As if worrying that your Android might suddenly explode wasn’t enough to worry about. Researchers at Security fIrm Check Point have just announced the emergence of a new strain of Android-attacking malware, which they’re calling Gooligan, a particularly powerful variant of an older Android malware called Ghost Push.  
Spreading through apps in third party app stores, Gooligan is affecting 13,000 devices a day and targets Android versions 4 and 5, Jelly Bean, KitKat and Lollipop, which represent 74 percent of Androids on the market today. It can also be downloaded by clicking infected links in phishing messages. Newer versions of the OS are unaffected (but may still explode. Happy Android-ing!).  
Once a user downloads one of the 86 fake apps hosting the malware, or clicks a phishing link, Gooligan downloads a rootkit and takes advantage of two well known vulnerabilities. In this case, the vulnerabilities are still alive and well on the user’s device, apparently because the user didn’t take the time to install the proper security patches. The attacker is then granted total control over the device and can steal all Google account information (including Gmail, photos, and drive), install apps, and install adware to collect revenue. One of the campaign’s main goals is to download apps from the Google Play Store surreptitiously to devices, giving them good reviews as part of an advertising fraud scam.  
**Gooligan, the Money Making Behemoth**  
Gooligan the worst data breach of Google accounts on record and has installed itself on over 2 million apps since the campaign began in August. At the moment, it doesn’t seem that the attackers are actually doing anything with the stolen data — their main goal seems to lie in the ads scam, which has so far netted them over $320000. A month.  
There are a few lessons to be gleaned from the Gooligan breach, most of which should be no brainers. But since over 2 million devices have been affected so far, it seems that there are a whole bunch of people who use their devices with less intellect than they should. As we see time and time again, mobile devices, with our most sensitive information stored on them, can be breached pretty easily, if users aren’t careful. Here are some takeaways:

*   Patch and update as soon as patches are released, this goes for mobile devices and computer OSs as well.
*   Never, never download apps outside the official app stores. If you do, you’re asking for trouble.
*   Don’t download apps based on customer reviews alone, they may very well be faked.
*   Keep away from shady links in text messages, they might just harbor malware.

Google and Check Point are working to fix the issue but in the fractured mess that is the Android OS, things like this are often on the rise. Keep your eyes open and download with caution.

As if worrying that your Android might suddenly explode wasn’t enough to worry about. Researchers…

29_National_Stop_Bullying_Day_How_Can_You_Do_Your_Part_1b30dfe9a2.avif

The Gooligan Android Breach &#8211; What you Need to Know

Oh, Thanksgiving Day.  
You probably get a warm and fuzzy feeling even before the sugar high hits your brain just thinking about the mashed potato and turkey-packed day. What you’re probably not thinking about is that first Thanksgiving Day back in 1621. There were Pilgrims and Native Americans, food and gifts, don’t forget the gifts! The Native Americans gave the newbies their trade secrets for crop planting, fishing and hunting. And the pilgrims gave the Native Americans Smallpox.  
Smallpox, the dreadful plague brought over on the Mayflower, wound up killing more than 90% of the Native American population within a few short years of its arrival on Plymouth Rock. Sure, today we don’t associate the big TD ([Thanksgiving Day or Turkey Day](http://blog.reasoncoresecurity.com/2015/11/24/of-football-phishing-and-freeloaders-the-thanksgivingcyber-security-connection/), take your pick) with disease and death, but back then the Native Americans simply didn’t have the natural antibodies to protect them from the newbies’ foreign spores.  
**The “gift” of social media**  
Today, one thing that a whole lot of people are thankful for is social media. It connects the distant, it gives voice to the silent. It accelerates movements, and mostly, it entertains the bored. Every day, we bring it gifts in the form of comments, likes and shares. And it gives us gifts in return as well – feelings of validation from friends we have never met, and knowledge about things we have never known.  
But another gift often received from our beloved platforms is malware.  
Just like that first Thanksgiving, when Native Americans didn’t stand a chance against the superbug that piggybacked its way over the Atlantic, often we don’t stand a chance against malware on social media. Malware spreads like the plague because people are so accustomed to the open and sharing nature that our favorite escapes engender. But this casual attitude is a mistake. According to a report by security firm Symantec, hacks are “moving further away from email and into the social media landscape”. We know (well hopefully, anyway) to be exceedingly careful when it comes to keeping away from shady emails. But how careful are we really on social media?  
Social media presents hackers and scammers with a low cost, high yield way to do a whole lot of damage at once. As long as people continue to use social media with the cognitive abilities of somebody who is asleep, (or is experiencing the aforementioned sugar surge and drop) don’t expect this arena to shrink any time soon. Let’s look at some of the ways hackers might be using your favorite social media platform to bestow malware upon your devices:  
**Shortened link malware**: Character real estate is at a premium on Twitter and typical URL’s are a space killer. URLs shortened with a link shortened take the place of meandering ones but once links have been shortened, they bear no resemblance to their original form. Hackers know this and they make their own malicious URL’s jam-packed with malware, posing as legit ones. They publish articles with the ludicrous links and wait for the unsuspecting victims to click them.  
**Fake messages**: This past July, 10000 Facebook users installed malware after they received “a message from a friend”. Clicking on the link installed a trojan that automatically hacked the victim’s Facebook account. Hackers were granted access to privacy settings and data and most shocking of all, it blacklisted any anti-virus programs to make it harder to locate and remove the trojan.  
**Click bait**: Didja read the one about “The top 12 signs that you might have turkey poisoning? Or how about the “Celebs who only eat pumpkin pie and gravy all year long” one? Welcome to clickbait at its finest, a trend that Facebook hates because it moves readers off to other sites. More worryingly though, clickbait links often harbor malware or lead to sites that scan devices for security vulnerabilities. Once they find a weakness, they exploit it with trojans or zero-day exploits.  
**Hashtag hijacking**: #turkeyday #thanksgiving #celebrate #stuffing. Sure, hashtags are a great way to get your tweets seen by more people, but they can also be used against you. Back when the world cup was a trending topic on the twitter-o-sphere in 2014, a group of ISIS supporters hijacked hashtags associated British soccer (or football if you’re from the other side of the Pond) clubs. Inserting pro-terror videos within the hashtags, they sought to recruit new members with an interest in social media. The same principle is used to distribute spam or malicious links, so stay aware.  
**Images laden with malware**: Just yesterday, a new malware distribution method made its way onto Facebook Messenger – via images stuffed full with Locky ransomware. By embedding JavaScript into SVG image files, hackers were able to direct victims to a YouTube lookalike page that prompted them to install a fake Chrome extension to play videos. What it was really doing was installing Locky which has become a hacker favorite over the last year.  
**Thanks…but no thanks**  
Keeping social media’s ”gifts” away shouldn’t really be all that difficult if people would just follow some “should be obvious” rules:  
\-Don’t friend people you don’t know  
\-Don’t click shady links and do resist click bait  
\-Make sure to configure privacy settings the way you want them  
– Use your head at all times!!  
Now shut off your devices and enjoy the rest of Thanksgiving Day. Meanwhile, be grateful that you, unlike the unfortunate Native Americans of 1621, have the tools and the knowledge you need to protect yourself and the people you love from unwanted gifts.  
P.S. To say “thanks” to all our readers, we are having an [RCS Thanksgiving Day blowout sale.](https://goo.gl/vKUSVp) Use the coupon to take 60 percent off your RCS subscription – you’ll be “thank”ful you did!

Oh, Thanksgiving Day. You probably get a warm and fuzzy feeling even before the sugar…

The (Rotten) Gift that Keeps on Giving

For better or for worse, the biggest shopping season of the year has arrived.  
Now that Thanksgiving Day is nothing more than a mere memory (aside from the heartburn and excess poundage), it’s time to start thinking about all the presents and other stuff you’ll need to dish out money on for the upcoming gift-give-a-thon. Once upon a time, snagging great deals on Black Friday meant packing into stores with literally thousands of other shoppers. Thankfully, [Cyber Monday came along](http://blog.reasoncoresecurity.com/2015/11/28/13-tips-for-safe-shopping-this-cyber-monday/) to relieve some of the congestion and has cut into Black Friday’s profits in a big way, allowing the lazy, claustrophobic and savvy shopper to save money from the comfort of his or her couch.  
But like all things digital, Cyber Monday savings come with a big potential risk. Online shopping can always be a bit perilous if you’re not careful, but at this time of year, hackers and scammers are working double time to lure in victims. To help you avoid becoming part of a Cyber Monday scam statistic, we offer you The Ultimate “How to Not Get Hacked While Shopping Online” Guide this shopping season:  
**Seriously, _The Ultimate “How to Not Get Hacked While Shopping Online” Guide_**   
**1 – Use your credit card** – While it’s true that using credit cards isn’t a great habit in terms of living within your means, it’s a safer bet than using debit when it comes to shopping online. Credit card companies refund buyers in case of fraudulent purchases or identity theft.  
**2 – Don’t trust social media offers** – Scammers know that even when you’re hanging out on Facebook and the like, you’re still thinking about scoring deals on purchases. They craft freebies or discount offers and post them around social media networks that may seem legit, but don’t fall for them! The links are filled with malware that can steal information from your device.  
**3 – Don’t shop on public wifi** – There is no delicate way to say this so here goes: If you shop on public wifi, you’re just being plain dumb. [It’s incredibly easy for hackers to create open spoofed networks,](https://blog.reasoncoresecurity.com/2016/04/08/the-dangers-of-public-wifi-or-what-your-inner-diva-and-your-favorite-coffee-place-have-in-common/) or to even intercept open connections, giving them full access to all information you transmit while using that connection. So wait until you get home to shop, or do it from a secured mobile connection, ya hear?  
**4 – Don’t click links in emails** – Scammers use this time of year to send out all kinds of emails – from charity pleas to “receipts”, to enticing offers you’ll get by “clicking this link!”. You know it and we know it – they are filled with malware, so stay away.  
**5 – Only shop on reputable sites** – Now is no time to experiment, stick with tried and true vendors only.  
**6 – Look for https** – Even when shopping on known sites, make sure you see a little closed green padlock and the all-important _https_ in your browser when you go to put your purchase though. If they aren’t there, everything you type can be seen by hackers.  
**7 – Stay away from “too good to be true” deals** – This is a smart rule of thumb to bear in mind throughout the year but now it’s even more critical because hackers know you have shopping, and therefore saving, on your mind. This is precisely when people might feel compelled to make rash decisions, so don’t fall prey to this kind of pressured thinking.  
**8 – Keep your software and operating systems patched and up to date** – One of the main ways hackers attack systems is by exploiting known vulnerabilities in unpatched software and operating systems. Patch ‘n update before they have the chance to get in.  
**9 – Think before buying gift cards** – Scammers try to auction off gift cards on sites like eBay but surprise! When the recipient tries to use them, they are empty. If you go in the gift card direction (_tsk tsk tsk_), buy them from the store itself or a store that sells them like Bed, Bath and Beyond.  
**10 – Review credit card statements** – It’s always a good idea to check your credit card statements but it’s more important than ever at this time of year with all the money-changing-hands going on.  
**11 – Use unique passwords and logins** – If your Old Navy or Amazon password is P@ssWord, you’re asking for trouble. [Using unique and random passwords](http://blog.reasoncoresecurity.com/2016/06/27/mark-zuckerberg-gets-a-lesson-in-password-safety/) helps ensure the safety of your accounts.  
**12 – Use multi factor authentication** – What’s better than simply using the aforementioned secure passwords? Using multi factor authentication provides an ever more iron-clad defense against hackers accessing your accounts.  
**13 – Use an anti-virus and anti-malware solution –** We all get sloppy every now and then. We click links we shouldn’t, we install software accidentally. This is why [it’s critical to have a strong anti-malware solution like RCS](https://www.reasoncoresecurity.com) protecting your devices. A solid anti-malware program will catch any infiltrators before they can do harm and steal your data.  
**14 – Watch out for pop ups** – Aren’t popups annoying? Well, they can be a whole lot worse than just frustrating nuisances. If you haven’t heeded our sage advice and have yet to set up your AM and still have unpatched software, viruses that cause pop ups can infiltrate. When you try to enter in your credit card, they pop up and pretend to be the legit payment page.  
**15 – Check the URL in your browser** – Sure, it may look like Best Buy, but check the URL in the browser window to make sure you’re really shopping on the site you intended to be on. Hackers build spoof sites to look authentic, but their names are just a _weeee_ _bit_ off – like Amazan, or Best Buys, you get the idea. So check before you shop.  
**16 – Keep a record of your order** – After making a purchase, keep all purchase emails until you have received it and are sure you’re satisfied with your purchase.  
**17 – Shop from stores’ own apps** – If you’re on a tablet or mobile device, make sure to shop from the store’s official app only. Stores have more direct control over their apps than their websites which could theoretically be hijacked.  
**18 – Don’t save personal info** – If your accounts do get hacked and your information is stored on them, you can be pretty sure your credit card number and other identifying information will turn up on sale on the dark web some time soon.  
**19 – Set up a PIN Or password for your device** – With all the online and offline shopping going on, it can be easy to misplace small devices – make sure your mobile is secure with a PIN or password to keep it safe when you get shoppers’ brain.  
**20 – Keep your browser clean** – Your browser quietly collects information on you and gives it to advertisers unless you are proactive to stop it from doing so. Delete your cookies, browsing history and cache before you begin shopping.  
**21 – Use your head!** – Perhaps the most important tip of all, think before you shop. No article can cover every possible nefarious scenario that hackers can dream up. That’s why it’s up to you to remain alert and vigilant at all times. Hey it’s your money and your data so it’s in your best interest to stay smart.  
Now go shop ‘til you drop, and remember that we love the colors white and blue and all things security-related. But we’ll take gift cards too, if you insist.

