Friday, January 13, 2017

FTC - "Pass It On" commuity outreach program / Video

"Pass it on in your community"


Pass it On is the FTC’s consumer education campaign designed to encourage older adults to talk to their friends, neighbors, and relatives about scams. Because we’ve learned that sharing what you know can help protect someone who you know from a scam.
Now, we’ve got a new video that highlights how some local organizations are getting in on the act and using Pass it On materials in their communities – all in different ways. For instance, a Massachusetts agency distributes fraud prevention materials at community centers serving older consumers. A Connecticut publisher and state consumer protection office use the Pass it On tips in a community newspaper published in several languages. And a group of older actors performs skits for their peers in Southern California, giving their audience a heads-up on the latest frauds and rip-offs.

What can you do? Well, you probably know someone who could use a few tips on spotting scams. The next time you’re at your local library, church, or temple, or even visiting a relative in a nursing home, take a stack of Pass it On materials with you. You can order them online for free, in bulk, in English and Spanish.

Do you have other ideas on sharing tips in your community? Let us know your take on passing it on.

 Click the link below to see the FTC video.

FTC - Pass it on , Video

 

Tuesday, January 3, 2017

FTC - Understanding Mobile Apps

If you have a smart phone or other mobile device, you probably use apps – to play games, get turn-by-turn directions, access news, books, weather, and more. Easy to download and often free, mobile apps can be so much fun and so convenient that you might download them without thinking about some key considerations: how they’re paid for, what information they may gather from your device, or who gets that information.

Mobile App Basics

What’s a mobile app?

A mobile app is a software program you can download and access directly using your phone or another mobile device, like a tablet or music player.

What do I need to download and use an app?

You need a smart phone or another mobile device with internet access. Not all apps work on all mobile devices. Once you buy a device, you’re committed to using the operating system and the type of apps that go with it. The Android, Apple, Microsoft and BlackBerry mobile operating systems have app stores online where you can look for, download, and install apps. Some online retailers also offer app stores. You’ll have to use an app store that works with your device’s operating system. To set up an account, you may have to provide a credit card number, especially if you’re going to download an app that isn’t free.
Data Plans and Wi-Fi: Two ways to access the internet from your phone
You can access the internet using a data plan tied to your phone service, or through a Wi-Fi hotspot. Phone companies generally charge a monthly fee for a data plan that can connect you to the internet.
Wi-Fi connections usually are faster, but you have to be in range of a hotspot to use one. Most public Wi-Fi hotspots – like those in coffee shops, airports, and hotels – don't encrypt the information you send over the internet and are not secure. Get tips for using public Wi-Fi.
To set up a home wireless network, you'll need to pay for internet access and a wireless router, and you’ll want to take steps to secure the network.

Why are some apps free?

Some apps are distributed for free through app stores; the developers make money in a few ways:
  • Some sell advertising space within the app. The app developers can earn money from the ads, so they distribute the app for free to reach as many users as possible.
  • Some apps offer their basic versions for free. Their developers hope you’ll like the app enough to upgrade to a paid version with more features.
  • Some apps allow you to buy more features within the app itself. Usually, you are billed for these in-app purchases through the app store. Many devices have settings that allow you to block in-app purchases.
  • Some apps are offered free to interest you in a company’s other products. These apps are a form of advertising. 

Questions About Your Privacy

What types of data can apps access?

When you sign up with an app store or download individual apps, you may be asked for permission to let them access information on your device. Some apps may be able to access:
  • your phone and email contacts
  • call logs
  • internet data
  • calendar data
  • data about the device’s location
  • the device’s unique IDs
  • information about how you use the app itself
Some apps access only the data they need to function; others access data that’s not related to the purpose of the app.
If you’re providing information when you’re using the device, someone may be collecting it – whether it’s the app developer, the app store, an advertiser, or an ad network. And if they’re collecting your data, they may share it with other companies.

How can I tell what information an app will access or share?

It’s not always easy to know what data a specific app will access, or how it will be used. Before you download an app, consider what you know about who created it and what it does. The app stores may include information about the company that developed the app, if the developer provides it. If the developer doesn’t provide contact information – like a website or an email address – the app may be less than trustworthy.
If you’re using an Android operating system, you will have an opportunity to read the “permissions” just before you install an app. Read them. It’s useful information that tells you what information the app will access on your device. Ask yourself whether the permissions make sense given the purpose of the app; for example, there’s no reason for an e-book or “wallpaper” app to read your text messages.

Why do some apps collect location data?

