CLESF hosted a well-attended cybersecurity forum for Camano seniors on October 24th.  With over 75 community members present, the forum addressed critical topics like protecting financial data, personal information, and staying safe from online scams.  Attendees learned valuable skills to enhance their online security and peace of mind.

Here's what the attendees learned:

• Understanding common scams: How to identify and avoid phishing emails, phone calls, and other tactics scammers use.

• Protecting your financial data: Tips for creating strong passwords, keeping your software updated, and guarding your personal information.

• Resources and getting help: Where additional information is available and where support is available if you suspect a scam.

To read an article about the cybersecurity form published in the Stanwood-Camano News, click on the following link: https://www.goskagit.com/scnews/camano-law-enforcement-support-foundation-hosts-cybersecurity-forum/article_6c881138-92f7-11ef-9788-7384d2e5e1db.html

CLESF is committed to empowering Camano residents with the knowledge to navigate the digital world safely.  As part of this effort, they are providing access to the informative handout from their recent cybersecurity forum.

Click on the link to access the pdf document:

https://drive.google.com/file/d/1Zaa4PtCn-JX079plpl1EhvxesUmpp9sy/view?usp=drive_link

Below is the information presented at the forum by CLESF Member Scott Cawlfield.

DEFINITIONS

Definitions of commonly used words and acronyms related to cyber security.

Bot/chat bot – any software which can simulate a human conversation.  Bots are commonly used when you dial an organization to ask for information or to respond to an inquiry.

Cookies – are small text files used to identify your computer.  Cookies can be sued to track your browsing on the internet.  Some cookies help you have a better experience on the web.  Cyber criminals can use cookies to identify you and hack your personal data.  Some countries and US states now require the website to ask for your permission to use certain cookies and tell you the purpose to which the data they collect will be used.

Credit vs Debit – A credit transaction is when you receive goods or funds in exchange for a promise of making a future payment.  Money is not withdrawn from your account until you make the payment.

A debit transaction is when the funds are withdrawn from your account as soon as the transaction is conducted.  A withdrawal from a cash machine is a debit transaction. A debit transaction at a store is the immediate payment to the merchant from your bank  account.

Gift cards – a card which can be exchanged for a specific value of goods or services from another organization.  The purchase of a gift card is a debit transaction and is very, very difficult to cancel or reverse.

Hacking – is the act of exploiting a weakness in a computer system often to gain unauthorized access to  personal data usually for financial gain. 

Malware is a collective term used to describe a variety of software used to disrupt, corrupt or damage a computer system or data set.  Malware is often inserted into a computer system via unauthorized access.  Malware attacks are often  used to deny users access to their data systems to obtain ransom payments. 

Phishing – a fraudulent practice of using email or other electronic messages acting like or looking like messages from known reputable persons or organizations in order to trick individuals into revealing personal data like passwords, social security numbers, account numbers….  Phishing can also be used to install malware in the computer of the victim.

Robocall  -  is a telephone call from an automated source that delivers a prerecorded message to a large number of telephone sets/people.  The automated calling system uses an auto-dialer. Telemarketing firms and political campaigns use robocalls extensively.  Many robocalls are illegal in the USA.

SAFEGUARDING FINANCIAL DATA

Many of us use on-line apps to manage or spend our money.   Some of the Apps and online web sites pose serious risks  when disclosing personal or financial data.  The more we use such online sites, the greater the risk of leaks, hacks or other unauthorized activity related to our money.

While most of the mainline financial organizations have good data security, any app is vulnerable to being hacked and your data used improperly.  Some apps will sell your data or allow other third parties to use your data in ways you did not consider or authorize.  Third parties may not have good data security. 

Here are some tips for your use:

• Use multi-factor authentication whenever possible; keep your login data safe and protected.

  • Initiate a credit freeze and limit access to anyone else opening a credit account in your name.  Consider a credit freeze for your children too.  See page 4 for information on credit reporting agencies.

• Do not download an app from a website or directly from an app.  Download the app from the Apple App Store or from the Google Play Store. This ensures you receive the proper app and not a copycat app which may be a risk to you.

  • review the privacy policy of every app before you open/use the app.  If the app indicates the app owner may sell or give your data to third parties, be careful.  Select the options in the app to restrict the use or transfer of your data; or do not use the app.  Look for policies which only allow the company to use your data in transactions between yourself and the company.

