Latest news with #phishing
CBS News
9 hours ago
- General
- CBS News
New York DMV warns of new "scam" text giving final notice for unpaid traffic tickets
Have you received a text message demanding money for an unpaid traffic ticket? The New York State Department of Motor Vehicles is warning drivers to beware of what it says is a new "phishing scam." The DMV posted an example of the texts people are getting. The "final notice" message claims the recipient is subject to penalties under "New York State Administrative code 15c-16.003" if they don't make a payment. The text says the DMV will suspend their car registration, take away their driving privileges for 30 days and be charged a 35% service fee at toll booths. It also warns of potential prosecution and an impact on the driver's credit score. The New York State DMV says this is what the phishing text message looks like. New York State DMV "These scammers flood phones with these texts, hoping to trick unsuspecting New Yorkers into handing over their personal information," DMV Commissioner Mark J.F. Schroeder said in a statement. "DMV will not send you texts asking for your personal information." Earlier this year, the E-ZPass NY system warned that a congestion pricing scheme was tricking drivers into paying for tolls via text. New Jersey DMV text Drivers across the country have been targeted by similar messages this year. The Pennsylvania Department of Transportation sent out a warning to residents this week, as did New Jersey authorities. The New Jersey Cybersecurity & Communications Integration Cell said there have been several reports of people getting the phishing texts in the past week. "This SMiShing scheme is similar to others that have circulated impersonating NJ toll services and EZ-Pass claiming the user has an outstanding toll that needs to be paid to avoid a late fee," the agency said in a statement. How to avoid scam texts The New York DMV and the New Jersey Motor Vehicle Commission are telling drivers that they will not try to collect payments via text message. They say residents should not send sensitive information to unverified websites or click on unfamiliar links. Signs of a potential scam include messages with poor spelling or grammar, threatening language or a URL that does not seem legitimate, the agencies say. "If in doubt, do not click," the DMV says.
Forbes
12 hours ago
- General
- Forbes
Learn How To Tell If You've Been Hacked, And What To Do
The more devices and accounts you have, the more likely you are to be hacked, so it's a good idea to ... More stay alert to the warning signs. Most of us now have a number of different devices, accessing a wide spectrum of online accounts and services. Any of these can be hacked, with criminals attempting to use your identity to carry out scams and fraud. So how can you tell you've been hacked? There are a number of signs common to different accounts and devices, including unexpected logins, changes to settings that you didn't make, unauthorized financial transactions and more. We look at the warning signs that your account or device may have been compromised, and the steps you should take to put things right if it has. Hacking is the term for gaining access to a device, account or network by a third party. It isn't necessarily malicious — ethical hackers, for example, do this to check out an organization's potential vulnerability. Dorking, meanwhile, is usually carried out for nefarious means, but can also be a useful technique to improve search results. Generally, though, hackers are criminals attempting to steal data — perhaps your personal information, or even your financial details. They gain access through a number of different methods, from vulnerabilities in the device or service itself, or through techniques such as phishing, where victims are tricked into giving away crucial information. If successful, hackers may use your account to lure in more victims, spread malware or even empty your bank account. Any device that can be connected to the internet is at risk of being hacked — phones, tablets, PCs and Apple computers. It's even possible to hack smart home devices or smart cars. Hackers have a number of motivations. Generally, it's to steal personal data, which can then be sold on the dark web to other criminals, especially if it includes passwords, credit card details or other financial information that can be exploited to carry out scams. Some devices are more at risk than others — Apple, for example, has a reputation for protecting user security well. But whatever the device, it's possible to take measures to minimize the risk. There are a number of signs that your computer has been hacked. Often, the first sign is slow performance, or your computer freezing or crashing. Programs that you didn't install may appear, as may a deluge of pop-up ads; your password may be changed, and you could be locked out of accounts. If you have a website, you may see browser warnings, Google Search Console alerts, slow loading times, and unexpected redirects, along with the sending of spam emails. If your PC or Mac is hacked, your first step should be to unplug your machine and disconnect it from the internet. You should then change passwords and run a full virus scan. Signs that your phone has been hacked include a fast-draining battery or overheating, indicating that it's working in the background for somebody else. Bills may be higher than usual, and new apps may unexpectedly appear, along with unexpected notifications, unrequested 