JUICE JACKING: Charging your way to Fraud
While it sounds like a new weight loss craze, Juice Jacking is actually a way to steal information straight from your cell phone or mobile device while the device is still in your possession. Criminals don't even have to come into contact with your phone and it's shocking easy to pull off.
Picture this: you're at an airport and your flight has just been delayed, by 6 hours. You glance at your phone and see the dreaded red line indicating your battery is down to fumes. Worse, you checked your luggage, with the charger inside. But never fear! You have your USB cord and you saw a public charging station while walking down the terminal. Thinking your luck is looking up, you grab a coffee and plug into the handy-dandy free power charging station. What seems like great luck could actually lead to criminals getting all of your passwords, credit card numbers, mobile wallet details, photos and other personal info stored on your device.
HOW DOES THIS HAPPEN?
The hijacker will install a small computer on and unsecured charging station so that when you charge your device using a USB, it syncs with your device and siphons off all your info. And while doing this they can also install malware that will continue pulling your information off of your device in the future. Reports have found that this is happening anywhere that there are free charging stations. Especially in airports, malls and bus terminals. How can you prevent this from happening to you?
- If possible, use your charging cord plugged into a wall outlet instead of free charging stations.
- Consider carrying a backup battery or personal quick-charger. You can pick one up at most retail stores for around $10.00. It doesn't give you a full charge, but it will get you by in an emergency.
- You can also buy a USB cord that is missing the wires necessary for data transmission. Look for USB cords that state "does not support data transfer" or "charging USB with data block." You can find them on Amazon or anywhere that you buy your office supplies ranging from $5 - $10.
- You can also lock your device from pairing/syncing by going into your "Tools" or "Settings" and disable pairing/syncing without your permission. Your phone would then alert you and require you to authorize pairing/syncing each time.
1. ANYONE CALLING YOU AND CLAIMS TO BE CALLING ABOUT UNAUTHORIZED PURCHASES ON YOU CREDIT OR DEBIT CARD SHOULD NEVER ASK YOU FOR YOUR PIN NUMBER OR THE 3 DIGIT NUMBER FROM THE BACK OF YOUR CARD. NEVER GIVE OUT YOUR PIN NUMBER OR SECURITY NUMBER TO ANYONE CALLING YOU.
2. CALLS HAVE BEEN REPORTED TO SHAZAM (DEBIT CARD) MULTIPLE REPORTS HAVE BEEN FROM CARDHOLDERS RECEIVING AUTOMATED AND LIVE TELEPHONE CALLS DEMANDING ACCOUNT INFORMATION. IN AT LEAST ONE CASE, A MESSAGE WAS LEFT ON A CARDHOLDER'S TELEPHONE, ASKING THE CARDHOLDER TO CALL BACK A TOLL-FREE TELEPHONE NUMBER TO ENTER ACCOUNT INFORMATION.SOME HAVE INCLUDED RECORDED MESSAGES WHILE OTHERS HAVE HAD A LIVE OPERATOR OR CALLBACK OPTION. SOME CALLS LIST A CALLER IDENTIFICATION NUMBER OF 1402. THESE CALLS ARE FRAUDULENT AND HAVE NOT BEEN AUTHORIZED BY SHAZAM. CALL THE BANK OF WYANDOTTE AT 918-678-2204 IF YOU HAVE ANY INQUIRIES OR CONCERNS ABOUT YOUR DEBIT CARD!
CREDIT CARD SCAM
Credit Card SCAM-very clever PLEASE READ
This is a heads up for everyone regarding the latest in Visa fraud. Royal Bank received this communication about the newest scam. This is happening in the Midwest right now and moving across the country. This one is pretty slick, since they provide YOU with all the information, except the one piece they want. Note, the callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & MasterCard telephone Credit Card Scam works, you'll be better prepared to protect yourself. One of our employees was called on Wednesday from 'VISA', and I was called on Thursday from 'MasterCard'.
