SNOHOMISH COUNTY SHERIFF’S OFFICE- Burglary Alert

 

The Snohomish County Sheriff’s Office has issued the following warning today on its Facebook page:

Robbery and Burglary Unit (RBU) detectives are seeking the public’s help to identify the suspects below. Over the past two weeks, the Sheriff’s Office has seen an increase in residential burglaries primarily targeting American Indian victims. The burglaries have occurred during daytime hours in unincorporated Bothell, along 35th Ave SE between 180th St SE and 228th St SE. The suspects are believed to be part of a larger organized group that operates throughout the region. Below are photos of the suspects. If you live in this area and have any home surveillance footage of these suspects, please contact our office.

Detectives are encouraging residents to secure valuables and ensure all windows, sliding doors and access points are properly locked. These suspects are believed to be associated with a black early-2000s Mercedes sedan and a newer silver Mercedes SUV with unknown plates (pictured below).

Please call 911 to report any suspicious activity.

 

 

 

 

 

 

 

Snohomish County Sheriff’s Office:

https://www.facebook.com/SnoCoSheriff

 

 

 

FTC- Warns of Phishing QR Codes

You are probably aware of phishing emails and smishing texts that contain a link intended to take you to a fake web site that asks for your personal information in order to conduct identity theft or to install malware that harvests information from your computer or smartphone.

The Federal Trade Commission (FTC) has issued a warning that scammers are now sending unexpected emails and text messages with QR codes that are intended to take you to a fake website or download malware.

Some of the ploys that have been reported to the FTC include:

 

·         They lie and say they couldn't deliver your package and you need to contact them to reschedule.

·         They pretend like there’s a problem with your account, and you need to confirm your information.

·         They lie, saying they noticed suspicious activity on your account, and you need to change your password.

 

Like most phishing and smishing schemes, the scammers want to create a sense of urgency so that you scan the QR code without thinking about it.

Scammers have also been known to cover over a legitimate QR code such as at a parking lot that takes you to a copycat website where you pay the scammer but not the business that owns the parking lot.

The FTC recommends that you do the following to protect yourself:

 

·         If you see a QR code in an unexpected place, inspect the URL before you open it. If it looks like a URL you recognize, make sure it’s not spoofed — look for misspellings or a switched letter.

·         Don’t scan a QR code in an email or text message you weren’t expecting — especially if it urges you to act immediately. If you think the message is legitimate, use a phone number or website you know is real to contact the company.

·         Protect your phone and accounts. Update your phone's OS to protect against hackers and protect your online accounts with strong passwords and multi-factor authentication.

 

 

 

 

 

Federal Trade Commission:

https://consumer.ftc.gov/consumer-alerts/2023/12/scammers-hide-harmful-links-qr-codes-steal-your-information

 

CBS News:

https://www.cbsnews.com/video/federal-trade-commission-warns-scammers-are-using-qr-codes-to-steal-personal-information/?intcid=CNM-00-10abd1h

 

 

PACKAGE THEFT- Still a Concern for Online Shoppers

The Chamber of Commerce recently published a survey of online consumers to see how extensive package theft is in America and what people do to try to prevent package theft.

It found that 26% of consumers have had a package stolen. The average value of stolen packages is $81.91. Most package theft occur in suburban (43%) and urban (42%) areas. Rural areas only had 14% of the nation’s package theft. Package thefts can take place against a single-family home or an apartment or condo complex with single family homes edging out multi-unit homes 49% to 42%.

49% of respondents voiced a concern that their online orders will get stolen with 31% saying that they avoid buying expensive items online due to their concern of package theft.

Consumers overwhelmingly use delivery tracking (88%) to try to prevent package theft. 57% said that they wait at home for delivery. 46% have a surveillance camera at their front door. 22% require a signature on delivery and 16% pick up their packages at a store.

While 46% said that they had a camera and 20% said that they had purchased a doorbell camera or similar home security product in the past year, 38% said that they believed that doorbell cameras do not deter package thieves. And among package theft victims, 22% had a doorbell camera when the theft occurred.

Average spending on security items to prevent package theft amounted to $143.45.

Clearly, package theft is a concern for modern Americans.

A small study of package theft by an associate professor at Middle Tennessee State University in 2019 found that most stolen packages were visible from the street. This implies that if you can instruct the delivery company to place packages in a place that is out of view of the street that you may lessen the risk of your packages being stolen.

And sometimes calling in suspicious activity to 911 gets immediate results. On December 6, 2023, the Snohomish County Sheriff’s Office posted on Facebook about the apprehension of a package thief as a result of a tip off from several concerned area residents. Deputies recovered an estimated $3,000 to $4,000 in stolen goods including an iPhone, a set of tires, clothing, and a vacuum cleaner. And deputies were able to return some of the stolen packages to their rightful owners.

No one method will be an end all for package theft, but using multiple techniques should lower the risk of having a package on your front porch stolen.

