Month: June 2021

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against unwanted apps!

Did you forget your password again? You know you are supposed to create complex and unique passwords for everything, which makes it really difficult to remember what they all are. Luckily, more and more sites are offering you the chance to log in with your Facebook or Google, or another digital account. Seems easy, right?

It is definitely easier to collect and become registered on more and more websites and apps if you go this route—but our friends at the FTC have a warning for you. This kind of open access can leave you vulnerable to cyberattacks, phishing, and scams. When you use social media accounts to sign up for apps or websites, you may give the app or website permission to do things on your behalf, like post to your social media page. You’re also possibly saying it’s OK to access information like your name, birthdate, location, contacts, and even your messages. Over time, you may even forget which apps or sites have these permissions.

Here’s how to keep yourself safe:

• Start by asking yourself—does this site or app really need my info? Pay attention to what kind of details and access it is asking for. If you are uncomfortable allowing access, click “deny” or “disagree” when it asks for permissions. This typically stops the registration process.
• Purge your permissions list. Go to the settings on your social media site and follow the instructions that lead you to the list of sites and apps to which you are granting access. Follow the instructions that tell you how to remove those apps or sites.
• Delete all apps from your devices that you are not using.
• Keep up the good work! Check your accounts every few months to see what kinds of permissions your programs or apps have.

If you are the victim of online fraud, you should report the incident to the FBI’s Internet Crime Complaint Center at  www.ic3.gov or call your FBI local office.  

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against adult content extortion schemes.

Extortion schemes are as old as time, but in recent years we’ve seen a number of scams in which the fraudster says he has photos or videos of the victim in compromising positions. Usually, the victim receives an email with his or her name listed and maybe some personal details—just enough to make it seem as though the bad guy really has something on you. He demands payment, often within 48 hours, or he threatens to release the images he allegedly has of you to your friends and family.

Well lately, we’ve been seeing a number of extortion complaints from Oregonians coming in through the FBI’s Internet Crime Complaint Center, and these complaints have a few new twists. The fraudster attaches a document or photo showing what, he says, is his proof. That attachment is likely loaded with malware that will infect your device if you click on it.

This new scammer also threatens that he will block your access to your device and social media accounts—much like a ransomware attack—if you choose to ignore his warning. And, while bad spelling and syntax are common, these particular messages come with a distinctly English take on things. In particular, the fraudster is using common British words or phrases to describe sex acts as opposed to what you might hear more commonly in the U.S.

Here are some ways to protect yourself:

• Don’t open emails or attachments from unknown people and don’t communicate with those who send unsolicited messages. 
• Don’t store sensitive or embarrassing photos or information online or on your mobile devices. 
• Use strong passwords and don’t use the same password for multiple websites. 
• Never provide personal information of any sort via email. Be aware that many fraudulent emails requesting your personal information appear to be legitimate. 
• Make sure you have activated the security settings for social media accounts and that they are set at the highest level of protection. 
• Cover up your camera. A simple piece of colored tape or a sticky note will do the trick.

Note: The FBI does not condone the payment of online extortion demands as the funds will facilitate continued criminal activity.

If you are the victim of online fraud, you should report the incident to the FBI’s Internet Crime Complaint Center at  www.ic3.gov or call your FBI local office.

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against COVID funeral scams.

Recently, the Federal Emergency Management Agency (FEMA) started providing up to $9,000 in reimbursement funds to applicants for each COVID-19 related funeral for which they were responsible. Let’s say you had a parent die, and the death certificate confirms COVID was the cause. You paid for the funeral and have receipts to prove it. You can apply to FEMA for reimbursement. If you were responsible for multiple funerals, you can apply for a total of up to $35,500.

There are some restrictions in terms of eligibility for the funds, and anyone who is interested in applying should check FEMA.gov for all eligibility requirements (https://www.fema.gov/disasters/coronavirus/economic/funeral-assistance/faq). As with any disaster or relief program, scam artists will attempt to take advantage of those most in need. According to FEMA, one particular fraud that is already taking root involves bad actors who offer to help you apply for aid. Note: there is only one way to apply for FEMA’s funeral aid, and that is by calling FEMA directly at 844-684-6333.

There is no online application process and no legitimate way that others can apply on your behalf. Here’s how to protect yourself:

• Don’t respond to any third-party offer, email, text message, or social media post offering to help you get aid.
• Don’t respond to any solicitation that looks like it is from FEMA directly. FEMA will not contact you unless you make the initial call.
• Never give out personal information—including name, date of birth, Social Security number, or other sensitive information—for yourself or for your deceased relative unless you made the call to FEMA and you know you are speaking to a FEMA representative.

If you believe you are a victim of an online scam, you should report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.  

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against robo text and email scams.

Last week, we shared some information from the FCC about avoiding robocall scams. This week, we have some information from our partners at the Federal Trade Commission (FTC) about robo text and email scams. We are not talking about messages you get from a company or agency when you signed up to receive those—things like newsletters or coupons. Subscribe and unsubscribe to those as you wish. We are talking about unsolicited messages from unknown people or groups who are either trying to download malware onto your device or trying to get you to give up personal info.

You think you’re doing the right thing to stop the harassment by clicking “unsubscribe.” Don’t do it! By clicking “unsubscribe” links or texting “stop” in reply, the spammers literally take that to mean “subscribe” and “please, go on.” As these spammers blast out millions of texts or emails every day, they aren’t actually targeting you specifically—in fact, they might not know if your email or phone number is even valid. They are looking for signs of an active account. By hitting “unsubscribe” or replying in any way, you validate your contact information and risk inviting even more spam and scams.

There are various ways to mark messages as spam, depending on your type of device and service provider. You can also forward messages to the FTC directly. (More info on how to do that can be found here: https://www.consumer.ftc.gov/articles/how-recognize-and-report-spam-text-messages) At the very least, if you get a suspicious email, mark it as spam and delete it without opening it. If you get a suspicious text, delete it without replying and block that number on your phone.

According to the FTC, here’s how to avoid those spam texts and emails in the first place:

• Avoid displaying your email address in public. Spammers scrape blog posts, chat rooms, social networking sites, and forums—so the less of you that’s out there, the better.
• Use two email addresses—one for personal messages and one for everything else. Ideally, this second public-facing email address should be one you are willing to delete one day if needed.
• Use a truly original address that’s unlikely to be created by spammers. Spammers send out millions of messages to probable name combinations hoping to find a valid address. That means common first name/last name email addresses are more likely to attract spam.

If you believe you are a victim of an online scam, you should report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against robocall scams.

If you have a phone, chances are you have received one or two or a hundred of those annoying automated robocalls. Sometimes they come in daily. The digital voice on the other end wants to talk to you about your expiring car warranty or a bill you allegedly haven’t paid. In many cases, the fraudster will “spoof” the incoming call number so it appears as though it is someone local calling you.

Today, we want to share some tips with you from our partners at the Federal Communications Commission (FCC) on how to protect yourself.

• Don’t answer calls from unknown numbers. If you answer such a call, hang up immediately.
• If you answer the phone and the caller—or a recording—asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
• Do not respond to any questions, especially those that can be answered with “Yes.” The scammer is likely recording you and can use that verbal “yes” later to pretend you agreed to something you did not.
• Never give out personal information such as account numbers, Social Security numbers, mother’s maiden name, passwords, or other identifying information in response to unexpected calls or if you are at all suspicious.
• If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
• If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voicemail if you do not set a password.
• Talk to your phone company about call blocking tools they may have and check into apps that you can download to your mobile device to block unwanted calls.
• To block telemarketing calls, register your number on the Do Not Call List (https://www.donotcall.gov) Legitimate telemarketers consult the list to avoid calling both landline and wireless phone numbers on the list.

If you believe are a victim of an online scam, you should report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.