Phishing Scams Target Some of the Biggest Online Brands

Amazon and PayPal are the best ways to make financial transactions online. WhatsApp is the secure messaging service with end to end encryption. Everyone uses Facebook and Gmail. What could go wrong?

If you think the best-known names on the internet are safe, it’s time to think again. Online criminals are getting smarter and sometimes the bigger the brand, the more worthwhile it is to invest in a scam that will actually fool people.

In the past, phishing emails were easy to spot, with bad grammar and spelling mistakes a native speaker wouldn’t make. Today, scammers not only use perfect English, they’ve often expertly matched the logo, style and URL, so it takes a careful comparison to see the difference. Meanwhile, legitimate sales platforms, such Facebook Marketplace, are full of people trying to convince you to hand over money for nothing in return.

Don’t assume anyone online is telling the truth unless you have verification from an independent source. It takes only a few seconds for hackers to steal financial details or infect your computer with malware that will allow them to access personal information. Help protect your privacy and safeguard the entire family’s reputation with ReputationDefender’s online privacy services. We’ll tell you about system vulnerabilities before they become a problem and help you deal with leaks after the fact. We’ll also keep you up-to-date on some of the most recent scams.

Companies to Double Check

Here are 6 well-known companies that have recently been targeted by scammers.

  • Amazon – Hackers have been sending convincing receipts for products that were never purchased complete with a link to follow if you want a refund. Don’t fall for it. Open a new browser window and sign into your real Amazon account to check your orders.
  • Apple – A group of scammers have been caught trying to convince people to pay off tax debt with iTunes gift cards. The message may come as a phone call, text or email claiming to be from the HMRC, but fraudsters ask for iTunes vouchers, which can be sold or traded anonymously, to pay off the overdue tax. The HMRC would never communicate in this manner and Apple doesn’t use iTunes as payment ‘outside of official stores’.
  • Facebook – Facebook Marketplace isn’t even a year old and it’s already full of scammers. Since there is no official payment method, it’s up to buyers and sellers to make an agreement. A number of fraudulent users have been insisting on payment via bank transfer, but once the money is turned over the product is never delivered and messages are blocked. Never agree to a bank transfer with someone you don’t know well; there are too many ways this can go wrong.
  • Google –A new Gmail scam has been scarily effective, even with tech savvy people who don’t usually fall for phishing. The trap appears to be an attached file from a contact, but instead it’s an embedded image which will take you to a Google sign-in window when you click on it. The window also appears legitimate, complete with ‘One Account, All of Google’ at the top of the page. However, once you enter your login details hackers have complete access to your account and start to target your contact list almost immediately. The only way to spot this scam is by noticing a subtle difference in the URL which begins with ‘data:text’ rather than ‘https’.
  • PayPal – Look for a warning that claims there’s been ‘unusual activity on your PayPal account’. The scammers have cleverly copied enough identifying marks to make the email look legitimate, but the clicking on the link will give them access to your account.
  • WhatsApp – WhatsApp users have reported messages claiming to offer free Sainsburys gift cards in celebration of new stores opening. Unfortunately the message has nothing to do with Sainsburys and clicking on the link will install malware that allows hackers to steal information from your phone.

New phishing scams appear all the time. Learning to recognise the signs will help protect your reputation and keep your information secure. For further questions or concerns about phishing scams, contact our experts at ReputationDefender.

Vulnerability Discovered – Why You Shouldn’t Use WhatsApp and Telegram on the Web

According to the Israeli security firm Check Point, even encrypted messenger apps like WhatsApp and Telegram can be penetrated by malware. Just this month, spokesperson Doros Hadjizenonos announced the firm had discovered a weakness in the web versions of these apps. The vulnerability allowed hackers to send a contaminated photo capable of infecting the entire account upon opening. Both companies have reacted immediately to patch the problem and users who have downloaded the latest version should be protected. However, security experts are still advising that high-risk individuals stick to the mobile version of WhatsApp and Telegram.

Encrypted Apps are the Secure Choice

Privacy and reputation go hand in hand. ReputationDefender clients include individuals and businesses working to build a positive web profile. A few personal details or a private message made public can quickly undo months of effort. With over 1 billion users, WhatsApp is the go-to messenger app and the announcement of ‘end-to-end encryption’ last year made it one of the more secure choices as well. A unique encryption key means no one but the intended receiver can unlock and read the message, not even WhatsApp itself. Meanwhile, the lesser known Telegram has been offering ‘Secret Chats’ that rely on a similar encryption key for several years.

What Went Wrong?

Unfortunately, in this case encryption created its own unique problem. Since the sender’s content was scrambled before upload, the app wasn’t always able to identify contaminated files. Hackers could conceal HTML code in a harmless-looking image and send it to an unsuspecting user. Opening the message in a web application would allow the malware to run immediately on the user’s browser, giving hackers access to the entire account: personal contacts, messages, images… everything.

Hadjizenonos has assured users that WhatsApp and Telegram both responded quickly and responsibly to Check Point’s warning. The input validation process has been improved to identify and block files containing malware on both web and mobile versions. As always, it’s important to download the latest updates immediately, since these often contain fixes for weaknesses and vulnerabilities that have just been discovered.

