by Scott Muniz | Oct 28, 2021 | Security, Technology
This article is contributed. See the original author and article here.
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List. The 2021 Hardware List is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in hardware. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.
CISA encourages users and administrators to review the Hardware Weaknesses List and evaluate recommended mitigations to determine those most suitable to adopt.
by Scott Muniz | Oct 27, 2021 | Security
This article was originally posted by the FTC. See the original article here.
There’s a fake IRS email that keeps popping into people’s inboxes. It says that you can get a third Economic Impact Payment (EIP) if you click a link that lets you “access the form for your additional information” and “get help” with the application. But the link is a trick. If you click it, a scammer might steal your money and your personal information to commit identity theft. It’s yet another version of the classic government impersonator scam.
Here are ways to avoid this scam:
- Know that the government will never call, text, email, or contact you on social media saying you owe money, or to offer help getting a third Economic Impact Payment (EIP). If you get a message with a link from someone claiming to be from the IRS or another government agency, don’t click on it. It’s a scam. Scammers will often send fake links to websites or use bogus email addresses and phone numbers that seem to be from the government. Your best bet is to visit the IRS’s website directly for trustworthy information on EIP payments.
- Say no to anyone who contacts you, claiming to be from a government agency and asking for personal or financial information, or for payment in cash, gift cards, wire transfers, or cryptocurrency. Whether they contact you by phone, text, email, on social media, or show up in person, don’t share your Social Security, Medicare ID, driver’s license, bank account, or credit card numbers. And know that the government would never ask you to pay to get financial help.
- Report government impersonators to ReportFraud.ftc.gov. Your report makes a difference. Reports like yours help us investigate, bring law enforcement cases, and alert people about what frauds to be on the lookout for so they can protect themselves, their friends, and family.
Visit ftc.gov/imposters to find out more about government impersonators. And to learn more about the signs of a scam, what to do, and how to report it, check out ftc.gov/scams.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Oct 27, 2021 | Security
This article was originally posted by the FTC. See the original article here.
It’s Cyber Security Awareness month, so the tricks scammers use to steal our personal information are on our minds. If there’s one constant among scammers, it’s that they’re always coming up with new schemes, like the Google Voice verification scam. Have you heard about it? Here’s how it works.
Scammers target people who post things for sale on sites like Craigslist or Facebook Marketplace. They also prey on people who post looking for help finding their lost pet.
The scammers contact you and say they want to buy the item you’re selling — or that they found your pet. But before they commit to buying your item, or returning your pet, they feign hesitation. They might say they’ve heard about fake online listings and want to verify that you’re a real person. Or they might say they want to verify that you’re the pet’s true owner.
They send you a text message with a Google Voice verification code and ask you for that code. If you give them the verification code, they’ll try to use it to create a Google Voice number linked to your phone number. (Google Voice gives you a phone number that you can use to make calls or send text messages from a web browser or a mobile device.)
So, what’s the harm? The scammer might use that number to rip off other people and conceal their identity. Sometimes these scammers are after a Google Voice verification code and other information about you. If they get enough of your information, they could pretend to be you to access your accounts or open new accounts in your name.
If you gave someone a Google Voice verification code follow these steps from Google to reclaim your number.
No matter what the story is, don’t share your Google Voice verification code — or any verification code — with someone if you didn’t contact them first. That’s a scam, every time. Report it at ReportFraud.ftc.gov.
Cyber Security How-to Guides
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Oct 27, 2021 | Security, Technology
This article is contributed. See the original author and article here.
The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks using Ranzy Locker, a ransomware variant first identified targeting victims in the United States in late 2020.
CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000153-MW and apply the recommend mitigations.
by Scott Muniz | Oct 26, 2021 | Security
This article was originally posted by the FTC. See the original article here.
Companies offering work, training, business opportunities, investments, or other money-making opportunities often try to grab your attention by talking about how much money you can make. But all too often, the potential earnings they describe are exaggerated or even flat-out phony, and people who take the plunge instead lose significant time — and money.
The FTC is ramping up its efforts to stop companies from using false or misleading earnings claims to draw people into their business ventures. The agency sent notices to more than 1,100 multi-level marketing companies, business opportunities, franchises, investment coaching companies, and “gig” companies. The notices remind the businesses they must follow well-settled law when making earnings claims to potential participants, workers, and buyers.
Among other things, the notices tell the companies that they:
- can’t make false, misleading or deceptive claims about the earnings you can expect
- can’t misrepresent that you don’t need experience to earn income
- can’t misrepresent that you must act immediately to buy or be considered for a money-making opportunity, and
- can’t misrepresent that buying a money-making opportunity is risk-free or involves little risk.
The FTC’s cover letter makes clear to recipients that merely receiving a notice does not mean that a company did something wrong. But it also makes clear that the recipients are now on notice that if they use the illegal practices in the future, they can face penalties of up to $43,792 per violation.
Before acting on claims about potential earnings:
- Do your research. For example, before starting a new “gig,” search for information about the company online, like how it pays its workers and any other conditions of the offer.
- Question claims about future riches. Promises that you’ll be able to quit your job, work from home, and live lavishly often are false.
- Steer clear of companies that use high-pressure sales tactics. Any company that says you must act immediately or discourages you from taking time to study the company is one to avoid.
For more information, check out When a Business Offer or Coaching Program Is a Scam and Multi-Level Marketing Businesses and Pyramid Schemes. If you spot an income scam, please tell us at ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Oct 25, 2021 | Security
This article was originally posted by the FTC. See the original article here.
Every day dedicated community advocates work to improve the lives and protect the rights of people across the country. The FTC is proud of our work with the legal services community and we are excited to share the Community Advocate Center, a new resource to help you report to the FTC your clients’ experiences with fraud, scams, and bad business practices.
We know that communities thrive when we work together. We also know that scammers target specific populations including people of color, speakers of other languages, and lower-income communities. When advocates tell us people’s stories through ReportFraud.ftc.gov, the FTC can give tailored advice on next steps, including specific info about how to try to recover their money.
When you sign up for the Community Advocate Center, you’ll be joining colleagues from Legal Services Corporation, Inc. the National Legal Aid & Defender Association, the National Consumer Law Center, and the National Association of Consumer Advocates in supporting this initiative.
And please share this post and the video with your friends and colleagues and encourage them to use the Community Advocate Center on behalf of their clients.
The FTC cares about stopping scams you deal with, and preventing others from taking root. We use reports from your community to stop bad practices, get money back for your clients, and educate people about how to avoid the latest scams. Please sign up today: ReportFraud.ftc.gov/community
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments