The Bottom Line
Small business is important to Central Oregon, and to Mid Oregon. Find tips and resources for business, and information about Mid Oregon’s commercial services and business members.
How to Avoid Apple App Scams
Fake apps are an ongoing problem for the Apple App Store. With nearly 1.8 million apps in their store, Apple estimates it makes approximately $65 billion a year from the apps. They have a dedicated Discovery Fraud Team and technology to keep scam apps out. But, fraudsters still find a way of sneaking in. A Washington Post report found that out of Apple’s 1,000 highest-grossing apps, nearly 2% are some type of scam. Many fake apps can deliver malware to a device, but others are just looking to make a quick buck with financial scams.
Apple insists they take great strides to keep infected apps out of their store, saying that in 2020, they removed over 400,000 apps from their store for assorted reasons. But for those who have fallen victim to these fake apps, the company didn’t go far enough. According to Appfigures research, fraudulent apps cost users an estimated $48 million last year. That’s a hefty price tag for app lovers to pay, but there are ways to avoid downloading the next scam app.
What Apple app scams look like
The road to downloading a safe app can be challenging, but not hopeless. You should never sideload apps, which is downloading apps from other sites other than the official app stores. Many bogus apps misuse company names for cover, taking a closer look at the app title can be revealing.
For example, Samsung TV owners can go to Apple’s App Store and download the SmartThings remote control app. One security researcher did just that and came across an app called Smart Things. After paying $19 for the Smart Things app, you will discover you’ve just been scammed. The difference between the two? The scam app has a space separating both words. One added or deleted space is sometimes all it takes to fall prey to sneaky fraudsters.
Messing with app names is very similar to typosquatting, also called URL or domain hijacking, when a bad actor misspells a domain name to get traffic to their website. The same is done with apps. As the example above shows, scam apps can hide in plain sight.
The devil is in the details
Scrutinizing app names for subtle differences is a proven way to protect yourself from copycat app scams. Relying on app reviews for legitimacy is risky business since they too can be faked. Scammers count on users not checking name details, allowing them to typosquat app names to their advantage. Check and double check app spellings, looking for typos, strange spacing, misspellings, and more.
For more articles on phishing scams, cybersecurity and related topics, visit Mid Oregon’s Security and Fraud Center.
Signs from Cards
Signs you should curb your credit card usage
By Chris O’Shea* Credit cards are helpful in many ways. But if they’re used incorrectly, they can become quite the burden. Here are some signs that you should be curbing your credit card usage.
Your budget is busted
Keeping a detailed budget is key to financial health. If you use a budget, you’ll have a section for paying off your credit card in full, every month. Paying your bills on time (even if you don’t pay them in full) in turn helps your credit.
However, if you don’t stick to a budget, or never even bothered to create one, you should be wary of using credit cards. If you don’t have any idea about monthly expenses, it’s way too easy to simply reach for your credit card to pay for something. Then, when the end of the month comes and the bill is due, surprise! You don’t have enough in your bank accounts to pay the balance. Now you’re looking at interest charges. It’s a cycle you don’t want to begin or continue. Create and stick to a budget so that when you do use your cards, you’ll be able to pay them off every month.
Your spending is off the rails
As USA Today notes, if you’re spending more than you should be, it’s time to press pause on your credit card usage. The best way to know if you’re spending too much? That budget we just mentioned. If you’re spending too much, dive into your budget and see where things are going wrong.
You’re deep in debt
It’s hard to climb out of credit card debt if you keep using your cards. If you’re only making minimum payments on your balance each month, the interest piles up quickly. Instead of continuing to add to the problem, craft a plan to dig out of the debt. Remove your cards from your phone and computer. Put them in the freezer. Whatever you have to do to stop using them while you pay down the debt.
*This guest article is from the “Your Money Blog” in ‘Mid Oregon’s Digital Banking Credit Savvy resource.’ It is made possible by Savvy Money. “Signs from Cards” by Chris O’Shea was published in July 2021.
Understanding the Different Types of Phishing Scams
Cybercriminals continue to improve the tools they use for phishing scams. They steal money, identities, credentials, and more every day from individuals and organizations. Even the most cyber-savvy users can be scammed if they don’t pay close attention. To protect yourself, it’s helpful to understand the different types of phishing scams.
Email Phishing Scams
Email is the most popular type of phishing scams. Victims open and act on phishing emails that include fake domain names and redirected URLs. The email’s subject line and content often look legitimate and designed to get a response. Cybercriminals use many tricks to gain your trust, hoping you won’t notice.
- Closely examine URLs, including spelling. Fraudsters transpose, add, and delete letters to misspell a web address that brings you to a duplicate, fraudulent website. Subtle details like leaving the “s” off of “https” in the URL is another red flag.
- Avoid following links or opening attachments in emails. Instead, type the true URL for the website because links can easily and quickly redirect you to bogus websites and attachments loaded with malware. Be sure to not misspell the domain to avoid Typosquatting attacks detailed below.
- Don’t trust, instead verify email senders, before providing any sensitive information at work and home.
Spear Phishing
Spear phishing is a version of email phishing scams that targets recipients by name, known interests, work relationships, friendships, and other details. With social engineering, scammers scour social media to gather information about targets. Using public information and data from breaches, cybercriminals develop targeted email attacks.
- Limit the information you post on social media, such as Facebook, Instagram, and LinkedIn, and other websites that spear phishers look to exploit.
- Use two-factor authentication (2FA) or multi-factor authentication (MFA) whenever possible. Each layer of verification ensures the right person is accessing accounts and not someone claiming to be you.
- Use artificial intelligence (AI) tools to alert you of compromised accounts.
Whaling
Whaling is a type of spear phishing that targets those at upper levels of management who control of funds. Leaders are not spoof-proof and are vulnerable to the same phishing tricks that target staff. Here are some tips to help ward off whaling.
- Verify Client Certificates are legitimate.
- Set email filters to a level that flags suspicious senders, even before they make it to an inbox.
- Financial transactions should have the highest levels of verification, including face-to-face verification tools.
Smishing and Vishing
Smishing uses SMS and text messages for phishing scams. The text message usually has a legitimate-looking link and sometimes includes the first or last few numbers of an account. Victims assume it is legitimate and then take steps that compromise an account and other confidential information.
Vishing attacks are voice calls, many robocalls, that intend to scare recipients into responding with confidential information.
- Never answer a text or phone call from a sender you can’t verify before supplying any information.
- Hang up and redial the phone number directly. Chances are you’re a vishing target.
- Never respond directly to a text message that’s looking for information or includes links.
- Go directly to the true source to verify the sender. Look up the real phone number or website URL and call or browse there. This approach will help determine if it is a legitimate request and whether your information is needed.
Typosquatting
Also called URL or domain hijacking (do-jacking), typosquatting uses incorrect spellings for URLs, or typos a user does without realizing. Minor deviations in spelling can bring you to a look-alike, spoof website. Many of these sites can disappear immediately after stealing your payment card and other information.
- Check and double-check URL spellings before connecting. Making sure every character, hyphen, and apostrophe is in place.
- Use previously bookmarked sites when possible.
Angler Phishing
One of newest and fastest-growing phishing scams is angler phishing. It uses social media spoof sites to trick users into providing information. These sites often masquerade as social media customer service and ask for sensitive information. They often threaten to close the account or take other action if the data isn’t provided.
- Address account issues only on the official social media website.
- Look for an official blue checkmark verification symbol, like those found on Twitter and Instagram messaging.
For more articles on phishing scams, cybersecurity and related topics, visit Mid Oregon’s Security and Fraud Center.