Some apps use specific location data to give you maps, coupons for nearby stores, or information about who you might know nearby. Some provide location data to ad networks, which may combine it with other information in their databases to target ads based on your interests and your location.
Once an app has your permission to access your location data, it can do so until you change the settings on your phone. If you don’t want to share your location with advertising networks, you can turn off location services in your phone’s settings. But if you do that, apps won’t be able to give you information based on your location unless you enter it yourself.
Your phone uses general data about its location so your phone carrier can efficiently route calls. Even if you turn off location services in your phone’s settings, it may not be possible to completely stop it from broadcasting your location data.

Questions About Advertising

Why does the app I downloaded have ads in it? 

Developers want to provide their apps as inexpensively as possible so lots of people will use them. If they sell advertising space in the app, they can offer the app for a lower cost than if it didn’t have ads. Some developers sell space in their apps to ad networks that, in turn, sell the space to advertisers.

Why do I see the ads I do?

Advertisers believe you’re more likely to click on an ad targeted to your specific interests. So ad networks gather the information apps collect, including your location data, and may combine it with the kind of information you provide when you register for a service or buy something online. The combined information allows the mobile ad network to send you targeted ads – ads that may be relevant to someone with your preferences and in your location.

Malware and Security Concerns

Should I update my apps?

Your phone may indicate when updates are available for your apps. It’s a good idea to update the apps you’ve installed on your device and the device’s operating system when new versions are available. Updates often have security patches that protect your information and your device from the latest malware.

Could an app infect my phone with malware?

Some hackers have created apps that can infect phones and mobile devices with malware. If your phone sends email or text messages that you didn’t write, or installs apps that you didn’t download, you could be looking at signs of malware.
If you think you have malware on your device, you have a few options: you can contact customer support for the company that made your device; you can contact your mobile phone carrier for help; or you can install a security app to scan and remove apps if it detects malware. Security apps for phones are relatively new; there are only a few on the market, including some with free versions.

Mobile App User Reviews

Can I trust all the user reviews I read about an app?

Most app stores include user reviews that can help you decide whether to download. But some app developers and their marketers have posed as consumers to post positive comments about their own products. In fact, the Federal Trade Commission recently sued a company for posting fake comments about the apps it was paid to promote.
Keeping Up With Kids' Apps Infographic
Keeping Up With Kids'
Apps Infographic

Kids and Mobile Apps

What should I know before I download an app for my kids?

In a recent survey of mobile apps for kids, FTC staff found that kids’ apps might:
  • collect and share personal information
  • let your kids spend real money — even if the app is free
  • include ads
  • link to social media
What’s more, the apps might not tell you they’re doing it.
To learn more about an app before you download it, look at screen shots, read the description, content rating and any user reviews, and do some research on the developer. You also can look up outside reviews from sources you respect.

Are there ways to restrict how my kids use apps?

Before you pass the phone or tablet to your kids,  take a look at your settings. You may be able to restrict content to what’s right for your kid’s age, set a password so apps can’t be downloaded without it, and set a password so your kids can’t buy stuff without it. You also can turn off Wi-Fi and data services or put your phone on airplane mode so it can’t connect to the internet.
The best way to keep up with kids’ apps is try them out yourself and talk to your kids about your rules for using apps.

2017, Scam Alert: Yahool Customer Service Scam

Yahoo customer service scam

January 3, 2017, by  Andrew Johnson   Consumer Education Specialist, FTC
 
Need to contact Yahoo customer care? There are a few ways to do so — but, Yahoo warns that phone is not an option. That’s right: any phone number you come across in an internet search, claiming to connect you with Yahoo customer care, is fake.

Here at the FTC, we’ve gotten reports that consumers who called these fake customer care numbers were offered “Yahoo customer care services” for a fee.
But the truth is, Yahoo customer support is always free of charge. That means you should never pay to have your Yahoo password reset, for technical support, or help with security concerns. Also,

Yahoo won’t ask to remotely connect to your computer for any support-related request.

Click the link to see the video:

FTC - Yahool customer service scam video

 

FTC Report: Government Imposter Scams

Scammers sometimes pretend to be government officials to get you to send them money. They might promise lottery winnings if you pay “taxes” or other fees, or they might threaten you with arrest or a lawsuit if you don’t pay a supposed debt. Regardless of their tactics, their goal is the same: to get you to send them money.
Don’t do it. Federal government agencies and federal employees don’t ask people to send money for prizes or unpaid loans. Nor are they permitted to ask you to wire money or add money to a prepaid debit card to pay for anything.