What’s Different with Web Apps?

The larger lesson is that the mobile versions of WhatsApp and Telegram are more secure than the web-based versions. Web apps use JavaScript which will input new code and overwrite functionality immediately. Mobile apps don’t support this ‘just-in-time’ compiling; changes much be downloaded and configured before installation. This means users are better protected from the type of vulnerability spotted by Check Point.

Although this particular risk has been eliminated, it won’t prevent hackers from discovering a new access point in the future. If your WhatsApp account contains data that could hurt you if it were made public, it’s best to avoid messaging on the web. Stick to mobile, where there’s an extra layer of security.

New Interface for Google Maps Android App

If you regularly use Google Maps on Android, you’ll be happy to know the latest update makes it easier than ever to find what you need. Now, instead of entering locations in a search format, you can just swipe up from the bottom of the screen to find ETA’s for home and work, as well as an organised list of the closest restaurants and cafés.

Google has a well-earned reputation for easy to use apps and user-friendly interfaces, and the current update proves this yet again. Google Maps is already one of the most comprehensive web mapping resources on the internet, with few errors given its scope. It’s already easy to find a location or plug in a regular route, but the latest changes mean you can pull up most of the information you need with one hand.

Is there a Privacy Risk with Google Maps?

Google is known for collecting information on users and sometimes sharing anonymous data with third parties. At ReputationDefender, we caution clients that anything on the internet has the potential to become public through hacking, and this applies to locations entered or searched on Google Maps. The risk is minimal as long as your Google account remains secure, but the new design will require you to save your work and home addresses if you have not already done so.

How Does the New Feature Benefit Users?

On the Android platform, Google Maps users can now swipe to pull up three new tabs on the bottom of the home screen. The Places tab on the left will show a list of the restaurants closest to your current location with categories for Dinner, Breakfast, Lunch, Coffee and Drinks. Scrolling down the page lets you find the closest Petrol Station, ATM or Post Office. You’ll also see the most popular photos posted by other Google Maps users.

The Driving tab in the middle will automatically give the current driving time to your work or home as long as you have these locations saved. It also shows various routes and traffic problems which could extend your travel-time. The Transit tab on the right provides similar information for bus and train services near you. It tells you where to find the nearest stop and how long it will take to get where you want to go.

This isn’t a huge change from Google Map’s previous system, but instead of entering a location to search, users can swipe up the tab to see all the information for saved locations. For now, this update is only available to Android users, but it’s expected to be released on iOS and other platforms soon.

Don’t Let Banking Online Make You the Next Fraud Victim

Online banking is a convenient way to manage money without the hassle of bank closing times or waiting for a cheque to clear. Yet there are risks with accessing financial information over the internet that shouldn’t be ignored. Numerous cyber criminals browse the web looking for personal data that can yield a cash payoff. All it takes is a few security oversights to make your account easy to hack and to turn you into the next target.

How to Stay Clear of Hackers

At Reputation Defender we warn our clients about the dangers of personal information becoming publicly available through careless online privacy. Data leaks can cause reputational fallout and they will also help a hacker to access your bank accounts and fraudulently transfer money. Here are some of the most important precautions you should take to stay safe whilst banking online:

• Avoid Public Networks – Never access a bank account on a public computer or a free Wi-Fi network. These are inherently insecure and may be regularly monitored by cyber criminals.
• Bank on a Single Device – Keep your banking limited to a personal laptop or an iPad that isn’t used by children or other people who may be careless online.
• Use Secure Passwords – A strong password is one that combines numbers, letters and symbols, but does not include any guessable information such as birthdays, names or addresses. It’s a good idea to change your password several times a year. If you have trouble remembering complicated passwords, invest in a password manager.
• Avoid Phishing Attacks – One common online scam is a fake notice advising that an account is insecure or the password has been reset by someone else. If you receive an unsolicited notice like this, never click on the link contained in the email. It likely contains a virus that will allow the scammer to steal your banking details. Instead, sign in via another secure app or call the bank to check your account status. Do not give out financial details in an email or over the phone. If someone is asking for this information they are not from your bank; they are a fraud.
• Keep a Close Eye on Accounts – Check into your account regularly to make sure you recognize all the transactions. Report any suspicious activity immediately so your bank can take action before further hacks take place.
• Set Privacy Controls on Social Media – This might not seem important for banking, but poor privacy elsewhere on the web can give a hacker the answer to many security questions (such as your mother’s maiden name, the name of your pet, your first car etc.). Details like this quickly become a reason for a thief to target your account.
• Protect Your Pin – Never give your pin to anyone, even someone you trust. Take measures to protect your pin in physical locations by shielding the console and checking for observers.
• Shred Physical Documents – Documents containing account numbers, social security numbers or any type of personal information should never be thrown in the trash.

Statistically, only a small number of people get hacked, yet this doesn’t mean criminals aren’t already checking out your account looking for a way in. Any account can be breached given enough time and effort, so the key is to put enough security measures in place so that criminals will lose interest.