February 15, 2015

Scam U: Checking Scam, got an app for that

Remember the standard check cashing scam?If not, then here is a recap for you. It starts with a scammer sending you a fake check for winnings or overpayments. The scammer instructs you to deposit the check and wire some of the money (from the overpayment or to process "winning" fees) to a separate account. Usually it is to an overseas account. The fake checks often  look so real that bank tellers cannot tell if they are real or not. Look at our image below. Would you be able to to tell if it was the real deal or a crummy fake? 

Cheque sample for a fictional bank in Canada. ...
Sample Canadian fictional bank check.
How would you be able to tell if it was real or not?
(Photo credit: Wikipedia)

Unfortunately, by the time the bank realizes the check is a forgery, the scammers made off with the additional money and the victim is on the hook for it. Bummer!

Scammers are starting to take a modernized twist to this scam by trying to target you for your smart phone banking apps. They con account holders into sharing their banking information and using the bank's bank app to deposit fake checks into the victim's account. Typically scammers approach the victim offering to pay several hundred dollars (sometimes even more) if they would cash a check for them. If a stranger makes you this offer, bells and whistles should immediately be going off in your head. Some scammers even pose as potential employers or lenders who need access to the victim's account to deposit money. Sadly in this difficult economy, people are desperate enough to believe it. Scammers withdrawal money from the account before the bank discovers the checks are frauds and leaving the victim on the hook for the illicit funds.

Don't fall prey to this tactic or any other version of it.
  • Don't cash strange checks. If a stranger is offering you money to cash a check on their behalf, it is probably illegal. Think about it, why would they pay you to do it, when they can open a bank account for free or get somebody they already know to do it?
  • Do not give out your banking app information. This should go without saying. However, the Better Business Bureau wouldn't have sent out warnings about this scam if people followed this rule. 
  • Do not accept overpayments. Only accept exact payment. If they keep trying to talk you into accepting the overpayment and sending the extra to a different location, walk away from the deal.
  • Make sure the check clears before withdrawing. If you are going to cash strange checks despite my previous advice, make sure the check clears before spending any of the money. This may take anywhere from one to two weeks. In the mean time the con artist will keep hounding you for the money.
  • Remember the saying, if it is too good to be true, it probably is. Nobody will give you something for nothing, and you should exercise caution when somebody offers.


References:
Better Business Bureau (5 December 2014). Check cashing scam gets a high tech twist. Scam Alert! email.

Federal Trade Commission (n.d.) Consumer information: Fake checks. Retrieved from http://www.consumer.ftc.gov/articles/0159-fake-checks  

February 1, 2015

No time security newsletter

Extra! Extra! Read all about it!

Security newsletters can be a great tool if done right; however, they can be a bit time consuming. Who really has time to be an author, editor, and publisher in addition to the regular 9 to 5 job duties? Not a whole lot of people, at least nobody I know. After awhile, it becomes difficult trying to keep coming up with fresh, relevant material. Trust me, I speak from experience on this one. After the first couple of editions, you begin to struggle and dread coming up with a newsletter. May be that's why the majority of them go be the wayside after so many editions?

This is why I am excited about Paper.li. If set up properly, you have a self-generating e-newsletter that requires little maintenance, so your program can easily reap the benefits while you focus most of your time doing other things. As Paper.li states on it's Learn More page, it "is the easiest way to collect, publish and share content on the web." (2014)

From their site:
The platform. Unparalleled power.
The key to a great newspaper is a great newsroom. The Paper.li platform gives you access to an ever-expanding universe of articles, blog posts, and rich media content. Paper.li automatically processes more than 250 million social media posts per day, extracting & analyzing over 25 million articles. Only Paper.li lets you tap into this powerful media flow to find exactly what you need, and publish it easily on your own online newspaper.
That's sounds like a lot of power. Within 30 minutes, I registered for an account, set up my paper, and published my first edition. Needless to say, I was impressed. They also have multiple posts, videos, and customer service to help you out if you get stuck.

Great features:
  • Automatically pulls from selected sources. You can select up to 25 sources which can be RSS feeds, social media accounts, or hashtags.
  • Apply filters on sources. You can further refine what stories to feature in the different sections.
  • Provides clean layout.
  • Uses click and drag to reorganize stories.
  • Archives previous editions.
  • Embed newsletter widget onto your site. This could be a great feature on a security website.
  • Set up publishing schedule. You can set it up to auto-generate a new edition twice daily, daily, or weekly
Plus I'm only talking about the free edition. If you opt for the paid Pro version you get even more control to customize.

By the sound of this post you would think that I'm doing a paid write up, but I'm not. I'm just that big of a fan. Currently I'm only playing around with the free version and am fairly impressed. Go ahead and leverage technology to increase security and threat awareness.

Not sure what content provider to choose? You can start off with some of my content resources I opted for:
  • Brian Krebs @briankrebs
  • Securing the Human @SecureTheHuman
  • State Department travel warning/alert RSS feeds
  • BBB Consumer News and Opinion Blog RSS feed
  • Tweets mentioning "espionage" and "terrorism"
Of course you can always opt to use our free security newsletter on Paper.li instead if you want an absolutely hassle free newsletter to use. :)