For better or for worse, the biggest shopping season of the year has arrived. Now…

The Ultimate &quot;How to Not Get Hacked While Shopping Online&quot;Guide

WhatsApp is a great way to keep in touch with far off friends and relatives but it seems like every time you turn around, there’s another scam running rampant on it. Given the fact that WhatsApp has over one billion users, it only makes sense that hackers and scammers are always on the lookout for new and interesting ways to exploit the platform. And with the holiday season right around the corner, scammers are just waiting to break out the very best in their rotten tool set to cash in on that generous holiday feeling. The sad reality is that because users repeatedly fall their tricks, the scoundrel-y scammers are encouraged to keep going.  
**A Scammer’s Digital Playground**  
Case in point, when WhatsApp began rolling out their the long-anticipated video calling feature last week, it wasn’t long before the scams started circulating. In fact you might have gotten a bogus video calling feature message even before the actual feature hit your device. Posing as a message inside an existing thread the “invitation” read:  
“_You’re invited to try whatsapp video calling feature.  
_  
_Activate at: ( bogus link)  
_  
_Only people with the invitation can enable the feature”_  
But what really happened when a user clicked the link is that the device got a face full of malware. Nothing too surprising here, but coupled with the fact that everybody was already expecting to see the new feature on their own WhatsApp, you can understand how this particular scam was able to reel in more than a few unsuspecting victims.  
WhatsApp has issued a statement that they will not be, nor have them been rolling out the feature via a link inside a message. Instead they will be granting access to users in a staged manner and all you need to do is sit tight and wait patiently for your device to get it.  
**What’s That??? It’s Another WhatsApp Scam!**  
Meanwhile, there are plenty of other WhatsApp scams circulating all the time. Some are persistent and hang around for a while. Others make their rounds for a bit and then lay low until people forget about them, only to resurface later with a vengeance. Here are a few more to be aware of:  
**WhatsApp Gold –** Surfacing earlier this year, WhatsApp Gold purported to grant users access to premium features like video chats, new emojis, new backgrounds, the ability to send hundreds of pictures at a time and most enticing of all, the ability to delete already-sent messages. WhatsApp (the real one) users received a link promising access to the version “used only by big celebrities” but what victims really got was a fee-based messaging service, where users were charged $1.85 per text message!  
**WhatsApp Spy –** If you ever wanted to see what your contacts are saying about you, WhatsApp Spy just isn’t the best way to go about it. Posing as a legitimate app, WhatsApp Spy asks users to download a link and enter in a phone number to be “spied on”, claiming that it will send a file with copies of all of the offender’s chats for you to sift through. But again, all that’s really happening here is that the victim is getting signed up to a fee-based SMS service (though honestly, in this case, we’re having a hard time feeling bad for the victim, you know the one who really wanted to spy on his or her friends, but we digress).  
**Vouchers/Giftcards via WhatsApp –** Here is a perfect example of a scam that surges around this time of year on the platform. Just fill out a form or survey and get a voucher or gift card to your favorite store. The only catch here is that it’s completely fake. The link in the survey leads to a spoofed version of the store in question. To get the voucher, the user enters their personal data including email, phone numbers and other identifying information. The collected information is used in spam campaigns.  
**WhatsApp Voicemail –** Let’s say you get an email (yes, an email) stating that you have a few missed WhatsApp calls and you can listen to them just by clicking a link in the email. Would you hit that link to find out what you might have missed? If you answered in the affirmative, what you’re missing the most is grey matter. By clicking the link, users are directed to bogus pharmacy sites harboring malware. It should be fairly obvious that WhatsApp doesn’t send any emails, but for some reason this is one tactic that users fall for repeatedly.  
Back to the current video calling scam, just keep in mind that if you get an invite, it’s not the real deal. Don’t fret too much if you haven’t gotten access to the new video feature, you’ll get yours soon. Meanwhile, remember that scams are more prevalent at this time of year on all social media platforms. Your best bet to stay safe? Use your head at all times and think before you click.

WhatsApp is a great way to keep in touch with far off friends and relatives…

Coming to a Smartphone Near You! The Latest Round of WhatsApp Scams

As morning hits around the globe, the world is waking up to find out that Donald Trump has been elected the 45 president of the United States of America.  
It’s a shocker to say the least. The proverbial dark horse, coming in from behind, beset with scandals, a less-than-stellar reputation and no political background — who would have ever seen this coming?! All the [polls seemed to indicate a clear and easy win](https://blog.reasoncoresecurity.com/2016/10/05/is-cyber-security-worth-a-spotlight-at-the-debates/) for Camp Clinton. All the pundits said she was a shoo-in, with all her political acumen and years of service. But perhaps it shouldn’t be too surprising, the handwriting may just have been on the wall for quite some time. With many citizens frustrated by the traditional political elites and their ever expanding distrust, the results might seem almost predictable, when you look at it in hindsight, that is.  
**Surprise! You’ve been hacked!**  
When you think about it, a whole lot of things are less surprising when viewed in retrospect. They say that hindsight is 20/20 and there is a good reason for that — There are times that the signs are so clearly there, we just fail to notice them until it’s too late. And sometimes the price we pay for our lack of insight into the events happening around us can be a steep one. Like when you look at your credit card statement, only to come across charges you never made and when you hear from friends that you have been sending out “the strangest emails!”  
To curb the element of surprise and help keep you more than one step ahead, we’ll lay out some commonly missed signs that your device, and therefore your security and privacy, may be in big trouble:  
**You can’t login to your accounts** – Hackers may change passwords to buy themselves time and confound victims. You might experience this when try to log in to your email or social media account but it fails repeatedly. “Not enough coffee”, you mutter and try again. But lo, it still doesn’t work, no matter what you do. This is a pretty bad sign, because passwords and logins don’t change themselves.  
**Mysterious toolbars, pop ups and programs appear** – You open up your browser and it seems just a _wee bit different_ than it did yesterday. And hey, look at that! You have a new toolbar! Not to mention those programs or apps you’ve never heard of — Rest assured something fishy is going on. Hackers often get a kickback from rogue companies who get paid each time you click on their ads or pop ups. The emergence of toolbars, pop ups and programs should serve as a clear indicator that something nefarious is happening. Running a powerful malware solution like [RCS](https://www.reasoncoresecurity.com) keeps dangerous software from accessing and affecting your devices.  
**Your searches are being redirected** – That slightly odd browser (what, you don’t remember it’s spelled “khrome” ??) keeps sending you to even more odd shopping sites, no matter what web address you enter. Here too, hackers may get paid by companies to redirect searches to their own, dangerous or plain ‘ol bogus ones.  
**You’re sending super weird emails –** When a computer or device is compromised, hackers will use it to spread spam and malware. So no, you didn’t send out that email with the plea for money, and no, you’re not stranded in Trinidad with no way home.  
**Your network activity increases/you have a noticeably slow connection –** If your connection is slower than molasses, your computer might be part of a computer botnet, whose sole purpose is to deploy DDoS attacks.  
Keep a careful eye out for these signs and others like them – more often than not, they are symptomatic of a much larger issue and can’t be ingnored. Regardless of whether or not you fall into camp shocked/furious or shocked/overjoyed, you don’t want to be caught off guard when it comes to your security and privacy — because all the hindsight in the world can’t get your digital identity back.

