Staying Safe in a Digital World!

This article covers what to do if your email list is hacked, Email and Telephone Scams, Malware, Ransomware, how to make secure Passwords, and what you can do to protect your computer and phone.

Index

Definitions …………………………………………….. Page 2

If your email has been hacked ………………… Page 3

Falling for a Phishing scam ……………………… Page 3

Identifying if it is a scam …………………………. Page 4

Verify your Email Account scam …….………… Page 4

Examples of Phishing scams …………..… Pages 5 - 12

A Chrome Browser virus …………………….…… Page 13

Anti-virus and Ransomware Software …... Page 14

Police Scams ……………………………………….…. Page 15

A Fake Gmail scam ……………………………….…. Page 16

How to spot Email scams …………………….….. Page 17

Malware in Word Documents …………….…… Page 18

Telephone Scams ……………………………….…… Page 19

Text Message Scams ……………………………….. Page 20

Fake Debt Scams ……………………………………… Page 20

Garnishee Threats ……………………………………. Page 20

TTTWWWOOO NNNEEEVVVEEERRRSSS!!!

Never answer “yes” to a phone solicitor, it will be recorded and included in a sales order that you never wanted to make!

Never respond to an email solicitation when the return email address doesn’t match the one you get when you hover your pointer over it.

©2017 by Richard Pavek

Free to disseminate and reproduce

SHENmaker@MSN.com

2

First, a Few Definitions

NOTE: You do NOT need to read about or understand the following terms; they are here for you to refer to when need them. Skip ahead to the next page if you want.

Malware: short for malicious software. Software used to disrupt computer or mobile phones, to gain access to private computer systems to gather sensitive information, data, or display unwanted advertising. Before 1990, malicious software was called computer viruses. Malware comes in many forms and purposes, some of them are:

Viruses: self-replicating programs which install themselves without user consent on computers and cell phones. Similar to human viruses that spread to uninfected humans through the air, computer viruses spread to other computers by infecting files that are sent over the web to those other computers.

Worms: similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms do not require a host program or human help to propagate.

Trojan Horses: hack into a computer by misleading users of its true intent.

Spyware: software that gathers information about a person or organization without their knowledge and sends the information to another entity without the consumer's consent.

Adware: Advertisements embedded in software that is being installed, the ads usually pop up during installation of the software. A nuisance but harmless.

Scareware: malicious software that causes shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software to remove the threat.

Keylogging: recording (logging) the keys struck on a keyboard covertly so that the person using the keyboard is unaware that everything they type is being recorded.

Ransomware: computer malware that installs itself covertly on a victim's computer, smart phone, etc., then locks the device so that it cannot be used to open files. Then it demands a ransom payment to either unlock the unit or to not publish locked files on the web.

Hacking: breaking into a computer program or electronic device or network in a skillful or clever way. There are two main types of Hackers:

Black Hats: or Crackers are hackers with malicious intentions who steal, exploit, and sell data.

White Hats: are hackers who are employed to keep data safe.

Phishing: Attempting to obtain financial or other confidential information, usually by sending an email that looks as if it is from a legitimate organization to trick you into revealing your confidential information. The email contains a hidden link to a website, hidden under the logos and trademarks stolen from a legitimate business.

Spambots: automated hacking software.

3

IIIfff yyyooouuurrr eeemmmaaaiiilll hhhaaasss bbbeeeeeennn hhhaaaccckkkeeeddd aaannnddd yyyooouuurrr aaaddddddrrreeessssss llliiisssttt ssstttooollleeennn iiittt dddoooeeesss nnnooottt mmmeeeaaannn ttthhhaaattt yyyooouuurrr fffiiinnnaaannnccciiiaaalll rrreeecccooorrrdddsss hhhaaavvveee bbbeeeeeennn ssstttooollleeennn!!!

Stealing your email address list and stealing your financial, medical or confidential information are two entirely different matters. If someone hacks into your email account it is to steal your address list and use it go Phishing: sending your friends misleading offers, friends that will think that the fraudulent emails are legitimate, because they appear to be from you.

If you have been advised that you have been hacked, immediately log in to your email account and change the password to a more secure one. The next time the hacker tries to log in to borrow your email list he or she won't be able to.

If you are hacked you do NOT need to get a new email address and it is better not to do so because you will have problems notifying all your friends and later accessing old emails.

Secure Passwords. There probably is no password that is entirely secure but you can make your password so hard to crack that the Hacker will give up trying. Make your password secure by using a mix of at least sixteen characters consisting of UPPER and lower case letters, numbers and symbols (&^%#+). Example: $sMC56&9imyKinH. Please don’t use your cat’s name followed by or preceded with ABCD or 1234, gibberish is better.

There is a chance a real person is taken control of your account. If they have and they're smart, they changed your password so you can't get in. If you can’t get in, use the Forgot your password link that's usually in your email’s login area. If the hacker didn't change your security question, you can reset your password that way. Just follow the instructions. Your password or a new one will be emailed to you, or sent to your cell phone or to another email account if you set one up previously.

Falling for a Phishing Scam

Probably all of you have received emails seeming to be from a friend that:

a. plead for funds to help them out of a jam in a foreign country, or airport,

b: Say “You must see this” (with a web link) or

c: “Congratulations, you’re a winner! Click here.” or

d: “I’m revising my book, can you help me” Here is the file.” or

e: “I am dying of cancer and since I have no heirs, I want to send you all my money.”

If the scam email says, “If you have trouble seeing this message: view here”. No! Do not click View here; it will take you directly to the malware! Or the Email may have a line reading: “Unsubscribe here.” Not a good idea, mark it ‘Junk’ or ‘Phishing’.

Note about unsubscribing from an email list: When clicking on “to unsubscribe” on a legitimate email you will be taken to a page that already has your email address. If it has a blank to fill in it is a trick to collect your email address and put it on a master list. DO NOT FILL IN YOUR EMAIL ADDRESS! If you do your INBOX will soon see lots of unwanted action. Do not fill it in; instead mark the email ‘Phishing’ or ‘Junk.’ Or just delete it.

4

Identifying if an email is a Scam by looking at the return address.

Look at the return email address; it should be the same as the address for that person that you know. If it is a weird return email addresses it’s a scam. If the return address isn’t immediately visible, (it isn’t with some email servers) hover your pointer over the return name and the email address should pop up and reveal where your response will actually go.

Some examples of weird return email address:

Kohl’s (Or Safeway, Amazon, Apple, etc. Rewards)

Kohl’s <”"<info.Tk3NmzW0aMFm60Qa4V @ inant.straitworks.

(When you hover the pointer over ‘straightworks it reveals the site is in Crete.)

pwoottons-6@ cs.kth.se xxxpwoottons-6 @ cs.kth.se (Note, se is a Swedish website)

HARPQUIZ senffguiberteaubfi @ yahoo.com

If it were an official website it should be a .gov site.

Example: “The “Verify your Email Account scam” Microsoft account

Verify your account

We detected something unusual about a recent sign-in to your Microsoft account. For example, you might be signing in from a new location, device, or app. To help keep you safe, we need you verify that this is your Microsoft account to continue using your account, click the button below to verify your Microsoft account. Verify your account Note: Failure to verify your account within the next 48 hours we lead to the termination of your account and all your information will be deleted completely. Thanks, The Microsoft account team.

If you click on the ‘Verify your account’ link you will be taken not to Microsoft Email but to:

http: // sparrowindia.com/ogn/zonalzone/homezone/default.php

NOTE: Microsoft, PayPal, Amazon and your Credit Card companies always use both your first and last names in their legitimate emails.

5

Here are a few phishing scams I’ve received recently:

FREE

“Click Here” takes you to http: //enigmajob.com/

Not to Amazon!

6

To ensure delivery to your inbox, please add USAA.Web.Services @ customermail.usaa.com to your address book.

New Money

Transfer

View Accounts | Privacy Promise |

Contact Us

USAA SECURITY ZONE

Money

Transfer

USAA # ending in: **00

Dear USAA Customer,

A money transfer has just been sent to your USAA account. For security reasons, We

have temporarily put a hold on this payment.

Reason for this action, Is to verify the identity of the sender and the receiver. You are to

verify your account as a means to approve this transaction. Money will be posted into

any of your USAA account in 2 to 5 business days after verification of your account.

Approve Your

Transfer

We appreciate your business and co-operation with us.

Thank you,

USAA

P.S. Texting and driving .... Take the pledge to never text and drive.

Please do not reply to this e-mail. To send a secure message to USAA, please co nt act us.

Privacy Promise

USAA, 9800 Fredericksburg Road, San Antonio, Texas 78288

USAA means United Services Automobile Association and its insurance, banking, investment and other

companies. Banks Member FDIC. Investments provided by USAA Investment Management Company and

USAA Financial Advisors Inc., both registered broker dealers.

In the above scam clicking ‘Approve Your Transfer’ takes you to a website in Crete, and clicking ‘contact us’ takes you to a virus.

7

(note the bad grammar throughout this Scam) Your account settings has been changed

Dear Customer,

Your account's security is our top priority, and we noticed that one or more of your

account settings has recently been changed (like your Password, Phone Number,

Email or your Recover Email ).

Windows

Saturday, January 28, 2017 06:15 AM ( Western Indonesia Time ) Special Capital Region of Jakarta, Indonesia

Don't authorize these changes? Review your Recently used devices now.

Verify Your Account

To resolve this issue, please verify your account information Here and follow the

steps to confirm your recent identity and account activity and we should your

respond within 48 Hours before : January 30, 2017

*Please take care of it right away to avoid suspension of services account

Sincerely,

The PayPaI Accounts team

This email can't receive replies. For more information, visit the PayPaI Accounts Help Center.

In this “PayPal” scam all links go to: http ://bit.ly/2kv7vmV not to PayPal

8

Dear Valued Customer,

We recently reviewed your account, and suspect that your Wells Fargo Online Banking account

(or other bank) might have been accessed by an unauthorized third party.

Protecting the security of your account is our primary concern, therefore as a preventive

measure, we have temporarily limited your access to sensitive account features.

In order to confirm your Online Bank records, we may require some specific information from

you.

To restore your account access

Click Here To Confirm Your Account

© 1999 - 2014 Wells Fargo. All rights reserved. Equal Housing Lender

9

This short quiz tells if you can save on your monthly mortgage payment

*Source: Harp.gov

This is an Advertisement

MB#0928735

If you would like to update settings or unsubscribe please go he re or write:

8123 Interport Blvd Ste A Englewood, CO 80112

In this scam all links (including Harp.gov) go to http: //axialgame.net/

10

Congrats! Claim your Free Samples Richard!

Trouble seeing this message? View here

In this fake FREE Tools ad, all the links go to http: //limitjob.com/

11

From: pwoottons-6@ cs.kth.se pwoottons-6 @cs.kth.se (Note, se is a Swedish website, not Monterey)

Hi dear..

Need to earn a little extra cash?

Want to work from home?!

You can earn up to $500 a week or more as an Online Mystery Shopper.

Our system is simple and produces great results. Here?s how we do it:

We work out what our online retailers need from you, the online mystery shopper.

The best thing about online mystery shopping is its simplicity.

Instead of spending millions of dollars in advertising their products

and services,

online companies go directly to the consumer.

Companies are able to improve their customer service through the

feedback you provide for them.

All shoppers must be 18 year or over and a citizen of the United States.

(Year should be years)

If you are interested,Email us the below details :

1. Full_N a m e s: __________________

2. Full Physical.Address: __________________

3. S t a t e_C i t y_Zip: __________________

4. Phone-Number: ___

5. Current.Job: __________________

6. Gender: __________________

7. A.g.e: __________________

8. Email&Address: __________________

Thanks for response and being here with us.

Best,

MH- Recruitments

MSPA Application

2017 @ All Right Reserved.

12

Ridicules: An illegal assault rifle from ‘Healthcare Limited.’

13

A Chrome Browser Virus

PROBLEM: you're searching for something on the web with your Chrome Browser and after clicking a suggested link the screen turns into gibberish, or becomes a page of "moving diamonds. Suddenly a message pops up warning, "The 'HoeflerText' font not found". Then you're invited to update the ‘Chrome Font Pack.’ Warning, do not update!

Clicking on the Update button will infect your computer or cell with click-fraud adware, where hidden ads are loaded and clicked on automatically. You won’t see the ads but the criminal hacker gets paid for every click, ripping off legitimate ad networks. At this time the risk to Chrome users is only that their computer or cell will be infected with the click-fraud adware. However, when your device is infected the hacker could change the malicious link into something worse, like encrypting Ransomware.

The best defense is knowing what to look for. If you visit a site and it asks you to download a font update, do NOT do it! It's always better to be safe than sorry.

Google has countered this phishing scam with a recent update to its Chrome browser. If you're using Google Chrome and land on a page containing a phishing attack, a warning will appear in the browser's address bar. The warning reads: Not secure. If you see this warning, immediately close the page. Here are the steps to make sure you are running the latest version of Chrome:

Computer: 1. In the top-right corner of Chrome, click the Menu button >> Tap Update Google

Chrome. (If you don't see this button, you're running the latest version.) 2. Click Relaunch. Your tabs and windows will be saved. If you'd prefer not to restart right

away, click Not Now. The next time you restart your browser, the update will automatically be applied.

Android app: 1. Chrome should automatically update based upon your Google Play Store settings. 2. To check that you have the latest version, open the Play Store. 3. Tap the Menu >> My Apps and games. 4. Apps with available updates are listed under "Updates." 5. If you see Chrome in this list, tap it to install the update.

iPhone/iPad app: 1. Chrome should automatically update based upon your iOS App Store settings. 2. To check that you have the latest version, open the App Store and tap Updates. 3. If you see Chrome on the list, tap Update to install. 4. If asked, enter your Apple ID password. The updates will download and install.

]]]

14

How to protect yourself from Ransomware Ransomware is proliferating; you may have read of the recent attack on a small hospital that paid several thousand dollars to unlock their medical records.

To protect yourself, back up all your data, all your files, photos and other records onto a portable USB drive and then UNPLUG the USB DRIVE. (If you don’t, the Ransomware will lock up the backed up files also!)

Antivirus & Antimalware Software

Antivirus software is used to safeguard a computer from malware, including viruses, computer worms, and Trojan horses. Antivirus software may also remove or prevent spyware and adware, along with other forms of malicious programs. If you do not have antivirus software you will almost certainly become infected sooner or later.

.

Personally I like and use Malwarebytes (the complete version) and The Geek

Squad automatically installs WebRoot on all the computers that they repair.

Search the web for Antivirus Reviews or Antimalware Reviews. You will find several to choose from. Read the reviews and then decide.

15

Police Violation Scams

How the "negligent driving" malware scam works

Beware of emails claiming to be from the police. This email pretends to be a traffic violation notice. The victim is told to click on a link within the email to read the full notification.

Warning! Do NOT click on the link, it is a phishing scam! If you do click on the link in the email, a .zip file that contains a malicious JavaScript (.js) file will be downloaded. If you then click on the .js file, your unit will be infected with malware.

The scam usually includes a traffic photo trying to make the email look official. Here is an example of what that may look like:

There are a couple of things in this email that should tip you off that it's a scam.

First, since the photo is a generic image, you won't see your vehicle in it. If this actually was an official photo showing your traffic violation, your car be in the image?

