Cybersecurity Newsletter

VOLUME 1
Tips for Safer Browsing

Recession Image

As recession fears rise, scams promising to “fix your credit” are targeting vulnerable consumers—especially car shoppers. Fraudsters are taking advantage of economic anxiety by pushing deceptive credit repair offers that promise to hide or erase bad credit. 

One tactic, called credit washing, involves filing false identity theft claims to clear negative records. Once fringe, it’s now mainstream and often promoted by shady credit repair companies. Point Predictive says this fraud is now present in 1 out of 59 auto loan applications.

Consumers charged with credit washing can be prosecuted under wire and mail fraud laws—even if they unknowingly participated.

QR Code

InformationWeek says 25% of all phishing emails now include QR codes because the random-looking pattern of small black and white squares can bypass even the latest email security filters.

QR codes in scam emails also target mobile users, who are less likely to spot red flags or use protective browser tools. Plus, the codes are familiar enough now that they appear to be legitimate—making users more likely to scan them without suspecting malicious intent.

One example now making the rounds: a phishing email urges recipients to scan a QR code to update their federal tax return—redirecting them to a fake Microsoft login page. Malwarebytes says the site is set up to collect victims’ Microsoft usernames and passwords.   

Hacked Companies

These organizations say they have been hacked recently. If you do business with any of these companies, change the password on your account and use two-factor authentication wherever possible.

Think you’re browsing the web safely on your home computer?

Think again?

The ads you see on social media and popular website are usually chosen based on what you’ve searched for or browsed online.

But the lack of robust regulations mean that dangerous ads – know as “malvertising” – frequently appear on thousands of reputable websites including Disney, Fox, YouTube, Drudge, eBay, The New York Times, and even in Google Search.

AdGuard say roughly 5% of these malicious ads get clicked.

From Pop-Ups to Pay-ups

Unclosable Ads:
Some ads lock your screen and push fake tech support warnings, trying to trick you into calling a toll-free number for help. Don’t respond. Quit your browser and reopen it.

Spoofed web addresses:
Ads link to websites that look just like a legitimate banking or e-commerce page – but a close look shows the web address doesn’t relate to the real thing.

Dangerous downloads:
Ads that secretly install malicious code on your computer, potentially exposing your data to criminals. Running anti-virus software on your home computer usually prevents it.

Reduce Your Risk This Way:

Update the web browser on your home PC:
When you see an alert at the top of your browser, click “update.” Your browser will quit and relaunch, good as new.

Consider installing an ad blocker on your home PC:
Reputable brands for your personal computer include uBlock Origin, Adblock Plus, Privacy Badger, and StopAd.

Report a suspicious ad:
If you encounter an unclosable ad or one that takes you to a suspicious website, report it to the website where you first saw it.

Cybersecurity News You Can Use

Meta Image

Meta is extending its “Teen Accounts” safety program—first launched last year on Instagram—to the Facebook and Messenger social media platforms. TechCrunch says users under 18 are now being automatically placed into teen accounts with built-in protections. 

These include default private profiles, message limits, restricted story interactions, nighttime “Quiet Mode,” and reminders to log off after an hour. Teens under 16 will need parental approval to adjust settings or go live on Instagram. Meta says 54 million teens have been enrolled in Instagram Teen Accounts so far, with 97% keeping protections active. 

The move comes as lawmakers and regulators increase pressure on social platforms to improve youth safety and mental health support.

Meanwhile, CNET says Meta has stopped fact-checking on Facebook, Instagram, and Threads, replacing it with user-generated comments.

Common Cybersecurity Questions

“I was a victim to the 2015 OPM Background check cybersecurity breach involving 21.5 million military/active-duty members and government employees. Here’s something I learned: if you have deceased loved ones, make sure you contact the Social Security Administration and have their social security number and name taken off voter rolls.”

You’re correct. USA.gov says that while the Social Security Administration records deaths, it does not directly manage voter rolls. Instead, local election offices are responsible for updating these records. Contacting your local election office directly to request the removal of a deceased loved one’s name from voter registration lists helps ensure the accuracy of electoral records.

“It’s been a year since I was notified that my personal information was compromised in a data breach. Now, I’ve just received an alert about a hard inquiry on my credit report—something I didn’t authorize. I’m not sure what steps to take next. What safety measures do you recommend?”

You’re smart to keep a close eye on your finances. Here’s what to do:

Start by getting credit reports from all three bureaus—Experian, Equifax, and TransUnion—at www.annualcreditreport.com/. Check which company made the hard inquiry and when it happened.

Next, contact the credit bureau that reported the inquiry to file a dispute. You should also contact the company that made the inquiry and ask for more details. If it turns out to be fraudulent, request that the inquiry be removed.

To protect yourself going forward, place a free fraud alert with one of the credit bureaus—they’ll notify the others. You may also want to consider a credit freeze with each bureau. This blocks lenders from accessing your credit report and stops new accounts from being opened in your name. Keep all documentation in a safe place—you’ll need it if you ever want to lift the freeze.

“Do I really need anti-virus, anti-malware, anti-spyware, anti-(fill in the blank) software, or is most of this covered by Windows now?

If you’re using Windows 10 or 11, you already have solid built-in protection with Microsoft Defender. It includes antivirus, anti-malware, a firewall, and even some ransomware protection. For most users who browse safely, avoid sketchy downloads, and keep the software on their home computer up to date, this is usually enough.

But, if you frequently open email attachments, download from unknown sources, or handle sensitive data, you might want added protection. PCMag says tools like Malwarebytes Premium can catch threats Microsoft Defender might miss. Full security suites like Norton or Bitdefender offer extras like VPNs, password managers, and identity theft monitoring.

Mac users: same goes for you.

Cybersecurity News from Citizens Business Bank
Always Keeping You Safer Online