2FA codes or pop-ups. You may find that settings such as camera or microphone permissions have been changed — or even find yourself locked out of your Apple ID or Google account. If you do fall victim, you should start by changing all passwords and running a security scan; if all else fails, you should restore your phone to its factory settings. Hundreds of thousands of routers are hacked every year, with criminals generally exploiting a weak password or taking advantage of unpatched software vulnerabilities. Your browser may keep redirecting you, you may spot increased data usage, slow internet or unusual network activity, or discover that unfamiliar devices have been connected to your wifi. Your login credentials or router settings may have been changed without your knowledge. If you suspect that your router has been hacked, you should disconnect it and give it a factory reset, and change your password. You should then use an anti-virus package to check all your devices for malware. Hacking accounts can give criminals access to valuable data, which they can exploit for financial gain, and allow them to spread malware or scams. Frequent targets include Amazon, Apple ID, email, Google and Microsoft, with signs including passwords that don't work, or unexpected alerts about login attempts, password resets, or two-factor authentication. To minimize the risk and keep your accounts safe, it's a good idea to use a strong password and two-factor authentication. Signs that your Amazon account has been hacked include changes to your address, email, payment information. You may also receive notifications of password reset requests. Other common signs of a compromised Amazon account include purchase activity that you don't recognize, or reviews you didn't write being posted in your name. If you think your Amazon account has been hacked, you should change your password, enable two-factor authentication and run an anti-virus scan. You should also chack for any unauthorized financial activity. The main signs that your Apple ID has been hacked are access by a device you don't recognize or a password change that you didn't make. You may also spot unauthorized purchases on the App Store or iTunes. And if your Apple ID is hacked, it will give the criminals access to all your Apple devices, from a MacBook to an iPad or iPhone. If this happens to you, you should change your password, check your account information is correct, and, if you can't then access your account, go to then for help. Signs that your email account has been hacked include being unable to log in, unexpected or missing emails, unexpected changes to your password or account settings or alerts from your email provider itself. If it happens to you, change your password and run a virus scan. You should be able to recover your account by contacting your email provider and asking for a password reset. Signs that your Google account has been hacked include a password that no longer works, changes to your personal account or an alert from Google that there's been a sign-in to your account from a new device. You should sign into your account if you can, change your password and turn on two-step authentication. Scan for and delete any malware, and visit Google's account recovery page to regain control. There are a number of signs that your Microsoft account may have been hacked, including a notification from the company itself about potentially suspicious activity, for example a log-in from a new location. Emails you didn't write may be sent from your account, or your profile information changed. If your account is hacked, you should change your password, enable multi-factor authentication and update security settings. If you can't access your account, you should be able to recover it here. Signs that your Netflix account has been hacked include an email from Netflix itself, perhaps alerting you that a device has signed in from an unfamiliar location, changes to your payment method or perhaps being locked out altogether. You should immediately change your password and then sign out of all devices, remove any unauthorized payment methods through the Manage payment methods section, and contact Netflix support to report the suspicious activity. Social media accounts are a popular target for hackers, thanks to the vast amount of personal information they hold and the ability to use a compromised account to carry out scams and fraud. All platforms — from X and LinkedIn to WhatsApp and Snapchat — are vulnerable, though Facebook, Instagram, and Xr are the most frequently hacked. Staying safe is a matter of taking basic security measures like having a strong password and two-factor authentication, avoiding giving too much information away on social media and never reusing passwords from one site to another. Signs that your Facebook account has been hacked include messages from Facebook itself, changes to your profile information or strange messages being sent to your contacts. If it happens, you should change all your passwords immediately and tighten up your privacy settings. You should also warn friends and family to avoid engaging with any messages from your account. If you can't access your account yourself, you'll need to go to this Facebook help page, where you'll be led through the process to recover your account. Instagram is one of the most-hacked social media platforms, and it's usually easy to spot if it happens to you. You may discover that you can't log into your account, or posts, reels or stories that you didn't make may appear. If you can still log in, you should change your password and turn on two-factor authentication. If you can't log in, there are a number of steps you can take, depending on your type of account. If you've had a message from Instagram telling you that your email address has been changed, you may be able to fix this by clicking the 'Secure my account' link in the message. You can also ask for a login link or security code to be sent to the email address or phone associated with your account. You may discover that your LinkedIn account has been hacked via a message from the company, or because of suspicious activity on your profile, difficulty logging in or complaints from contacts about strange or spammy messages coming from your account. You should report the problem to LinkedIn here, change your password and review your active sessions to see where you're signed into LinkedIn right now. You should review all the email addresses and phone numbers associated with your LinkedIn account to make sure you can receive password reset messages from LinkedIn. Look out for, and delete, any rogue messages or posts on your account, and let all your contacts know what's happened. Signs that your Reddit account has been compromised include apps on your profile that you don't recognize or unusual IP history on your account activity page. You may start seeing votes, posts or comments that you didn't make, or receive an alert from Reddit itself. If you think your account has been hacked, you should contact the company — although users report that getting your account back can take up to a month. You should also change passwords and alert any other users that you interact with that your account has been hacked. Signs that your Snapchat account has been hacked include spam being sent from your account, new contacts appearing or unauthorized changes to the mobile number or email address associated with your account. You may also get an alert from the company telling you that someone has logged in to your account from an unfamiliar location, IP address or device. If you realize that your Snapchat account has been hacked, you should change your password and enable two-factor authentication. Verify your email and mobile number, and check for any unauthorized linked devices. Signs that your WhatsApp has been hacked include strange activity on your account, such as messages from unknown contacts, unread messages marked as read or receiving unsolicited verification codes. You may spot an unfamiliar device logged into your account or changes to your profile information. Recovering a WhatsApp account is usually pretty straightforward — you just need to sign into WhatsApp with your phone number and you'll be sent a six-digit code via SMS or a phone call to allow you to re-register. Signs that your X account may have been hacked include a password that won't work, unauthorized tweets or direct messages from your account, unexpected actions like follows or blocks and notifications from X itself. You'll need to change your password, make sure that the email address linked to your account is secure, check for viruses and revoke access for any third-party applications that you don't recognize. If you're still having problems, you can contact X's support team here for help. Bottom Line The more devices and accounts you have, the more likely you are to be hacked. It's a good idea to stay alert to the warning signs. But if it does happen to you, it's usually fixable if you know the right steps to take.
Daily Mail
a day ago
- Entertainment
- Daily Mail
Panicked ESPN star issues urgent message to her social media followers
Anyone receiving monetary requests from someone claiming to be ESPN's Erin Dolan should disregard the message because it's bogus, the glamorous sports betting analyst said on Thursday. Social media users have complained about being solicited by someone claiming to be Dolan, who has now released a statement in an attempt to thwart the apparent phishing schemes. 'Alright. Enough is enough,' Dolan wrote on Instagram. 'I have TikTok, Instagram and Twitter @erinkatedolan. All verified. That's it. 'I would never reach out to anyone for money. I would never sell photos or videos. I would never speak to strangers on the phone. Despite turning off my DMs to not intake this nonsense, people still find a way to reach out letting me know these things are happening. I assure you, it's not me. It's called AI. Welcome to 2025.' Dolan has around 600,000 social media followers across multiple platforms. Yet, outside of some selfies, work-related post and her bombshell February revelation that she's dating a MLB star, she's never solicited money from followers. And she's not the first sports media personality to deal with impersonators. Golfer and social media influencer Paige Spirant has also warned her followers to avoid anyone soliciting money under her name. Dolan has enjoyed a meteoric rise at ESPN since coming over from FanDuel in 2022. Since then, the 28-year-old Penn State alum has signed a multiyear deal to serve as a gambling analyst and podcaster for the Worldwide Leader. These days she's a regular on both 'ESPN BET Live' as well as ESPN's NFL pre-game show, 'Sunday NFL Countdown,' Impressively, she is the first woman to receive the Philadelphia Broadcasters Foundation's Harry Kalas Award after coming up in the city's local media scene with PHL17. Dolan also revealed earlier this year that she's dating Philadelphia Phillies slugger Alec Bohm.
