Citadel Digital Security Consulting

07/12/2023

02/06/2020

What you are about to learn about is a common Facebook secret shopper scam. I saw this Walmart advertisement looking for people to become Walmart secret shoppers. I knew this was a scam, but I wanted to do some research and see just how hard the scammers would work to steal Thousands of dollars from innocent victims. So, I fill out the Facebook application and this is what I received by registered mail from the scammers.

Let me keep this short and tell you the short version of this scam. Basically, the scammers send a realistic letter along with a realistic check made out for $3345. The letter directs you to cash to deposit the check in your bank, then take out $3000 out, go to a local Walmart nd purchase three $1000 money orders. You are directed to take note of the quality of service you received from the Walmart employee.

You are then directed to mail the Money orders back to the address listed in the scammer’s correspondence along with your employee service review. for your efforts you get to keep the remaining $345 for your services. You then find out that the check was bad, and you are now responsible for the $3000 you withdrew to purchase the three $1000 money orders and you are unable to contact the scammers.

This type of scam is responsible for hundreds of thousands of dollars lost by those people naive enough to fall for the scam. I urge you to closely look at the letter and check I received from the scammers and observe the detail. It is very detailed and looks very real. I even received text messages from the scammers asking me for a progress update.

Some things you should know are, Walmart does not hire its own Secret Shoppers, and Secret Shopping organizations never advertise for secret shoppers. It is all done by word of mouth. I encourage you to pass this along to your friends and family members as this is a costly lesson to learn.

01/15/2020

This information came from the insurance information Institute you can read more about this article from the link listed below titled 2019 identity fraud studies I’ll

I provide you this information because I last week a criminal tried to use one of my credit cards to make a $500 purchase at Saks fifth Avenue in New York City. I don’t even leave the house let alone visit New York City and I am a cyber security professional so I am here to tell you that anybody be can become a victim of cybercrime. Over the next few weeks I will be posting information on this subject and how you can better protect yourself from cyber crime. As always I encourage you to follow me on Facebook

Identity theft continues to pose challenges for consumers as criminals develop new mechanisms to commit fraud. According to the 2019 Identity Fraud Study from Javelin Strategy & Research, the number of consumers who were victims of identity fraud fell to 14.4 million in 2018, down from a record high of 16.7 million in 2017. However, identity fraud victims in 2018 bore a heavier financial burden: 3.3 million people were responsible for some of the liability of the fraud committed against them, nearly three times as many as in 2016. Moreover, these victims’ out-of-pocket fraud costs more than doubled from 2016 to 2018 to $1.7 billion.

New account fraud losses also rose slightly, with criminals beginning to focus their attention on different financial accounts, such as loyalty and rewards programs and retirement accounts. Additionally, criminals are becoming adept at foiling authentication processes, particularly mobile phone account takeovers. These takeovers nearly doubled to 680,000 victims in 2018, compared with 380,000 in 2017. The study does note that the shift to embedded chip cards is helping to contain existing card fraud, which showed the steepest decline of any fraud type in 2018, with losses at $14.7 billion in 2018, down from $16.8 billion in 2017.

01/12/2020

How is your computer acting. Set up an appointment with me and lets see if it is infected

01/12/2020

How to: Avoid Phishing Attacks
On your path to improving your digital security, you may encounter bad actors who attempt to undermine your security goals. We call these bad actors adversaries. When an adversary sends an email or link that looks innocent, but is actually malicious it’s called phishing.

A phishing attack usually comes in the form of a message meant to convince you to:
click on a link;
open a document;
install software on your device; or
enter your username and password into a website that’s made to look legitimate.

Phishing attacks can trick you into giving up your passwords or trick you into installing malware on your device. Attackers can use malware to remotely control your device, steal information, or spy on you.
Phishing for Passwords (aka Credential Harvesting)
Phishers can trick you into giving them your passwords by sending you a deceptive link. Web addresses in a message may appear to have one destination, but lead to another. On your computer, you can usually see the destination URL by hovering over the link.

But links can be further disguised with lookalike letters, or by using domain names that are one letter off from legitimate domain names and may direct you to a webpage that appears to go to a service that you use, such as Gmail or Dropbox.

These fake replica login screens often look so legitimate that it’s tempting to type your username and password. If you do, you will send your login credentials to the attackers.
So before typing any passwords, look at the address bar of your web browser. It will show the real domain name of the page. If it doesn't match the site you think you’re logging into, don't continue! Remember that seeing a corporate logo on the page doesn't confirm it's real. Anybody can copy a logo or design onto their own page to try and trick you.

01/25/2019

04/09/2018

How do you know if your privacy is being protected?
Privacy policy – Before submitting your name, email address, or other personal information on a website, look for the site's privacy policy. This policy should state how the information will be used and whether or not the information will be distributed to other organizations. Companies sometimes share information with partner vendors who offer related products or may offer options to subscribe to particular mailing lists.

Look for indications that you are being added to mailing lists by default—failing to deselect those options may lead to unwanted spam. If you cannot find a privacy policy on a website, consider contacting the company to inquire about the policy before you submit personal information, or find an alternate site. Privacy policies sometimes change so you may want to review them periodically.

Evidence that your information is being encrypted – To prevent attackers from stealing your personal information, online submissions should be encrypted so that it can only be read by the appropriate recipient. Many sites use Secure Sockets Layer (SSL) or Hypertext Transport Protocol Secure (https).