How to Recognize a Government Imposter

Scammers pretend to be IRS officials to get you to send them money.
IRS Imposter Scams
Infographic
It could be hard to recognize an imposter through the lies they tell. They use a variety of tricks to get your attention, whether it’s distracting you with a story about money you won or creating a fear that you’ll be sued or arrested.
Here are two deceptions that they have used successfully to steal money from people:

You’ve "Won" a Lottery or Sweepstakes

Someone claiming to be a government official calls, telling you that you’ve won a federally supervised lottery or sweepstakes. They may say they’re from “the national consumer protection agency,” the non-existent National Sweepstakes Bureau, or even the very real Federal Trade Commission — and it looks like they’re calling from a legitimate number. They also might send e-mails, text messages or letters.
They might:
  • tell you you’ll have to pay taxes or service charges before you can collect your winnings
  • ask you to send money to an agent of “Lloyd’s of London” or some other well-known insurance company to “insure” delivery of your prize
  • ask you to wire money right away, often to a foreign country
The truth is that no government agency or insurance company is involved, and there are no winnings. There never were. Scammers take the money you paid them and disappear.

You Owe a Fake Debt

You might get a call or an official-looking letter that has your correct name, address and Social Security number. Often, fake debt collectors say they’re with a law firm or a government agency — for example, the FTC, the IRS or a sheriff’s office. Then, they threaten to arrest you or take you to court if you don’t pay on a debt you supposedly owe.
The truth: there’s no legitimate reason for someone to ask you to wire money or load a rechargeable money card as a way to pay back a debt. If you’re unsure whether the threat is legitimate, look up the official number for the government agency, office or employee (yes, even judges) and call to get the real story. Even if it is a real debt, you have rights under the Fair Debt Collection Practices Act.
Variations on these scams include people claiming to be with the IRS collecting back taxes, or scammers posing as representatives of the United States Citizenship and Immigration Service (USCIS) who target immigration applicants and petitioners.

Five Ways to Beat a Government Imposter Scam

  1. Don’t wire money

Scammers often pressure people into wiring money, or strongly suggest that people put money on a prepaid debit card and send it to them. Why? It’s like sending cash: once it’s gone, you can’t trace it or get it back. Never deposit a “winnings” check and wire money back, either. The check is a fake, no matter how good it looks, and you will owe the bank any money you withdraw. And don’t share your account information, or send a check or money order using an overnight delivery or courier service. Con artists recommend these services so they can get your money before you realize you’ve been cheated.
  1. Don’t pay for a prize

If you enter and win a legitimate sweepstakes, you don’t have to pay insurance, taxes, or shipping charges to collect your prize. If you have to pay, it’s not a prize. And companies, including Lloyd’s of London, don’t insure delivery of sweepstakes winnings.
If you didn’t enter a sweepstakes or lottery, then you can’t have won. Remember that it’s illegal to play a foreign lottery through the mail or over the phone.
  1. Don’t give the caller your financial or other personal information

Never give out or confirm financial or other sensitive information, including your bank account, credit card, or Social Security number, unless you know who you're dealing with. Scam artists, like fake debt collectors, can use your information to commit identity theft — charging your existing credit cards, opening new credit card, checking, or savings accounts, writing fraudulent checks, or taking out loans in your name. If you get a call about a debt that may be legitimate — but you think the collector may not be — contact the company you owe money to about the calls.
  1. Don’t trust a name or number

Con artists use official-sounding names to make you trust them. It’s illegal for any promoter to lie about an affiliation with — or an endorsement by — a government agency or any other well-known organization. No matter how convincing their story — or their stationery — they're lying. No legitimate government official will ask you to send money to collect a prize, and they won’t call to collect your debt.
To make their call seem legitimate, scammers also use internet technology to disguise their area code. So even though it may look like they’re calling from Washington, DC, they could be calling from anywhere in the world.
  1. Put your number on the National Do Not Call Registry

Ok, so this won’t stop scammers from calling. But it should make you skeptical of calls you get from out of the blue. Most legitimate sales people generally honor the Do Not Call list. Scammers ignore it. Putting your number on the list helps to “screen” your calls for legitimacy and reduce the number of legitimate telemarketing calls you get. Register your phone number at donotcall.gov.

Report the Scam

If you get a call from a government imposter, file a complaint at ftc.gov/complaint. Be sure to include:
  • date and time of the call
  • name of the government agency the imposter used
  • what they tell you, including the amount of money and the payment method they ask for
  • phone number of the caller; although scammers may use technology to create a fake number or spoof a real one, law enforcement agents may be able to track that number to identify the caller
  • any other details from the call
Curious about other imposter scams? Check out some of our previous scam alerts. And if you haven’t already, sign up to get new scam alerts by email.

FTC - Bar none: Imposter scams hit lawyers and other licensed professionals


By: Lesley Fair | Dec 28, 2016, Lesley Fair
Dec 28, 2016
Bureau of Consumer Protection

You oversleep, spill the coffee, and get caught in a rush hour traffic jam. Then you check your messages and the day really heads south because according to the State Bar (or Board of Accountancy, Medical Society, or other group), you’re in trouble with your professional association.  Or are you?

