Holiday Scams

Every year while we fulfill our appetites with turkey and ham during the Thanksgiving holiday, cyber attackers stuff their naughty heads with ways to steal away our financial information or identity.

Holiday scams are highly prevalent from Black Friday throughout Christmas.

Our needs and desires during the winter solstice is at its peak while we are rushing to get things done. Balancing our priorities tend to knock us off focus and this deficiency makes us vulnerable to hackers.

Robocalls is only part of their Modus Operandi. Their unseen tentacles can strike from any direction. The best way to maximize our defenses is to understand and expect the type of online scams they will orchestrate.

Lets examine some of these crocked methods and the best practice we can apply in being proactive against cyber predators.

Phoney Websites

Unsolicited emails of a good deal is a tool by cyber attackers to trick victims into downloading malware. Their objective is to steal your identity and take your money.

We can best avoid this scam by doing the following-

1. Review senders address and be on the lookout for spelling and grammar errors.
2. Ensure the website begins with HTTPS (secure site AND the S signals it is secure and information is encrypted).
3. Hover over link in question (to see where it will really direct you to).

Shipping Alerts

Fraudulent emails can also notify you of a shipping status. Don't get hooked by downloading malicious software.

1. Verify tracking numbers through company's legitimate site rather just click on a suspicious link. Call their customer service from there.
2. Review if any, previous emails from the business.
3. Be on the look out for spelling and grammar errors with email content.

Digital Cards

Scammers sometimes cordinates phishing scams by tricking you into downloading bad software. 

1. Is the sender's name readable?
2. Are there prompts requesting personal information in order to proceed?
3. What looks suspicious?
4. Is there an exe at the end of the email? Certainly X out of that!

While we are on the subject of cards...

Santa's Letters/Natural Disasters/Tragedies

It's no secret cyber attackers will use current events to fool you into sharing personal information and even requesting for your to give money for phony charities. If you can make good practice of being mindful of these tactics you will be ok-

1. Be always suspicious of unsolicited emails
2. Research any company offering services or sales
3. Compare what the sender is offering to other markets
4. Check out the latest information with the Better Business Bureau

We live in a world where bad news is the focus a majority of the time. Cyber Attackers can take a terrible event, say like a mass shooting, and pretend to be a legitimate organization collecting donations for survivors or victims. Research this diligently before you consider giving.

The Elderly

Senior citizens are gullible targets for senior citizens during the holidays and beyond. They may pose as a grandchild or other relative who needs help as a result of an accident, arrest, or hospitalization. Here are somethings that can be done to offset this. 

1. Call the family member in question directly before sending anything. 
2. Talk to other family members about the contact
3. AVOID wiring money or rendering gift cards
4. Ask the suspicious caller only questions the relative in question would know. 

Questionable Charities

Similar to pretending to be a relative, con artists pretend to be charities or needy persons. You can always verify a charities status at https://www.give.org. 

Aside from this, your primary assessment should include suspicious content or information from the source providing it and a review of the charity donation plan. 

If you find out its the real deal, consider donating with a credit card. If there is an issue afterward, your financial institution can assist your with reimbursement. 

Forget about sending a gift card. Once it is in the hands of a cyber attacker, consider it lost forever. 

Employment Scams

This is done primarily to fish for your private information. Don't be a candidate for identity theft! Prospective employers are not going to contact you if you don't complete an application. 

If you get a call for a job offer you never initiated, that there alone is red flags. 

1. Just apply for positions in person or directly on retailer's websites. 
2. Avoid sharing personal information on the phone
3. Definitely don't pay for anything. 

Weird Types of Payment

You may see or hear about a great deal for an awesome product or service in pop up ads and unsolicited emails. Beware and exercise caution. 

1. Don't make requested payments with prepaid debit cards, wire transfers, or payments on apps such as Venmo. 
2. Investigate. Investigate, Investigate. 

Free Gift Card Scams

Cyber Attackers are mimicking specialty shops when they target people with ads on social media. Again, their intentions is to steal your identity by compelling you to share your personal information. 

1. Never open a suspicious email as it could be a form of phishing. 
2. Never trade your information to receive a gift card.
3. Refrain from clicking on the ad. 
4. In event this happens, exit out of the website and activate your ad blocker. 

Social Media Exchange

This is important because deliberate participation in this delivery exchange can lead all participants to face a stiff fine or prison time.

Known as the "Pyramid Scheme" or "Secret Sister Scam", this involves a single person purchasing a gift and getting several in return by use of the U.S postal service.

