Tag Archives: FTC

Is Computer Tech Support Really Calling to Help You?

Does the thought of losing everything on your computer leave you queasy? That’s the anxiety fraudsters attempt to exploit with tech support scams – and it’s conduct the Federal Trade Commission (FTC) and law enforcement partners are challenging through 16 civil and criminal (yes, criminal) actions announced as part of Operation Tech Trap.

Tech support scammers’ modus operandi is to run ads that resemble pop-up security alerts from Microsoft, Apple, or other companies. Consumers are warned that their computers are infected with viruses or are under hack attack. Some pop-ups even feature a countdown clock, supposedly showing the time remaining before the hard drive will be fried – unless the consumer calls a toll-free number supposedly affiliated with one of those big-name companies.

Once operators have consumers on the phone, the real theatrics begin. Operators claim to need remote access to consumers’ computers so they can run “diagnostic tests.” Those tests purport to reveal grave problems that can only be solved by one of their “certified technicians” – for a hefty fee, of course. Companies use high-pressure tactics to strong-arm consumers into paying hundreds of dollars for unnecessary repairs, anti-virus protection or software, and other products and services. (Here’s an example of a pitch in action from the FTC.)

 

In settling a case against Click4Support LLC and others, the FTC and AGs from Connecticut and Pennsylvania announced that the defendants are banned from marketing technical support services, will pay a total of more than $554,000, and will forfeit an additional $1.3 million held by the court-appointed receiver. A federal judge in Philadelphia also entered a $27 million default judgment against a related party.

But that’s not all. There have been several other similar cases brought by the FTC.

How does this boil down for you or your business?

  • Consumers get caught in tech support scammers’ web, but so do small businesses and people who work from home. The FTC has updated its advice on what you can do to protect yourself. Also, the FTC will be hosting a roundtable this summer for law enforcement agencies leading the charge against this kind of fraud and for businesses affected by tech support scams, including companies whose names have been misused by con artists. Looking for tips on spotting other B2B scams? The FTC’s new Protecting Small Businesses site is designed with you in mind.
  • People who participate in tech support scams aren’t just risking their assets and future livelihoods. They could face criminal prosecution.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

New FTC Website Helps Small Businesses Avoid Scams and Cyber Attacks

Attacks can be especially devastating to small businesses; FTC provides information on how businesses can protect themselvesftc

At the direction of Acting Chairman Maureen Ohlhausen, the Federal Trade Commission (FTC) has launched a new website – ftc.gov/SmallBusiness – with articles, videos, and other information aimed at helping small business owners avoid scams and protect their computers and networks from cyberattacks and other threats.

“Small businesses are critical to our economic strength, building America’s future, and helping the United States compete in today’s global marketplace,” Acting Chairman Ohlhausen said. “This innovative new website is a one-stop shop where small businesses can find information to protect themselves from scammers and hackers, as well as resources they can use if they are hit with a cyberattack.”

According to the U.S. Small Business Administration (SBA), there are more than 28 million small businesses nationwide, employing nearly 57 million people. Scammers frequently target small businesses with deceptive tactics designed to get them to pay for supplies they didn’t order, donate to fake charities or trick them into giving access to their network or downloading malware that can corrupt their business’s computers.

Cyberattacks can be particularly devastating to small businesses, and many of them lack the resources that larger companies have to devote to cybersecurity. Symantec Corp.’s 2016 Internet Security Threat Report indicates the percentage of spear-phishing attacks targeting small business rose dramatically from 18 percent to 43 percent between 2011 and 2015.

The FTC’s new web page offers specific information to help small businesses protect their networks and their customer data. This includes a new Small Business Computer Security Basics guide, which shares computer security basics to help companies protect their files and devices, train employees to think twice before sharing the business’s account information, and keep their wireless network protected, as well as how to respond to a data breach. It also has information on other cyber threats such as ransomware and phishing schemes targeting small businesses. The FTC is continuing to work with the SBA on additional ways to help small businesses.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, News & Events

Protecting Personal Information: A Guide for Business

ftcThe Federal Trade Commission (FTC) has published an updated version of its Protecting Personal Information: A Guide for Business.