As morning hits around the globe, the world is waking up to find out that…

Lessons Learned From the Election Shocker &#8211; Don&#039;t Let Hacks Take You by Surprise

Gather ‘round and we’ll tell you a tale (okay, a few tales) of mystery, murder, intrigue, and…. computers. Big computers, small computers, and most of all computers that aren’t really computers at all – they are coffee machines, or insulin pumps, or traffic lights, or baby monitors, or those frying pans that alert your phone so you can know when you are about to burn your scrambled eggs. Yes, today boys and girls, on this creepiest of all days, Halloween, we are telling unsettling, scary and downright “make-you-want-to-hide-in-your closet-under-a-pile-of-blankets-and-hope-nobody-will-notice-you-there” kind of scary stories of the Internet of Things.  
At its core, IoT is the idea that everything, be it a person, place, or thing has an IP address and can transfer data over networks. Including you. And your dog Rexie. And apparently your frying pan. Creepy sounding, yes but when you think about it, connectivity has its privileges – IoT has the potential to vastly improve certain industries, such as health care. In a world of IoT, emergency workers will be able to access critical patient information and share that information with doctors in a blink of an eye. When it comes to industries like manufacturing, wearable tech will help warn workers of hazards like overexertion and machine malfunctions.  
**Nightmare on IoT Street**  
This doesn’t mean it’s all rainbows and unicorns. As we saw so clearly in October 21 hack to DNS provider Dyn, internet connected things, like the DVRs and cameras used to commit the massive cyber crimes, are shockingly vulnerable. And when you put that idea of being super-vulnerable together with the realization that, at the rate we are headed, nearly every device in our homes will be connected to the internet in about 5 years time (yes, your shower curtain will cry out and simply beg to be cleaned, don’t say we didn’t warn you) one begins to understand that the implications of IoT are simply huge. And scary to boot, which is perfect, at least in terms of Halloween. So without further ado, we bring you true tales from the IoT side, read them… if you dare (insert evil laugh here).  
**Ransomware, IoT Style**  
Researchers at this past summer’s DefCon hacking conference demonstrated how they can infect smart thermostats with ransomware remotely. And at last year’s Black Hat conference, hacking pros showed how to hack and infect wearables with ransomware. At first glance, taking a coffee pot hostage might not seem so bad, after all what information could your coffee pot possible be holding already? That you like to guzzle down your java in one fiendish gulp before slamming your coffee skein down on the counter like Conan the Coffee Barbarian?  
But really, it’s a lot scarier than just the prospect of stealing whatever small amount of data that lives within that connection. The real issue here is that once these things are hacked, they can be controlled. Says Rob Conant, CEO of IoT firm Cirrent, “Holding data for ransom is one thing, but shutting down the electricity grid, cars, or traffic lights is quite another. Entire cities or regions could be impacted.”  
And while traditional ransomware attacks files, the vast scope of IoT allows this incarnation to cause disruption on a much grander scale. According to Neil Cawse, CEO at Geotab “due to the many practical applications of IoT technology, its ransomware can shut down vehicles, turn off power, or even stop production lines. This potential to cause far more damage means that the potential for hackers can charge much more, ultimately making it an appealing market for them to explore.” Just image if hackers took control of your heating system in the dead of winter or your refrigerator right before Thanksgiving — chances are you would be willing to pay a whole lot of money to get them back under your control ASAP.  
**Hacked Traffic Lights**  
Let’s pretend you’re driving down a busy but moving street and you get to a red light. Then in but an instant, it’s green again. And now,  the traffic flowing from the opposite direction begins to drive as well, and then the cars from the lanes that bisect your lane begin to drive. Sounds pretty catastrophic, right? This chaos is what ensues when traffic lights get hacked.  
Though it sounds like something out of a movie, it’s actually pretty easy to pull off and requires nothing more than a traffic light and unencrypted radio signals. Traffic lights are often internet-ready so controllers can share information with each other regarding traffic and road conditions. They send their messages using specific Industrial, Scientific and Medical (ISM) bands like  900MHz or 5.8MHz. With the use of these wide open radio frequencies, factory default usernames and passwords and easy-to-attack debugging ports, researchers at The University of Michigan were able to able to take command of the traffic lights used to direct traffic in parts of the state.  This shockingly flawed design is currently used by more than 40 states to direct traffic flow. So remember to drive with caution this Halloween, (and every day, really) — you never know when the lights will pull a trick on you.  
**Menaced Medical Devices**  
Hacks to the outside world are scary enough – but what about when hackers try to infiltrate devices inside of people? Researchers at the University of South Alabama wondered about this too and in search of an answer, they hacked pacemakers put into iStan, a medical patient simulator — essentially, a patient who is actually a highly realistic robot.  
According to [reports from Motherboard](http://motherboard.vice.com/read/hackers-killed-a-simulated-human-by-turning-off-its-pacemaker), they hacked into iStan’s pacemaker and played around with his heart rate, speeding it up and slowing it down. According to Mike Jacobs, University Director of the simulations program, “It’s not just a pacemaker, we could do it with an insulin pump, a number of things that would cause life-threatening injuries or death.”  
Using DDoS attacks, brute force attacks (repeatedly attempting to gain access by guessing password combinations) and security control attacks, they were eventually able to kill iStan. Lest you think they were able to off him because he’s not really a “he” and is more of an “it”, think again. The fact that iStan is a robot had nothing to do with how they were able to access and breach his pacemakers, creating a very scary new reality – in The Internet of Things, all someone needs to commit a heinous crime is knowledge of how to hack a setting on their victim’s insulin pump.  
**IoT – It Ain’t Child’s Play (1 and 2, or even Bride of Chuckie)**  
So are you planning on sleeping with your lights on? Well, if they are smart lightbulbs like the ones made by camera giant Vivitar, maybe that’s not the best solution. If you really want to mitigate some of the IoT insanity make sure to change all factory default passwords and make sure you’re updating your smart devices on a regular basis. Until then, just turn out all your lights and set a few candles into your creepy-faced jack-o-lantern and tell super scary stories of the days when there was no internet, no Netflix, and people were just bored and disconnected some of the time. That ought to send everyone screaming and back under their pile of blankets. Happy Halloween!