  • look for dispute resolution procedures, especially a short or streamlined procedures for you if there is a dispute or loss.

• Do not click on any link from anyone or any organization you did not initiate contact with, no matter how authentic the message appears.  STOP,  open the firm’s website independently using your password, etc.

• Use strong passwords and change them as necessary.

  • shred all unsolicited credit card/debit card applications, which are not from a company you wish to do business with.

  • open two bank accounts at the same bank.  Use account #1 as a “deposit” account to have all payments – social security, pension, interest…- coming to you held.  Never, NEVER use that account to make any payments, period. Do not use  or disclose that account number to anyone else.  Use account#2 to make payments.  Transfer money from account #1 to #2 as necessary.  Using two accounts you will keep your exposure of loss to whatever dollar value is held in account #2.  If your bank account (#2) is hacked, your loss will be minimized and the payments coming to you will not be at risk.

  • do not respond to call from  grandchildren or other people close to you claiming to be in  trouble – jail, debt, lost, out of money in country xyz – asking you to send money now by crypto, money order, cash…  unless you can absolutely verify the caller is who they say they are and the problem is real.

• Look for HTTPS on links and downloads indicating a secure web site and avoid opening any links which are shown at HTTP.

SOME COMMON AND CURRENT SCAMS

GOOD TO GO PASS The scam sends  a text or email message to users of GOOD TO GO passes and tells them their account has a past due balance and gives them a link to pay the past due balance.   The message indicates to avoid added charges go the linked web site (mygoodtogotoll.com) and pay the balance due.  This is a fraudulent web site and will scam you of your money.  Protect yourself by NEVER clicking on an unknown web site.  If you think you may have a balance due, go to the WSDOT website and do not click on the link in the message.

CLONING OF YOUR CELL PHONE  Criminals can take over your telephone number and scam your financial accounts.  They obtain your personal ID data, i.e. purchase it on the dark web, collect from others..., and convince the phone company to reassign your number to the SIM card t in the criminal’s possession.  They then use their phone with your phone number and user ID/password, and then start to access your accounts.  They are after your money using your cell phone ID and passwords.  Protect yourself by: 

• Keep personal ID data - birth date, Mom’s maiden name, your first car, off social media.

• Use multi-factor authentication for all sensitive accounts.  Multi-factor authentication (MFA) is a security system that requires more than one method of authentication to verify a user's identity for a login or other transaction.

• Freeze your phone number by asking your carrier to lock or freeze the number so it may not be transferred without using a separate password or code.

  • Customer Service for common cell phone carriers

    • AT&T   1-800-288-2020   (AT&T already freezes phone numbers)

    • Verizon   1-833-VERIZON (837-4966)

    • T Mobile 1-800-937-8997

“HELP GRANDPA/MA”   This is an old but still successful scam in which you receive a call from someone impersonating a relative (grandson, granddaughter or other family member) saying they are in trouble (jail, held captive) asking you to send money now.  They may ask you to send money orders, gift cards, crypto…etc.,  and give you an account to wire the funds.  Protect yourself by:

• Verifying the person is who they say they are.

• Ask questions only the relative would know, have a prearranged code word with relatives.

• Be aware that others asking for non-traditional payment is a red flag of a scam.

MESSAGES FROM WELL KNOWN FIRMS YOU TRUST/MAY KNOW Scammers send very good images/messages from firms you often buy from like Best Buy, Microsoft, Amazon, Norton…telling you of a problem/overdue account and providing a link for your response.  This scam takes many forms but usually tells you of an issue which needs your action and provides an easy link for you to use to resolve the problem. These scams steal hundreds of millions of dollars each year because the “targets-victims” are careless in their response.  The scammers are impersonating a firm which is well known, a firm you know/trust and do business with, and hoping you will just click on their link.  When you click the link, they collect your personal data, may ask you for money, etc.   Protect yourself by NEVER clicking on an unknown web site/link.  If you think you may have a problem with the firm in question, go directly to the web site of the firm, i.e., Microsoft, Best Buy, Costco, etc., and proceed to your account to verify any message received.