Forbes
3 days ago
- Business
- Forbes
Adidas Admits Data Breach Following Third-Party Attack
Adidas shoes in store window. Adidas AG is a German sports apparel manufacturer and parent company ... More of the Adidas Group. Adidas is once again in the cybersecurity spotlight. This time the breach came through a side door. Attackers infiltrated a third-party customer service provider and accessed the contact information of Adidas customers, as reported by Bleeping Computer. This incident highlights a growing trend: hackers are increasingly targeting vendors to bypass the more robust defenses of global brands. Adidas confirmed that names, email addresses and phone numbers of customers who contacted support were exposed. No payment or password data was compromised, but the information is a potential goldmine for phishing and social engineering attempts. The company has begun notifying affected users and has reported the breach to data protection regulators and law enforcement, as required by law. This is not Adidas' first data security incident. In 2018, the company suffered a breach affecting millions of U.S. customers. Adidas disclosed separate incidents in Turkey and South Korea, both involving third-party customer service providers and exposing similar personal data. Cybercriminals have shifted tactics. Instead of attacking a company's main network, they look for poorly guarded side doors. Third-party vendors often lack the robust security measures of the companies they serve, making them attractive targets. Key factors fueling this trend include: Verizon's 2025 Data Breach Investigations Report found that 30 percent of breaches last year involved external service providers, raising ongoing concerns around vendor risk management and security oversight. Forward-thinking retailers are adopting new strategies to reduce third-party risk. Consider these best practices: The Adidas breach is not an isolated event. It is a warning for the entire retail sector. As hackers become more sophisticated, companies must treat third-party risk as a top priority, not just a compliance issue. Key takeaways for business leaders: For businesses, remember that your security is only as strong as your weakest partner. The companies that thrive will be those that treat every link in their supply chain as a potential point of failure and act accordingly.
Forbes
3 days ago
- General
- Forbes
New FBI Attack Warning — Hang Up And Do This Now
Beware this US visa attack campaign. Cybercriminals thrive on fear, uncertainty and doubt. That's why so many phishing attacks aim to leverage the urgency and knee-jerk reaction that come when a seemingly worrying scenario confronts a victim. From the classic and shameful Hello Pervert campaign, attacks against Gmail users that claim their account is, oh the irony, being attacked by a hacker, and even concerns over President Trump's tariff plans, all are employed in this way. And talking of Trump plans, this latest warning from the FBI reveals that deportation fears are coming into play as a dangerous and costly new attack campaign is underway. Imagine being a lawful foreign student in the U.S. with a perfectly valid visa, already somewhat spooked by media reports of others being arrested and deported. Now imagine that you got a phone call, text, or email message from what appears for all intents and purposes to be the Department of Homeland Security, Homeland Security Investigations, or US Citizenship and Immigration Services informing you that there are problems with your visa. Imagine no more, because that's exactly what is happening, according to a new public service advisory from the Federal Bureau of Investigation. The FBI alert, I-051325-PSA, confirmed that attackers are targeting those foreign individuals who are studying perfectly legally in the U.S. and threatening them with prosecution or deportation for totally false visa violations. Unless, that is, the victim pays for unnecessary administration and legal fees to correct the issue that doesn't exist in the first place. At the time of the alert publication, most of the victims were known to be those studying in the U.S. from the United Arab Emirates, Saudi Arabia, Qatar and Jordan. Given the success of the campaign, there's no reason to expect the attackers to stop there, and other foreign students are likely to be targeted down the road. 'In 2024,' the FBI said, 'government impersonation fraud schemes such as this cost the American public over $405 million in losses.' Given that these attacks are happening now, targeting those already in the U.S., and employing people (or potentially AI-powered imposters) with a professional manner and correct use of language for the victim concerned, along with spoofed telephone numbers and website URLs of the agencies being impersonated, it's imperative for all foreign students to take mitigating action now. The FBI recommended the following: If you think this campaign may have already targeted you, you are advised to contact the FBI or the Bureau of Diplomatic Security at the Department of State, along with the diplomatic security office at your home country's embassy.