Gather ‘round and we’ll tell you a tale (okay, a few tales) of mystery, murder,…

Creepy Tales from the Internet of Things Crypt

Attention any and all persons weighing 400 pounds or more — Donald Trump thinks you might be behind the breach at the Democratic National Committee. Nay, counters Clinton, it was definitely Russia (would have been our first guess, looking back at the vast majority of hacks over the last year). Well, continues The Donald, “The security aspect of cyber is very, very tough”. Ahh, so began the presidential _circu_…debates, and as with all other areas of life nowadays, cyber security is a hot button topic.  
**Oh right… _cyber security!_**  
Well, that’s true, but it’s also not quite so true – Although cyber security did get somewhat of an honorable mention during the course of that first 90 minute debate between the two presidential hopefuls, it was nothing more than that. Which is odd, given the fact that it’s been one of the most prominent issues at play within and alongside the election so far – from Hillary’s email fiasco to the everyday occurrences of mega breaches marring headline news. And yet, in the debates designed to prove which candidate has what it takes to lead their country in this clearly digital age, neither has much more than a clue.  
As is so obviously displayed in the news, threats to our digital integrity are everywhere and they multiply in force with inaction. With every passing day, our physical world and the digital world become further intertwined. Already, we often don’t know where our dumb objects end and our smart gadgets begin. We work via mobile devices from anywhere, and never actually have to leave our homes again to shop, bank or learn (but you’ll still need to go outside to catch Pikachu….Is that even a thing anymore or was that like _so two months ago?_) And yet governments, corporations, regular ol’ folks like me and you, and yes, even presidential candidates aren’t doing enough to tackle cyber security threats.  
**Just what’s at stake?**  
Lest you think losing data isn’t worthy of being a presidential concern, think again. It can have disastrous and far reaching effects on every sector of society and the economy too. The candidates are going to have to come up with something a bit more beefed up than agreeing that it’s a big deal. Here are just some of the verticals affected by a weak national stance on cyber security:  
**Individuals** – With some easily attainable information like education, employment history (hackers can get that off LinkedIn) or DOB (don’t worry, Facebook does a fantastic job of letting the whole world know about your birthday) or by getting their grubby hands on your mobile device, hackers can string together the information they have to commit identity fraud. They can use your stolen identity to clear out your bank accounts and in some extreme cases, have you placed in jail for crimes you didn’t commit.  
**Businesses** – When it comes to business, hackers simply adore cashing in on the confusion and complexity that’s so common in corporate networks. The average yearly loss due to breaches for a large company is hovering around 4 million dollars. If you work for a company that gets hacked, you might just lose your hard-earned yearly bonus.  
**Health Care –** One particularly upsetting vertical getting the daylights hacked out of it is healthcare. If you’re in the hospital and your records cannot be accessed because hackers are holding that data hostage in a ransomware attack, you’ve got big, big problems. And if you need a medical procedure, (your medical records are back by now, because the hospital paid a cool $50000 to make sure patients like you don’t die) let’s say something like having a pacemaker put in, well, be aware, attackers have been known to hack into internet-connected medical devices — and it’s only a matter of time before they do some serious damage.  
**The Government** – What’s on the line when governments get hacked? Great question! Well in the case of the Office of Personnel Management last summer, the identities of 21.5 million government employees were exposed. Whichever country that was behind the hack (_cough…China!…cough, cough_) obtained the DOB, social security numbers, fingerprints and clearance levels of government employees, contractors, family members and anyone else who had undergone a federal background check. And in April, the Turkish government saw the records for 50 million people stolen, including DOB, names addresses and notational ID identifiers. The hackers netted far more than necessary to pull off mass identity fraud.  
**And now… hacking voting machines?!**  
Back to the upcoming presidential _circu_… Uh, right — elections.  
In light of the DNC breach, coupled with the speculative talk that a group of Russian hackers, known as Fancy Bear, tried to hack the general election in the UK last year, some people are beginning to fear that electronic voting machines in the US might become the next hot attack vector. Currently, only a handful of states have these machines but according to researchers, they can be used to enter in hundreds of fraudulent votes in a matter of minutes if you know how to do it. Another alarming fact is that these electronic voting machines are connected to the internet via WiFi, without strict security guidelines in place — and thus, can be intercepted by hackers.  
Homeland security is currently pushing to place voting machines in the critical infrastructure category, which would mean that they would be subject to some very strict security standards across the country. Already in this category are hospitals, power grids, banking system, airports, water systems, nuclear reactors and some other really important assets that are key elements in maintaining a functioning society. But for now this isn’t the case — and the elections are next month. _Hmmm_.  
**What does all this mean for you?**  
Well, no matter what, you should still get out there and vote on Tuesday, November 8th and hope that regardless of where you live, the vote you cast will remain your own. It also means that just because some key players in our society haven’t yet managed to grasp the gravity of keeping our digital assets secure, doesn’t mean you have to bury your head in the sand.  
Sure, as Donald said “The security aspect of cyber is very, very tough” but it’s not quite so tough when you’re armed with the right knowledge and tools. Just by being aware of the issues and taking them seriously, you can being to establish a better security posture. To get some ideas on how to take charge of your digital security, [check out our post here](https://blog.reasoncoresecurity.com/2016/09/14/happy-online-learning-day-yup-its-really-a-thing/) — it’s chock full of great resources to get you headed in the right and more secure direction. And meanwhile, break out your popcorn and peanuts, the next debate is scheduled for this upcoming Sunday night, October 8th.  
Let’s see who says what this time around…

Attention any and all persons weighing 400 pounds or more — Donald Trump thinks you…

Is Cyber Security Worth a Spotlight at the Debates?

In the age of digital transactions, platforms like PayPal’s mobile payment platform [Venmo](https://venmo.com/) have revolutionized the way we exchange money, with instant gratification high on the agenda. However, with convenience comes a new set of challenges. One such challenge is the rise of payment scams on social media platforms - for example, Venmo scams on Facebook Marketplace. 

In this blog, we'll delve into what Venmo scams are, how they work, and most importantly, how you can protect yourself from falling victim to Venmo scams.

## Is Venmo safe to use?
Venmo, like many other online financial platforms, is generally safe to use when you follow best practices for security and privacy. But while Venmo offers several security features to protect your account and transactions, and offers a level of online security and identity protection, it is essential for users to be aware of potential risks and take precautions, as no system is entirely foolproof. Your own vigilance and responsible use of the platform play a crucial role in keeping your Venmo account safe. In particular, users should be aware of scams that are currently operating. 

Additionally, following best practices are also advised e.g. keeping the Venmo app and any associated software up to date, as updates often include [security patches](https://cyberpedia.reasonlabs.com/EN/patch%20updates.html) and bug fixes.

## Can you get scammed on Venmo?

Venmo scams are fraudulent schemes or deceptive tactics that exploit users of the popular peer-to-peer payment platform, Venmo. These scams can take various forms, with Venmo email scams that attempt to alarm or excite users being a popular tactic - and all types of scams involving attempts to trick users into sending money to scammers, or divulge sensitive personal information. 

Some common types of Venmo scams include:

- **Fake Venmo Payment Requests**: Scammers create fake payment requests on Venmo that appear to be from friends, family members, or trusted individuals. They may claim to need money for emergencies, bills, or other reasons. Unsuspecting users then send the money thinking they are helping someone they know, only to realize later that it was a scam.
- **Purchase Scams**: Scammers pose as sellers on online marketplaces or classified ads platforms, offering products or services at attractive prices. They convince buyers to use Venmo for payment, and once the money is sent, the scammer disappears without delivering the promised goods or services.
- **Overpayment Scams**: In this scam, a scammer offers to purchase an item from a seller and sends a Venmo payment for more than the agreed-upon amount. They then ask the seller to refund the excess amount. The initial payment is typically fake, and once the seller refunds the excess, they lose their own money.
- **Investment Scams**: Scammers may pose as financial advisors or investment professionals, promising high returns on investments made through Venmo. They persuade victims to send money, claiming it will be invested, but the funds are actually stolen.
- **Phishing Scams**: [Phishing scams](https://cyberpedia.reasonlabs.com/EN/phishing.html) involve sending users fake Venmo emails or messages that appear to be from Venmo itself. These messages often request personal information, such as login credentials or financial details, which are then used to steal money or commit identity theft.
- **Prize or Sweepstakes Scams**: Scammers contact users, claiming they have won a prize or sweepstakes and need to send a small fee or cover taxes to claim their winnings. Victims send money, but there are no actual winnings, and the scammer disappears.
- **Rental Scams**: In rental scams, fraudsters pose as landlords or property managers, offering rental properties at low prices. They ask for a security deposit or rent payment through Venmo, but the property doesn't exist, or they have no authority to rent it out.
 
## Is it safe to give someone your Venmo username?

While sharing your Venmo username itself is theoretically safe, you should always exercise caution and consider the context in which you're sharing it. In general, it is relatively safe to share your Venmo username with someone because it is used for the sole purpose of receiving payments. When someone sends you money on Venmo, they need your username to locate your account and complete the transaction. However, bearing in mind the number of scams on the horizon, there are some important considerations to keep in mind:

- **Avoid scams**: Be vigilant about potential scams - scammers might request your Venmo username to send fraudulent payment requests or to impersonate you in a scam.
- **Privacy Settings**: Venmo allows you to customize your privacy settings, so you can choose to make your transactions public, visible only to your friends, or completely private. Review your settings and adjust them according to your comfort level with sharing transaction information. 
- **Be selective**: Only share your Venmo username with people you trust or individuals involved in legitimate transactions. Be cautious when sharing it with strangers or in public forums. Avoid sharing any other sensitive information, such as your password or financial details, with anyone who asks for it, as this could be a sign of a scam.
- **Password security**: Ensure that your Venmo account is secured with a strong, unique password that you don't share with anyone.

## What are Venmo Scams on Facebook Marketplace?
Venmo [Facebook Marketplace](https://www.facebook.com/marketplace/) scams involve fraudsters attempting to deceive users into sending them money through Venmo for goods or services on Facebook Marketplace that don't actually exist. These scams often target individuals looking to buy or sell items on the Marketplace, taking advantage of the trust and convenience associated with these platforms.

Venmo scams on Facebook Marketplace are carried out using a system of con tactics:

- **Fake listings**: Scammers create enticing listings for products or services they don't intend to deliver. These listings often feature attractive prices and high-demand items, luring potential buyers.
- **Smooth communication**: After expressing interest in a listing, the scammer initiates contact with the victim. They may use convincing language and employ tactics to build trust, such as claiming to be in urgent need of money or sharing a heart-wrenching story.
- **Request for Venmo payment**: The scammer convinces the victim to make a Venmo payment for the item or service. They might argue that this payment method is quicker and safer, as it offers some buyer protection.
- **Disappearing act**: Once the payment is made, the scammer vanishes. The victim is left empty-handed, with no recourse to recover their funds.

## How to avoid Venmo scams
While it can be distressing to realize you have been the victim of a scam, we do have a few tips to help users avoid Venmo scams on Facebook Marketplace and other platforms:

1. **Research the seller**: Always research the seller before making a purchase. Check their profile, reviews, and history of transactions. Be wary of sellers with no or limited activity.
2. **Verify listings**: When making purchases through Venmo, verify the legitimacy of the products or services being offered, and use secure payment methods whenever possible.
3. **Use Facebook Messenger**: Conduct conversations within Facebook Messenger rather than switching to external platforms. This allows you to maintain a record of the conversation and report any suspicious behavior to Facebook.
Insist on in-person transactions: Whenever possible, opt for in-person transactions. If a seller insists on using Venmo, consider it a red flag.
4. **Verify the item**: If you're purchasing a physical item, ask for detailed photos, descriptions, and proof of ownership. Verify that the item exists and is in the condition described.
5. **Avoid unusual payment requests**: Scammers often pressure victims to use Venmo for transactions. Be cautious if the seller refuses other secure payment methods like PayPal or cash upon pickup.
6. **Trust your gut**: If a deal seems too good to be true or if the seller's behavior raises suspicions, trust your instincts and walk away.
7. **Report suspicious activity**: If you encounter a suspicious listing or seller, report it to Facebook immediately. The platform takes scams seriously and can take action against fraudulent accounts. Be wary of unsolicited messages or requests for money. If something seems suspicious or too good to be true, it probably is.
8. **Enable [two-factor authentication (2FA)](https://cyberpedia.reasonlabs.com/EN/two-factor%20authentication%20(2fa).html)**: Activate 2FA for your Venmo account to add an extra layer of security. This will help protect your funds from unauthorized access.
9. **Dark web monitoring**: Use a dark web monitoring tool such as Online Security to alert you if your username and password details are being sold on the dark web - a criminal can use this information to try and hack your account
10. **Use trusted sources**: Only conduct financial transactions on Venmo with people or businesses you trust. Be cautious when dealing with unfamiliar individuals or online sellers.
11. **Educate yourself**: Stay informed about common scams and tactics used by fraudsters to recognize and avoid them.

## Venmo fraud protection: Does Venmo protect against scams?

Venmo, like other financial platforms, offers some fraud protection measures to help users safeguard their accounts and funds. However, the level of protection may vary, so it's essential to be aware of these features and how they work:

- **Security alerts**: Venmo may send alerts or notifications to users for unusual or potentially fraudulent account activities. For example, if there are suspicious login attempts or large, unusual transactions, Venmo may notify the account holder.
- **Two-factor authentication (2FA)**: Venmo offers the option to enable 2FA, which adds an extra layer of security to your account. With 2FA, you'll need to provide a one-time code (usually sent to your mobile device) in addition to your password when logging in.
- **Transaction monitoring**: Venmo employs automated systems to monitor transactions for suspicious activity. If a transaction seems out of the ordinary or matches known fraud patterns, it may be flagged for further review.
- **Customer support**: Venmo provides customer support to assist users with account-related issues, including fraud reports. Users can contact Venmo's [customer support](https://help.venmo.com/hc/en-us/requests/new?ticket_form_id=624807) to report unauthorized transactions or other security concerns.
- **Dispute resolution**: Venmo allows users to dispute transactions if they believe they've been a victim of fraud or if there is a problem with a transaction. Venmo will investigate the dispute and may reverse or refund the transaction if it's determined to be fraudulent or in violation of their policies.
- **Purchase protection**: Venmo may offer limited purchase protection for certain eligible transactions, such as purchases made through authorized merchants. This protection typically covers issues like non-delivery of goods or receipt of items significantly different from what was described.
- **Privacy settings**: Venmo allows users to customize their privacy settings, which can help control who can see their transactions and financial activity. Adjusting these settings can add an extra layer of security.
- **Email and phone verification**: Venmo encourages users to verify their email address and phone number, which can help enhance account security and recovery options.

Facebook Marketplace and Venmo can be convenient ways to buy and sell items, but they also attract scammers looking to exploit unsuspecting users. By staying informed and vigilant and practicing good digital security hygiene, you can minimize the risk of falling victim to Venmo scams. Remember to verify sellers, insist on secure payment methods, and report any suspicious activity. Your awareness and caution can help protect you and others from becoming victims of online scams.

For more information on other current online scams and identity protection, visit [https://reasonlabs.com/blog](https://reasonlabs.com/blog).


Venmo scams are fraudulent schemes that exploit users of the popular peer-to-peer payment platform, Venmo - involving attempts to trick users into sending money to scammers, or divulge sensitive personal information. 

Venmo Scams.jpg

11 Tips To Avoid Venmo Scams On Facebook Marketplace

## What do I do if I’ve been hacked on Facebook

If you are reading this blog, it’s most likely because you’ve noticed suspicious activity regarding your Facebook account, and you are wondering, ‘What do I do next?’

With over [2.8 billion](https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/) monthly active users, [Facebook](https://www.facebook.com/) (also known as the moniker “FB”), has become an integral part of our lives, connecting us with friends, family, and the wider world. As well as a user’s own profile page, there are groups to join, pages to look at, and friends’ profiles to comment on - making Facebook scrolling an addictive pastime. However, due to its immense popularity, this leading social media platform has also become a prime target for hackers and [cybercriminals](https://cyberpedia.reasonlabs.com/EN/cybercriminal.html) looking to exploit personal information, enact scams, and generally wreak havoc on our digital lives.

It can be very distressing to discover that your Facebook account has been hacked, and your data violated, but taking swift action and increasing awareness can help you regain control and protect your privacy. This blog post will explore what to do if your Facebook account was hacked and password changed: How to manage a hacked Facebook account recovery, how to report a compromised Facebook account, and what to do to prevent FB hacks from happening in the first place.  

## Facebook.com hacked
Besides personal account takeovers and other account hacks, Facebook itself has experienced [several significant security incidents](https://firewalltimes.com/facebook-data-breach-timeline/) and [data breaches](https://cyberpedia.reasonlabs.com/EN/data%20breach.html) over the years. Some notable instances include:

- 2007 - 2008: Facebook suffers from multiple [spam](https://cyberpedia.reasonlabs.com/EN/spam.html) attacks and [phishing](https://cyberpedia.reasonlabs.com/EN/phishing.html) scams targeting users.>data breach
- 2010 - 2011: "[Koobface](https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/koobface)" worm spreads through Facebook, tricking users into downloading [malware](https://cyberpedia.reasonlabs.com/EN/malware.html).
- 2013 - 2014: Facebook faces various technical issues, including a [data breach](https://www.reuters.com/article/net-us-facebook-security/facebook-admits-year-long-data-breach-exposed-6-million-users-idUSBRE95K18Y20130621) that involved the exposure of users' private information through a bug, and the leak of millions of Facebook users' phone numbers and email addresses.

- 2018 [Cambridge Analytica scandal](https://www.vox.com/policy-and-politics/2018/3/23/17151916/facebook-cambridge-analytica-trump-diagram): A political consulting firm improperly obtained and exploited data from tens of millions of Facebook profiles for political advertising purposes, without users' consent.

## Facebook account hacked and locked: How to recognize the signs 
Recognizing the signs of potential compromise is the first step in safeguarding your Facebook account. Some common indicators that your Facebook account has been hacked and password changed include:

- **Unauthorized login attempts**: If you receive notifications about login attempts from unfamiliar devices or locations, your account may have been compromised.
- **Suspicious activity**: Unfamiliar posts, messages, or friend requests appearing on your timeline can be a sign of unauthorized access.
- **Missing or altered personal data**: Hackers may change your profile information or delete content, affecting your online identity.

## Facebook password hacked
If you notice that your password or recovery information has been altered without your knowledge, this is also a cause for concern. It’s time to do some damage control: If you can still access your account, change your password immediately!  Use a strong and unique password that includes a mix of upper and lowercase letters, numbers, and special characters. It’s also often recommended to make your password between 8-14 characters in length.

## What do I do if I’ve been hacked on Facebook?
If you find yourself asking the question, “What do I do if I’ve been hacked on Facebook?” it's crucial to act swiftly. Follow the steps below as soon as possible, in order to minimize the potential damage:

1. **Log out of all devices**: If you still have access to your account, log out from all devices immediately. This can be done by going to "Settings & Privacy" > "Settings" > "Security and Login" > "Where You're Logged In." From there, you can log out of all sessions.
2. **Secure your computer and devices**: Run a security scan on your computer and other devices with a next-generation endpoint security system like [RAV Endpoint Protection](https://reasonlabs.com/platform/products/endpoint-protection) that can detect malware or viruses that could have contributed to the hack.
3. **Warn your contacts**: If the Facebook hacker sent suspicious messages or posts from your account, you need to let friends and contacts know that “someone hacked my Facebook” and your account has been compromised. They should be aware of any Facebook Messenger that they receive ostensibly from you, and it’s important that they do not click on any suspicious links or provide personal information.
4. **Monitor account activity**: Keep an eye on your account for any unusual activity, even after you’ve secured it. This will help you detect any further unauthorized access. Additionally, stay vigilant against any other scams or phishing attempts that may be targeted at you during this time.

## Report Facebook account hacked
Facebook offers several security features to help you maintain the integrity of your account. As well as following the action items mentioned above, if you believe your Facebook account has been hacked you need to report the issue to Facebook as soon as possible. For hacked accounts, go to the [Facebook Help Center](https://www.facebook.com/help/) and search for "Hacked and Fake Accounts." Follow the provided instructions to report compromised Facebook accounts.

## Recovering a hacked Facebook account 
Recovering a hacked Facebook account takes a little bit of time and patience, but if your Facebook account has been hacked, you can take immediate action to secure and recover it, and regain access. To recover a hacked Facebook account, follow the steps below:
- **Change your password**: If you can still access your account, change your password immediately. As mentioned earlier, make sure to choose a strong password that includes a combination of letters, numbers, and special characters.
- **Forgot password**: If you can't access your account, go to the Facebook login page and click on the "Forgot Password" link. Follow the prompts to reset your password. You may need to provide information like your email address, phone number, or security questions associated with your account 
- **Recover hacked Facebook account**: If you are now locked out of your account or unable to reset your password because the hacker has changed your email address or phone number, use Facebook's account recovery options. Go to the Facebook login page, click on "Forgotten account?" and follow the prompts to regain access.
- **Secure your email**: If the email address associated with your Facebook account has also been compromised, recover your email account first. Most services, including Facebook, use your email for password recovery.
- **Enable two-factor authentication (2FA)**: Once you regain access, enable [two-factor authentication](http://cyberpedia) for your Facebook account. This adds an extra layer of security by requiring a code from your mobile device in addition to your password.
- **Review account activity**: Check your recent account activity to see if there have been any unauthorized actions. Facebook provides a way to view active sessions and log out of them.
- **Remove suspicious apps**: Review the apps and services connected to your Facebook account, and remove any apps you don't recognize or trust.
- **Contact Facebook support**: If you're unable to recover your hacked Facebook account using the standard methods, you can contact Facebook's support for assistance. Use their [Help Center](https://www.facebook.com/help) or support channels to report the issue.

## Preventing a “Facebook account hacked and locked” scenario 
While recovering a hacked Facebook account is essential, it's equally crucial to take measures to prevent a Facebook account ‘hacked and locked’ scenario from occurring in the first place. You can safeguard your account from future attacks by taking the following preventative measures:

- **Use strong passwords**: Create unique and complex passwords that include a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessable information, such as your name or birthdate.
- **Keep your email account secure**: As your Facebook account is often linked to your email, make sure your email account is well-protected with a strong password and two-factor authentication.
- **Be wary of phishing attempts**: Be cautious of suspicious links or emails claiming to be from Facebook. Avoid providing your login details on unfamiliar websites.
- **Regularly review connected apps**: Periodically check the apps and websites connected to your Facebook account, and remove any that you no longer use or trust.

## Educate yourself and stay informed
While discovering that your Facebook account has been hacked can be a distressing time, taking swift action and staying informed about the latest security features and best practices can help you regain control and secure your profile.

Be cautious of suspicious links and emails, as hackers often use phishing tactics to gain access to your account. Familiarize yourself with Facebook's privacy settings and adjust them to suit your preferences. Learning to recognize the signs of a compromised account, changing your password, enabling two-factor authentication, and utilizing Facebook's security features are essential steps to secure your privacy and protect against online [identity theft](https://cyberpedia.reasonlabs.com/EN/identity%20theft.html). 

Lastly, avoid using the same password for multiple accounts. By staying educated and vigilant, you can enjoy a safer and more secure experience on the world's largest social media platform.

