- The Essential Military-to-Civilian Transition Resource

Disconnect: How to Avoid the Latest High-Tech Scams


Courtesy of USAA

Share |

Article Sponsored by:

You've got an hour to kill, so you drop into a coffee shop to log on to its free Wi-Fi network. You send some e-mails, buy a book online, and pay some bills. A month later, your bank account is depleted. You're the latest victim of a cyber crook.

Unfortunately, online criminals are finding increasingly clever means to separate you from your digital secrets. To avoid getting stung, use this guide to learn about five new high-tech scams.

Social network scams
Facebook and other social networks operate on the principle that you're friends with other people on the service. One of the most common scams involves one of your friends whose Facebook account has been hacked, or broken into by a criminal. The hacker sends an urgent plea to your friend's contacts, which includes you, asking for cash. Naturally, the account holder is not in need, and any money sent goes straight to the scammer's pockets. Other common attacks include hacked accounts used to direct victims to Web sites that install viruses and other software to corrupt your computer.

How to protect yourself: Don't use the same password on Facebook or any other social network that you use on other Web sites. Never click on unusual URLs sent through a social network. If you think something's amiss with a request you receive, contact the sender through another channel, like a phone. Change your Facebook privacy settings so that only friends can see your personal information.

Mobile malware
The main threat to mobile devices is from applications that have been coded with the intent to do harm to the phone or its owner. This threat is particularly directed at iPhone users who are unlocking their phones to install applications Apple hasn't approved or are using the phone on a network other than AT&T. This practice, also known as jailbreaking, bypasses the device's built-in security system.

How to protect yourself: Don't run applications that haven't been approved by Apple, Google, or the manufacturer of your mobile device. These applications haven't been checked for security risks. If you want the tightest security, keep your mobile device's operating system unmodified. Don't download apps you don't know anything about.

Text message come-ons
Watch out for text messages that include phony alerts. The come-ons are varied, encouraging you to call a 900 or other toll-based number. You're then directed to a phishing Web site under the pretense of a job offer or quick cash and possibly tricked into giving up sensitive or personal information, such as a banking site password.

How to protect yourself: Ignore any text messages from a number or person you don't recognize. Use the Web to look up strange phone numbers to see if they've been reported as malicious. Simply google the phone number, and you'll quickly see if it's been reported as dangerous. Then, report the text messages to your cellular carrier.

Wireless interlopers
The rapid growth of Wi-Fi hotspots has made it convenient to crack open your laptop and hop online just about anywhere. But how do you know the hotspot you're accessing is legitimate and not set up by a hacker? Crooks operate lookalike hotspots with the sole purpose of eavesdropping on all the data you send through it. When you type in your password, Social Security number, or your credit card information, scammers can capture it all and be on a fast track to stealing your identity. Another less common attack involves a hacker simply eavesdropping on a legitimate wireless connection by using special equipment to capture your signal, either from next door or driving down the street.

How to protect yourself: Most phony hotspots leave telltale signs that they aren't legit, such as typos, strange sign-in Web page designs, or URLs that don't sound right. If you aren't 100 percent sure a site is legitimate, don't sign in to it. Leave your banking and bill paying for when you're home on a line you know is secure. Make sure you're using Wi-Fi Protected Access security on your home router and protect it with a strong password, such as a combination of numbers and letters.

The latest twist on malware goes like this: A Web pop-up alerts you that you have a security problem, prompting you to download additional software to fix it. Once you do, you're told the problem is even more severe than you thought, and the software says you need to spend $40 or so in order to correct it. You use your credit card to pay the fee, and the problem goes away. The catch is there never was a virus.

The original download caused the initial problem with the intent of making you pay to make it go away. When they get your money, they've hooked you. Your credit card may be charged multiple times, or your credit card number may be sold to others, or the problem will suddenly resurface in a few months' time, prompting you to pay again.

How to protect yourself: Any pop-up asking for money is undoubtedly malware and not part of a legitimate security program. Run standard anti-malware software to rid your computer of the attack. If that doesn't work, a Web search from another computer for the name of the program usually will provide specific tools designed to remove the malware from your machine.


Return to September/October 2010 Issue