 

Chamber of Commerce:

https://www.chamberofcommerce.org/package-theft-statistics#how-to-prevent-package-theft

 

AARP:

https://www.aarp.org/money/scams-fraud/info-2020/package-theft-holiday-season.html

 

South Snohomish County Crime Watch:

https://ssnoccrimewatch.blogspot.com/2022/12/package-theft-continuing-problem-during.html

 

US Postal Inspection Service:

https://www.uspis.gov/tips-prevention/mail-theft

 

Seattle Police Department:

https://www.seattle.gov/police/crime-prevention/package-theft-prevention

 

 

 

 

LYNNWOOD- PD Looking for Suspect Who Installs Skimmers

The Lynwood Police Department is asking for help from the public in identifying and locating a suspect who has been spotted installing credit card skimmers in local ATM’s.

One device was found inside the QFC on the 7500 block of 196^th St SW in Lynnwood. The device collected data from a victim’s credit card and the information was used. Another device was placed on a Bank of America ATM at 7110 NE Bothell Way in Bothell. No data was collected from this device before it was discovered.

Skimmers are used to collect account information from credit and debit cards that allow the thieves to create their own credit cards or to take funds out of a checking account. The skimmer can read the information on the magnetic strip on the card.

Skimmers often are placed outside of the ATM since it is difficult to place the device inside the machine. Sometimes they can be detected if they are a little loose on the outside of the ATM or if they are not a perfect fit.

A new device has been developed that is called a shimmer. Shimmers are placed inside the card reader and read some data from a chip card. The data cannot be used to create another chip card but can be used on a magnetic strip of a duplicate card. Since shimmers are inserted inside the card reader, they are more difficult to detect.

Lynnwood detectives recommend that you use tap to pay or a service such as Google Wallet or Apple Pay instead of swiping or inserting your card.

Tap to pay is considered more secure because the card sends a very short range encrypted signal to the card reader that cannot be copied.

Here are some other tips to help you avoid your credit/debit card information from being stolen:

 

·         Look to see if the machine is damaged with scratches, holes, tape on seams, or bubbles of glue on the machine.

·         Does the ATM look different from any nearby ATM of the same type.

·         Does the keyboard feel funny. Sometimes thieves place a membrane over the keyboard to capture PIN’s.

·         Are there any loose parts on the ATM?

·         Use your hand to cover entering your PIN. Sometimes thieves will also place cameras in the area to capture your PIN.

·         Use an indoor ATM. Thieves like to use ATM’s that are more isolated from view.

·         Pay attention to your credit card statement and notify your card provider of any unusual or suspicious transactions.

 

 

Below are some photos of the individual that Lynnwood Police are looking for.

 

 

 

If you know who this person is, please contact Lynnwood Police at (425) 670-5628 or Crime Stoppers of Puget Sound at 1-800-222-TIPS (8477).

 

 FOX 13:

https://www.fox13seattle.com/news/lynnwood-police-searching-for-suspect-putting-credit-card-skimmers-on-atms

  

PC Magazine:

https://www.pcmag.com/explainers/how-to-spot-and-avoid-credit-card-skimmers

https://www.pcmag.com/how-to/is-that-atm-safe-8-tips-to-protect-your-credit-card

 

US Postal Inspection Service:

https://www.uspis.gov/news/scam-article/smishing-package-tracking-text-scams

Krebs on Security:

https://krebsonsecurity.com/2017/01/atm-shimmers-target-chip-based-cards/

  

PayPal:

https://www.paypal.com/us/brc/article/is-tap-to-pay-safe

 

Verify:

https://www.verifythis.com/article/news/verify/money-verify/tap-to-pay-contactless-cards-protect-skimmers-gas-pumps-atms-secure-credit-cards/536-d466956d-2a3c-440b-bbcf-3665293215cb

 

 

 

SMISHING SCAMS- Impersonating the Postal Service/UPS/FEDEX/Amazon

The holiday season is a time of year when we may receive more packages at our front door than at other times of year. And we probably will receive fake text messages (smishing) that claim there is a problem with a delivery and the delivery company (scammers) wants to verify some information or a fee needs to be paid to complete the delivery. Often there is a link to click on or there may be a phone number to call. This is a ploy to gather your personal information such as account username and password, or your credit card account number.

Scammers will impersonate the Postal Service (USPS), UPS, FEDEX, and Amazon. Each service has issued warnings about fake text messages and emails claiming to come from them and provide guidance to avoid the messages and how to report the attempted fraud to them.

Each delivery service offers advice on how you can protect yourself from this scam:

FEDEX-

·        FEDEX does not ask for personal information from consumers via email, mail, or text.

·        Watch out for misspellings on the website and its web address and email address such as fedx.com or fed-ex.com for its real web address, fedex.com.

·         Do not engage with a sender of a suspicious email.

·         Report the fraud to abuse@fedex.com, 1-800-GeFedEx or 1-800-463-3339.

 

UPS- 

·         Slow down if you receive a suspicious text message or email. Scammers rely on rushing you with a sense of urgency to get you to act without thinking.

·         Don’t click on any suspicious links. The legitimate web address for UPS is ups.com.