The FTC has been warning consumers for years about government imposter scams: phone calls or email falsely claiming to be from the IRS, the local sheriff’s office, immigration authorities, or even the FTC. Sometimes the voice on the other end threatens people with arrest if they don’t wire money immediately. Or they may want personal information – credit card numbers, banking data, or the like. The modus operandi is ever-evolving, but this much is true: The messages are false.

Now the bottom feeders have turned their attention to attorneys, accountants, doctors, and others who hold state licenses or certifications. With the click of a mouse, they mock up an official-looking – but not official, of course – email telling recipients that their licenses will be suspended unless they send past-due “fees” immediately. Some insist that you wire the money by the close of business, while others demand your credit card number.

In a variation on the scheme, fraudsters claim that someone has filed a professional complaint against you. To get the details, you’re directed to click on a link, which then installs malware on your computer.

Of course, State Bars and Boards regularly communicate with members via email – and yes, we all have to pay our annual dues. But if the circumstance is so serious that a person’s professional license is on the line, the first they’ll hear about it won’t be in email like that.

What should you do if you get a message claiming your dues are overdue, a complaint has been filed against you, the sender needs your trust account number, or your license is at risk? Call the Bar or Board directly. Just don’t use a phone number in the iffy email. Use one you know to be genuine – for example, the number on your membership card. And if it turns out to be a scam, report it to the FTC and warn others in your field that con artists may have them in their sights.

Thursday, November 17, 2016

Nov. 17, 1'6 --- IRS warns of a new tax bill scam

IRS warns of a new tax bill scam


We certainly understand if the latest IRS imposter scam makes you queasy: it involves a fake IRS tax notice that claims you owe money as a result of the Affordable Care Act.
The IRS says the fake notices are designed to look like real IRS CP2000 notices, which the agency sends if information it receives about your income doesn’t match the information reported on your tax return. The IRS says many people have gotten the bogus notices, which usually claim you owe money for the previous tax year under the Affordable Care Act.
It’s one of many IRS imposter scams that have popped up. As tax season nears, we’ll see more. The good news? There are red-flag warnings that can help you avoid becoming a victim. For example, the IRS will never:
  • Initiate contact with you by email or through social media.
  • Ask you to pay using a gift card, pre-paid debit card, or wire transfer.
  • Request personal or financial information by email, texts, or social media.
  • Threaten to immediately have you arrested or deported for not paying.
In the new scam, the fake CP2000 notices often arrive as an attachment to an email — a red-flag — or by U.S. mail. Other telltale signs of this fraud:
  • There may be a “payment” link within the email. Scam emails can link you to sites that steal your personal information, take your money, or infect your computer with malware. Don’t click on the link.
  • The notices request that a check be made out to “I.R.S.” Real CP2000s ask taxpayers to make their checks out to “United States Treasury” if they agree they owe taxes.
In the version we saw, a payment voucher refers to letter number LTR0105C, and requests that checks be sent to the “Austin Processing Center” in Texas. But scammers are crafty. They could send messages with a variety of return addresses.

You can see an image of a real CP2000 notice on the IRS web page, Understanding Your CP2000 Notice. If you get a scam IRS notice, forward it to phishing@irs.gov and then delete it from your email account.

Let the FTC know too.

MI Dept of Education and Civil Rights - Addressing the issue of "Hate Speech" and resources



November 15, 2016

A Letter from State Superintendent Brian Whiston

and Michigan Department of Civil Rights Director Agustin Arbulu
Now is a time when all of us need to stand together. Every administrator, teacher, staff member, parent, guardian, bus driver and student must stand as one in condemning intolerable conduct regardless of message or motivation.

We are concerned that students and parents may be hearing mixed messages. Each of us must clearly and consistently convey the message that bullying, harassment, violence, property destruction or any other form of intimidation have no place in our schools. It does not matter who is engaging in the intimidation, which student is being targeted, or what the reason is for the intimidation. There are no legitimate reasons and there are no acceptable excuses. The behavior is wrong, and the behavior will not be tolerated.

Each of us has a responsibility to ensure that every teacher, every staff member and every parent/guardian does what they can to make certain that every student hears this message, and understands that the message is shared by everyone. Waiting for an incident to occur or for a complaint to be filed is not acceptable. Appropriate strategies include:

 Review, revise, and if necessary, redistribute your harassment/bullying policies. Outside events may have increased the number of incidents, but the behavior is not new. It should in no way be minimized or taken less seriously based on outside events.

 Monitor attendance.

 Encourage dialogue and open communication.