It is a federal violation. There had been cases of scamming participants who willfully engaged in this and sentenced anywhere from 2 to 5 years in prison in addition to financial retribution.

Of course don't give out your telephone number or address. This is a ploy to steal your identity.

Pet Scams

Families searching for a specific breeds are ideal candidates to be lured in this scam. Cyber Attackers uses fake pictures of adorable pets to empty your wallet. 

1. Always look around at other pet shops or legitimate breeders.
2. Understand what local breeders have available.
3. Pay with a Credit Card
4. Check out customer reviews online
5. Do a reverse look up of pet online. Does the same picture appear on other websites? 

Travel 

Yes, who wouldn't want a good bargain on air travel or spectacular cruise. 

If there is a marketer out there proposing a vacation package you must do your homework. 

Research the area and services in question. Do the same with the agency, airline, and car rental.

You might end up somewhere that don't look nothing like the beautiful pictures you saw on the Internet or brochure. It is quite easy these days to manufacture eye catching images to win the trust of eager buyers. 

Don't fall for it. 

1. Be careful with email offers
2. Don't wire money to a stranger
3. Ask for travel references. Check customer reviews.

I think Holidays scams are busiest time of the year for Cyber Attackers because we are busy and this is a time when we are at vulnerable. 

Thank you visiting my blog. I will share Cyber Security Awareness tips each week. Please subscribe to my blog to get the latest news and stories to help keep you safe. 

Scattering the Seeds of Knowledge,

Ken Harris

amazon.com/author/harriskenneth

Social Engineering is a Trick

What in the World is Social Engineering?

In the way a magician uses timing and diversion to fool an audience, a cyber attacker can apply social engineering tactics to trick you into sharing sensitive data. Within the cyber security world, it is regarded as the art of human manipulation.

The objectives of these criminals are to fool you in doing the following-

• opening an infected email attachment
• sharing passwords
• allowing a stranger into a physically secure area
• sending sensitive information

Technology alone can't stop these computer criminals from using various methods such as phone calls, text messages, emails, social media access, and physical presence from getting their hands on information they should not have access to. 

Examples of Techniques

Suppose you get an important message from your bank. You are informed your bank account had expired and your account will be locked. You get a unique phone number to call in and update your account. 

You make contact and have to endure an automated system series of personal questions to prove your identity. 

In reality, this is not your bank. There is no genuine concern in determining who you say you are. 

This is an automated attack by cyber criminals seeking to record and steal information such as-

• Birth date
• Credit Card or Banking information
• Home Address
• Phone Number

As I mentioned before, their goals is to steal your identity and financial information. 

Such attacks can also be a more complex for the gullible.....

Advanced Social Engineering Attacks

How would you react if you received an email apparently from your boss? It is short and urgent. It informs you law enforcement is conducting a secret investigation of the workplace and some people may have to go to prison. 

This email further states you will receive a phone call from your employer's legal team in a short time and you must answer any questions they ask. 

Then you get a call from a cyber attacker pretending to be a lawyer!

In such instances the caller's objective is to trick you into giving up as much information about yourself as possible. They will create a sense or urgency, often through fear, intimidation, a crisis, or a crucial deadline. They may use confusing or technical terms to trick you into providing sensitive information. 

What You Can Do

Spot these attacks before they happen. 

In the above scenario, wouldn't it be odd if an email message from your employer or manager appears odd, call and contact them directly about the message. It's possible that his or her account was hacked. 

There other things that can look out suspicious.

1. The content of the email contains irregular grammar and spelling errors
2. Tone of the message is questionable
3. Hover cursor over any questionable link to display link's real origin.
4. If you are on the phone with a highly questionable person, just hang up.
5. Direct these  matters to the help desk or computer informational team

Many years ago, when I was a Court Security Officer, I was having lunch with my superiors when I received a call from a Cyber Attacker warning me of an impending arrest warrant for me for failure to make my car payments (the caller didn't know I worked for the Sheriff Office). 

At the time, I knew I had no existing car payments and the County Sheriff and other deputies were sitting near by eating, laughing, and talking sports. 

I had fun with this caller as I pleaded for him to spare my life. I asked him if he could loan me the money to pay it and I would have my contractual killer friend deliver the money to him personally. My laughing frustrated this man to the point he hung up on me (I know I could've been more professional).

Make no mistake, your identity can be shared with a cyber attacker without your role in any of it. Take a look at this scenario that will blow your mind. This involves a customer service representative 

sharing information about an account that could happen to anyone.

This takes no more than 30 seconds so brace yourself.

Quite diabolic isn't that?