·         Report fraudulent emails or texts to fraud@ups.com.

 

 

 

USPS- 

·         USPS will not send emails or text messages unless a customer has first requested the service and has provided a tracking number.

·         For information about USPS Text Tracking go to https://www.usps.com/text-tracking/welcome.htm

·         Report fraudulent texts or emails to the US Postal Inspection Service at  spam@uspis.gov.

 

Amazon 

·       Occasionally, Amazon will send an email to a customer with an attachment. The attachment should say "Attachment(s) protected by Amazon."

·         Any message that requests payment information not linked to an Amazon order you placed or an Amazon service, asks you to install software on your device, is full of grammatical errors, or has a forged email address that looks like it is from Amazon, is most likely a scam.

·         If Amazon contacts you via phone, email, or text, it will not ask you to disclose your personal information nor will it offer an unexpected refund.

·         Report suspicious emails or text messages on Amazon’s Customer Service page.

 

 

FEDEX:

https://www.fedex.com/en-us/report-fraud.html

 

UPS:

https://www.ups.com/us/en/support/shipping-support/legal-terms-conditions/fight-fraud.page

  

US Postal Inspection Service:

https://www.uspis.gov/news/scam-article/smishing-package-tracking-text-scams

 

Amazon:

https://us.amazon.com/gp/help/customer/display.html?nodeId=T3MYikBay7swNeFqFo

  

USA Today:

https://www.usatoday.com/story/money/2023/08/24/ups-fedex-usps-amazon-text-scam/70669131007/

 

Federal Trade Commission:

https://consumer.ftc.gov/consumer-alerts/2020/02/text-message-about-your-fedex-package-really-scam

 

Federal Communications Commission:

https://www.fcc.gov/how-identify-and-avoid-package-delivery-scams

 

AARP:

https://www.aarp.org/money/scams-fraud/info-2019/package.html?CMP=EMC-MIM-GOI-OTH-FRD-1521003-1775802-7832442-NA-12062023-FraudHolidayScams_Heavy_CTRL-MS2-LearnMore-BTN-P1_FH_Z-Fraud&encparam=WnvEyp%2fiTaKWUyvgb9wdGFaTDfrqFFWXvVB%2fMiAIV5E%3d

SCAMS- Artificial Intelligence and Scams

The use of Artificial Intelligence (AI) in scams was explored by the U.S. Senate Special Committee on Aging on November 16, 2023. AI is a growing component in scams including Grandparent Scams (Family Emergency Scams) with AI audio of a loved one, Romance Scams with AI generated fake profiles, and AI-powered phishing attacks using AI powered algorithms, and personalized phishing emails.

The committee also explored, with a panel of witnesses, the need for regulation of AI scams related to cryptocurrency, consumer protections, and the need for legislation to create tools and resources that can be used by law enforcement to hold scammers accountable for their actions.

The detrimental effects of scams on victims, even those who may not have lost money, were shown in clips from constituents and the testimony of one witness as he told the story of how he almost was a victim of a Family Emergency Scam.

At one point, the committee discussed the fact that there are holes in the law that prevent scammers from being held accountable. The committee and panelists discussed alternative paths that Congress could take to craft new legislation.

The committee tries to educate the public about scams and how to avoid them. It publishes a “Fraud Book” that lists the top scams and what to look for so that you won’t become victimized. It also offers a Fraud Hotline, (800) 303-9470, that provides guidance on where to report fraud and scams. The hotline operates Monday through Friday 9am to 5pm Eastern Time.

Comment: The work of this committee is important to curb the mounting scourge of scams and fraud. Fraud is an old crime, but the use of modern technology has catapulted it into a growing crime that is rivaling other crimes in financial losses to its victims. Congress is behind in developing remedies for victims and society in controlling modern scams and fraud. Any effort to control scams and fraud should be welcomed.

The committee is a start. Its focus is on scams as they affect older Americans. Scammers do not limit their targets to the old, but also victimize the young. Any legislation that comes out of Congress needs to protect all victims, young and old.

 

 

 

 

 

C-SPAN:

Note: This video of the Senate Special Aging Hearing on Artificial Intelligence and Scams hearing held on November 16, 2023, is about an hour and thirty-five minutes (short when it comes to some congressional hearings) and is well worth viewing for the insights that the panelists provide.

https://www.c-span.org/video/?531903-1/senate-special-aging-hearing-artificial-intelligence-scams

 

U.S. Senate Special Committee on Aging:

https://www.aging.senate.gov/scam-resources

https://www.aging.senate.gov/imo/media/doc/fraud_book_2023__english.pdf

https://www.aging.senate.gov/imo/media/doc/fraud_brochure__english.pdf

 

Scamicide.com:

https://scamicide.com/

 

AARP The Perfect Scam:

https://www.aarp.org/podcasts/the-perfect-scam/info-2023/criminals-using-ai-voice-cloning.html

 

 

 

 

 

 

SNOHOMISH COUNTY SHERIFF’S OFFICE- Holiday Safety Tips

The Snohomish County Sheriff’s Office has posted its annual holiday issue of its crime prevention newsletter “Partners in Crime Prevention.”

