DOCSLIB.ORG

Payment Apps and Car Infotainment Systems (02/25/21) Payments Apps Like Venmo, Cash App, and Zelle Offer Convenient Ways to Send and Receive Money

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Payment Apps and Car Infotainment Systems (02/25/21) Payments Apps Like Venmo, Cash App, and Zelle Offer Convenient Ways to Send and Receive Money Payment Apps and Car Infotainment Systems (02/25/21) Payments apps like Venmo, Cash App, and Zelle offer convenient ways to send and receive money. According to a recent study, about 80% of U.S. adults use mobile payment apps. Unfortunately, many people assume that payment apps offer protections similar to those of credit or debit cards, but that’s not the case. Generally, transactions cannot be reversed if there’s a problem or if you change your mind, even if your account is linked to a credit card. In addition, some financial institutions are activating Zelle without customers’ knowledge, which could be an issue if your banking credentials are compromised and criminal gets access to your account. If you decide to use a payment app, consider setting up a separate bank account for that purpose, and only put in money needed to fund those transactions. If you don’t, and have linked your savings account to your checking or payment account, the scammer may get access to those funds as well, through automatic overdraft protection, or compromised credentials. It is generally recommended that you never use these apps to send money to strangers – only use them with family, friends, or trusted sources. Many newer cars on the road today offer a great deal of technology and connectivity. People often forget that these cars are really computers on wheels and present a variety security and privacy concerns. Today’s technology allows you to connect your smartphone to your vehicle to have easy access to your contacts, messages, photos, navigation services, and internet connection. Manufacturers generally refer to these systems as “infotainment systems” – they offer convenience, but at a price. When you plug-in your smartphone, the system may collect a wide variety of personal information: home address, wi-fi passwords, contacts, emails, texts, and photos. In addition, if your car’s computer has been infected by malware, you could download that onto your phone, further compromising its contents. This is particularly relevant when using a rental car – because you don’t know who used the car before you, you take a big risk connecting your phone to that vehicle. To limit your vulnerability when renting a vehicle, avoid connecting your phone at all. If you do decide to connect it, perform a “factory reset” of the infotainment system when turning-in the vehicle to hopefully erase your data. Remember, if you just need to charge your phone, use a cigarette lighter charger, not the USB port. When selling or trading-in your car, perform a “factory reset” on system as well. To ensure a full reset, ask the dealer to wipe the hard drive. Four More Recent Local Case Studies (02/11/21) Variations of different scams continue to affect people in our community. By explaining what these scams look like and educating the public about the red flags to look for, we hope to prevent others from becoming victims. Military “romance scam” Romance scams are extremely prevalent and account for highest financial loss of all internet-facilitated crimes. The Internet Crime Complaint Center (IC3) says it received over 15,000 romance scam complaints last year, with losses exceeding $230 million. The FBI puts the true number higher as they estimate only 15% of these crimes are reported to law enforcement. In this scam, the scammer usually originates contact with the target on legitimate dating sites or social media apps. The scammer identifies themselves as a “soldier” serving oversees and says they need money. Here are some red flags to look for: • all contact is online; no phone or video • scammer alleges “lack of support” by military, or requests money for basic needs (transportation costs, communication fees, medical expenses) • obvious grammatical errors, or pledges their love at warp speed • deployed soldiers do not find large sums of money and do not need your help to get that money out of the country Car rental scam This scam reinforces the importance of verifying what web sites you are visiting and limiting your business to known, legitimate companies. In this case, the victim used an online search to locate discounted car rental deals. She clicked on a link which took her to what appeared to be a well-known car rental company, but in fact was an imposter site. Sometimes the scammer also employs a fraudulent phone number to facilitate contact. The scammer ultimately tries to get the target to pay for the rental using pre-paid value cards. Red flags to watch for include: • prices too good to be true • offer requires payment other than a credit card • always take the time to verify the web address, or search the phone number online for reports of fraud Apartment for rent This scam has been around for a while and is very effective. The scammer lists a vacant home or home for sale on a legitimate website (Craigslist, Apartments.com), advertising it “for rent”. When people respond to the fraudulent ad, they are pressured to quickly submit a security deposit, typically being told the apartment is in “high demand”. The scammer requires payment via wire transfer, electronic payment (Zelle, Venmo), or pre-paid cards. Look for the following red flags: • renter claims to be out of town / cannot show apartment • renter says they will FedEx keys • renter wants you to move in “right away” or does not complete any screening process Before sending money or signing any documents, identify the owner of the property and request to meet in person – be sure to visit the property in person. Counterfeit money Counterfeit bills of various denominations have been circulating in Sheboygan. When accepting cash, particularly denominations of $50 or $100, carefully scrutinize the bill: 1. Does it say “For Motion Picture Purposes” or “Copy”? 