A sound data security plan is built on 5 key principles:

  1. TAKE STOCK. Know what personal information you have in your files and on your computers.
  2. SCALE DOWN. Keep only what you need for your business.
  3. LOCK IT. Protect the information that you keep.
  4. PITCH IT. Properly dispose of what you no longer need.
  5. PLAN AHEAD. Create a plan to respond to security incidents.

Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card, or other account data—that identifies customers or employees.

This information often is necessary to fill orders, meet payroll, or perform other necessary business functions. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. Given the cost of a security breach—losing your customers’ trust and perhaps even defending yourself against a lawsuit—safeguarding personal information is just plain good business.

Some businesses may have the expertise in-house to implement an appropriate plan. Others may find it helpful to hire a contractor. Regardless of the size—or nature—of your business, the principles in this brochure will go a long way toward helping you keep data secure.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

1 Comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

FTC Charges D-Link Put Consumers’ Privacy at Risk Due to the Inadequate Security of Its Computer Routers and Cameras

Device-maker’s alleged failures to reasonably secure software created malware risks and other vulnerabilities

ftc

The Federal Trade Commission (FTC) filed a complaint today against Taiwan-based computer networking equipment manufacturer D-Link Corporation and its U.S. subsidiary, alleging that inadequate security measures taken by the company left its wireless routers and Internet cameras vulnerable to hackers and put U.S. consumers’ privacy at risk.

In a complaint filed in the Northern District of California, the FTC charged that D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras.

The complaint filed today is part of the FTC’s efforts to protect consumers’ privacy and security in the Internet of Things (IoT), which includes cases the agency has brought against ASUS, a computer hardware manufacturer, and TRENDnet, a marketer of video cameras.

“Hackers are increasingly targeting consumer routers and IP cameras — and the consequences for consumers can include device compromise and exposure of their sensitive personal information,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “When manufacturers tell consumers that their equipment is secure, it’s critical that they take the necessary steps to make sure that’s true.”

According to the FTC’s complaint, D-Link promoted the security of its routers on the company’s website, which included materials headlined “EASY TO SECURE” and “ADVANCED NETWORK SECURITY.” But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws, such as:

  • “hard-coded” login credentials integrated into D-Link camera software — such as the username “guest” and the password “guest” — that could allow unauthorized access to the cameras’ live feed;
  • a software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet;
  • the mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and
  • leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information.

According to the complaint, hackers could exploit these vulnerabilities using any of several simple methods. For example, using a compromised router, an attacker could obtain consumers’ tax returns or other files stored on the router’s attached storage device. They could redirect a consumer to a fraudulent website, or use the router to attack other devices on the local network, such as computers, smartphones, IP cameras, or connected appliances.

The FTC alleges that by using a compromised camera, an attacker could monitor a consumer’s whereabouts in order to target them for theft or other crimes, or watch and record their personal activities and conversations.

These tips can help you secure your router:

  • Before you buy or replace a device, do research online. Use search engines to find reviews, but be skeptical about the source of the information. Is it from an impartial security expert, a consumer, or the company itself?
  • Download the latest security updates. To be secure and effective, update the software that comes with your device. Check the manufacturer’s website regularly for new software and updates.
  • Change your pre-set passwords. Change the device’s default password to something more complex and secure.

There are additional steps you can take to help keep your IP camera secure.

The FTC has provided guidance to IoT companies on how to preserve privacy and security in their products while still innovating and growing IoT technology.

The Commission vote authorizing the staff to file the complaint against D-Link Corporation and California-based D-Link Systems, Inc. was 2-1, with Commissioner Maureen K. Ohlhausen voting no. The complaint was filed in the U.S. District Court for the Northern District of California.

NOTE: The FTC files a complaint when it has “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. The case will be decided by a federal district court judge.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

FTC Offers Advice on How to Avoid and Respond to Ransomware Attacks

ftc

Following its recent workshop on Ransomware – malicious software that denies access to computer files until the victim pays a ransom – the Federal Trade Commission (FTC) is offering tips on how consumers and businesses can protect devices and respond to ransomware.

The FTC offers How to defend against ransomware to help consumers. Businesses can find guidance in Ransomware – A closer look and the accompanying video, Defend against Ransomware.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

 

 

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy

National Consumer Protection Week

Prince Law Offices, P.C. and the Federal Trade Commission (FTC) — working with more ftc_logo_430than 100 federal, state and local agencies, consumer groups, and national organizations — will spotlight efforts to protect consumers from fraud, identity theft and other consumer issues during National Consumer Protection Week (NCPW), March 6-12, 2016.

