Security Tip

Top 10 holiday scams

As the new holiday cyber-crime season rolls in, it’s a good idea to look at the scams of last year, which will be recycled with a few small updates. Here are the Top 10 scams to keep an eye out for this holiday season:

Black Friday Deals
Black Friday and Cyber Monday are the busiest online shopping days and the bad guys are out to get rich with your money. Don’t buy anything that seems too good to be true.

Complimentary Apple Watch
Watch out for the too-good-to-be-true coupons that offer complimentary watches, phones, or tablets on sites all over the internet. Don’t fall for it. Make sure the offers are from a legitimate company.

Postal Deliveries
Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t enter anything. Think before you click.

Fake Refunds
There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device will be infected with malware.

The Grinch E-Card Greetings
Happy Holidays. Your email has an attachment that looks like an e-greeting card, pretty pictures and all. You think that this must be from a friend. Nope. Malicious e-cards are sent by the millions, and especially at the office, never open these things as they might infect your workstation.

The Fake Gift Card Trick
Internet crooks promote a fake gift card through social media but what they really are after is your information, which they then sell to other cyber criminals who use it for identity theft. Here is an example: A Facebook scam offering a complimentary $1,000 Best Buy gift card to the first 20,000 people who sign up for a Best Buy fan page, which is a malicious copy of the original.

The Charity Tricksters
Holidays are traditionally the time for giving. It’s also the time that cyber criminals try to pry money out of people that mean well. But making donations to the wrong site could mean you are funding cyber-crime or even terrorism. So, watch out for any communications from charities that ask for your contribution, (phone, email, text, and tweets) and make sure they are legit. It’s a good idea to contact the charity to make sure the request did in fact come from them. It is safest to only donate to charities you already know, and refuse all the rest.

The DM-Scam
You tweet about a holiday gift you are trying to find, and you get a direct message (DM) from another twitter user offering to sell you one. Stop – Look – Think, because this could very well be a sophisticated scam. If you do not know that person, be very careful before you continue and never pay up front.

The Extra Holiday-Money Fraud
People always need some extra money during this season, so cyber fraudsters are offering work-from-home scams. The most innocent of these make you fill out a form where you give out confidential information like your Social Security number which will get your identity stolen. The worst of them offer you work where you launder money from a cyberheist which can get you into major trouble.

The Evil Wi-Fi Twin
If you bring your laptop/tablet/smartphone to the mall to scout for gifts and check if you get it cheaper somewhere online. But the bad guys are there too, shopping for your credit card number. They put out a Wi-Fi signal that looks just like a complimentary one you always use. Choose the wrong Wi-Fi and the hacker now sits in the middle and steals your credit card data while you buy online. When you use a Wi-Fi connection in a public place, it is better not to use your credit card.

Provide courtesy of KnowBe4 CyberheistNews (


Internet safety for seniors

The Internet creates excellent opportunities for seniors to meet people, conduct business, plan travel, access records, stay in touch with friends and family, and support hobbies and entertainment interests.  You can learn how to take advantage of the opportunities without falling prey to predators so you can have peace of mind when you go online.

The Washington State Office of the Attorney General’s Office has put together an online resource aimed at the unique vulnerabilities seniors face when going online.  There are specific scams tailored specifically to exploit older Internet users.

Having less refined computer and Internet skills and being more trusting are major factors that make seniors more vulnerable.  This site addresses: seniors and social networking sites; cyberbullying and seniors; online dating and seniors; information exposure and seniors; and tips for seniors to stay safer online.  Learn more here.

Stop. Think. Connect.

Be a good cyber citizen by own your online presence.

Take security precautions, understand the consequences of your actions and behaviors and enjoy the benefits of the Internet.

STOP: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.

THINK: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family’s.

CONNECT: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.

Protect yourself and help keep the web a safer place for everyone.  For more information about owning your online presence and for information about how to protect your digital life, go here. be safe, secure and responsible online

At, you will find information for your computer, your children and yourself.  Information is shared through videos, blogs and online articles.  You can also sign up for email updates to stay on top of the latest threats to your security.

The Federal Trade Commission manages, in partnership with the federal agencies listed below. is a partner in the Stop Think Connect campaign, led by the Department of Homeland Security, and part of the National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology.

Tech support scams continue to cost computer users

Reposted from, a project of the National Consumers League.

Just before midnight George got a call. “I was told it was the Microsoft Corporation,” George said. “They said there was a problem with my computer but they would fix the problem for free and would install an antivirus to protect against future attacks for $99.” George went to bed uneasy, not sure if the supposed Microsoft employee was legitimate or a fraudster.

