Hacking attacks and security breaches…

Hacking is in the news all too frequently today.  Breaches at Target, Home Depot, JPMorgan Chase are a few of the security hacking scandals of criminals breaking into systems that we’ve all heard about.  When you first heard the news story of Target, for example, you probably asked yourself, like I did,  ” When was the last time you shopped there?”  Unfortunately, there is little that you can do to prevent these breaches other than perhaps paying cash for purchases or hiding your money under your mattress.

Target’s breach occurred last year when cyber criminals stole 40 million credit and debit cards from their customers.  Then they sold them to the underground market where they can be purchased by other cybercriminals.

The Home Depot attack is similar to Target’s breach and the same groups may be behind the attack. The website Rescator, which some believe to be Russian backed has been associated with selling the stolen credit cards.

JPMorgan Chase, the largest U.S. bank by assets was breached when criminals stole customers’ contact information that including names, email addresses, phone numbers and addresses.  Fortunately, customers’ bank accounts and transactions were not affected.

However, hacker’s could use the customers’ emails, or phone numbers to attempt phishing, smishing or vishing scams or pharming.  These kinds of attacks you can do something about and take pro-active measures.

1. Know the Cyber-Crime Lingo:   

Phishing scam: Phishing” refers to criminal activity that attempts to fraudulently obtain sensitive information, such as social security number, driver’s license, credit or debit card info, passwords or bank account information.  These phishing scams often come from ‘what look to be’ well-known companies, organizations, government agencies or educational institutions. They then use that information to open their own accounts, get credit in your name or control your bank accounts or engage in other criminal activities.

            Types of Phishing Scams:

Smishing Scam: Criminals contact victims via text messages sent to cell phones.

Vishing Scam (voice phishing): Criminals contact bank or credit union customers via live or automated phone calls

Pharming:  Pharming is another scam where a hacker installs malicious code on a personal computer device or server. The hacker is then able redirect a search to a fake website that looks like the real one without realizing it.  This is done in order to obtain account numbers, passwords or other sensitive information.

2. Stay on top of the news and be aware.

Unfortunately, cybercrime is on the rise.  It’s big business!  The thugs of yester-year within the U.S. could be identified and prosecuted.  Today’s online thugs could come from anywhere, any country and are not likely to be given up to the U.S. justice system.

3. Educate yourself, your kids and take pro-active steps

Communicate frequently to your kids about the safety measures they should be using to stay safe on their computer devices. Teach them to step back, slow down and ask these questions to avoid becoming a victim of a scam.

• Who sent the text or email?  Do you know them?  If not, do not click on any links.  Avoid emails that come from someone using only their first name.  If you don’t recognize the number that the text or phone call is coming from, don’t open it or answer it.  If it’s really important, believe me, they’ll get in touch with you.  They will leave a voice mail if it’s important, then you can decide whether it’s legit.  You can always look up the number of the person leaving the voice mail and not use the number they left in the voice mail if you’re not sure.  Always err on the side of caution.

• Does the email or text have an attachment? If so be extremely cautious.  If the attachment is executable i.e. a file with the extension .exe, .bat, .com, .vbs, .reg, .msi, .pif, .pl, then a red flag should go up.  Do not click on it with out checking the validity of the sender and message.  To verify the validity of the sender of a text, or email or if you receive a request asking you to call and you suspect it might be a fraudulent request, look up the organization’s customer service number and call that number rather than the number provided in the email, text or phone call.

• Is the sender requesting personal information? Do not reply.

• Are there grammatical errors? This could mean its being sent by someone from a different country.

• Does the URL of the link look legit when you mouse over it?

4.  Let common sense prevail.

If the email, text or voice mail sounds like it’s too good to be true then it probably is.  Kids could easily fall prey to these kinds of scams because of their lack of real world experience and naivety.   Teach your kids that no one if going to send them an email saying they won a new car or tell them how they can quickly put $5000. in their bank account.  Avoid emails or texts with a sense of urgency such as, “Your invitation set to expire,”  “Final notice” or “It’s your last chance.”

5.  Report it.

If you are sure that you have received one of these types of phishing scams report it to the fraud department of the company, or institution in question so that they can attempt to find the culprit.