For 18 years, NCPW has been a time to encourage consumers to learn about their rights, and how to make informed buying decisions and report scams, identity theft and unfair business practices. NCPW.gov offers information on a wide range of topics, including credit and debt, online safety, imposter and other scams, identity theft and more.

The site features a blog to update visitors on the latest consumer protection news, including legal actions, new resources and partner-sponsored NCPW events. People also can get free resources and promotional tools for their own consumer education activities, as well as information on filing consumer complaints.

“The FTC and our NCPW partners are on the front lines of consumer protection every day,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “We hope people will take advantage of this week to find resources that will help them fight scams and fraud in their communities all year long.”

During NCPW, partners and hundreds of community groups across the country host events to promote general consumer education or highlight a specific issue, such as a shred-a-thon to reduce the risk of identity theft.

Contact Prince Law Offices, P.C. to lean more about your rights and how to address scams, identity theft and unfair business practices.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy, Criminal Law, News & Events

ASUS Settles FTC Charges Routers Put Consumers’ Privacy At Risk

ftc_logo_430ASUSTeK Computer, Inc. (ASUS)  has agreed to settle Federal Trade Commission charges that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk. The administrative complaint also charges that the routers’ insecure “cloud” services led to the compromise of thousands of consumers’ connected storage devices, exposing their sensitive personal information on the internet.  If you have a ASUS router at home, perhaps it is time for an upgrade.

The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

“The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “Routers play a key role in securing those home networks, so it’s critical that companies like ASUS put reasonable security in place to protect consumers and their personal information.”

ASUS marketed its routers as including numerous security features that the company claimed could “protect computers from any unauthorized access, hacking, and virus attacks” and “protect [the] local network against attacks from hackers.” Despite these claims, the FTC’s complaint alleges that ASUS didn’t take reasonable steps to secure the software on its routers.

For instance, according to the complaint, hackers could exploit pervasive security bugs in the router’s web-based control panel to change any of the router’s security settings without the consumer’s knowledge.  A malware researcher discovered an exploit campaign in April 2015 that abused these vulnerabilities to reconfigure vulnerable routers and commandeer consumers’ web traffic. The complaint also highlights a number of other design flaws that exacerbated these vulnerabilities, including the fact that the company set – and allowed consumers to retain – the same default login credentials on every router: username “admin” and password “admin”.

According to the complaint, ASUS’s routers also featured services called AiCloud and AiDisk that allowed consumers to plug a USB hard drive into the router to create their own “cloud” storage accessible from any of their devices. While ASUS advertised these services as a “private personal cloud for selective file sharing” and a way to “safely secure and access your treasured data through your router,” the FTC’s complaint alleges that the services had serious security flaws.

For example, the complaint alleges that  hackers could exploit a vulnerability in the AiCloud service to bypass its login screen and gain complete access to a consumer’s connected storage device without any credentials, simply by accessing a specific URL from a Web browser. Similarly, the complaint alleges that the AiDisk service did not encrypt the consumer’s files in transit, and its default privacy settings provided – without explanation – public access to the consumer’s storage device to anyone on the Internet.

In February 2014, hackers used readily available tools to locate vulnerable ASUS routers and exploited these security flaws to gain unauthorized access to over 12,900 consumers’ connected storage devices.

The Commission alleges that, in many instances, ASUS did not address security flaws in a timely manner and did not notify consumers about the risks posed by the vulnerable routers.  In addition, the complaint alleges that ASUS did not notify consumers about the availability of security updates.  For example, according to the complaint, the router’s software update tool – which allowed consumers to check for new router software – often told consumers that their router was on the most current software when, in fact, newer software with critical security updates was available.

In addition to establishing a comprehensive security program, the consent order will require ASUS to notify consumers about software updates or other steps they can take to protect themselves from security flaws, including through an option to register for direct security notices (e.g., through email, text message, or push notification).  The consent order will also prohibit the company from misleading consumers about the security of the company’s products, including whether a product is using up-to-date software.

This matter is part of the FTC’s ongoing effort to ensure that companies secure the software and devices that they provide to consumers.

The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through March 24, 2016, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit comments electronically.

If you or your business have questions or concerns regarding consumer protection, fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy