I posted the Chrome story yesterday however, another browser, Edge, is also at risk. Edge is a Chromium-based browser and needs to be updated against new vulnerabilities.
This vulnerability, called CVE-2022-1096, was reported to Google by an anonymous user or researcher. It appears to affect all Chromium-based browsers, including Opera and Brave. Details on the vulnerability are slim, as Google doesn’t want to share any information that may be useful to hackers
Both Chrome and Edge are supposed to update automatically. That said, you should paste chrome://settings/help or edge://settings/help in your address bar to see that you’re running version 99.0.4844.84 of Chrome or version 99.0.1150.55 of Microsoft Edge.
Thirty different security issues were discovered in Chrome, which impact users of Windows, macOS, Linux, and mobile devices, according to a blog post shared Tuesday by Google. A majority of the information on the vulnerabilities is not being shared by the technology company, as is standard practice with the organization, Forbes reported.
Use-After-Free (UAF) attacks appear to be the best method for breaking into Chrome, Forbes continued. A UAF attack is a memory exploit and has broken through Chrome security more than 65 times since the start of the year, the outlet reported.
Chrome is likely vulnerable to a new type of “zero-day” hack, according to Forbes. A zero-day hack means that the vulnerability in a platform is known to hackers before Google, or any company, can deploy a fix. At present, every Chrome user is vulnerable to this type of hack, the outlet noted.
Google is set release an update in the coming days to fix the bugs that make these hacks possible. Users can manually update their browsers by using the setting feature if they don’t want to wait for the update to go through automatically, the outlet continued.
Research on hacking suggests that passwords of any type under seven digits can be broken instantly, the Daily Mail stated. Those passwords with eight characters can typically be guessed in under an hour, the report continued.
Another dated but still effective fraud is the utility scam. In this case, the criminal pretends to be calling from the water, gas, or electric department in pursuit of an outstanding bill that must be paid immediately to prevent service interruption. This scam often targets not just residents, but small businesses with owners likely too busy to check on the details and more reluctant to risk having their water or lights shut off.
The Neighbor Scam
The neighbor scam employs the caller ID spoof to make it appear that someone is calling the victim’s phone from a local number, which people are more likely to answer. The caller pretends to be speaking for a neighbor in an emergency or even from a school nurse claiming to need personal information for their files.
Jury Duty Scams
Skipping jury duty is a serious matter that can result in real consequences. One of those consequences, however, will not be a phone call from a U.S. marshal or any other government agent threatening arrest if the victim doesn’t immediately pay a fine. That’s the jury duty scam, and although it’s been around for a long time, it still finds new victims every year.
Recovery Scam
The recovery scam just might be the worst of the bunch for one simple reason: it targets victims who have already been victimized. Scammers buy and sell so-called “sucker lists” — records of people who have already been scammed — and use that information to follow up with good news: They’ve recovered the money you lost in the original scam. All they need is your personal data to make sure they have the right person and/or a small fee, and they’ll help you recover the money you lost to the first scammer. There is, of course, no restitution. The scammer is merely double-dipping.
What to Do if You Get a Suspicious Call
Now that you know which scams you’re most likely to encounter, it’s important to know what to do if you think you’ve been targeted. The scammer could be casting a wide net or targeting you specifically. In either case, the actions you take or don’t take could mean the difference between being victimized and avoiding the scam. You might even be able to help authorities nab the criminals responsible for the fraud.
Screen Unfamiliar Calls
The single best way to avoid being taken in a phone scam is to never make contact with the scammer in the first place. That means your best bet in most cases is simply not to answer calls with blocked or private numbers or that you otherwise don’t recognize. “If you do not recognize the phone number on your caller ID, do not answer the phone,” Lavelle says. “Let it go to voicemail or the answering machine. Most telemarketers will hang up and not leave a message. If it’s important, the caller will leave a message.”
Don’t Follow Instructions
Both human scammers and automated robocall recordings often try to get you to take some sort of action just to see if they’ve reached a live person. “Never follow the automated voice asking you to press 1,” Lavelle says. “Do not push any numbers to reach a live operator. This signifies that the autodialer has reached a live number and this will probably lead to more robocalls.”
Block Repeat Offenders
If you’re getting calls regularly from the same few numbers, consider blocking them. “Most cellphone providers allow you to block an incoming number,” Lavelle says. “They work by blocking them, alerting you to a possible robocall, or forwarding suspicious calls to voicemail.”