 Ensure staff knows the signs of anxiety and trauma, observes students for the signs, and knows what to do if signs are detected.

 Ensure staff and student access to trained counselors and support services either in one-on-one settings or in groups.

 Monitor extracurricular events, be aware of social media, and identify concerns raised by students involving outside parties, threats, harassment or intimidation.

 Continue to promote positive learning environments through programs such as PBIS (Positive Behavior Intervention and Supports), and comprehensive bullying programs.

 Promote restorative justice practices and utilize alternatives to Suspensions and Expulsions.

Page 2 November 15, 2016
 Remember that there is no quick fix, no one speaker, or one shot program to address complex issues. Success requires consistent messaging regarding expectations, sound policies, and having evidence-based programs in place that meet the need and are consistently implemented.

We do not intend this letter to suggest that diversity awareness, dispute resolution, cultural competency and other such programs are not important. We encourage you to foster inclusion through the expansion of such programs. However, these programs cannot be effective unless they are presented in a place where students feel safe and welcome. We have included some links below that you may consider incorporating into your future work. Current events, however, demand that we first ensure that students know that an attack on any student is an attack on all of us, and will be met with a swift and decisive response.

We can work through any other issues in time, but we must immediately make our schools a safe place -- where every student is made to feel welcome.

RESOURCES AVAILABLE THROUGH THE MICHIGAN DEPARTMENT OF EDUCATION:
 For support in PBIS, the Promoting Positive School Climate (PPSC) project information is at - https://miblsi.org/application#promoting-positive-school-climate-ppsc or www.pbis.org

OK2Say reporting – text 652729 (OK2SAY) or through the website at www.ok2say.com

 For local support and resources, Every Michigan School District is served by a regional school health coordinator - mishca.org.

o These regional school health coordinators support training and implementation of the comprehensive K-12 health curriculum Michigan Model for Health - www.mmhclearinghouse.org

 Regular surveying students to understand the environment through school climate surveys and student health behavior surveys such as the MiPHY (www.michigan.gov/miphy).

 Alternatives to Suspensions and Expulsions Toolkit and http://www.michigan.gov/mde/0,4615,7-140-74638_72831---,00.html and online restorative justice practice modules http://www.michigan.gov/mde/0,4615,7-140-74638_72831-358881--,00.html

 Michigan State Board of Education Resolution on Use of American Indian Mascots, Nicknames, and Logos: https://www.michigan.gov/documents/mde/Mascots_330690_7.

*Click the link for the PR and more details.

MI Dept. of Education PR, 11/15/16

Wednesday, October 12, 2016

The Guaridian News Paper: 10/6/16, "Huge phone scam targeting Americans leads to 700 being detained in India"

* This scam has impacted communities throughout Michigan. Exciting to see that at least this group has been caught. Hang up on these types of calls, it's okay to be rude.   CPAM 

Mumbai was the hub of a phone scam that fleeced Americans of millions, according to Indian police.
 Mumbai was the hub of a phone scam that fleeced Americans of millions, according to Indian police. Photograph: Bloomberg/Getty Images

 in Mumbai and agencies

Police say Mumbai call centre workers posed as Internal Revenue Service tax collectors to rake in tens of millions of dollars.Thousands of US citizens may have been targeted in a huge tax scam run from call centres in Mumbai, where hundreds of workers were allegedly trained to speak in American accents in order to steal tens of millions of dollars, Indian police have said.

About 700 people are being investigated over what is believed to have been one of the biggest such scams in India’s history, which involved workers posing as US tax officials, according to Paramvir Singh, the police commissioner of Thane.
“Seventy workers have been formally arrested and around 630 others are being investigated,” Singh said. “We expect that many more people will be arrested.”
On Tuesday night about 200 officers raided nine premises in India’s financial capital. Police believe the alleged scam was run from the call centres, where workers pretended to be officials from the Internal Revenue Service (IRS), the US tax authority.
Employees would allegedly tell American citizens that they had defaulted on tax payments and were facing prosecution by the IRS. “They would give an American name and a batch number and tell the [US] citizen that they owed the authorities $4,000, $5,000 or $10,000,” said Singh.
“They were instructed to stay on the phone and told that their homes would be raided by police within 30 minutes if they hung up. They made threats, they said: ‘You have to pay, otherwise you will lose your job, your money, your house.’”
After allegedly duping the victims into revealing their bank details they would then withdraw money from their accounts, police said. The victims were told to stay on the call and go to their nearest Target or Walmart store, where they would buy a prepaid cash card, load thousands of dollars on to it and then transfer the money to an American bank account.
Police have not revealed the amount of money that was stolen, or whether citizens from other countries had been targeted. But Singh said the call centres were running for more than a year and are estimated to have conned billions of rupees out of thousands of people.
“We’ve been getting calls all morning from American citizens, people saying: ‘I think I got one of these calls. I think my money was stolen,’” he said.
The alleged scam was discovered followed a tip-off to police, said Singh, who sent in an undercover call centre worker to investigate. “We had a mole go in to the call centres to verify. The best part is that they were actually recording all their calls. We have recovered 851 hard disks on which the calls were recorded, so we’re going through those now,” said Singh.Police suspect the ringleaders had associates in America, where the payments were processed.
US authorities had not approached Thane police on Thursday, but were expected to do so soon.
Many foreign firms outsource work to offshore call centres in India, where low-wage workers handle a variety of services, from reading out train timetables to selling mobile phone plans. In recent years, firms have started moving call centres to other countries such as the Philippines because of a preference for American-style English.

Tuesday, October 4, 2016

Crime Prevention Association of MI 2016 Conference "Preparing for the Unimaginable through Crime Prevention"

CPAM members and guests opened the 2016 conference tonight at the Park Place Hotel in Traverse City Michigan. There were 120 in attendance welcomed by the Traverse City Honor Guard and Jeffrey O'Brien, Police Chief Traverse City MI.  Dr. Patrick Mead , keynote speaker provided an uplifting message focusing on  "Touchstones". All in attendance were encouraged to find a touchstone to rely on and to be encouraged to cherish every moment with your loved ones and friends.

CPAM also recognized outstand service in the field of Crime Prevention:

Outstanding Crime Prevention Practitioner of the Year - MSP Trooper Maurice Burton

Outstanding Volunteer of the Year - Matt Barbarino Kent County Traffic Squad

Outstanding Michigan Media - Dani Mann-Civic Center TV Royal Oak MI

Outstanding Corporate Award - Nate Koetje Feyen Zylstra

Outstanding Unit Award- Ottawa County Sheriff's Office Community Policing Unit

Outstanding Youth Award - Pamela Vredevoogd, Walker PD. (Western MI Explorer)

Outstanding School Officer Award- Officer Rory Allen, Wyoming Dept. of Public Safety

Outstanding Contributions to the Crime Prevention Association of MI - Mr. Aaron Sawyer, Past Sec.

President's Distinguished Service Award: Brann's Family


Sunday, October 2, 2016

FTC: 3 Videos to help you be #Cyber Aware

FTC:  Information for consumers-

3 videos to help you be #Cyber Aware



October is almost here — which means, so is National Cyber Security Awareness Month (NCSAM). What does that mean for you? It’s a great time to make sure you’re #CyberAware. Are you doing everything you can to protect your personal information and devices? Check out the questions below — and corresponding short videos — to see what you’re doing right, and where your cyber habits might need some work.

1.) What can I do to avoid downloading malware (like spyware and viruses) to my devices?

2.) How can I safely connect to Wi-Fi when I’m on the go?

3.) What should I do if someone from “tech support” calls out of the blue, and asks for my personal information or money to fix my computer?


FTC - 3 videos to help you be #Cyber Aware


 

Tuesday, September 20, 2016

FBI Alert, 9/15/16 - Ransomware Victims Urged to Report Infections to Federal Law Enforcement

9/20/16 - CPAM Alert received from the FBI for consumers and businesses. R. Coleman, CPAM



Ransomware Victims Urged to Report Infections to Federal Law Enforcement
The FBI urges victims to report ransomware incidents to federal law enforcement to help us gain a more comprehensive view of the current threat and its impact on U.S. victims.

What Is Ransomware?

Ransomware is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. Ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs the malware, or through drive-by downloads (which does not require user-initiation) from a compromised Web site.

Why We Need Your Help

New ransomware variants are emerging regularly. Cyber security companies reported that in the first several months of 2016, global ransomware infections were at an all-time high. Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day.
Ransomware infections impact individual users and businesses regardless of size or industry by causing service disruptions, financial loss, and in some cases, permanent loss of valuable data. While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement.
Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.
The FBI is urging victims to report ransomware incidents regardless of the outcome. Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.

Threats to Users

All ransomware variants pose a threat to individual users and businesses. Recent variants have targeted and compromised vulnerable business servers (rather than individual users) to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network. Actors engaging in this targeting strategy are also charging ransoms based on the number of host (or servers) infected. Additionally, recent victims who have been infected with these types of ransomware variants have not been provided the decryption keys for all their files after paying the ransom, and some have been extorted for even more money after payment.
This recent technique of targeting host servers and systems could translate into victims paying more to get their decryption keys, a prolonged recovery time, and the possibility that victims will not obtain full decryption of their files.