Unable to sleep, George watched helplessly later that evening as someone remotely entered his credit card number into a Web site without his control. George frantically called Microsoft and learned that he had, as he suspected, fallen victim to a scam. In an attempt to avoid charges, George called Western Union — only to find out that $207 had already been charged to his credit card and was being processed in India.

The National Consumers League’s has seen a recent uptick in this “tech support scam.” These occur when a fraudster, claiming to work for well-known technology companies like Microsoft or Norton, contacts a consumer. The scammers claim that viruses have been detected on the computer and that they can remotely remove it for a fee, typically anywhere from $100 to $400. The victim is then instructed to go to a Web site or open computer program that “proves” that the computer is compromised. Often these programs show computer functions that look scary but are actually normal.

Frightened by the supposed virus — and reassured because of the reputation of the company the fraudster is claiming to represent — many consumers agree to pay the fee and give the criminal remote access to the “corrupted” computer. Sometimes the hacker charges a consumer to download harmless programs that are available for free online to demonstrate the alleged virus. Other times, they install tracking software that gives the fraudster access to personal information on the computer.

Estimates of the scope of this scam vary widely. For example, Microsoft reported that the average victim lost $875 and had to pay $1,700 in repair bills. The Federal Trade Commission (FTC) said it had received more than 40,000 complaints about this scam when it initiated a crackdown in October 2012 and an official with the FTC’s consumer protection bureau said he thought the number of victims was probably “substantially higher.”

Although scams of this sort started in 2008, it has become far more common in the last couple of years, gaining attention from media organizations across the world. The companies that are affected have also noticed, warning their customers and offering tips on how to spot and avoid the scam. PayPal and other payment companies have helped by shutting down the accounts of known fraudsters.

Despite government action to identify and stop scam artists running these schemes, copycats continue to defraud consumers. Consumers should use the following precautions to minimize the risk of falling victim:

  • Know that legitimate companies will not call you without solicitation and tell you that you must pay for tech support;
  • Find a legitimate phone number for the company and ask them whether a representative contacted you;
  • Never allow someone to take remote control of your computer unless you are certain that they are actually representing a legitimate company;
  • Do not disclose sensitive financial information such as passwords, credit card, or bank account routing numbers over the phone; and
  • When buying things over the Internet or phone, use a credit card or a debit card so that you can better dispute fraudulent charges.

If you believe that you are the victim of a tech support scam, please take the following actions:

  • File a complaint with so that we can help others avoid falling victim;
  • Call your credit card company and ask to have the charges reversed;
  • Check your bank and credit card statements for inaccuracies. If you find any, ask that those charges be reversed, too;
  • Contact the major credit-reporting agencies (Equifax, Experian, and TransUnion) and notify them of the potential for fraud on your account; and
  • Delete the tracking software from your computer. For tips on how to do this, click here.

Visit the following sites to learn more about tech support scams and ways to protect yourself:

  • This post on the FTC’s Web site provides consumers with a video on how to protect computers and phone audio of a scammer conducting a tech support scam.
  • This section of the FTC’s Web site gives an overview of how these scams work and ways to protect yourself if contacted by a fraudster.
  • The Better Business Bureau has a scam alert that describes an incident in Montana involving this scam.
  • Finally, Microsoft’s posting on its Web site details common scams that falsely use its name and the common indicators that you are not truly talking to a company official.

Identifying Hoaxes and Urban Legends

Chain letters are familiar to anyone with an email account, whether they are sent by strangers or well-intentioned friends or family members. Try to verify the information before following any instructions or passing the message along.

Why are chain letters a problem?

The most serious problem is from chain letters that mask viruses or other malicious activity. But even the ones that seem harmless may have negative repercussions if you forward them:

  • they consume bandwidth or space within the recipient’s inbox
  • you force people you know to waste time sifting through the messages and possibly taking time to verify the information
  • you are spreading hype and, often, unnecessary fear and paranoia
What are some types of chain letters?

There are two main types of chain letters:

  • Hoaxes – Hoaxes attempt to trick or defraud users. A hoax could be malicious, instructing users to delete a file necessary to the operating system by claiming it is a virus. It could also be a scam that convinces users to send money or personal information. Phishing attacks could fall into this category (see Avoiding Social Engineering and Phishing Attacks for more information).
  • Urban legends – Urban legends are designed to be redistributed and usually warn users of a threat or claim to be notifying them of important or urgent information. Another common form are the emails that promise users monetary rewards for forwarding the message or suggest that they are signing something that will be submitted to a particular group. Urban legends usually have no negative effect aside from wasted bandwidth and time.
How can you tell if the email is a hoax or urban legend?