The scam works like this:
Person calling says - 'This is (name) and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460, your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona?' When you say 'No', the caller continues with, 'Then we will be issuing a credit to your account. This is a company we have been watching, and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address). Is that correct? You say 'yes'. The caller continues - 'I will be starting a Fraud Investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control Number. The caller then gives you a 6 digit number. 'Do you need me to read it again?'
Here's the IMPORTANT part on how the scam works - The caller then says, 'I need to verify you are in possession of your card'. He'll ask you to 'turn your card over and look for some numbers'. There are 7 numbers; the first 4 are part of your card number, the last 3 are the Security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the last 3 numbers to him. After you tell the caller the 3 numbers, he'll say, 'That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?' After you say no, the caller then thanks you and states, 'Don't hesitate to call back if you do', and hangs up. You actually say very little, and they never ask for or tell you the card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. We were glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card. We made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the Scammer wants is the 3-digit PIN number on the back of the card. Don't give it to them! Instead, tell them you'll call VISA or Master Card directly for verification of their onversation. The real VISA told us that they will never ask for anything on the card, as they already know the information, since they issued the card! If you give the Scammer your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost too late and/or more difficult to actually file a fraud report. It appears that this is a very active scam, and evidently quite successful...
SOCIAL ENGINEERING SCAMS
EASY TIPS TO PROTECT YOURSELF FROM SOCIAL ENGINEERING * Use discretion when posting personal information on social medial. This information is a treasuretrove to scammers who will use it to feign trustworthiness. * Before posting any information, consider: What does this information say about me? How can this information be used against me? Is this information, if combined with other information, harmful? * Remind friends and family members to exercise the same caution. Request they remove revealing information about you. * Don't send money to people you don't know and trust.
Three common types of persuasion scams: * Tech Support Call Scams In tech support call scams, the scammer, claiming to work for a well-known software or technology company, cold calls victims in an attempt to convince the victim that his or her computer is at risk or attack, attacking another computer or is infected with malware, and that only the caller can remediate the problem In convincing the victim, the scammer oftern persuades the victim to provide remote access to the victim's computer. The scammer can then install malware or access sensitive information. In some variations, the scammer persuades the victim to pay for unnecessary or fictitious anti-virus software or software updates.
* Romance Scams In romance scams, the malicious actors create fake profiles on dating websites and establish relationships with other site members. Once a sense of trust is established, the scammer fabricates an emergency and asks the victim for financial assistance. The scammer generally claims he or she will repay the victim as soon as the crisis is over. However, if the victim sends money, the scammer will prolong the scam, sometimes stealing thousands of dollars from the victim.
* Traveler Scams In this scenario, also know as the "grandparent scam," malicious actors use information posted on social media websites by a traveling family member to trick other family members into sending money overseas. Often the scam targets the elderly, who are less likely to realize the information was originally posted online. The scammer will monitor social media wesites for people traveling overseas, and then contact the family members (through the Internet or via telephone) with a crisis and requesting money be sent immediately. The scammers rely on all the information users post online about themselves and their trips to convince the family member they know the traveler and are privy to personal details, and thus should be trusted.
Shazam has had reports that some customers are receiving an e-mail falsely claiming to be from "The Electronic Payments Association". The fraudulent e-mail references a fictitious automated clearing house (ACH) reject and directs the recipient to click on a link embedded in the e-mail. This link will take the e-mail recipient to a website that will likely install malicious software (malware) on the recipient's computer with the intention of stealing personal information, login credentials, financial details, and more.
SAMPLE PHISHING E-MAIL
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.
Please click here to view report
For More Information
If you have any questions about this phishing attack, please
call SHAZAM Client Support at (800) 537-5427 (options 4,1).
The above is just an example!! Please call the Bank of Wyandotte
if you receive any e-mail from anyone claming to have information
about your Bank accounts.Shazam should not have access to your
e-mail account... OR you may call Shazam. The number for Shazam is 1-800-383-8000.