As I studied this scene, the representative missed some cues-

1. Where was the husband and why didn't she request to talk to him directly?
2. Mom has an infant and an older daughter whom she is attempting to add to the account to make changes if needed? Talk about a disparity in age. How old is the older daughter mom? You trust her with what?? lol
3. How is it possible mom and dad don't remember the email they used to sign up for the account? 
4. Initially, dad did not have mom on the account in the first place. What's up with that? Sorry, how do I know you two are not legally separated or something?
5. Mom claims she can't receive the text because she is talking on the phone with the operator. Really???

By fooling this customer representative, the fake mom was able to do the following-

• Add herself to the account with a fake name and fake social security number
• Set up her own personal access to the victim's account
• Convince the support person to change the password, thus locking the real account holder out of his own account. 

Social engineering is a diabolic trick and we must spot them before it happens. We can check our account activity on a regular basis while at the same time, taking initiatives not to disclose any personal data to those who should not have access to. 

Technology alone cannot keep us safe and secure. We all have a responsibility in ensuring we are taking extra caution in our daily lives. We are the top defense against cyber attackers. 

If you found this information helpful and useful, please susbcribe to my blog at the top. Every week I will be sharing the latest tips, news, and/or events in our cyber world.

Be safe and secure my friends!

Scattering the Seeds of Knowledge,

Ken Harris

https://www.kenharrisnews.com
https://amazon.com/author/harriskenneth

Internal Tools for Cyber Security Defenses

OUR BUILD-IN MECHANISM

We must equip ourselves with the internal tools we already have in enhancing our defense. Cyber Attackers know the importance of utilizing social media to increase their chances of deceiving the unsuspecting. 

Like a contractor hired by a business to study the market for potential buyers, computer criminals spends a great deal of time phishing for those who are gullible. 

What we say or post about ourselves on social media is like them stumbling upon a treasure chest. 

Don't assume for a second this apply to just the elderly. It can happen to any group, especially college  students. Their targets varies just as much as their methods. 

For example, just over 2-years ago in Chicopee, police uncovered 30 fictitious instagram, twitter, and facebook accounts by someone or some group posing to be local lottery winner Mavis Wanczyk. It's right here https://www.masslive.com/news/2017/08/chicopee_police_30_fake_scam_a.html

At this time, Wanczyk was the winner of the $758 million power ball pot. 

Fake postings by Wanczyk went up on so social media platforms promising people money if they opted to follow him and/or respond to private messages. Some tactics also included liking and sharing posts for a monetary prize. 

But in order to receive it, they request for your banking information....

Sadly, victims fall for this social engineering all the time. As I said in the previous post, cyber attackers are determine to trick you into rendering them information they should not have access to. 

The fact of the matter is, if it's too good to be true, then it's farthest from the truth. 

In attacks such as this one in where college students were targeted with promises by scammers to offset books and tuition expenses, imagine a fisherman on a boat at sea. The fisherman is hoping the fish falls for his bait. He is trying to catch as many fish as he possibly can. 

We must be aware of this in our way of thinking and not fall for this. The human mind naturally has wants and needs. Cyber criminals are using our instinctive passions against us. 

Don't share your banking information with anyone on social media or even emails! It's not worth the risk.

INTRODUCING AN UPCOMING ADULT PUPPET SHOW

Coming in January 2020!

I find using puppets along with my blogging to share useful news and tips regarding cyber security awareness a fun and constructive way to connect with an audience (I certainly hope so).

Having worked as a stage actor in many productions, along with creative writing, and membership with Puppeteers of America, it was inevitable that I would blend all my passions into a short web series to cater to a mature audience (yes, adults).

Frankly, who wants to be bored with scribblings on how to be safe and secure from the never-ending threats by cyber attackers? I really think combining elements of education and entertainment an appealing idea.

Surely, there's room for improvement with the way I shoot video and next time, not only will I have the puppets better positioned, but also I will always use wide screen footage. Also, thanks my wife's suggestion, I am removing the dining portrait in the background. It doesn't fit with the audio video show theme.

"Cyber Brats" is show that will be no longer than 5 or 6 minutes in length. It takes place inside a fictionalized radio station.

Here are the cast of degenerate characters-

Host Cyber Sly

Cyber Sly is an ex con who served 5-years in prison for breaching the security operating system of a bank, stealing customers account data, and single handily causing the institution to crumble to the ground. His cooperation with the District Attorney and Feds in exchange for a lighter prison sentence resulted in the convictions of over 20 cyber attackers across the country. Many of his former friends would love to see him dead and there are existing contracts out on his life. One failed hit in prison almost cost him his life when his tongue was mistakenly severed instead of his throat (more on that later). Sly has turned his life around and strives to do the right thing. 