2. Carefully review the layout for signs of altering (uneven spacing, blurry letters, odd markings). 3. Do any of the bills have identical or sequential serial numbers? 4. Do not rely solely on “counterfeit detection pens” – they aren’t fool-proof and are not sanctioned by the U.S. Treasury. When in doubt, do not accept the bill. With advances in technology, counterfeiters are becoming more sophisticated in creating bills that appear genuine. Marketplace Scams and Social Engineering Refresher (01/28/21) Online scams are prevalent and rely on empty promises and the anonymity of the internet to be successful. Two current scams utilize online marketplaces to separate people from their money. $99 windshield repair (Facebook) Scammers use fake/hijacked profiles to advertise $99 windshield repair, occasionally referencing know local businesses. Scammers utilize Facebook Messenger to initiate communication, then persuade the target to call a Google Voice or similar phone number to continue transaction – the goal is to get target to pre-pay for repair, which doesn’t really exist. A brief review of the associated Facebook accounts reveal that they are clearly not related to windshield repair. Puppy scam This scam exploits subjects looking to purchase a puppy online, typically a unique breed, suggesting a higher purchase price. The target responds to an ad on Craigslist or Facebook, with the “seller” requesting 50% down. The “seller” may subsequently also request additional money for “issues” with the dog’s crate, vaccinations, etc., with the objective being to get the target to wire as much money as possible. There is never actually any puppy for sale. With both of these scams, remember – don’t pay upfront for a promise and consider how you pay. Avoid wire transfers, mobile payments like Venmo and Zelle, and pre-paid value cards. In addition, it is important to always keep in mind the pervasiveness and effectiveness of social engineering scams. This time of year, IRS scams are very common. COVID vaccination scams also continue to be prevalent. These types of scams rely on “social engineering” to be successful. Remember, social engineering tactics involve creating a situation in which the victim provides information of value to the scammer, under perceived pressure or duress. They are design to exploit human behavior and tap into emotions that would cause the victim to disregard their better judgment. To avoid falling victim to these types of scams, remember the 4 P’s: 1. The scammer PRETENDS to be a person, or from an organization, you know. 2. The scammer says there’s a PROBLEM or a PRIZE. 3. The scammer PRESSURES you to act immediately. 4. The scammer tells you to PAY in a specific way. Recent Local Case Studies (01/14/21) The following is a description of recent scams reported to the Sheboygan Police Department. “You’ve Won” lottery scam In this scam, the target receives a phone call stating “you’ve won” some type of lottery or cash prize. All you have to do, they say, is send money to cover fees associated with the prize (taxes, processing fees). The target is instructed to pay these fees via wire transfer or by using pre-paid cards. This is ALWAYS a scam – you should never have to pay to win a prize. In this case, further indications of fraud included that the target never entered a lottery or sweepstakes, and when checking the address provided by the scammer, the address was found not to exist. Imposter scam There are many variations of this type of fraud. In this case, the victim received phone calls from persons purporting to be from the FBI and DEA, using the names of actual prominent agency officials. The callers alleged the victim’s involvement in violations of federal law and drug trafficking, and threatened arrest or imprisonment. The victim was told not to tell anyone, and the caller aggressively demanded payment of thousands of dollars in wire transfers and/or pre-paid cards.
Load more

Recommended publications
  • Holiday Cyber Safety Tips 2020
    Holiday Cyber Safety With so many people choosing to shop online this holiday season, you need to be extra vigilant about avoiding cyber scams that can not only steal your money, but also corrupt your home and/or work computer and network. E-commerce sales are expected to rise by 25 to 35 percent as shoppers choose using their computers and smartphones over brick and mortar stores. Cyber criminals may target victims through a variety of methods, including compromised or spoofed websites, phishing emails, social media ads and messages, or unsecured Wi-Fi networks. The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) has put out a number of tips to help increase awareness of these cyber threats and help you avoid these cyber traps at home and work. 1. Do Your Online Shopping at Home and avoid using work computers - Avoid using public computers, such as those at a library or hotel, or public Wi-Fi connections to log in to personal accounts or conduct online shopping. Public computers could be infected with malware designed to steal your information and hackers can intercept network traffic traveling over unencrypted Wi-Fi signals. TIP: If you must connect to public Wi-Fi, use a virtual private network (VPN) to secure information transmitted between your device and the internet. Refrain from using work computers to make online purchases as cyber threats could endanger company and/or customer information. 2. Look Out for Holiday-Themed eCards and Messages Meant to Install Malware - In the past, users reported being targeted with various Thanksgiving Day-related scams.
