … but their business is built on theft and exploitation of your business and the data and trust of your customers.”

 

Are you and your employees protected? For more information on how to protect your company’s bottom line and employees by providing this must-have voluntary benefit, please click HERE.

 

Our team at Guard Well Identity Theft Solutions is available 24/7/365. Contact us at 888.966.GUARD (4827) or email [email protected] if you suspect fraud or have any concerns. We are here to help!

 

Photo credit: Markus Spiske via Unsplash.com

The Steps We Take to Protect Your Identity

The Steps We Take to Protect Your Identity

Identity theft is inevitable. If it hasn’t already, it will victimize you, a family member, or an employee’s life in the near future. ‘Data Harvesting’ has become a major threat to identity protection. Browsing history, online shopping, and messaging data is being used against you.

 

The statistics are overwhelming. Cyber attacks, malware, and phishing scams have increased over 1000% since Covid-19 began. There are 3.5M Google searches every minute and 4.4B Facebook messages each day … all of that information is collected, stored, and sold. Essentially, your data is being stolen then sold back to you.

 

As a leader in the identity protection space, we are advocating for laws to protect the American consumer from Data Harvesting. Additionally, of the 8.5 billion IP addresses worldwide, 3.5 billion of them are malware. It is our hope that stronger IT security efforts are implemented in America (and worldwide) to block the thieves from stealing your information.

 

Protecting identity includes five main steps:

 

1. Implementing proactive safeguards with Guard Well fraud specialists.

2. Protecting personal identifying information (PII), such as social security number, date of birth, driver’s license ID number, financial institution account numbers, passport number, IP addresses, passwords, etc. Remember that even the smallest amount of stolen PII can be used against you.

3. Browsing in incognito or private mode, deleting unused email accounts, using two-factor authentication whenever possible, changing your passwords every 60 days, and removing your information from ‘people finder’ sites.

4. Monitoring credit and identity to quickly detect theft/fraud when it occurs.

5. Resolving all theft/fraud issues completely and continuously monitoring for recurrence.

 

Finally … we always strongly recommend that you DO NOT CLICK on any online link that you are not 100% certain is safe, secure and legit.

 

For more information on how to protect your employees by providing this must-have voluntary benefit, please click on the flyer: GW_Flyer_070821_OnePageMktgPiece

 

Our team at Guard Well Identity Theft Solutions is available 24/7/365. Contact us at 888.966.GUARD (4827) or email [email protected] if you suspect fraud or have any concerns.

Guard Well Introduces Three Bureau Credit Report & Score Center

Guard Well Introduces Three Bureau Credit Report & Score Center

Now more than ever, having the right identity theft protection in place is critical. “Cyberattacks, especially phishing scams, are on the rise and that means that identity theft rates are increasing as well,” remarks E. Allan Hilsinger, Founder and CEO of Guard Well Identity Theft Solutions. “Although identity theft is not preventable, it is key to be proactive and identify issues swiftly. This is why we developed the Guard Well Credit Report and Score Center.”

 

In order to assist Guard Well Members and the general public in being cyber smart, Guard Well’s new ‘a la carte’ feature will help save time and identify issues before they could potentially turn into huge problems.

 

To obtain your three-bureau credit reports and score, please visit the Guard Well website and click on the red button in the upper right-hand corner that says Get My Credit Report and Score. Or, visit www.guardwellcredit.com to view your reports and scores within seconds.

 

 

You do not have to be a Guard Well member to utilize this special feature. For a one-time fee of $19.95, you have access to all of your credit reports and scores within seconds. The process is clearly explained with easy to understand instructions to walk you through the activity quickly.

 

First, you will enter your personal information and then agree to Terms and Conditions. Then you will verify your identity by accurately answering the questions provided. On the next page, you will enter your credit/debit card payment information. Once submitted, all three credit bureau reports and scores (Experian, Equifax and TransUnion) will appear in seconds for you to review and print.

 

After you complete this process, reach out to us immediately if you notice anything unusual in your reports. Be smart. Be vigilant. Be strong. We are always available 24/7/365 if you ever have any questions or concerns. Call us at 888.966.GUARD (4827) or email [email protected].

 

Photo credit: Photo by Dylan Gillis via Unsplash.com.

 

 

 

 

Working from Home Cybersecurity Tips

Working from Home Cybersecurity Tips

Coronavirus has forced millions of Americans to work remotely from their homes. Although working from home helps with social (physical) distancing by preventing the spread of COVID-19, there are many new challenges that have come with teleworking. For example, many states have closed schools for weeks, and for some, the entire rest of the school year. Parents may be juggling work while their children are learning remotely. You may find yourself becoming an expert with practicing mindfulness along with new software and conferencing programs, such as Zoom and GoToMeetings (or if you aren’t, your children blessedly are).

 

As we are being forced to slow down the pace of everyday life, we recognize that a lot of good can come out of this time. But, on the other side of the coin, there is the growing opportunity for cybercriminals to trick us into forking over passwords during this learning transitional period. Reuters reported last week that “some researchers have found hackers masquerading as the U.S. Centers for Disease Control and Prevention in a bid to break into emails or swindle users out of bitcoin, while others have spotted hackers using a malicious virus-themed app to hijack Android phones.” Our blogs last week provided some details on these new scams.

 

The Federal Trade Commission (FTC) has some tips to help protect your devices and personal information while working from home:

Start with cybersecurity basics. Keep your security software up-to-date. Use passwords on all your devices and apps. Make sure the passwords are long, strong and unique. The FTC suggests using at least 12 characters that are a mix of numbers, symbols and capital and lowercase letters.

Secure your home network by starting with your router. Turn on encryption (WPA2 or WPA3), which scrambles information sent over your network so outsiders can’t read it. If no WPA2 or WPA3 options are available with your current router, considering replacing your router altogether.

Keep an eye on your laptop and make sure it is password-protected, locked when you aren’t using it and secure. We suggest that it is never unattended, such as out in plain sight in a vehicle. Even if your doors are locked, windows can easily be broken.

Securely store your physical files. Strong physical security is an important part of cybersecurity. If you don’t have a file cabinet at home that is lockable, consider using a locked room. Read this blog by the FTC to learn more tips about physical security.

Dispose of sensitive data securely. Invest in a shredder if you don’t already have one. Throwing paperwork you no longer need in the garbage or recycling bin can be a treasure for a pirate especially if it includes personal information about customers, vendors or employees.

Follow your employer’s security practices. Since your home is now an extension of your office, make sure that you understand the protocols that your employer has implemented.

 

Be smart. Be vigilant. Be strong. Please don’t hesitate to reach out if you need help. We are available 24/7/365 for you and your family members at 888,966.GUARD (4827) and [email protected].

.