The number one safety tip is to not drink and drive. If you plan on drinking over the holidays, please find a friend or service to take you home.

Also, the Sheriff’s Office has tips for safe shopping and protecting your Christmas presents.

You can find the newsletter at the link below.

Happy Holidays!

 

 

Snohomish County Sheriff’s Office:

https://www.snohomishcountywa.gov/ArchiveCenter/ViewFile/Item/7089

 

 

CYBERSECURITY- Update Your Software

Long passwords, using Multifactor Authentication, and detecting attempts at phishing are all important techniques to keep your online information secure. One more simple action will also help you keep your online identity and information safe. That is to update your computer, laptop/tablet, and smartphone when updates are available.

Cybercriminals work tirelessly to find vulnerabilities in software to gather information about you or your company. When software developers find out about those vulnerabilities, they plug the holes then send an update (also known as a patch) to the software’s registered users.

It’s important to install security updates as soon as possible. The sooner you update your device, the sooner you will be secure from the specific threat(s) that the update is designed to plug.

The easiest way to update your software is to turn on automatic updates in your settings for your operating system and any of the applications that you have on your device.

Some updates may require your permission to install. Give your permission as soon as possible. That way your device will be safe.

By updating your software from the source of its creation, you ensure that updates come from legitimate sources.

Updating may seem too simple, but it is as essential as long passwords, Multifactor Authentication, and blocking phishing attempts.

 

Cybersecurity & Infrastructure Security Agency:

https://www.cisa.gov/secure-our-world/update-software

https://www.cisa.gov/news-events/news/understanding-patches-and-software-updates

 

National Cybersecurity Alliance:

https://staysafeonline.org/resources/software-updates/

  

Ask Leo:

https://askleo.com/five-resolutions-holidays-new-year/

 

 

 

CYBERSECURITY- Multifactor Authentication

Using passwords to enter online accounts has been around for a long time. Using long complex passwords works against brute force attacks. But there have proven to be many attack methods for cybercriminals to use to obtain passwords. For example, phishing attacks use social engineering to trick victims into giving over their passwords. Also, your passwords can be acquired through a data breach.

So, passwords have proven to be more fragile as far as security is concerned. If a cybercriminal can trick you into giving him your password or obtain it by stealing it from a database that you have no control over, then there needs to be a different or added way to ensure that you are who you say you are.

As a result, cybersecurity professionals have come up with a new method to authenticate you as you, Multifactor Authentication (MFA). Also known as Two Factor Authentication, MFA adds a second factor to authenticate you. When you use an ID and password, you are using something that you know to give the holder of your online account. With MFA, you use either something that you have (cell phone) or something that you are (fingerprints or face) to authenticate your identity.

When you sign into your account, you enter your ID and password as usual. But then the service might send you a text message or email with a code that you enter into the sign in form. That way, the service knows that it has the right person.

But text messages and email can be intercepted. So, cybersecurity professionals have developed secure authenticator apps such as Google Authenticator and Microsoft Authenticator. With an authenticator app a code will show on the app, which you can enter the code in the dialog on your PC or laptop. The codes are short-term, lasting only 30 seconds or so. This helps ensure security, making it harder for identity thieves to break into your account.

And you don’t have to use MFA every time you log into an account. Most services will let you in without using MFA as long as you are still on the same computer or device. Some services will give you a choice between never using MFA on your current computer, using MFA periodically, or always using MFA. Based on your settings, you will only need to use MFA if you use a different computer or device, or you change your password. Some services know where you are so they may require MFA if you try to log in if you are away from home.

MFA can be circumvented. Scammers have been known to get into online accounts by fooling the victim. They may convince a victim to give over their ID and password then ask for the code if MFA is instituted. Another method is for the scammer to obtain an ID and password via a data breach or purchase on the dark web. When they try to sign into an account with MFA, the real owner of the online account receives an MFA text or MFA push notice to authenticate the sign in. The scammer might sign in multiple times to send the MFA notice, bombarding the account owner in what is called “MFA fatigue” until the owner approves the sign in request.

If you receive an MFA notification and you are not trying to log into an account, disapprove or do not fill in any information. And do not give anyone your ID and password, or MFA authentication code even if you are talking to them.

Even with the workarounds that cybercriminals may have found, MFA works to protect your online accounts. Both Microsoft and Google have announced that MFA can block up to 99% of most attacks on online accounts.

For any online account that offers it, set up MFA to protect your valuable information.

 

Norton:

https://us.norton.com/blog/emerging-threats/password-attack

 

ZDNET:

https://www.zdnet.com/article/microsoft-using-multi-factor-authentication-blocks-99-9-of-account-hacks/

 

Ask Leo:

https://askleo.com/two-factor-authentication/

 

National Cybersecurity Alliance:

https://staysafeonline.org/online-safety-privacy-basics/multi-factor-authentication/?utm_content=269329244&utm_medium=social&utm_source=twitter&hss_channel=tw-71354375&s=09

 

 Cybersecurity & Infrastructure Security Agency:

https://www.cisa.gov/secure-our-world/turn-mfa

 

Microsoft:

https://support.microsoft.com/en-us/topic/what-is-multifactor-authentication-e5e39437-121c-be60-d123-eda06bddf661

 

 

 

 

 

 

 

SCAM WARNING- Scammers Posing as Snohomish County PUD Employees

SCAM WARNING- Scammers Posing as Snohomish County PUD Employees

Snohomish County PUD is warning its customers about scammers posing as its employees. The PUD has launched a long-term project to upgrade its electric meters and water meters. Apparently, scammers are approaching homeowners and asking for payment to upgrade their meters.

The PUD says that its employees will not ask for payment for new meters. The program, called Connect Up, is free to its customers.

The PUD recommends that if someone comes to your door and claims to be from the PUD, ask to see their PUD ID. The ID should have the employee’s photo and first name. the PUD notes that employees carry PUD identification, wear PUD-branded clothing, and drive a PUD vehicle with the PUD logo.

If you are suspicious of the individual, PUD recommends that you call their customer service number, (425) 783-1000, and confirm the employee’s identity.

Scammers often impersonate utility employees. Most often the scam is delivered over the phone or via email and involves claims of delinquent accounts. This scam is novel in that the scammers are going door to door. But as with other scams, they ask for payment for a service that is free to the customer.

For more information about the scam and the Connect Up program check out the links below.

  

Snohomish County PUD:

https://www.snopud.com/pud-receiving-reports-of-metering-and-utility-scams/

 https://www.snopud.com/connect-up-delay/#:~:text=The%20PUD%E2%80%99s%20Connect%20Up%20program%20is%20an%20infrastructure,of%20new%20meters%20at%20the%20start%20of%202023.

 

CAR THEFT- Ways to Prevent Your Vehicle from Being Stolen

Car theft remains a problem in Washington State. Through September 31,011 vehicles have been stolen in Washington State. That’s about 85 vehicles per day!

 KIRO TV recently broadcast a series about what you can do to prevent your vehicle from being stolen.

During their research, auto theft detectives told a KIRO reporter that most auto thefts are occurring in parking lots. The detectives recommend,

 

·         Parking in a well-lit area

·         Park near the front of businesses

·         If possible, park near a security camera

A new trend is that auto thieves are targeting vehicles within a sea of other cars, so try to avoid crowded areas.

Don’t leave anything in view. That will attract at least a break-in.

The reporter mentioned that you should not leave your car registration, with your home address on it, in your car. Thieves have been known to find the registration inside then go to your home to burglarize it. However, of late, the state Department of Licensing (DOL) has been sending out yearly car registration forms with the vehicle’s registered address at the bottom of the form and a statement giving you permission to snip the lower portion off of the form. So, you have a choice of removing your address before placing it in your vehicle or taking a picture of it on your smartphone then keeping it in a safe place.

Some people think that leaving their car unlocked will prevent their windows from being broken. However, many car thefts occur because doors are unlocked. Keeping your car doors unlocked only makes it easier for car thieves to steal your car.

Also, during the winter, some people warm up their cars in the morning before heading out to work. Or they may not turn off their car or lock the door when they run into a convenience store. Leaving a car running is an invitation for someone to steal it. Don’t leave your car running while you are away at any time.

There are items that you can purchase that will help prevent your vehicle from being stolen. One is a steering wheel lock. This is a device that you place on your steering wheel that prevents a thief from steering it. It is visible so that would-be car thieves can see them. Wheel locks are an effective deterrent. Several local law enforcement agencies have sponsored wheel lock giveaways often targeting Kia and Hyundai owners. Often, they run out within minutes. You can also purchase one online or at your local auto supply store.

Battery cutoff switches are another alternative. Also, some people have gone as far as purchasing their own parking boots.

 

  

KIRO TV-

https://www.kiro7.com/news/local/part-1-with-car-thefts-rise-ways-help-prevent-becoming-victim/KIRSID3X7BFOFO263SGOEOANGE/

https://www.kiro7.com/news/local/affordable-tools-you-can-buy-prevent-car-theft/QFGZDUWIAVGR7CHTELJMBTGPJA/

  

Charlotte Mecklenburg Police Department, Charlotte, North Carolina:

https://www.bing.com/videos/riverview/relatedvideo?q=steering+wheel+lock&mid=8B20E932DDE8B72E366A8B20E932DDE8B72E366A&FORM=VIRE

 

Washington Auto theft Prevention Authority:

https://waautotheftpreventionauthority.org/resources/

  

Puget Sound Auto Theft Task Force:

https://blog.piercecountywa.gov/autothefttaskforce/2023/10/17/psattf-releases-auto-theft-stats-for-september-2023/

  

Snohomish County Auto Theft Task Force:

https://snohomishcountywa.gov/2687/Auto-Theft-SNOCAT

 

 

 

PHISHING- Package Scammers Spoofing the US Postal Service

Package scams are a long-time tactic by scammers to collect personal information. Recent reporting by Krebs on Security shows an increase in scammers targeting US Postal Service (USPS) customers. Typically, you receive an email or a text message that says that the USPS could not deliver a package for some reason. A sample of a phishing (smishing) text message shows how real looking the scammers can design their messages:

 

 

 

 

Generally, the USPS does not send messages to citizens telling them that they have a package that they cannot deliver and asking for updated address information. The only time the USPS will email/text you is when you have signed up for a service such as holding your mail or subscribing to their Informed Delivery Service. But with the logo, this text message looks real enough that you might click on the link.