A lock icon in the bottom right corner of the window indicates that your information will be encrypted. (See Understanding Web Site Certificates for more information.) Some sites also indicate whether the data is encrypted when it is stored. If data is encrypted in transit but stored insecurely, an attacker who is able to break into the vendor's system could access your personal information.

What additional steps can you take to protect your privacy?
Do business with credible companies – Before supplying any information online, consider the answers to the following questions: Do you trust the business? Is it an established organization with a credible reputation? Does the information on the site suggest that there is a concern for the privacy of user information? Is legitimate contact information provided? If you answered “No” to any of these questions, avoid doing business online with these companies.

Do not use your primary email address in online submissions – Submitting your email address could result in spam. If you do not want your primary email account flooded with unwanted messages, consider opening an additional email account for use online. (See Reducing Spam for more information.) Make sure to log in to the account on a regular basis in case the vendor sends information about changes to policies.

Avoid submitting credit card information online – Some companies offer a phone number you can use to provide your credit card information. Although this does not guarantee that the information will not be compromised, it eliminates the possibility that attackers will be able to hijack it during the submission process.

Devote one credit card to online purchases – To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for use only online. Keep a minimum credit line on the account to limit the number of charges an attacker can accumulate.

Avoid using debit cards for online purchases – Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying. Debit cards, however, do not offer that protection. Because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you even realize it.

Take advantage of options to limit exposure of private information –

Default options on certain websites may be chosen for convenience, not for security. For example, avoid allowing a website to remember your password.

If your password is stored, your profile and any account information you have provided on that site are readily available

if an attacker gains access to your computer. Also, evaluate your settings on websites used for social networking. The nature of those sites is to share information, but you can restrict access to limit who can see what.

04/08/2018

Fake antivirus is malicious software (malware) designed to steal information from unsuspecting users by mimicking legitimate security software. The malware makes numerous system modifications making it extremely difficult to terminate unauthorized activities and remove the program. It also causes realistic, interactive security warnings to be displayed to the computer user.

How can my computer become infected with fake antivirus?
Criminals distribute this type of malware using search engines, emails, social networking sites, internet advertisements and other malware. They leverage advanced social engineering methodologies and popular technologies to maximize number of infected computers.

How will I know if I am infected?
The presence of pop-ups displaying unusual security warnings and asking for credit card or personal information is the most obvious method of identifying a fake antivirus infection.

What can I do to protect myself?
Be cautious when visiting web links or opening attachments from unknown senders.

Keep software patched and updated. See Understanding Patches for more information on the importance of software patching.

To purchase or renew software subscriptions, visit the vendor sites directly.

Monitor your credit cards for unauthorized activity.

To report Internet crime or fraud, contact the Internet Crime Complaint Center (https://www.ic3.gov).

03/17/2018

Keeping Children Safe Online part 2 what to do

Be involved - Consider activities you can work on together, whether it be playing a game, researching a topic you had been talking about (e.g., family vacation spots, a particular hobby, a historical figure), or putting together a family newsletter. This will allow you to supervise your child's online activities while teaching her good computer habits.

Keep your computer in an open area - If your computer is in a high-traffic area, you will be able to easily monitor the computer activity. Not only does this accessibility deter a child from doing something she knows she's not allowed to do, it also gives you the opportunity to intervene if you notice a behavior that could have negative consequences.

Set rules and warn about dangers - Make sure your child knows the boundaries of what she is allowed to do on the computer. These boundaries should be appropriate for the child's age, knowledge, and maturity, but they may include rules about how long she is allowed to be on the computer, what sites she is allowed to visit, what software programs she can use, and what tasks or activities she is allowed to do.

You should also talk to children about the dangers of the internet so that they recognize suspicious behavior or activity. Discuss the risks of sharing certain types of information (e.g., that they're home alone) and the benefits to only communicating and sharing information with people they know (see Using Instant Messaging and Chat Rooms Safely, Staying Safe on Social Network Sites, and the document Socializing Securely:

Using Social Networking Services for more information). The goal isn't to scare them, it's to make them more aware. Make sure to include the topic of cyberbullying in these discussions (see Dealing with Cyberbullies for more information).

Monitor computer activity - Be aware of what your child is doing on the computer, including which websites she is visiting. If she is using email, instant messaging, or chat rooms, try to get a sense of who she is corresponding with and whether she actually knows them.

Keep lines of communication open - Let your child know that she can approach you with any questions or concerns about behaviors or problems she may have encountered on the computer.

03/04/2018

Your local community Cyber Guy with another security tip.

What security implications do these sites present?
Social networking sites rely on connections and communication, so they encourage you to provide a certain amount of personal information. When deciding how much information to reveal, people may not exercise the same amount of caution as they would when meeting someone in person because

the Internet provides a sense of anonymity
the lack of physical interaction provides a false sense of security they tailor the information for their friends to read, forgetting that others may see it
they want to offer insights to impress potential friends or associates

While the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information that's available. The more information malicious people have about you, the easier it is for them to take advantage of you.

Predators may form relationships online and then convince unsuspecting individuals to meet them in person. That could lead to a dangerous situation. The personal information can also be used to conduct a social engineering attack. (See Avoiding Social Engineering and Phishing Attacks for more information.)

Using the information that you provide about your location, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data.

As always if you have questions about Cyber Security, please contact me and I will be more than happy to help you out. If you find this tip helpful then pass it on to a friend. God Bless

02/28/2018

Let me help you keep your digital world safe and secure. With a quick a remote scan and clean today