Information Security Advisory - Online Scam Vulnerability

This notice is archived content and this information may no longer be accurate.
New research has identified online behaviors and life situations that significantly increase a person's vulnerability to online fraud.

In a study of consumers who’d been victimized, respondents admitted to the following behavior in the recent past:
  • Pop-up advertisements had been opened by 26% of victims, compared to 10% of non-victims. Pop-ups are often used to install malware or lead to surveys that glean personal information.
  • 27% of victims, vs. 17% of non-victims, had opened email from unknown sources.
  • 39% of victims, vs. 28% of non-victims, had downloaded apps, another popular method of installing malware to steal computer files, passwords, and accounts.
  • 23% of victims, compared to just 7% of non-victims, are active on online auction sites. Scammers often pose as buyers on such sites, paying with counterfeit checks or money orders.
  • When it came to purchasing a product through a money-payment business, 47% of victims vs. 30% on non-victims had done so. These services are risky when linked to a checking or debit card account.
  • 18% of victims, compared to 8% of non-victims, had signed up for “free trial” offers, which lock buyers into hard-to-cancel contracts.
While those risky behaviors are easily linked to victimhood, researchers went a step further, asking about certain life experiences. Negative experiences that correlated with the likelihood of getting scammed online included the following:
  • Feelings of isolation, which were reported by 66% of victims (compared to a minority of non-victims).
  • Loss of a job: 23% of victims, vs. 10% of non-victims, reported this.
  • Negative change in financial status: 44% of victims, compared with 23% of non-victims.
  • Being concerned about debt: 69% of victims, vs. 57% of non-victims.
The con artists are at it again, continuing to dream up new and often clever ways to take your money. Watch out for these scams!

Netflix rip. One clever new scam starts with a bogus Netflix app for Android cellphones. When potential victims try to enter an account number using this app, they’re directed to a “support line.” When they call, alleged tech-support personnel (actually thieves) rip them off in many ways: they’re told their device has been hacked, and charged a hefty fee to “fix” it. Make sure your apps are genuine!

Pinterest Phish. Add Pinterest to the list of social-media sites being leveraged by criminals. In a new scam making the rounds, Pinterest users are informed that a supposed friend has created a new “pin.” Those who fall for the attack end up clicking links that may steal their personal info or download malware to their computer.

Card con. Security experts say this scam is persuasive because the thieves have so much valid information. Someone calls claiming to be from a Visa fraud-prevention unit. They ask if you made a certain charge recently, and they know your address. When you say you did not make the charge (which the caller invented), they say they will credit your account. Then—here’s the key—they ask you to “verify you’re the cardholder” by reading the last four digits of the card, plus the three-digit security code. And just like that, you’ve been stung.

Bad news. Emails that look just like ones from Fox News and CNN are being used by con men to suck consumers into a work-at-home scheme. This scam is relatively easy to spot, because the “news” is so preposterous. Do people really believe CNN would report that “a housewife earned $5,814 in just one month”? Still, somebody must be falling for this stuff. Make sure it’s not you!