Krebs on Security points out that the link takes you to a phishing domain, usps.informedtrck[.]com. The Postal Service does not insert a word between “usps” and “.com” in its web addresses.

Phishing/smishing scams can be used in many contexts with scammers pretending to be from your local utility, your bank, a well know business, or a government entity. Taking a few moments to inspect your emails and texts before taking any action on them will save you grief in the future. Look for the following signs,

 

·         An urgent or emotional language designed to get you to act quickly.

·         A request for your personal or financial information, often to “update” or “verify” the sender’s database.

·         Incorrect email addresses or links. A good example is using amazan[.]com for amazon.com.

·         Bad grammar. This is not 100%, scammers are getting better with their English. But bad grammar shows that the writer is not as proficient in English.

 

If you detect an email or text that you think is suspicious, report it to the real business or governmental entity being impersonated, and/or to the provider of your email or text messaging service.

Then delete the email so that you won’t click on any links be mistake.

A good way to track your mail, including packages, is to sign up for Informed Delivery from the Postal Service. Every day, the USPS will send you an email with a listing of mail and packages coming to your mailbox in the next day or so. You can sign up for this service at https://www.usps.com/manage/informed-delivery.htm.

Phishing and smishing are major tactics scammers use to collect personal information and sometimes money from the average consumer. It is also a major tool to target businesses to steal funds, insert malware for intelligence, or to insert ransomware.

 

 

Krebs on Security:

https://krebsonsecurity.com/2023/10/phishers-spoof-usps-12-other-natl-postal-services/

 

Verify:

https://www.verifythis.com/article/news/verify/scams-verify/unsolicited-usps-texts-about-undelivered-packages-are-scams/536-fce7bc60-b3d1-4c8e-8fec-69ba6fd33538?fbclid=IwAR2dI_cB_GY-cxmD01kJUdx7LLzzsUo_bysO5P-qG5jCift_dbhmmcLyWzM

 

United States Postal Inspection Service:

https://www.uspis.gov/news/scam-article/smishing-package-tracking-text-scams#:~:text=Have%20you%20received%20unsolicited%20mobile,is%20a%20scam%20called%20smishing.

 

AARP:

https://www.aarp.org/money/scams-fraud/info-2019/package.html?intcmp=AE-FWN-LIB3-POS6

 

 

 

 

FRAUD/SCAMS- Don't Blame the Victim

AARP would like you to reconsider your attitudes toward fraud victims. It notes that the language we use when referring to victims of frauds or scams often stigmatizes the victim. Phrases like: "I would not fall for that!" "How could you fall for this?"

According to a study conducted by AARP, the FINRA (Financial Industry Regulatory Authority) Investor Education Foundation, and Heart+Mind Strategies 32% of Americans agree with this statement- “Honestly if you fall victim...a lot of that is on you.”

Also, according to the study, 83% of Americans say that a scam can happen to anyone. Yet, 53% say the victim is to blame for "falling for fraud.”

Much of this attitude is not anyone’s fault. In America we have an attitude of the independence of the individual and for personal accountability.

This attitude may also be a result of some misunderstanding about fraud and fraud victims. Some people mistake fraud with consent. Fraud is defined as “…an intentionally deceptive action designed to provide the perpetrator with an unlawful gain or to deny a right to a victim.”

Also, we often think of fraud victims as the elderly with diminished cognitive abilities. But recent statistics show that younger people report losing money to fraud more often than older people. For example, 43% of 20–29-year-olds reported losing money to fraud versus 23% of 70–79-year-olds. The graphic below, from the Federal Trade Commission (FTC), shows that more younger people report losing money to fraud than older people and that when they do lose money, younger people lose less than older people. For example, for 30-39-year-olds 89 per 100k of population report losing an average of $500 to fraud. While for 80–89-year-olds 39 per 100k of population report losing an average of $1,393 to fraud.  

Being victimized by fraud, like other crimes, brings a feeling of loss, violation, and victimization. The Identity Theft Resource Center (ITRC) points out that it has detected an increase in thoughts of suicide by fraud victims who have contacted it. ITRC provides a toll-free phone number (888-400-5530) for fraud victims to call for help and advice. It also conducts an annual survey that measures the effects of identity theft. As the CEO, Eva Velasquez, points out in its latest Consumer Impact Report, ITRC has noted that 2-4% of its survey respondents identity theft victims have considered suicide for almost two decades. In 2020, during the pandemic, that figure jumped up to 8%. In 2021 it grew to 10%. In 2022, the number of people who said that they considered suicide rose to 16%.