Some messages are more suspicious than others, but be especially cautious if the message has any of the characteristics listed below. These characteristics are just guidelines—not every hoax or urban legend has these attributes, and some legitimate messages may have some of these characteristics:

  • it suggests tragic consequences for not performing some action
  • it promises money or gift certificates for performing some action
  • it offers instructions or attachments claiming to protect you from a virus that is undetected by anti-virus software
  • it claims it’s not a hoax
  • there are multiple spelling or grammatical errors, or the logic is contradictory
  • there is a statement urging you to forward the message
  • it has already been forwarded multiple times (evident from the trail of email headers in the body of the message)

If you want to check the validity of an email, there are some websites that provide information about hoaxes and urban legends:


Mindi McDowell and Allen Householder,



Protecting portable devices

What is at risk?

Only you can determine what is actually at risk. If a thief steals your laptop or mobile device, the most obvious loss is the machine itself. However, if the thief is able to access the information on the computer or mobile device, all of the information stored on the device is at risk, as well as any additional information that could be accessed as a result of the data stored on the device itself.

Sensitive corporate information or customer account information should not be accessed by unauthorized people. You’ve probably heard news stories about organizations panicking because laptops with confidential information on them have been lost or stolen. But even if there isn’t any sensitive corporate information on your laptop or mobile device, think of the other information at risk: information about appointments, passwords, email addresses and other contact information, personal information for online accounts, etc.

How can you protect your laptop or internet-enabled device?

  • Password-protect your computer: Make sure that you have to enter a password to log in to your computer or mobile device (see Choosing and Protecting Passwords for more information).
  • Keep your valuables with you at all times: When traveling, keep your device with you. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary—these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.
  • Downplay your laptop or mobile device: There is no need to advertise to thieves that you have a laptop or mobile device. Avoid using your device in public areas, and consider non-traditional bags for carrying your laptop.
  • Be aware of your surroundings: If you do use your laptop or mobile device in a public area, pay attention to people around you. Take precautions to shield yourself from “shoulder surfers”—make sure that no one can see you type your passwords or see any sensitive information on your screen.
  • Consider an alarm or lock: Many companies sell alarms or locks that you can use to protect or secure your laptop. If you travel often or will be in a heavily populated area, you may want to consider investing in an alarm for your laptop bag or a lock to secure your laptop to a piece of furniture.
  • Back up your files: If your mobile device is stolen, it’s bad enough that someone else may be able to access your information. To avoid losing all of the information, make backups of important information and store the backups in a separate location (see Good Security Habits for more information). Not only will you still be able to access the information, but you’ll be able to identify and report exactly what information is at risk.

What can you do if your laptop or mobile device is lost or stolen?
Report the loss or theft to the appropriate authorities. These parties may include representatives from law enforcement agencies, as well as hotel or conference staff. If your device contained sensitive corporate or customer account information, immediately report the loss or theft to your organization so that they can act quickly.
Mindi McDowell through US Computer Emergency Readiness Team (US-CERT)

Keep kids safe online offers advice and tools for keeping youth and teens safe online.  Not just about computers, they also provide information and another look at photo sharing apps, cyberbullying, smartphone use and other ways to keep adults informed about what youth are doing online.  Here, you can also use Google’s SafeSearch engine which filters out sites that contain inappropriate content, including images.

Following are the first three rules for safe family cell phone use has published.

  1. Have a conversation about when it’s okay and not okay to use the phone for talking, texting, apps and other functions. This should include both time and place. Talk about rules for cell phone use during dinner, at social events and in public places like movie theaters and restaurants.
  2. Consider having a centralized resting place for the phones to charge up while family members are sleeping. There are lots of reasons why phones shouldn’t be used or sending out audible alerts after bedtime. Just because your phone may also be an alarm clock doesn’t mean it necessarily should be sitting on your or your kid’s nightstand.
  3. Talk about the polite use of the phone, such as not talking in a loud voice (people think it’s necessary but it usually isn’t) and not talking or texting in a way that will disturb others or violate your privacy.

See the rest here.

Who is really on the other end of the line?

Beware of fake support scams!

Your phone rings. The caller ID says ‘Windows Support,’ so you answer.

