e-edition eEdition Subscribe Log in
Wednesday, October 23, 2024
39.0°F

Hackers accessing security systems

| December 21, 2019 12:00 AM

On Oct. 24, I wrote about a disturbing incident that happened at a friend’s house with his Nest security system getting hacked and how unsettled it made us feel that a hacker was actually spying on us while inside a private residence. Nest claimed their system wasn’t hacked because the bad actor gained access through the user’s own password.

Now, more reports are starting to come in that other security systems around the country are also being hacked in the same manner, most particularly Ring security systems (owned by Amazon).

Owners of the Ring security cameras in at least four states — Mississippi, Georgia, Florida and Texas — have reported being tormented by hackers with racial slurs, encouraging children to engage in destructive behavior, watching while they were sleeping and demanding a ransom in Bitcoin.

One mom installed a Ring camera in her daughters’ room to keep an eye on them while she worked at her shift as a night nurse. After the camera had been installed four days, the hacker was able to breach the security system and tell the little girl, “I’m Santa Claus. Don’t you want to be my best friend?”

Ring responded to these incidents in a statement claiming, “Customer trust is important to us and we take the security of our devices seriously. Our security team has investigated the incidents and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.”

The statement goes on to claim that malicious actors obtained some Ring users’ account information from a separate, external, non-Ring service and re-used them to log into Ring accounts.

Basically, Ring was blaming the incidents on customers who use the same username and password on multiple services. But some customers who were hacked claimed the credentials they set up on their security systems was unique and not guilty of reusing the same username and password with other secured accounts.

The reality is: No security system provider wants to admit its system was hacked. Keep in mind that security system users are at greater risk of being hacked if they re-use credentials across multiple online services, don’t enable two-step authentication or set a unique password on their account.

•••

GIFT CARD SCAMS: If you plan to give gift cards this holiday season, you should know that they continue to be a big target for thieves. The reason the gift cards are vulnerable at stores is because they’re accessible to anyone.

The crook writes down the card number and then peels back the sticker covering the gift card’s PIN to expose it. Once the card is activated, they are able to empty the account of any funds loaded onto it — often before the rightful recipient even knows what happened.

To aid in their queries, scammers use computer programs to try possible combinations of the card number and PIN on a retailer’s website. All this can happen away from the stores and sometimes halfway around the world. What makes this theft more frustrating is that getting your money back from the retailer is nearly impossible.

Here are some tips to protect yourself from this scam:

1. Inspect your gift card before purchasing it. If it appears to have been tampered with, don’t buy that card.

2. For a safer option, request a gift card that is secured behind the cash register station. These are less likely to have issues.

3. Never accept gift cards as payments. Anyone who asks you to pay with a gift card is a scammer.

If you’ve been a victim of a gift card scam, go to https://www.ftc.gov/complaint to file a report.

•••

ZOHO OH-OH: A reader from Worley called to warn us about an incident that happened while he was surfing websites on his computer. Here’s his story:

He received a pop-up claiming to be from Microsoft, informing him his computer had been compromised. He was instructed to join zoho.com and pay a one-time fee of $350 to get the computer cleaned up. The reader paid the money but the computer continued to operate slowly.

The reader called the company to complain about the continued poor performance. It turns out Zoho was unaffiliated with Microsoft. Instead, it is a California company specializing in web-based online office suites.

The company offered a refund of $300 but told the reader they would need his bank account numbers in order to process the refund. Rather than provide the refund, money was transferred from his savings account to his checking account. He was notified by his credit union of the transfer and the bank had him file a report and then froze his accounts.

He went to Geek Squad to have the computer scanned. The scan revealed that a Trojan horse had been installed on the computer, and that 10 other viruses were detected. Since the computer was five years old, Geek Squad recommended that he purchase a new laptop so as not to be plagued by future problems with the malicious malware that had been installed.

The reader remains out the $350, and he feels grateful that money was only transferred between his own accounts and not transferred to a different account he didn’t control. The lesson here: Do not respond to pop-up ads, and never give your personal information or bank account information to people you don’t know.

•••

Remember: I’m on your side.

•••

If you’ve encountered a consumer issue that you have questions about or think our readers should know about, please send me an email at terridickersonadvocate@gmail.com or call me at 208-274-4458. As The CDA Press Consumer Gal, I’m here to help. I’m a full-time copywriter working with businesses on marketing strategy, a columnist and a consumer advocate living in Coeur d’Alene.