ACTIONS BY YOUR CREDIT CARD COMPANY   When you obtain a replacement credit card from the company issuing the credit card, some credit card companies automatically submit your new credit card data to those companies you previously made purchases with.  Every database in which your data resides is a potential risk. If you do not expect to do business with some of the previous firms, ask your credit card company to NOT submit your new credit card information, you will do so with the merchants of your choice.   Bank of America automatically sends your data to previous suppliers and customers may not opt out.  MasterCard and Visa enroll cardholders on default, by customer request. USAA Bank does not submit your data to the previous suppliers.  While fraud through this action is not common it can be prevented.   Protect yourself by opting out of the bank automatically submitting your data to previous shippers.

ISSUES WITH PACKAGE DELIVERY   You may receive an email or text advising a package cannot be delivered to you as the shipping information is not accurate.  The message may give you a link to make corrections to your information.  Protect yourself:  DO NOT click on the link in the message.  if you have a package in transit, by directly contacting the shipper by obtaining their phone number from their website.  DO NOT click on any link in an email as the link may not be valid.  

TECH SUPPORT OFFERS / NOTICES OF PROBLEMS ON YOUR COMPUTER  You may receive a text, an email or a telephone call telling you the other party detected problems you’re your computer, and they will help you.  Just follow their advice and directions.  If you need computer support, contact a firm you know and trust, not someone contacting you without your request for assistance.  Protect yourself by only using known computer service firms who you know and trust.  Do NOT accept service nor give information to someone calling you blindly and offering support.

POLITICAL TEXTS  / SPAM   This is an election year and political texts are abundant.  Political texts like other texts are largely automated and sent to millions of people like you.  You may expect a flood of texts between now and election day asking for your opinion, your money, your money and your money.

Political campaigns need to register with a relevant messaging  registry before sending out those texts, like Campaign Registry.  The registry verifies the campaign is legitimate and adheres to standard guidelines. Once approved, the flood of texts begins.  Campaigns need your consent to send those texts to you.  You may send “STOP” to a political text and this should stop such texts from that organization.  However, most campaigns have multiple organizations sending out text messages.

There are some  organizations that have not registered their messaging and may be sent with intent to capture your private data.  These can be malicious texts which could result in you sending money and your data to a scammer. 

Tips:

• Text STOP to those political texts you do not want to receive,

• Forward  inappropriate texts to 7726,  and your cell service provider,

• Block future texts from that telephone number using the appropriate key on your cell phone.  *Be aware most campaigns may have hundreds of telephone numbers, AND they may be “spoofing” phone numbers of local companies or agencies.

• Turn on your spam blocker, available on both Apple and Android phones,

• Use a filter app like YouMail filter and alert you to suspicious text messages.

TO PLACE A CREDIT FREEZE, CONTACT THE CREDIT REPORTING FIRMS DIRECTLY

Contact information for the three major credit reporting agencies:

• Equifax 1-800-685-1111 /1-888-378-4429 www.equifax.com

P.O. Box 105788   Atlanta, GA 30348

• Experian 1-888-397-3742 www.experian.com

P.O. Box 9554   Allen, TX 75013

• Trans Union 1-800-916-8800 / 1-888-909-8872 www.transunion.com

P.O. Box 160   Woodlyn, PA 19094

AI (Artificial Intelligence) POSES  A NEW RISK   Before AI emerged some messages from scammers had telltale signs like misspelled words, poorly worded messages, incorrect grammar that were clear signals of a scam.   AI allows scammers to compose and send messages which do not have such defects.  Some AI programs allow the bot to have a written or verbal conversation with you, fooling you into thinking you are dealing with a person on the other end.   With AI, you may believe you are in a conversation with someone at your bank or insurance company when you being scammed  by an AI artist.

Currently, AI is not regulated by federal or state laws or government regulations.  Some regulations are being proposed in Europe and the Congress,  but those will take more  time to be finalized and enacted.  In the interim period, AI may be self-regulated by the participating firms, but will have some/many bad actors who will consider you prey.

Tips:

• never share private data with anyone unless you are absolutely certain who/what is on the receiving end of your message,

• never pay anyone by sending cash, crypto, gold or  any other non-traditional form of payment,

• do not pay via debit from your bank account,

• do not use the same password in multiple accounts

  • If a scammer learns one of your passwords, they may be able to “test” that password on other accounts you have.

• use two factor verification on your accounts related to your finances.