“Hi,” the caller says, giving a name. “I’m calling from Windows support. We’ve been receiving some error messages from your computer.” The caller says he can fix those errors if you give him remote access to your computer. You’re worried, so you agree.

Next, the caller says he needs to download software to your PC to fix the problem. He also requests your credit card number to pay for the software and tech support services.

Sound suspicious? It is. The tactic is commonly known as a ‘Windows support scam’ or ‘tech support scam,’ and anecdotal evidence suggests it’s on the rise.

In October 2012, the Federal Trade Commission (FTC) announced an international crackdown on Windows support scammers. But since then, publications such as Computerworld, Forbes, the San Francisco Chronicle and others have reported that the scam appears to be occurring more frequently.

The Scare Tactics
Windows support scammers succeed too often because they scare their victims into thinking something’s terribly wrong with their computer. The scenario described above is just one of their tactics. Here’s what can happen during a ‘Windows support call.’

  • In some cases, the caller ID may say ‘Windows Support’ or it displays a number from area code 425, which serves the Washington state area including Redmond—Microsoft’s headquarters. This doesn’t mean the call is legitimate, however, as scammers often use caller ID spoofing to mask the true phone number from which they’re calling.
  • The caller usually identifies himself as being from Microsoft, Dell, Cisco, an Internet Service Provider (ISP), or other known computer/service companies.
  • When you ask for proof that the caller has seen error messages from your computer, he may direct you to look at a Windows Event log on your PC. The log typically displays harmless error messages, however, which could look like legitimate problems to less savvy computer users.
  • Once they gain your confidence, scammers will try to convince you to pay for their ‘tech support services,’ which may be a one-time fee or a subscription. Not only do you pay for useless tech support, you’re giving your credit card information to a criminal, who may use it for unauthorized charges or sell it to other criminals.
  • The software that the caller downloads onto your PC to ‘fix’ it may contain Trojan horse malware designed to steal your online account information and passwords.

Windows Support Scam Variations
If all that weren’t enough, there are other types of tech support scams you should be aware of.

In January, the FTC’s website reported scams in which callers say that if you previously paid for their tech support services, you may be due a refund. They’ll ask if you were happy with their services (chances are, your answer is “no”). Or they’ll explain the company is going out of business. Because you paid for a tech support subscription from them, you’ll get a ‘refund.’ Their motive, of course, is to convince you to give them your credit card or banking information so they can steal your money instead of refunding it.

Separately, tech support scammers have been targeting mobile users, too, though cold calls or online ads, according to PC World. The mobile scam goal is usually to get you to pay for bogus tech support subscriptions of $300 a year, more or less.

There’s also the old ‘scareware’ ploy, in which some websites display bogus pop-up windows or banners telling you that your computer may be infected with spyware or viruses. The goal is to get you to purchase and download fake security software, which could be malware.

What You Can Do About It
Never give strangers remote access to your PC. Microsoft, ISPs and other companies aren’t going to call you out of the blue claiming to have seen errors coming from your computer.

Did you fall for the scam? Ask your credit card company to block or reverse the charges ASAP. You may need to be issued a new credit card.

Scan your PC for viruses, spyware and other malware using your computer’s security software. In worst-case scenarios, you may have to backup your data, reformat your hard drive, and reinstall Windows to be sure you’re rid of any downloaded malware.

Of course, the best step is to be aware of the Windows support scam so you don’t fall for it. Tell friends and family about it, too—especially those who are less savvy about computers and Internet-related scams.

Posted on December 10, 2014 by ZoneAlarm

Scam of the Week: Holiday Coupon Alert

It’s the Holiday Season for the bad guys too! But not the way you might think. They go into scam-overdrive mode, and starting with Black Friday and Cyber Monday (the busiest online shopping days), they are out to get rich with your money until the holidays are over. Bryant Bradburd, City of Seattle Chief Technology Officer, passes on this advice:

  1. At the moment, there are too-good-to-be-true coupons that offer free phones or tablets on sites all over the Internet. Don’t fall for it. Make sure the offers are from a legitimate company.
  2. Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t open any attachments and don’t enter anything. Think Before You Click!
  3. There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device will be infected with malware. Again, don’t open any attachments and don’t enter anything.

So, especially now, be constantly alert and willing to fight back by using common sense. Remember to only use credit cards online, never debit cards. Be super-wary of bulk email with crazy good BUY NOW offers and anything that looks slightly “off.”

If you think you might have been scammed, stay calm and call your credit card company, have that card disabled and get a new one. Happy Holidays!