The ITRC attributes this increase to the rise of sophisticated social engineering scams, an increase in very large dollar losses, including an increase in six-figure losses, and a dismissive or judgmental discussion around fraud, even though everyone is vulnerable to it.

AARP urges everyone to treat fraud victims with kindness and empathy. If a relative or friend has been victimized by fraud, show empathy to them. Focus the attention on the fact that the criminal stole from them. Use the terms “criminal” and “crime” instead of “duped” or “fell for.” Three things you can do to help a fraud victim include,

 

·         Skip the blame and shame.

·         Listen with compassion.

·         Help out with fraud reporting, be it to a local police, bank, FTC, or FBI

 

Like victims of other crimes such as assault, domestic violence, or theft, fraud victims deserve our empathy and support.

 

 

 

AARP:

https://www.aarp.org/money/scams-fraud/info-2022/victim-blaming.html

https://www.aarp.org/content/dam/aarp/money/scams_fraud/2022/07/aarp-fraud-victim-blaming-report-06-07-22.pdf

https://www.aarp.org/podcasts/the-perfect-scam/info-2023/victim-blaming.html

https://www.aarp.org/money/scams-fraud/info-2022/mental-health-impact.html?intcmp=AE-FRDSC-MOR-R2-POS3

https://www.aarp.org/money/scams-fraud/info-2023/supporting-loved-ones.html?intcmp=AE-FRDSC-MOR-R2-POS3

 

Identity Theft Resource Center:

https://www.idtheftcenter.org/

https://www.idtheftcenter.org/publication/2023-consumer-impact-report/

https://www.idtheftcenter.org/2023-consumer-impact-report-webinar-by-the-identity-theft-resource-center/

 

Federal Trade Commission:

https://www.ftc.gov/news-events/news/press-releases/2023/02/new-ftc-data-show-consumers-reported-losing-nearly-88-billion-scams-2022#:~:text=Newly%20released%20Federal%20Trade%20Commission%20data%20shows%20that,than%20%243.8%20billion%E2%80%94than%20any%20other%20category%20in%202022.

https://www.ftc.gov/news-events/data-visualizations/explore-data

 

 

 

 

INTERNET SAFETY- Educating Your Children to be Safe Online

The internet and social media have become important to our lives. They also become important to your children's lives as they mature. In the latest issue of the Sheriff’s Office’s crime prevention newsletter, “Partners in Crime Prevention, the Sheriff’s Office suggests some ways you can guide your children to be safe on the internet.

 

 

 

Snohomish County Sheriff’s Office:

https://www.snohomishcountywa.gov/ArchiveCenter/ViewFile/Item/7071

 

 

 

CAR THEFT- Kias and Hyundais May Need More than a Software Update

The Puget Sound Auto Theft Task Force (PSATT), which covers King and Pierce counties, has noted on its Facebook page that while Kia and Hyundai owners have been taking advantage of the software upgrades that have been offered by the manufacturers, it appears that car thieves do not realize that the upgrades have been installed in many Kias and Hyundais. The Pierce County Sheriff’s Department (PCSD) has told FOX13 News that “…motor vehicle theft attempts are starting to keep pace with actual thefts.” Car thieves do not know whether any particular Kia or Hyundai has installed the security update. They will try to steal any Kia or Hyundai and even if your Kia or Hyundai has received the update, it is still susceptible to broken windows and a damaged ignition.

The PSATT recommends that Kia/Hyundai owners use a steering wheel lock whether their vehicle has been updated or not. That would provide a visible deterrent to any potential car thief. PSATT also reminds all drivers of the following standard car theft prevention tips,

 

·         Remove or hide all valuables

·         Lock your car

·         Don’t leave keys or fobs inside

·         Don’t leave your vehicle running unattended (exhaust in cold months makes these vehicles easy to spot)

·         Use anti-theft devices (alarm, kill switch, steering wheel lock)

·         Park in well-lit areas

 

 

 

Puget Sound Auto Theft Task Force:

https://www.facebook.com/photo/?fbid=301569892379042&set=a.261059723096726

 

 

FOX13 News:

https://www.fox13seattle.com/news/updated-software-on-kias-hyundais-might-not-be-enough-to-deter-thieves

SCAM UPDATE- Jury Duty Scam and Watch Out for Charity Scammers

JURY DUTY SCAM- In what seems to be a yearly ritual, the Snohomish County Sheriff’s Office has issued a warning about a scammer calling county residents and attempting to “bully” them into having “…a warrant ‘lifted’ or saying they missed jury duty.”

In its Facebook posting, the Sheriff’s Office reminds everyone that “No law enforcement, government or court personnel will ever call you to demand money over the phone or attempt to meet up with you to receive payment.” It encourages you to hang up if you receive a call demanding money like this.