Secondly, if you were caught on traffic cam violating the law, how would officials know your email address? They can get your home address from your license plate, and maybe they have an email address on file but those can frequently change, which is one reason police never send violations via email.

NOTE: The Police, the Sheriff and the FBI never send violation notices by email!

16

A Gmail Scam with a Fake Sign in Panel A Gmail user receives an email from someone in their contacts list, but that friend has been hacked and their email list stolen. The fraudulent email often looks authentic because the scammer went through the senders' messages to find a topic that is familiar. Getting an email from someone you know, mentioning a familiar topic makes it more likely that you’ll lower your guard and fall for the scam. Inside the fake email is a fake PDF image, but the image hides a malicious link. Once you click the image, a new tab will open and you will be asked to sign in to Gmail. DO NOT SIGN IN!! Notice that the location bar of the fake sign-in page contains the google.com/ServiceLogin, which you expect. But, there are characters in front of the https that should not be there.

The prefix data:text/html tells you that this is a fake webpage. (Image source: Wordfence)

Then to really fake you out, the scammers have created a sign-in screen that looks official.

If you sign-in, you're toast. You’ve given away your login credentials and your account is now compromised. The scammer can use it to access other websites associated with your account.

17

How to spot phishing scams

Be cautious with links - If you get an email or notification that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.

Do an online search - If you get a notification like this one, you should do an online search on the topic. If it's a scam, there are probably people online complaining about it and you can find more information. Search for something like "negligent driving email scam" and see what comes up as a result.

Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos.

Check your online accounts with the web site Have I Been Pwned. Just type HaveIbeenpwned (with no spaces) and you will be taken to the site and asked for your email address. (It does not ask for your password!) When you press Enter it will sweep its databanks and see if your email address has been compromised in a data breach and when. (Be sure and see when the breach occurred, if it was years ago and your address has not have been used you are probably OK, but if you’re worried change your password for a stronger one.)

Have strong security software - Having strong protection on your family's gadgets is very important. The best defense against digital threats is strong security software.

The hallmark of most phishing emails is the terrible use of the English language. Even in cases like this where the hackers take the time to get a template of a real Amazon email (although that security logo is an obvious late addition), they still can't seem to write good copy.

While a company's official email might have the occasional misspelling or grammar gaffe, a standardized notification email like this should be perfect. Plus, this sentence alone would get any Amazon employee fired: "We have temporarily suspend your account and your access to online Amazon and will be restricted if you fail to update” (It should be: suspended)

Pay close attention to what it asks you to do. It says that there was a security problem with your account and you need to click a button to log in. That's a classic phishing technique. To be safe, get out of the email and connect to the company represented in the email but do it in your browser on the web.

Any responsible company that's sending out an unsolicited security notification will tell you to go to its website home page and log in to your account from there. It might tell you to call customer service with any questions. It won't tell you to click a button or link, or download an attachment.

18

Malware attached to a Microsoft WORD document.

A Malware infected Word document in either Windows or Mac machines is being passed around lately, it is titled:

"U.S. Allies and Rivals Digest Trump's Victory - Carnegie Endowment for International Peace."

If you receive this file, don't open it. If you do attempt to open it, you'll see a warning from Microsoft Word that this document contains macros that may contain viruses. There will be two options. “Do not open” and “Disable Macros.” In this case click “Do not open.” Whenever you do not know the documents source or are afraid the document may have been infected and still need to open it, click "Disable Macros."

19

Tricks & Traps of your Friendly Telephone Scammer

Don’t say “Yes”The Better Business Bureau (BBB) has complaints from people receiving

automated calls from someone claiming to be an employee of a cruise line, home security agency, social security firms or realtors. The call begins a simple question, "Can you hear me?" or "Do you pay the household bills?" or "Are you the homeowner?" Another more elaborate one goes like this, First you hear some background noises and then a woman who sounds startled says, “Oh, I’m sorry, I was talking to my husband, can you hear me OK?”