    [Show full text]
  • Cybersecurity Cyberwise Tips
    May 11, 2021 | CyberWise – How to Create a Strong Password Recently, the State Department’s Directorate of Cyber and Technology Security released their guidance on creating strong passwords. Considering that most Federal and contract employees continue to work remotely, continued reliance on strong passwords for both business and personal accounts is very important. The most used passwords are extremely easy to guess and only take hackers a few seconds to crack. For example, “Admin1234” would only take 0.22 seconds to crack. By contrast, a memorable phrase such as “WherecanIfindagoodsandwich?” would take 771 years to crack with current brute force methods. How to stay CyberWise, according to the State Department: • When possible, use your PIV or multi-factor authentication. • Use different passwords for different accounts. If you are reusing a password on multiple accounts and a hacker cracks one of them, they may try the recovered passwords on your other accounts too. • Do not include personal identifiers like your phone number, name, child or pet’s name, or birth date, especially for those who were affected by the OPM breach in 2015 – this information is already on the Dark web. • Avoid selecting commonly used words (e.g., colors, fruits, animals, days) or phrases (e.g., “Password1234,” “DOSadmin1”). Password cracking tools include dictionary-based testing capabilities. • Do not use repetitive characters or patterns (e.g., “0000,” “1234,” “aaa,” or “7878”). • Consider using a unique passphrase that is easy to remember or picture in your mind, but difficult to guess. According to the National Institute for Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase permissible.
    [Show full text]
  • CRIMINAL JUSTICE in AMERICA FIFTH EDITION Cja Unit1a:Layout 1 7/10/2012 2:10 PM Page 1
    CRIMINAL JUSTICE IN AMERICA FIFTH EDITION cja_unit1a:Layout 1 7/10/2012 2:10 PM Page 1 CRIMINAL JUSTICE IN AMERICA FIFTH EDITION Developed by Marshall Croddy Bill Hayes cja_unit1a:Layout 1 7/10/2012 2:10 PM Page 2 601 South Kingsley Drive T. Warren Jackson, Chair Los Angeles, California 90005 Marshall P. Horowitz, Chair, (213) 487- 5590 Publications Committee www.crf-usa.org Jonathan Estrin, President Marshall Croddy, Vice President Developed by Subject Matter Consultants Marshall Croddy and Bill Hayes (Various Editions) Richard Chrystie, Deputy District Attorney, Board Reviewers Los Angeles County Marshall P. Horowitz, Lisa Rockwell, Val Cole, Deputy District Attorney, Patrick Rogan, K. Eugene Shutler, Los Angeles County Douglas Thompson, Lois Thompson Star French, Deputy Probation Officer, Editor Los Angeles County Bill Hayes John Hud, Criminal Defense Attorney, Bozeman, Montana Contributing Writers (Various Editions) Daniel E. Lewis, Attorney, Los Angeles Bill Hayes, Marshall Croddy, Todd Clark, Julia Rider, Luce, Forward, Hill, Jeffer & Teri Engler, Lucy Eisenberg, Damon Huss, Mangels Sandy Kanengiser, Carlton Martz, Betsy Devallis Rutledge, Special Counsel to the Salzman, Eden Kusmiersky, Coral Suter, District Attorney, Los Angeles County Charles Tremper, Michelle Ng, Roy Kim, Richard Simonian, Superintendent, C.K. Shruti Modi, Anjelica Sarmiento, Sophia Khan, Wakefield School, Fresno County Probation Marianna Muratova Department Researchers Captain Robert Taylor, Commanding Officer, (Various Editions) Juvenile Division, Los Angeles Police Rick Bhasin, Luke Delgado, and Michael Sokolson Department Kerry White, Head Deputy District Attorney, Production Juvenile Division, Los Angeles County Andrew Costly, Designer Library of Congress Cataloging-in-Publication Data Criminal justice in America / developed by Marshall Croddy and Bill Hayes ; edited by Bill Hayes ; written by Bill Hayes ..
    [Show full text]
  • COVID-19 Fraud & Security Alerts
    November 2020 COVID-19 Fraud & Security Alerts NHS Counter Fraud Managers Group (CFMG) Supported by and COVID: Hertfordshire firm sues as £45m NHS masks deal collapses Five million medical masks bought by the government for £45m are missing amid claims of fraud. The respirator masks were due to arrive in the UK by June, but the company could not supply them. Hertfordshire-based Purple Surgical has filed papers alleging fraud by its supplier Win Billion Investment Group, a firm in the British Virgin Islands, as first reported in the Guardian . Read BBC article here Benefit scams worth £1bn foiled during lockdown The BBC has reported that fraudulent benefit claims totalling up to £1bn have been prevented during the COVID-19 pandemic. Civil servants identified in May numerous claims for Universal Credit requesting payments were made to the same bank account. Upon further investigation staff identified over 100,000 fraudulent claims. The article by the BBC also reports that officials had confirmed personal details for thousands of members of the public with the scammers. The article states that although the Department for Work and Pensions plan to write to those compromised, it is struggling to identify many of them. Read the BBC article here 73% increase in phishing attacks reported to HMRC Info Security Magazine reports that HMRC detected a 73% rise in phishing attacks during the first six months of the COVID-19 pandemic. During the two months prior to COVID-19 lockdown restrictions the average email attacks were 26,100. This rose to an average of 45,046 during March and September, amounting to a total of 367,528 reports of phishing attacks in 2020 up to September.
    [Show full text]