For more information and advice on staying safe online, visit [reasonlabs.com](http://reasonlabs.com). 


It can be very distressing to discover that your Facebook account has been hacked, and your data violated, but taking swift action and increasing awareness can help you regain control and protect your privacy. 


Facebook Hacked.jpg

My Facebook Account is Hacked & Email Changed! What to Do?

## How can someone scam you through Zelle?
In an age of instant gratification, [Zelle](https://www.zellepay.com/) is a convenient and popular peer-to-peer payment platform that allows users to quickly and easily send and receive money. However, while Zelle offers a secure way to transfer funds, unfortunately, it's not immune to scams. This recent [Bank of America Zelle scam](https://abc7news.com/bank-of-america-zelle-scam-fraud-warning/13599954/) is a perfect example, where bank customers saw thousands of dollars stolen from their accounts. 

Scammers are always finding new ways to exploit unsuspecting users. Zelle payment scams are on the rise, with certain scamming tactics becoming increasingly common as they prey on unsuspecting users. 

So how can someone scam you on Zelle? Is Zelle safe to use? How safe is Zelle for sellers? And is it safe to receive money through Zelle? This blog will examine some of the most common Zelle scams, and how to prevent them from happening.

## Phishing scams using Zelle
[Phishing](https://cyberpedia.reasonlabs.com/EN/phishing.html) scams are one of the most prevalent forms of online fraud, as detailed in the latest [Online Security Trends Report](https://reasonlabs.com/research/online-security-trends-report-2023) by ReasonLabs. The Zelle platform is no different: In a typical Zelle phishing scam, the user may receive an email or text message that appears to be from Zelle, asking them to click on a link and provide personal or financial information, such as bank account details or Zelle login credentials. Scammers can then use these details to gain unauthorized access to your account or steal your money.

To protect yourself from phishing scams using Zelle:

- Always double-check the sender's email address or phone number to ensure it's legitimate before clicking on any links or providing any information.
- Zelle will never ask for sensitive information via email or text. If you receive such a request, be highly suspicious.
- If in doubt, contact your bank or Zelle's [customer support](https://www.zellepay.com/contact-us) through their official website in order to verify the authenticity of any communication.

## Overpayment scams using Zelle
Overpayment scams using Zelle go as follows: Someone offers to buy goods or services from you using Zelle, but sends an excessive amount of money. They may claim it was a mistake and ask you to refund the excess amount via Zelle. After you refund the money, their initial payment is reversed or canceled, leaving you out of pocket.

To protect yourself from overpayment scams using Zelle:

- Be cautious when dealing with strangers in online transactions. Ensure that you're selling to a reputable buyer.
- Only accept the exact amount agreed upon for your goods or services.
- Never send money back to the buyer before confirming that the initial payment has cleared and is legitimate.

## Fake check scams with Zelle
A fake check scam is when someone sends you a check via Zelle for a larger amount than owed for a product or service, then asks you to refund the excess. The check may initially appear to clear, but it will eventually bounce, and you'll be responsible for the full amount.

To prevent being the victim of a fake check scam:

- Be skeptical of offers that involve receiving checks for goods or services.
- Always verify the legitimacy of any checks you receive, especially if they are for a significant amount.
- Avoid refunding any excess funds until the check has fully cleared, which can take several days.

## Impersonation scammers using Zelle
 
Scammers may pose as friends, family members, or businesses you trust, such as your bank - and request transactions via Zelle. They often use stolen or compromised accounts to make their requests appear legitimate. However, one of the most important rules of thumb is that a bank will never ask you for private details over an email or text message - and if the ‘request’ is coming from someone you know personally, it’s well worth double-checking with them via another means of communication.  

How to identify an impostor using Zelle:
- Always verify the identity of the person making a request, especially if it's for a significant amount of money.
- Contact the person directly through a trusted means, such as their known phone number, before fulfilling any requests for money.

## Zelle scams on Facebook Marketplace
[Facebook Marketplace](https://www.facebook.com/marketplace/) has grown into a popular platform for buying and selling items and provides a convenient way for users to connect and make transactions. However, just like any online marketplace, it's not immune to scams, and Zelle Facebook scams are no different:

- **Fake listings**: Scammers often create enticing listings for products or services that are too good to be true. These listings might feature high-end electronics, luxury items, or vehicles at exceptionally low prices. When you express interest in the item, the scammer will typically offer to conduct the transaction via Zelle.
- **Pressure to use Zelle**: Scammers may insist on using Zelle for payment and provide various reasons for doing so. They might claim it's faster, more secure, or that they've had issues with other payment methods. In reality, they prefer Zelle because it offers fewer protections for buyers.
- **Phishing links**: Some scammers use phishing links to trick buyers into sharing their Zelle login credentials or personal information. They might send you a message with a link that appears to be from Zelle or Facebook, asking you to log in to confirm your payment.
- **No physical meeting**: Scammers often avoid meeting in person and suggest shipping the item or using a third-party courier service. This way, they can disappear with your payment without delivering the promised product.

Always prioritize safety and use common sense when making transactions. If something doesn't feel right or raises suspicion, it's better to walk away from the deal than risk losing your money. 

Here’s how you can protect yourself from Zelle scams on Facebook Marketplace:

- Always double-check the URL in the address bar to ensure it's the official website of the platform you're using.
- Never click on suspicious links or provide your login credentials in response to unsolicited messages. Instead, go directly to the platform's website or app to perform any actions.
- Whenever possible, conduct transactions in person and meet the seller in a safe, public location.
- If shipping is the only option, use a reputable shipping service and insist on tracking information and proof of delivery. 
- Be cautious of deals that seem too good to be true. If a listing appears too cheap compared to market value, it may be a scam.
- Research the seller's profile and history on Facebook Marketplace. Look for positive reviews and a track record of successful transactions.
- Be wary of sellers who push you to use a specific payment method. Facebook Marketplace allows multiple payment options, so you have the flexibility to choose a method that you're comfortable with.
- If a seller insists on using Zelle, consider it a red flag and proceed with caution.

Zelle is a convenient tool for transferring money, but it's essential to stay vigilant and informed about potential scams. By following these tips and exercising caution, you can protect yourself from falling victim to Zelle scams. Remember that if something seems too good to be true or appears suspicious, it's better to be safe than sorry. Stay informed and take proactive measures to keep your finances and personal information secure.

You can also take proactive measures to stay safe when browsing, making purchases, or interacting online, by using a browser extension like [Online Security](https://reasonlabs.com/platform/products/extension), which can alert you if you try to access a suspicious website, link, or download. For more information on how to stay vigilant when it comes to [identity protection](https://cyberpedia.reasonlabs.com/EN/identity%20protection.html) and your online presence in order to avoid falling victim to scams or [data breaches](https://cyberpedia.reasonlabs.com/EN/data%20breach.html), visit us at [https://reasonlabs.com/blog](https://reasonlabs.com/blog).



Scammers are always finding new ways to exploit unsuspecting users. Zelle payment scams are on the rise, with certain scamming tactics becoming increasingly common as they prey on unsuspecting users.

The Gooligan Android Breach – What you Need to Know

Recent Articles

Discover more

The Gooligan Android Breach &#8211; What you Need to Know

Recent Articles

Discover more

The Gooligan Android Breach – What you Need to Know