What to Report to Law Enforcement

The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at www.IC3.gov, with the following ransomware infection details (as applicable):
  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement

The Ransom

The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.

Defense

The FBI recommends users consider implementing the following prevention and continuity measures to lessen the risk of a successful ransomware attack.
  • Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
  • Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline. It should be noted, some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real-time, also known as persistent synchronization.
  • Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust. When possible, verify the integrity of the software through a digital signature prior to execution.
  • Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
  • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
  • Disable macro scripts from files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications.
  • Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.
Additional considerations for businesses include the following:
  • Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
  • Patch all endpoint device operating systems, software, and firmware as vulnerabilities are discovered. This precaution can be made easier through a centralized patch management system.
  • Manage the use of privileged accounts by implementing the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; they should operate with standard user accounts at all other times.
  • Configure access controls with least privilege in mind. If a user only needs to read specific files, he or she should not have write access to those files, directories, or shares.
  • Use virtualized environments to execute operating system environments or specific programs.
  • Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units. For example, sensitive research or business data should not reside on the same server and/or network segment as an organization’s e-mail environment.
  • Require user interaction for end user applications communicating with Web sites uncategorized by the network proxy or firewall. Examples include requiring users to type in information or enter a password when the system communicates with an uncategorized Web site.
  • Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy.
Follow the ic3 link to file a report.

Friday, September 16, 2016

CNET / Symantec - Ransomware a growing problem, If you are a victim review these recommendations & view the video before you pay!

CNET Author: Lancy Whitney ,11/12 2012

Cybercriminals gangs are creating a surge in ransomware, says a new report from Symantec.

Ransomware is a type of malware best described as an online extortion racket. Malware locks or disables your PC in some way and then demands payment in the form of a "fine" to render your PC usable again. Like most scams, the ransomware message claims to come from a legitimate organization, such as the government or a public corporation, to try to convince victims that they did something wrong to incur the fine.
But paying the fine does nothing since the initial malware remains on the PC and must still be manually removed.

This scam has risen in popularity over the past several years, but 2012 witnessed an increase in both the number and variety of ransomware campaigns, Symantec said in its report. That growth is due largely to a upsurge in the number of worldwide criminal gangs using this scheme to make a buck.

"From just a few small groups experimenting with this fraud, several organized gangs are now taking this scheme to a professional level and the number of compromised computers has increased," the report noted. "Symantec has identified at least 16 different versions of ransomware."

One malware investigation mentioned in the report discovered 68,000 affected computers in a single month. Another one caught a Trojan attempting to infect 500,000 PCs over the course of just 18 days.

Criminals go where the money is, and ransomware can be a cash cow. As much as 2.9 percent of all people affected by ransomware end up paying the ransom, Symantec said. Criminal gangs have stolen more than $5 million a year from unsuspecting victims, according to one estimate, however, Symantec believes the dollar amount to be much higher.

Though a variety of different gangs are active, many get their ransomware from the same source, the report said. A single individual, who remains unknown, seems to have a full-time job of developing ransomware to fill requests from the criminal gangs.

Symantec Video: Ransome ware a growing problem

Symantec - Video on addressing ransome and malware



Federal Trade Commission - When your computer life is held for ransom

When your computer life is held for ransom

August 31, 2016
by  Aditi Jhaveri              
Consumer Education Specialist, FTC              
 
Imagine if everything on your computer was “kidnapped” — including all of your precious family photos and important personal documents. And the only way you could access any of it again was if you paid a lot of money — or bitcoins — to a hacker. Even if you pay, there’s no guarantee you’ll get your stuff back.
 
Sounds like something out of a movie, right? Unfortunately, it’s happening in real life. It’s called ransomware. You might’ve heard news stories about ransomware attacks on hospitals, universities, and other large organizations, too.
 
Hackers do it by encrypting files on your computer — and files you’ve saved to connected hard drives or any shared folders. Once the files are encrypted you won’t be able to open them without the encryption key — which you can get only if you pay the amount hackers demand. That could be hundreds or thousands of dollars.
 
It’s a serious problem. That’s why the FTC is holding a ransomware event on September 7 in Washington, DC. We’ll talk with security experts, law enforcers, and others about what steps people and businesses can take to protect their computers — and what to do if you’re a victim.
 
Check out the event details — it’s free and open to the public. Or tune in to the webcast — we’ll post the link here a few minutes before the event starts. In the meantime, check out this video on protecting your computer from malware:
 
 
*Make sure to report it to the Internet Crime Complaint Center (IC3) at www.ic3.gov
 
 

FTC - Protect your computer from Malware

9/16/16, Hacking  of websites and emails has been a big issue this year and daily in the news. Here are some tips from the FTC about how to protect your computer. This is the first in a series of how to protect your computers, emails, servers, and cell phones from being hacked into. The most important step that all consumers and business that host blogs, websites, and social media, is go into your analytics to see "who is accessing your site" and viewing your pages. Governmental entities / Businesses IT professionals should remind employees not to open suspicious emails or open links.