Try Services Such as Nomorobo
One of the most reliable third-party options, according to Lavelle, is a service called Nomorobo. “It’s a free service available through most phone service providers and is designed to block robocalls and telemarketers,” he says. “While it may not prevent all robocalls from getting through, you are able to identify those calls as your phone will only ring once and the call is then rejected.”
Set Up the Anonymous Call Rejection Option
Many scammers, as well as telemarketers who are more annoying than predatory, don’t show up on caller ID. Calls from these numbers are the ones you want to eliminate almost entirely, which you can if your phone company offers anonymous call rejection. “Call your phone provider to find out if this option is available for your landline,” Lavelle says. “It lets you screen out calls from callers who have blocked their caller ID information, a tactic of telemarketers.”
Several popular DIY home security systems can be disabled with nothing more than a laptop and a device the size of a walkie-talkie.
That’s the concerning finding in recent testing from Consumer Reports. Using a technique called a “jamming attack,” thieves can block wireless signals from doors, windows and motion sensors, which lets them enter your property without setting off an alarm.
CR cautions “owners of these systems needn’t panic” because jamming attacks are not very common. But if that’s small comfort, here’s a look at which security systems failed the test and which held up.
Two home security systems performed worst in Consumer Reports’ tests of their ability to withstand jamming attacks:
Cove Home Security System
Eufy 5-Piece Home Alarm Kit
In addition to low ratings on jamming attacks, both of these systems are vulnerable to another kind of hack called “replay disarming.”
This technique involves copying the wireless signal from a keyfob used to disarm your alarm. Consumer Reports points out this is more difficult for thieves to pull off because they would have to be nearby when you are entering the house to capture the signal.
The publication also shared its findings with the alarm makers so they can work on fixing it.
Other vulnerable home security systems
While not performing as poorly as the Cove and Eufy devices, three other systems fell to jamming attacks in tests:
Abode Iota All-In-One Kit
Ring Alarm Security Kit (second generation)
SimpliSafe The Essentials SS3-01
The least vulnerable home security systems
These brands withstood jamming attacks and replay attacks from Consumer Reports:
Blue by ADT
Ecobee
Honeywell Home
Kangaroo
Ooma
What it means for you
While Consumer Reports says these kinds of attacks are not common, you can still take steps to protect yourself.
Don’t advertise what security system you use with yard signs and window decals. That’s essentially telling thieves which instruction manual they need to look at to hack your system. Instead, use generic signs or decals as a deterrent.
Thousands of people are bilked every year by criminals who enter the lives of their victims through their telephones. And while seniors are often the target of scammers, anyone can be taken for a ride. Here’s everything you need to know about phone scams — including some that take advantage of evolving technology like QR codes, and others that use coronavirus fears to their advantage — and how to avoid becoming a victim.
When it comes to the lure of easy money, Lavelle offers a piece of advice that comes with virtually no exceptions. “If you receive a phone call about winning a lottery you never entered,” he says, “don’t believe it and hang up the phone. With this type of scam, a con artist will call the victim and say they won a large sum of money but have to pay a fee to facilitate the earnings. Once the scammer receives the wired money, they disappear. Many of these types of calls originate in Jamaica.” The FTC also puts lottery scams toward the top of its concerns and warns of scammers based in Canada — and reminds potential victims that the sale or purchase of cross-border lottery tickets by mail or phone is illegal.
Netflix Phishing Scams
So-called Netflix scams are most likely to come through email or text, but you could get a phone call as well. In this con, the criminal pretends to be from Netflix or another popular streaming service and asks you to update your payment or other private information to avoid a service interruption. In email form, the scam is often accompanied by a dangerous link the scammer wants you to click.
Enduring Scams That Refuse to Die
Some scams have been around for years or even decades, bilking innocent victims out of their money or identities. In some cases, tried-and-true phone scams are updated and reinvented. In other cases, the same old con keeps finding victims year after year.
Predatory Robocalls
Robocalls are nothing new. In fact, they’re so common that most people pay them little mind, which is part of what makes predatory robocalls so dangerous. “In today’s landscape, it is not uncommon to receive multiple robocalls a week on both your landline and your cellphone, even though you’ve registered your phone numbers with the Do Not Call Registry,” Lavelle says. “They’re offering everything from lower credit card rates to free vacations and medical alert devices. It’s not only annoying, but many of these calls come with a high probability of a scam.”
