Tag Archives: Cyber Security

Is Computer Tech Support Really Calling to Help You?

Does the thought of losing everything on your computer leave you queasy? That’s the anxiety fraudsters attempt to exploit with tech support scams – and it’s conduct the Federal Trade Commission (FTC) and law enforcement partners are challenging through 16 civil and criminal (yes, criminal) actions announced as part of Operation Tech Trap.

Tech support scammers’ modus operandi is to run ads that resemble pop-up security alerts from Microsoft, Apple, or other companies. Consumers are warned that their computers are infected with viruses or are under hack attack. Some pop-ups even feature a countdown clock, supposedly showing the time remaining before the hard drive will be fried – unless the consumer calls a toll-free number supposedly affiliated with one of those big-name companies.

Once operators have consumers on the phone, the real theatrics begin. Operators claim to need remote access to consumers’ computers so they can run “diagnostic tests.” Those tests purport to reveal grave problems that can only be solved by one of their “certified technicians” – for a hefty fee, of course. Companies use high-pressure tactics to strong-arm consumers into paying hundreds of dollars for unnecessary repairs, anti-virus protection or software, and other products and services. (Here’s an example of a pitch in action from the FTC.)

 

In settling a case against Click4Support LLC and others, the FTC and AGs from Connecticut and Pennsylvania announced that the defendants are banned from marketing technical support services, will pay a total of more than $554,000, and will forfeit an additional $1.3 million held by the court-appointed receiver. A federal judge in Philadelphia also entered a $27 million default judgment against a related party.

But that’s not all. There have been several other similar cases brought by the FTC.

How does this boil down for you or your business?

  • Consumers get caught in tech support scammers’ web, but so do small businesses and people who work from home. The FTC has updated its advice on what you can do to protect yourself. Also, the FTC will be hosting a roundtable this summer for law enforcement agencies leading the charge against this kind of fraud and for businesses affected by tech support scams, including companies whose names have been misused by con artists. Looking for tips on spotting other B2B scams? The FTC’s new Protecting Small Businesses site is designed with you in mind.
  • People who participate in tech support scams aren’t just risking their assets and future livelihoods. They could face criminal prosecution.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Cybersecurity Strengthened with Executive Order

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTUREwh_logo_seal

President Donald Trump on May 11, 2017 signed an executive order (EO) on cybersecurity that requires agency heads to enhance the security of their networks, systems, and data, as well as requires their adoption of the National Institute of Standards and Technology’s (NIST) cybersecurity risk framework of best security practices.

The EO has been in the works for a while and revised a few times.  Among the key elements is a call for modernizing and consolidating government network technologies and infrastructures; a report on the technology supply chain risks to the US Department of Defense; support for security of critical infrastructure; an assessment of cyberattack and disruption of the nation’s power grid; and a call for skilled cybersecurity talent.

“Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency’s cybersecurity risk.  Each agency head shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order,” according to the EO.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Energy Law

New FTC Website Helps Small Businesses Avoid Scams and Cyber Attacks

Attacks can be especially devastating to small businesses; FTC provides information on how businesses can protect themselvesftc

At the direction of Acting Chairman Maureen Ohlhausen, the Federal Trade Commission (FTC) has launched a new website – ftc.gov/SmallBusiness – with articles, videos, and other information aimed at helping small business owners avoid scams and protect their computers and networks from cyberattacks and other threats.

“Small businesses are critical to our economic strength, building America’s future, and helping the United States compete in today’s global marketplace,” Acting Chairman Ohlhausen said. “This innovative new website is a one-stop shop where small businesses can find information to protect themselves from scammers and hackers, as well as resources they can use if they are hit with a cyberattack.”

According to the U.S. Small Business Administration (SBA), there are more than 28 million small businesses nationwide, employing nearly 57 million people. Scammers frequently target small businesses with deceptive tactics designed to get them to pay for supplies they didn’t order, donate to fake charities or trick them into giving access to their network or downloading malware that can corrupt their business’s computers.

Cyberattacks can be particularly devastating to small businesses, and many of them lack the resources that larger companies have to devote to cybersecurity. Symantec Corp.’s 2016 Internet Security Threat Report indicates the percentage of spear-phishing attacks targeting small business rose dramatically from 18 percent to 43 percent between 2011 and 2015.

The FTC’s new web page offers specific information to help small businesses protect their networks and their customer data. This includes a new Small Business Computer Security Basics guide, which shares computer security basics to help companies protect their files and devices, train employees to think twice before sharing the business’s account information, and keep their wireless network protected, as well as how to respond to a data breach. It also has information on other cyber threats such as ransomware and phishing schemes targeting small businesses. The FTC is continuing to work with the SBA on additional ways to help small businesses.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, News & Events

First Step to Starting Your Business

sbdc_header_text
Prince Law Offices, P.C. attorney Jeffrey A. Franklin will be presenting at “First Step to Starting Your Business” in cooperation with the Kutztown University of Pennsylvania Small Business Development Center.
First Step to Starting Your Business (Lancaster, PA)
Date:Fri, February 17, 10:30am – 12:30pm
Point of Contact: Kutztown SBDC (877) 472-7232
Fee: None
Location: 454 New Holland Ave Suite 300 Lancaster, PA 17602
This workshop covers a number of critical issues relevant to starting and operating a small business. Professional presenters include attorneys, insurance agents, accountants, financial specialists and zoning and codes staff. The workshop is designed for both entrepreneurs thinking about opening their first business and existing business owners looking for a “checkup”.
Desire more specific assistance regarding your business formation, agreements, intellectual property, trademarks, zoning, real estate law, cyber security, insurance, etc., contact attorney Jeffrey A. Franklin at Prince Law Offices, P.C.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Energy Law, Firearms Law, Landlord/Tenant, News & Events, Pennsylvania Firearms Law, Real Estate, Trademark and Copyright

Protecting Personal Information: A Guide for Business

ftcThe Federal Trade Commission (FTC) has published an updated version of its Protecting Personal Information: A Guide for Business.