Use the highest filters possible and scan your computers daily to check for viruses. If you host a blog, or a social media site for your work place / business, it is recommend that you remove all "work related" emails from your site use Gmail or some other Email site to avoid  your system from being comprised.

To our surprise CPAM's site has had just as many views from Russia as in the USA over the past year. Rich Coleman, CPAM  

Transcript from the FTC : Protect your computer from Malware

Malware is short for “malicious software."  It includes viruses and spyware that get installed on your computer or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. Learn more about how to avoid, detect, and get rid of malware.


Would it surprise you to learn that millions of computers in the US are infected with malware? That's a lot of computers. So what's malware, and why should you care?
Malware, short for malicious software, includes viruses and spyware that get installed on your computer or mobile device without you knowing it. Criminals use malware to steal personal information and commit fraud. For example, they may use malware to steal the login information for your online accounts or to hijack your computer and use it to send spam. An infected computer can lead to serious problems, like identity theft.
The good news, there's a lot you can do to protect yourself and your computer. One of the most important steps you can take, install security software from a reliable company and set it to update automatically. The bad guys constantly develop new ways to attack your computer, so your software must be up to date to work.
Set your operating system and your web browser to update automatically too. If you're not sure how, use the help function and search for automatic updates. Don't buy security software in response to unexpected calls or messages, especially if they say they scanned your computer and found malware. Scammers send messages like these to trick you into buying worthless software, or worse, downloading malware.
 What else can you do? Use a pop up blocker, and don't click on links and popups. Don't click on links or open attachments in emails unless you know what they are, even if the emails seem to be from friends or family.
Download software only from websites you know and trust. Free stuff may sound appealing, but free downloads can hide malware. Make sure your web browser's security setting is high enough to detect unauthorized downloads. For example, use at least the medium security setting.
Even if you take precautions, malware can find its way onto your computer. So be on the lookout for these signs. Your computer runs slowly, drains its battery quickly, displays unexpected errors or crashes, it won't shutdown or restart, it serves a lot of popups, takes you to web pages you didn't visit, changes your home page, or creates new icons or toolbars without your permission.
If you suspect malware, stop doing things that require passwords or personal info, such as online shopping or banking. Use a different computer, maybe one at work or at your local library, to change your passwords. Update your security software and run a system scan. Delete files it flags as malware.
If you can't fix the problem on your own, get help from a professional. Your computer manufacturer or internet service provider may offer free tech support. If not, contact a company or retail store that provides tech support.
Keep in mind, the most important thing you can do to prevent malware is to keep your computer software up to date. And remember, it's easy to find trusted information about computer security. Just visit onguardonline.gov, the federal government site to help you stay safe, secure, and responsible online.
FTC, dealing with Malware video

Wednesday, September 14, 2016

Apple Warning --ITune gift cards Scams

iTunes Gift Card Scams

* 9/14/16- Information from the Apple Website:
Be aware of scams involving iTunes Gift Cards.

Regardless of the reason for payment, the scam follows a certain formula: The victim receives a call instilling panic and urgency to make a payment by purchasing iTunes Gift Cards from the nearest retailer (convenience store, electronics retailer, etc.). After the cards have been purchased, the victim is asked to pay by sharing the 16-digit code on the back of the card with the caller over the phone. 
It's important to know that iTunes Gift Cards can be used ONLY to purchase goods and services on the iTunes Store, App Store, iBooks Store, or for an Apple Music membership. If you're approached to use the cards for payment outside of the iTunes Store, App Store, iBooks Store, or Apple Music, you could very likely be the target of a scam and should immediately report it to your local police department as well as the FTC
Please do not ever provide the numbers on the back of the card to someone you do not know. Once those numbers are provided to the scammers, the funds on the card will likely be spent before you are able to contact Apple or law enforcement.  

Tips to avoid becoming the victim of a scam

  • If you are NOT purchasing an item from the iTunes Store, App Store, iBooks Store, or an Apple Music membership, do NOT make a payment with iTunes Gift Cards. There's no other instance in which you'll be asked to make a payment with an iTunes Gift Card.
  • Do not provide the numbers on the back of the card to someone you do not know.
  • Immediately report potential scams to your local police department as well as the FTC (ftccomplaintassistant.gov).

Contact Apple

If you have additional questions, or if you’ve been a victim of a scam involving iTunes Gift Cards, you can call Apple at 800-275-2273 (U.S.) or contact Apple Support online.

More information