Caller ID Spoof
The caller ID spoof manipulates caller ID software to add an extra layer of legitimacy to the con. The scammer makes the caller ID display your bank’s actual name or phone number on your phone, which lulls victims into a false sense of security before the call is even answered.
Spear Phishing
Phishing scams have long been identified as frauds that try to gain the victim’s trust by presenting some of the victim’s personal information. If the scammer has the last four digits of my Social Security Number and my ZIP code, the victim assumes, the caller must truly be from the bank or the phone company. Spear phishing expands on the old phishing scam by offering some information in an effort to get the customer to surrender the rest. For example, the “bank” might call under the guise of trying to sort out irregular spending patterns on your debit card. To gain your trust, the swindler will offer the last four digits of your SSN then ask you to provide the rest of the number “for security purposes.” Spear phishing often works in conjunction with the so-called caller ID spoof.
Source: Scammers are targeting your phone. Here’s what to watch for (msn.com)
Thousands of people are bilked every year by criminals who enter the lives of their victims through their telephones. Here’s everything you need to know about phone scams — including some that take advantage of evolving technology like QR codes, and others that use coronavirus fears to their advantage — and how to avoid becoming a victim.
People who lost their jobs because of the coronavirus lockdown, or just enough of their income that paying rent became hard or impossible, may have heard from scammers claiming they could provide money for rent or legal help to avoid eviction — but it’s always for money upfront or in exchange for personal information. “Those are dead giveaways that it’s a scam,” the FTC says. Don’t fall for it.
Online Shopping Scams
The coronavirus lockdown brought a surge in online shopping, which inevitably brought a bunch of scams designed to take advantage of the trend. Fraudsters might contact people with claims that there’s a package waiting for them if they just click on a link or hand over identification information; and others try to pass themselves off as Amazon representatives (or, in a similar scam, as Apple customer support reps with concerns about users iCloud accounts).
Threats to Immigrants or Parents
When the Trump administration widened its deportation efforts from criminal activity to nearly any immigrant, that made even documented, legal immigrants feel vulnerable — and scammers will take advantage of that, the FTC says. The result: calls from people claiming to be U.S. Immigration and Customs Enforcement saying someone’s immigration status was being revoked unless money was handed over. More fake fears were directed at parents who have been sent photos of their own kids taken from social media, and threats of violence.
Debt Collector Scams
Just as the name implies, this scam involves a con artist pretending to represent a collection agency offering a dramatic discount on a debt you didn’t incur, which is often accompanied by a threat to call law enforcement if you refuse. Always refuse to pay a debt without a legally required “validation notice,” as well as the name of the creditor, amount of the debt, and the caller’s name, address, and phone number.
Grandchild Imposter Scam
As the name implies, the grandchild scam preys on the elderly, with the con artist calling the victim and posing as a grandchild who has fallen into a desperate situation such as running out of money or encountering legal trouble while traveling. “The scammer will then ask for money to be wired to a foreign address and then completely disappear once the money is received,” Lavelle says. “If you receive a call like this, always reach out to your grandchild’s phone number or talk to others who can clarify whether the grandchild really is in trouble and needs help.”
Other Imposter Scams
IRS, debt collector, and grandchild scams have been among the biggest threats, but the FTC also warns of several closely related imposter scams. Family emergency scams expand the grandchild scam to any family member. Online dating scams prey on people searching for love by establishing trust with a prospective romantic partner. Tech support scammers call to report a “problem” with your computer that can be fixed only if you download predatory software.
Source: Scammers are targeting your phone. Here’s what to watch for (msn.com)
Thousands of people are bilked every year by criminals who enter the lives of their victims through their telephones. Not long ago, AARP found that about half of all mobile calls were fraudulent, and the problem was worsening. Fraudulent landline calls are declining as the technology fades, but scam calls to fixed lines still nab plenty of unsuspecting victims. And while seniors are often the target of scammers, anyone can be taken for a ride. Here’s everything you need to know about phone scams — including some that take advantage of evolving technology like QR codes, and others that use coronavirus fears to their advantage — and how to avoid becoming a victim.
Like any other fraud, phone scams evolve and change out of necessity once the public gets wise to the scam. This means there’s always a new scam on the horizon or an updated version of an old one. Here’s a look at some of the most current phone scams, according to the FBI, the Federal Trade Commission’s Bureau of Consumer Protection, and Justin Lavelle of BeenVerified, an online background check platform.
Imposter Scams
Imposter scams come in many forms and target a broad range of victim demographics. They all, however, work the same way. A scammer purporting to be someone you know or a representative from an organization you trust tries to trick you into giving them money in a phone-based scam.
QR Code Imposter Scams
Chances are you’ve been seeing more QR codes lately, even if you don’t know them by name. These barcode-like symbols that you scan with your phone have become increasingly popular during the pandemic, including with stores and restaurants who use them for quick order pickup or to launch virtual menus. But according to the FBI, cybercriminals are also using legitimate-looking QR codes to direct people to sites that can steal personal data or payments. One of the best ways to protect yourself: Thoroughly vet any website you’re directed to from a QR code, the FBI says. This includes by checking the URL, which shouldn’t include typos or other suspicious-looking information, and by avoiding using such websites for any form of payment.
IRS Imposter Scams
The now-common IRS phone scam, one of the most prevalent and anxiety-inducing imposter scams, is especially common around tax season. “When the call is answered,” Lavelle says, “the scammer says the IRS is suing you and you owe them money and [they] threaten to send the police if not paid within an hour. The latest phone scam even includes caller ID showing the letters ‘IRS’ when they call. The key to avoiding being hit by these scams is to know that the IRS does not make threatening phone calls, nor do they request wire transfers over the phone.” The FTC agrees, and cautions against ever paying a tax bill with a prepaid debit card, which the IRS would never request.
Coronavirus Scams
With the arrival of the coronavirus on U.S. shores, fraudsters rewrote their scripts to trick people with claims of a “cure” — long before there were vaccines and treatments — that could be fatal; as well as “setting up websites to sell bogus products, and using fake emails, texts, and social media posts as a ruse to take your money and get your personal information,” the FTC warned. Scammers dangled items such as face masks or hand sanitizer and, worst of all, suckered people in by claiming to be a charity, which hurts real charities that actually help people. The latest scam takes advantage of state-to-state COVID-19 vaccination confusion.
Source: Scammers are targeting your phone. Here’s what to watch for (msn.com)
Most of us rely on the U.S. Postal Service (USPS) for daily mail service, whether we’re on the receiving end or mailing a package out. However, financial woes and frustration about delivery delays have left the agency with a lot on its plate. Earlier this month, it was announced that the USPS would be receiving federal financial relief as part of the Postal Service Reform Act, which will provide nearly $50 billion in relief over the next 10 years and allow the agency to regain some “flexibility,” USA Today reported. However, amid ongoing reform, the USPS is also making adjustments that could slow down your deliveries. Read on to learn more about the changes the USPS has planned for May 1.
On April 6, the USPS filed noted with the Postal Regulatory Commission (PRC) that it would be raising First-Class Mail prices by 6.5 percent. Prices are anticipated to take effect on July 10, 2022, affecting stamps, letters, and postcards. The agency also introduced two new shipping fees this month, Nonstandard Fees and the Dimension Noncompliance Fee, which could incur surcharges ranging between $1.50 and $15. Now, yet another change is in store, officials say, this time impacting delivery speed.
The USPS is making changes to different delivery service standards.
On Monday, the USPS announced it would be making changes to slow down delivery times for almost one-third of small, lightweight packages. These changes to service standards—the “delivery benchmarks” for how long you can expect your mail to get to you—go into effect on May 1.
According to the press release, the service standard for 32 percent of First-Class Packages “will increase by one or two days,” while the service standard for 64 percent of package volume will be unchanged. Finally, the agency said that the service standard will be one day sooner, moving from three days to two days, for 4 percent of First-Class Package Service.
There are a few key reasons why these changes are being made, officials say.
As reported by The Wall Street Journal, slower delivery speeds also allow for the use of more ground transportation, such as trains and trucks, as opposed to an air network. The Postal Service said the changes are being implemented “to improve service reliability” by reducing the use of these contracted air networks, which incur more costs and also have reliability issues.
According to the USPS press release, this is part of the larger “Delivering for America” initiative, which encompasses the agency’s 10-year plan to “achieve financial stability and service excellence.””Modifying select service standards is a key growth element and enabler of our 10-year plan. This action will contribute to our cost savings efforts and improve our reliability across all product classes, including our growing package market,” Louis DeJoy, Postmaster General and CEO of the USPS, said in the press release. “By implementing the elements of our 10-year plan, we will deliver the consistent, reliable service that the American people and our customers expect and deserve and grow package volume, spurring revenue growth that can be invested back into the Postal Service,” Dejoy added.