Co host Monkey Midas

Monkey Midas is a fromer business owner who saw his regional ice cream chain collapse. This episode caused him to be a  bitter man. This man hates all cyber attackers and he vents at Cyber Sly regularly. Midas is ignorant of cyber security precuations and this leads to his bickering with Sly.

Mr. Seal Deal

Mr. Seal Deal is the wealthy owner of Shadow World Radio Station and the creator of "Cyber Brats". He likes when Cyber Sly and Monkey Midas debate openly and feels this makes for good ratings. This guy is all about money and he is cheap. 

Last known picture of fugitive Rocco the Raccoon

This SOB is the most wanted cyber thief in America. He had defrauded banks, retailers, celebrities, massive corporations, and is believed to be involved in many other scams. Rocco, Sly's former friend, likes to taunt authorities and sometimes like to contact the radio station to boast of his latest scam.

The structure of this blog will be set up with serious tips, videos, and latest news and events covering cyber security awareness. Afterwords the short video will follow. As a member of Puppeteers of America and with an interest in helping others, I am thrilled!

We can have all the best and latest antivirus kits for our devices and computers. But that alone can't safeguard our information. We must use the internal tools we already have to build our cyber security defenses.

If you find this blog interesting or helpful, please subscribe and share with your friends and family!

Scattering the Seeds of Knowledge,

Ken Harris
http://shadowedu.blogspot.com
https://www.amazon.com/Kenneth-Harris/e/B071ZZK56K?ref_=dbs_p_ebk_r00_abau_000000

"Cyber Attackers Impact" by Ken Harris

Can the average person fathom the magnitude of daily tactics by a cyber attacker? Do you know? Are you prepared in event a scammer tricks you into giving up personal or private information they should not have access to?

After some encouragement from friends, along with my natural desire to help others, each week, I will be sharing what I know about cyber security fraud from my experience in law enforcement, ongoing trainings, latest news happenings around the world, and interviews with experts and readers with a desire to share their feedback or suggestions.

With all that's been happening in the world, I hope this platform will be a source to help you safeguard sensitive data.

It's important to know that these cyber criminals are plotting on a regular basis to deceive unsuspecting victims in a variety ways. They typically rush you into making regrettable errors such as-

• Opening an infected email attachment
• Sharing passwords
• Providing them restricted information they SHOULD NOT have access to

Being proactive against these types of attacks are not difficult. You have to understand, the best antivirus software won't stop all cyber security attacks. All of us have the responsibility to be mindful of the basic tools to protect ourselves, our families, and the organizations that employs us. 

Beware of this type of Courier

This past October in Massachusetts, the North Brookfield Police Department issued a warning to residents of a new type of scam involving delivery of wine and flowers. The article is right below. https://www.masslive.com/news/2019/10/police-warning-people-of-new-clever-scam-that-ensnared-multiple-people-and-could-have-fooled-officers.html

To sum it up, a floral delivery person arrived at a couple's North Brookfield home with a package containing flowers and a wine. This couple were not expecting this gift and had no idea who sent it. 

The driver claimed not knowing the identity of the sender and indicated a greeting card was sent separately but appeared to be in transit. Baffled husband and wife paid a $3.50 delivery fee by credit card to ensure the items were delivery to a person over 21 years of age. Supposedly, this was for the courier company's record keeping along with a signature. 

So, the couple computed the requested financial information on a mobile card machine and the driver provided them a delivery receipt. 

Within the next few days, this couple discovered $4,000 dollars withdrawn from their banking account. Withdrawals of this money occurred from different ATM machines. 

While law enforcement in this case described this as a new type of swindle, apparently it has been happening for years. For example, check out this similar story from 2014-

So, evidently this new type of scam have been happening for a number of years. However; I am sure cyber thieves are constantly brain storming new methods of deceit against unsuspecting victims. 

Nevertheless, this is just one of many fraudulent schemes exercised by cyber attackers all over the world. Their impact is obvious in the daily news and victims who are brave to share their experiences on social media. 

We as indvividuals must be the steel barrier against these type of scams. 

If you like what I'm trying to do, please subscribe to this blog and share it with your friends.

As a former Special Police Officer, Court Security Officer, and Corrections Officer, I got a few nuggets of wisdom to pass on to all who want to keep themselves safe and secure from cyber predators. We're all in this together. 

Ken Harris

Contributing Writer

amazon.com/author/harriskenneth
http://afampov.com