 

Snohomish County Sheriff’s Office:

https://www.facebook.com/photo/?fbid=685298976956870&set=a.226070289546410

 

CHARITY SCAMS-

With the disasters in the news such as the fires on Maui, tornados in the Midwest and Southeast, and wildfires in the west, the Federal Trade Commission (FTC) is warning the public to watch out for scammers posing as charitable organizations. Scammers follow the news and solicit donations claiming to use the money for disaster relief. Before giving money to any charity, do a little research first. The FTC recommends,

·         Donate to charities that you know and trust.

·         Research the organization yourself. Do some research especially if you do not know the organization or you found it on social media. Do a web search with the charity’s name and the words “complaint,” “review,” “rating,” or “scam.” Also, check out the charity with one of the following organizations,

o   Better Business Bureau, Give.org- https://give.org/

o   Charity Navigator- https://www.charitynavigator.org/

o   Charity Watch- https://www.charitywatch.org/

o   Candid- https://candid.org/

·         Be cautious about giving to individuals on crowdfunding sites.

·         Do not donate to anyone who insists on being paid only by cash, gift card, money wire, or cryptocurrency.

·         If you are going to text to donate, be sure to confirm the number.

 

 

 Federal Trade Commission:

https://consumer.ftc.gov/consumer-alerts/2023/08/how-make-sure-your-donations-count-when-weather-disasters-strike

 

https://consumer.ftc.gov/features/how-donate-wisely-and-avoid-charity-scams

 

 

Washington State Secretary of State:

https://www.sos.wa.gov/corporations-charities

 

https://www.sos.wa.gov/corporations-charities/nonprofits-charities/charities/information-donors/givesmart

 

 

 

PHISHING- A Major Threat to Business and To You

Phishing is a prime method that cyber criminals use to gain control of a computer system and gather information within that system to steal funds or to conduct intelligence. Businesses and individuals are both susceptible to a phishing attack.

Cyber criminals will use social engineering to pose as a trustworthy friend or colleague or organization through an email, text, or sometimes a phone call. Like many scam techniques, the idea is to use social engineering to convince you to give over money to the scammer, or to give over information about yourself or your business that the scammer can use for their own benefit.

In a business context, cybercriminals will conduct Business Email Compromise (BEC) to target specific organizations, parts of an organization, and individuals who will best move funds to the cybercriminal or provide sensitive information that is useful to the cybercriminal. The cybercriminal will employ a phishing campaign, malicious software, and an imposter domain to collect information that will allow them to move around in the organization’s computer system.

BEC operations often have two phases. Phase 1 amounts to latent unauthorized access where the cybercriminal monitors email, learns who is who in the organization, what they do, and their relationship with other parts of the organization. Often, the people who dispense funds and authorize dispensing funds are important to the cybercriminal. Phase 2 is the fraud phase where the cybercriminal uses the intelligence that he has gathered to craft a story to convince a key financial employee to move funds to a place of the cybercriminal’s choosing.

While many businesses and organizations are targeted by BEC attacks, businesses that contract with governments have proven popular because the bidding process is public.

Individuals can be caught up with phishing scams. A Federal Trade Commission (FTC) study found that text messaging was a popular means of communicating for scammers in 2022 with a total of $330 million in losses to text scams reported to the FTC. The median reported loss was $1,000.

The 5 most popular text scams were,

·         Copycat bank fraud prevention alerts.

·         Bogus gift, reward, or prize offers.

·         Fake package delivery problems.

·         Phony job offers.

·         Fake Amazon security alerts.

 

 No matter the communication method, email, text, phone, take a few seconds to evaluate the message.

 

·         Check out the address of the sender. For example, if the sender claims to be from Amazon, but the address is not from an “amazon.com” address (like .Gmail or .outlook) then there is something wrong.

·         Scammers will try to give a sense of urgency to get you to act before thinking. If an email comes from your boss, call them separately to confirm the message is genuine. If the message is from an outside entity, contractor, financial institution, etc. contact them separately. The more serious sounding the situation, the more the need to confirm that there really is a problem.

·         If you are prompted to click a link, there is a chance that you will be led to a fake website or malware will be downloaded onto your device. Carefully, examine the link to ensure that that it is genuine. Or better yet, don’t click on the link, but go to the website after a web search.

·         If the message uses a generic greeting it probably is a scam.

·         If the message has spelling and grammatical errors, it probably is a scam.

 

 

 

Microsoft:

https://www.microsoft.com/en-us/security/business/security-insider/threat-briefs/breaking-down-business-email-compromise/

https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/phishing-trends?view=o365-worldwide

 

Federal Trade Commission:

https://www.ftc.gov/news-events/news/press-releases/2023/06/new-ftc-data-analysis-shows-bank-impersonation-most-reported-text-message-scam

https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2023/06/iykyk-top-text-scams-2022

https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams#:~:text=If%20you%20got%20a%20phishing%20email%20or%20text,the%20phishing%20attempt%20to%20the%20FTC%20at%20ReportFraud.ftc.gov

https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/phishing

 

Cybersecurity & Infrastructure Security Agency (CISA):

https://www.cisa.gov/sites/default/files/2023-02/phishing-infographic-508c.pdf