Another CB Says

Scams you need to watch out for.

Scams never end. I found a few new ones that are spreading like wildfire across the U.S. When these hit my timeline, I make sure to pass them on to you. I want you to be prepared and not a victim.

1. Your day in court

Police in several cities, including Amarillo, Texas, are warning about this. You get a phone call that looks like it’s coming from law enforcement. The voice on the other end lays it on thick, claiming you've failed to appear for a court date, and oh boy, they've got a warrant out for you. Just pay up over the phone and this mess will disappear (not!).

• Always question: Real law enforcement won't demand payments over the phone.

• Caller ID can be faked: Spoofing is a common trick to make the call look real.

2. The delivery text snare

You get a text that appears to be from the USPS. "Click here," it says, "Your package can't be delivered until you update your address." It’s easiest to fall for those this time of year when more packages are coming your way.

• No link, no problem: Official USPS communications won't include unsolicited links.

• Check the details: Always keep track of what you ordered, where from and how it should arrive.

• Guard your info: Never, and I mean NEVER, give out your personal data through a random text link.

3. Gas station skimmer alerts

This one is trending in Colorado. An email in your inbox warns about gas station credit card skimmers. All you have to do is click a link for a list of affected locations. It’s a trap!

• Just delete: Treat unsolicited emails like uninvited guests. Don't let them in.

• Inspect before you swipe: Always give a visual check to any payment terminal. Pay inside or move on to the next station if it looks sketchy

Stay informed, be skeptical and protect your personal info like it's gold — because to you and these scammers, it is.

Share this important alert with family and friends so they’ll have their scam guard up, too. As I like to say, “Knowledge is power.”

All: Another CB Says!

I've got some urgent news you need to pay attention to. The nefarious Xenomorph Android malware and it's targeting a whopping 100-plus banking and crypto apps. Yeah, that's just about all the major ones.

The Trojan (like the horse) is now even stealthier. The upgraded Xenomorph is launching a fresh assault on Android users — and there's a tricky way it's worming in: Fake updates.

Get outta here, copycat

Xenomorph uses overlays to make you think you're logging into your banking or crypto app, then it inputs the details you’ve provided to drain your account. You think everything’s fine until you find all your money or cryptocurrency wiped out.

How is it spreading? This is interesting. Scammers have a new weapon of choice: Sites that fool you into thinking Chrome needs an update. Of course, what you really end up downloading is a malicious file loaded with malware.

Guess which apps are in the crosshairs?

• We're talking major players here, like Chase, Citi, Bank of America, Capital One, PNC, Santander Bank, TD Bank and Wells Fargo.

• On the crypto side, Coinbase, Binance and MetaMask aren't safe

The cherry on top? The overlays this malware uses can differ based on your physical location. This definitely isn’t a one-trick pony.

Be on high alert, keep your apps updated, and whatever you do, don't fall for sketchy “Upgrade Chrome” messages. Always double-check sources and stick with the official Apple App Store and Google Play Store for downloads.

My words of wisdom: To update your browser, you only need to shut it down and restart. Updates are auto-installed. Don't trust any site that tells you it's the place to score the latest version — or tries to convince you downloading a file is necessary to update your browser.

Stay smart, stay safe and keep those digital shields up! I’ll do my very best to keep you in the loop.

All: Another CBSAYS 

Keyboard walking,the practice of choosing a password by typing a combination of letters that are next to each other on the keyboard, is more common than you might realize. According to new research released by password security software company Specops, millions of people are keyboard walking their way into a false sense of cybersecurity.

Specops looked at 800 million breached passwords to determine the top keyboard walks on three different standard keyboards. On the most popular QWERTY keyboard—named for those first six keys on the top row of letters—the prevailing keyboard walk was “QWERTY” (found over a million times), followed by “QWERT.” Perhaps the easiest two passwords for a slacker to choose, this side of “12345.”

But password walks happen on other keyboards too. On the French-designed Azerty keyboard, the top keyboard walk was XCVBN, which are the second through sixth keys on the bottom row of the keyboard. It was found more than 143,000 times. On the QWERTZ keyboard, used in central Europe, the most common keyboard walk was “QWERT,” found 1.4+ million times.

All:  CB Says!!  Please be aware that Google is selling Top Level Domains TLD's (.com.edu.org ETC) that end in .zip and .mov.  Your PC's and phones will think they are trusted files and not domain names.  PC's think that .zip are compressed trusted files and will open them.  A bad guy can put all kinds of malware in his brand new website.  Your computer or phone will try to open it and boom your infected.  The same goes for the .mov domain.  The computer or phone will think this is a movie and try to play it.  And again your infected.  I am looking for ways to stop this and so far to stop this is very complicated. 

So if you get any links to .zip or .mov be very careful.  Hopefully the tech world will find a way to make these TLD's safe. 

If I find a easy way to make these safe or at least issue a strong warning I will let you guys know.