A sound data security plan is built on 5 key principles:

  1. TAKE STOCK. Know what personal information you have in your files and on your computers.
  2. SCALE DOWN. Keep only what you need for your business.
  3. LOCK IT. Protect the information that you keep.
  4. PITCH IT. Properly dispose of what you no longer need.
  5. PLAN AHEAD. Create a plan to respond to security incidents.

Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card, or other account data—that identifies customers or employees.

This information often is necessary to fill orders, meet payroll, or perform other necessary business functions. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. Given the cost of a security breach—losing your customers’ trust and perhaps even defending yourself against a lawsuit—safeguarding personal information is just plain good business.

Some businesses may have the expertise in-house to implement an appropriate plan. Others may find it helpful to hire a contractor. Regardless of the size—or nature—of your business, the principles in this brochure will go a long way toward helping you keep data secure.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

1 Comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

FTC Charges D-Link Put Consumers’ Privacy at Risk Due to the Inadequate Security of Its Computer Routers and Cameras

Device-maker’s alleged failures to reasonably secure software created malware risks and other vulnerabilities

ftc

The Federal Trade Commission (FTC) filed a complaint today against Taiwan-based computer networking equipment manufacturer D-Link Corporation and its U.S. subsidiary, alleging that inadequate security measures taken by the company left its wireless routers and Internet cameras vulnerable to hackers and put U.S. consumers’ privacy at risk.

In a complaint filed in the Northern District of California, the FTC charged that D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras.

The complaint filed today is part of the FTC’s efforts to protect consumers’ privacy and security in the Internet of Things (IoT), which includes cases the agency has brought against ASUS, a computer hardware manufacturer, and TRENDnet, a marketer of video cameras.

“Hackers are increasingly targeting consumer routers and IP cameras — and the consequences for consumers can include device compromise and exposure of their sensitive personal information,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “When manufacturers tell consumers that their equipment is secure, it’s critical that they take the necessary steps to make sure that’s true.”

According to the FTC’s complaint, D-Link promoted the security of its routers on the company’s website, which included materials headlined “EASY TO SECURE” and “ADVANCED NETWORK SECURITY.” But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws, such as:

  • “hard-coded” login credentials integrated into D-Link camera software — such as the username “guest” and the password “guest” — that could allow unauthorized access to the cameras’ live feed;
  • a software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet;
  • the mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and
  • leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information.

According to the complaint, hackers could exploit these vulnerabilities using any of several simple methods. For example, using a compromised router, an attacker could obtain consumers’ tax returns or other files stored on the router’s attached storage device. They could redirect a consumer to a fraudulent website, or use the router to attack other devices on the local network, such as computers, smartphones, IP cameras, or connected appliances.

The FTC alleges that by using a compromised camera, an attacker could monitor a consumer’s whereabouts in order to target them for theft or other crimes, or watch and record their personal activities and conversations.

These tips can help you secure your router:

  • Before you buy or replace a device, do research online. Use search engines to find reviews, but be skeptical about the source of the information. Is it from an impartial security expert, a consumer, or the company itself?
  • Download the latest security updates. To be secure and effective, update the software that comes with your device. Check the manufacturer’s website regularly for new software and updates.
  • Change your pre-set passwords. Change the device’s default password to something more complex and secure.

There are additional steps you can take to help keep your IP camera secure.

The FTC has provided guidance to IoT companies on how to preserve privacy and security in their products while still innovating and growing IoT technology.

The Commission vote authorizing the staff to file the complaint against D-Link Corporation and California-based D-Link Systems, Inc. was 2-1, with Commissioner Maureen K. Ohlhausen voting no. The complaint was filed in the U.S. District Court for the Northern District of California.

NOTE: The FTC files a complaint when it has “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. The case will be decided by a federal district court judge.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

1 Billion Yahoo Accounts Hacked – What You Can Do Now

Yahoo announced that 1 billion of their accounts were hacked. These accounts are now sold by internet criminals to other bad guys which are going to use this information in a variety of ways. For instance, they will send phishing emails claiming you need to change your Yahoo account, looking just like the real ones.

The latest breach drew widespread criticism from security experts, several advising consumers to close their Yahoo accounts.  “Yahoo has fallen down on security in so many ways I have to recommend that if you have an active Yahoo email account, either direct with Yahoo of via a partner like AT&T, get rid of it,” Stu Sjouwerman, chief executive of cyber security firm KnowBe4 Inc, said in a broadly distributed email

Here is what I and Stu Sjouwerman suggest you do right away.

  • If you do not use your Yahoo account a lot. Close it down because it’s a risk. If you use it every day:
  • Open your browser and go to Yahoo. Do not use a link in any email. Reset your password and make it a strong, complex password or rather a pass-phrase.
  • If you were using that same password on multiple websites, you need to stop that right now. Using the same password all over the place is an invitation to get hacked. If you did use your Yahoo passwords on other sites, go to those sites and change the password there too. Also change the security questions and make the answer something non-obvious.
  • At home, use a free password manager like LastPass that can generate hard-to-hack passwords, keep and remember them for you.
  • Watch out for any phishing emails that relate to Yahoo in any way and ask for information.
  • Now would also be a good time to use Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.

This is the largest publicly disclosed hack ever, below is a graph fresh from an article in the Wall Street Journal that puts it in perspective.

yahoo-hack
If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

2 Comments

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy