Check washing is alive and well

According to the Wall Street Journal, stolen checks from mailboxes netted crooks in New York more than $ 30,000. The crime is called check washing and it involves crooks stealing outgoing mail from your mailbox. If they find a handwritten check, they “wash” the amount and payee off of the check and make it payable to co-conspirators, who cash the checks.

To keep your checks safe, pay bills online and forgo check writing to the extent possible. If you write checks to pay bills, take the envelope to a blue box or post office. Also, as an additional layer of security, use gel pens to write checks. The gel is a liquid, which is absorbed into the cotton fiber of the check paper and it can’t be washed off like ball point ink, which sits on the surface of the check paper. You can buy gel pens pretty much anywhere, try CVS or across the street at Walgreens.

IRS does not call to demand cash

Coming off of very busy weeks presenting in Columbus, Cincinnati, Durango, Sarasota,  Kansas City, Columbus (again) and Kansas City (again). A few times the question was raised about fake phone calls from someone pretending to be an IRS agent and demanding money for past due taxes. The IRS of course, doesn’t do this sort of thing.

One person told me that she thought the call was a fake until the person on the phone told her his “official badge number”. That made her think it was real although in the end she still didn’t send any money, thank goodness.

The New York Times columnist David Segal wrote about this fraud in last Sunday’s Times. Here is a link to the column.

http://www.nytimes.com/2016/02/28/your-money/irs-calling-to-demand-cash-dont-pay-up-hang-up.html

40 Bitcoins equals $ 17,000

Hollywood Presbyterian Medical Center is aware of this bitcoin conversion because that is what they said they paid to hackers to get the encryption key to unlock their data. The linked article provides more details, but to prevent this from happening to you personally or to your organization, do two things:

  1. Educate employees/family members about the phishing emails that download the ransomware/cryptolocker on the network.
  2. Maintain offline backups of all essential computer files.

No person or business should ever have to pay ransom to get their files back. All cases like this do is encourage the hackers and more attempts to victimize us.

http://www.cbsnews.com/news/hospital-explains-decision-to-pay-ransom-to-hackers/

Ransomware is very profitable for the cyber thieves

The security from Imperva reports that over a three-month period in 2015, a single cybercrime gang managed to earn at least $330,000 in bitcoins thanks to an estimated 670 victims paying attackers’ ransom demand to decrypt their ransomware-infected systems.

On this point, I recently received a phone call from a small business owner who was a victim of ransomware. All his computer files were encrypted and the ransom demanded was $ 500. Unfortunately, he had not backed up his files. If he had a recent backup, he could simply restore from that and not have to pay any ransom. Prepared to pay the ransom, he asked me if the hackers will provide him with the encryption key if he paid up. There is no way to be sure, as I tell my audiences, but the hackers have a reputation to protect. What’s next, customer satisfaction surveys from hackers? “How was your hacking experience with us? Refer a victim and get $ 50 off your next ransom payment.”

Remember to keep your files backed up on an external device. To prevent the malware that encrypts your files in the first place, avoid clicking on links or attachments in emails from unknown senders.