Hello America-Today is THE very last day to file your Federal and state taxes without paying a penalty. And if you have a refund coming, what’s up with that?
Gettin’ kinda late, no? Like they say, “Just do it!”
There is a growing threat to your retirement savings, and you probably are not aware of it. Thieves increasingly are targeting individual 401(k) accounts by impersonating the account owners so the crooks can steal thousands — or even hundreds of thousands — of dollars.
You might think that the 401(k) plan itself would be responsible for reimbursing the funds it released in these situations. But that’s not necessarily the case. As the WSJ reports, federal law is murky about who is responsible for losses associated with cybertheft. While custodians generally pledge to reimburse such fraud, some may include slippery language in their terms that can leave you in the lurch.
Even a company as respected as Vanguard says, “if there’s evidence you neglected to reasonably safeguard your account, further investigation may be necessary to determine whether we can issue a reimbursement.”
So, what can you do to protect yourself? The following steps will go a long way toward keeping your retirement savings safe.
Create ridiculously strong passwords
How strong is strong? Eight characters? How about 10 characters?
Try at least 16 to 25. That’s what the folks at LMG Security — which provides cybersecurity and digital forensics services — recommend. Other experts agree.
LMG says its penetration testers can break down an eight-character password hash — a scrambled version of the password — in anywhere from less than eight hours to about seven days, depending on the nature of the hash.
It would take a bit longer to crack a 16-character password hash — up to more than 147 trillion years, although LMG notes that “well-funded malicious actors” likely could do so more quickly.
Use password managers carefully
Password managers provide a great service, and they have a solid reputation for keeping your information secure. But a detail in the WSJ story might give you pause when considering whether to use a password manager.
Alight Solutions, a 401(k) plan record-keeper, says 401(k) plan participants who give passwords to third-party services that aggregate passwords or financial-account data might not be reimbursed if “our investigation determines that a fraud event is traceable” to such a service, the WSJ reports.
(Alight Solutions is the 401(k) plan record-keeper that allegedly released Bartnett’s $240,000 to the fraudster who attacked her account.)
That means you might be out of luck if a data breach that led to the theft of your identity can be traced back to your password manager. So, at the very least, you should choose a password manager very carefully.
Don’t use text-based verification
Two-step verification, also referred to as two-factor authentication, adds a layer of security to your online accounts. Instead of providing just a username and password to access your account, you must also provide another piece of information you have, such as a code sent to your phone via text message or an authenticator app.
This extra step makes it harder for a crook to access your retirement account or any other account for which you set up two-step verification. But if you have verification codes sent by text message, it’s possible for a fraudster to bypass this security measure.
The scammer does this by calling your cellphone company, pretending to be you and asking the provider to change the SIM card associated with your phone number to a SIM card in a phone that is in the scammer’s possession.
Think it can’t happen to you? It happened to former Twitter CEO Jack Dorsey when a crook took over Dorsey’s Twitter account.
For this reason, security experts recommend two-step verification that relies on an authenticator app over verification via text messages. Examples of such apps include Microsoft Authenticator and Authy.
Use a separate, secret phone number
This is tough — but necessary — medicine.
Just as a crook who knows your phone number can impersonate you and convince your cellular provider to make changes to your cellular account, a crook could call a financial services provider and impersonate you in an attempt to access your retirement account.
One way to thwart this type of identity fraud is to give your financial services provider a different phone number that you keep secret by not using it for anything else. Sound like overkill? Remember, a good chunk of your life savings could be at stake if someone is able to dip into your retirement account and clean it out.
Set up an online account with your plan provider
Ben Taylor, a consultant at investment-consulting firm Callan, tells the WSJ that by exercising the option to set up an online account, you beat the crooks to the punch. As he puts it, “unclaimed online accounts are easier for impersonators to take control of.”
In other words, if you have the option to set up an online account and you take advantage of it, an identity thief can’t open an account in your name and then take control of it.
Consider spreading retirement money across multiple providers
There are good reasons to keep all of your retirement funds with a single financial services provider. Not only is it more convenient, but many providers will cut you a break on fees or offer other perks as you accumulate more money with them.
But there is also a risk: If all of your money is with one provider and a fraudster gets hold of that account, you could be wiped out, even if the money loss is just temporary.
By having some of your retirement money — say, your individual retirement account and health savings account funds — with a separate provider, you will at least reduce the risk that you could lose your life savings overnight and have to scramble to pay your bills while waiting to get your money back.