Do NOT answer "yes," because the criminal will record you saying "yes," so they can use it to claim that you agreed to certain credit card charges. They will threaten to sue you if you attempt to deny the charges. These calls usually show up with the local area code on the caller ID. This lets your guard down, because it appears to be someone that you might know.

Say nothing and hang up. No, it's not rude to hang up on a scammer, it’s just smart.

Fake Emergencies

“Hello, this is Jimmy, I am a Microsoft Technician calling because our automatic monitors have found a malfunction in your computer and it is just about to fail! (pause) Do you want me to fix that for you?” NO, NO, NO! It is a scam that has collected many thousands of dollars from unsuspecting people! In addition most of them have had to go to a local service shop to undo the changes the bogus technician had them make.

Microsoft does not and cannot ‘monitor your computer’ or fix it from an off-site location unless you have previously arranged for them to do so.

What to know: Don't click on links or follow instructions to text "stop" or "no" to prevent future texts. This only confirms to scammers that yours is a live, active number for future spam. Use and regularly update anti-malware software designed for smartphones; ask your phone's manufacturer or service provider for recommendations. Forward suspicious texts to 7726 ("SPAM" on most keypads) to alert your carrier to those numbers, and then delete them.

The RoboCall one-ring callback con

You receive a voice message asking you to call back a specific number because you have won a sweepstakes or have an undeliverable package. These robocalls to smartphones are programmed to ring only once and to disconnect if you answer. CAUTION: If you call back you may be billed $30 or more on your phone bill because despite a masked American area code, the call is to an international phone number that charges a premium connection fee and per-minute rate, which is deliberately extended through long holds and frequent transfers. You might also find charges crammed onto your bill with such innocuous language as "special services," "Internet advertising" or "Minimum monthly usage fee."

Beware of these area codes: 268, 284, 473, 649, 664, 767, 809, 829, 849 or 876.

20

Text Bank messages

These text messages claim to be from your Bank or Credit Card Company claiming there's a problem with your account. You're instructed to click on a link, which leads you to a look-alike, scammer-run website that seeks your name, account number and online log-in credentials.

If there's really an account problem, you might be notified by email, but it will include your name and a portion of your account number. If your bank or credit card company telephones you with a fraud alert, it won't ask for any personal data.

Smartphones are prime targets for data theft. Don't let yours reveal your secrets if it winds up in the wrong hands. Always protect it with a strong PIN. And don't use it to store credit card and account log-in information—or anything else potentially compromising.

If you are billed for Fake Debt

1. Get details about debt Ask for the collector's license number, company name, address and phone number. If the collector refuses to provide this information, assume it's a scam. Visit the Consumer Financial Protection Bureau for other signs of bogus collectors.

2. Watch credit reports When reviewing the three freebies that you can receive each year at AnnualCreditReport.com (get one from each credit reporting firm, spaced out over several months), look for unrecognized debts in your name, as well as inquiries by collectors or creditors.

3. Correspondence Visit the Consumer Financial Protection Bureau's website for sample letters to help you get more information about the alleged debt, dispute it and stop contact from collectors. Send it by certified mail and with "return receipt" to the collector and creditor after initial contact, with copies to the CFPB, the FTC and your state attorney general.

4. Know what to expect For alleged credit card debt, insist on written proof that you owe it — such as statements detailing the unpaid charge. For medical debt, get a statement or invoice outlining services, dates and names of doctors, and cross-check that with Medicare, private insurers and providers for payment or reimbursement status; collectors may call before payments are processed.

5. Know your rights Get details 0n your rights from the Consumer Financial Protection Bureau.

Threats to garnish your Social Security or Veterans' Benefits

Although it's commonly threatened by unscrupulous collectors, garnishing is not legal for private debts — only for delinquent state or federal debts such as unpaid student loans, taxes and government-backed mortgages. Unpaid alimony or child support can also be deducted from Social Security benefits, but Supplemental Security Income (SSI) benefits cannot be garnished for any debt.