Skimmers at the gas pump are so passé. Instead, criminals are focusing on banks as a way to steal loads of cash directly from ATMs.
In the last few months, cyber criminals have used malware to infect ATM machines in Taiwan and Thailand causing then to spit out hundreds of dollars in cash on command. The manufacturers of the ATMs are aware of the attacks and are already working with customers to fix the issue and mitigate future threats. However, the FBI has confirmed this type of attack has been reported in the United States and is warning the banking system that there may be more on the horizon.
The attacker pretends to be a maintenance person, hooks a laptop up to load the malware, then resets the ATM Machine. Once the machine is reset, the screen shows that it is out of service, the malware is activated remotely by another criminal, allows the ATM to be emptied and the cash collected by another criminal who stashes it in a large bag and walks off. IT experts say several ATM machines have a Windows XP operating system, which makes them vulnerable to this operation. Fortunately, there is a firmware fix. The reported attacks have taken place on ATM machines located in pharmacies, big box retailers, drive-thru ATMs and stand-alone machines.
The biggest for consumer is the inconvenience of an empty ATM and taking an extra look on your bank accounts for any transactions that look suspicious. A secondary concern is if a skimmer was installed on the affected machine. For banks, these events are reminder to review cyber security protocols, update software in the ATMs and perhaps upgrade their existing machines.
BBB Releases Study on Romance Scams
A study released by the Better Business Bureau (BBB) reveals an estimated 1 million Americans have been victimized in romance fraud scams with losses nearing $1 billion over the last three years. In Ohio, about 40 people reported losing money to sweetheart scams. The average reported loss was close to $40,000. BBB warns those who use dating websites to be wary of scammers who prey on unsuspecting victims.
The scheme can take a number of months to play out as the scammer gains the victim’s trust. The scammer eventually will ask for small amounts of money to feel out the victim. Victims often turn into unknowing accomplices of money laundering.
There is no “typical” victim of romance fraud. They can be male or female, young or old, straight or gay. The common denominator is that they are seeking a loving relationship, and they believe they have found it.
Scammers often portray themselves as U.S. military members. Military officials say they receive thousands of complaints yearly from scam victims around the world. Officials note military members will never need money for leave or health care.
The majority of romance fraud has its home in West Africa, particularly Nigeria. There also are groups that operate in Russia and the Ukraine that employ online dating sites to defraud victims.
At any one time, there may be 25,000 scammers online working with victims. A company that screens profiles for dating companies told BBB that 500,000 of the 3.5 million profiles it scans monthly are fake.
Protect your identity and your wallet. Scammers prefer prepaid cards and money transfers. Never send money or any personal information to someone you’ve never met in person.
Think before going from public to private. Be hesitant if the conversation moves from a monitored site like social media or a dating site to a more private form of communication like email or instant messaging.
Do your research. Pour over the profile image and description. If it sounds too good to be true, verify it. You can perform a reverse image search to see if the profile photo has been used on other websites.
Ask for details and get specific. Request other forms of identification, like a photo of them holding a piece of paper with their username on it. Ask specific questions about details in their profile. If they claim to be a military member, ask for their official military address as those all end in @mail.mil. Scammers likely will make excuses for why they can’t provide you more information.
Report it. If you feel like you’ve been victimized, report it to scamtracker.org, the Federal Trade Commission and FBI.
The report, prepared by C. Steven Baker, BBB International Investigations Specialist and is available on bbb.org. Baker is the retired director of the Federal Trade Commission’s Midwest Region.
National Consumer Protection Week: March 6-10
We talk a lot about keeping your identity safe while surfing the web, protecting your home and how to recognize a scam. Why not get everything you need all in one place? National Consumer Protection Week, March 5 - 11, is designed to help people understand what rights they have as a consumer, how to make well-informed decisions about their personal security, what steps they can take if they come across a scam, and how best to recover from identity theft.
BBB works with several organizations to provide the most effective resources on different measures to protect against identity theft, information about the latest scams, and methods to find trustworthy businesses to work with in your community. A few of these agencies include the Federal Trade Commission, the Consumer Financial Protection Bureau, the Financial Industry Regulatory Authority, and the Office of the Attorney General, Ohio Consumer Council and the US Postal Inspector to name a few.
BBB exchanges information with all of these agencies and stays up to date on what’s trending as far as fraudulent activity, what types of cybercrimes to look out for, and what the most recent scams that consumers and businesses should be aware of.
We have several community outreach events planned during this week which you can find on bbb.org.
How Safe is that Facebook Quiz?
All your friends are sharing a new quiz on Facebook. But before you join in, be sure to do your homework. Those fun quizzes can be a way to steal your personal information.
Answer a few questions about yourself and find your spirit animal, top place to live, or favorite TV show character. These quizzes may seem like harmless fun – and some are – but many of them are designed to gather personal information about you. Telling the difference can be difficult.
One warning sign is if a quiz requires you to grant a third-party application access to your Facebook profile. When you start a quiz, a pop-up will appear. It reads something like: "Allowing [quiz name] access will let it pull your profile information, photos, your friends' info, and other content that it requires to work." This means the quiz creators can access any data you share, which may include photos, workplace details, and your location.
Be skeptical: Before you take a quiz, figure out who created it. Is it a brand OR someone you trust? If not or something just doesn’t sound right, do not take the quiz or click on the link.
Adjust your privacy settings: Review your social media account privacy settings and lock down about what information you share.
Remove personal details from your profile: Don't share information like your phone number or home address on Facebook or other accounts. Also think about what information you’re sharing that a scammer might guess your passwords.