In this issue:

• Unlimited streaming scams

• New twist on credit card fraud

• Data breaches this week

Unlimited streaming scams

Our household have more streaming accounts than I can count (e.g., Netflix, Hulu, Amazon Prime, Disney+, etc.) totaling over a hundred dollars every month.

Many people buy modified Amazon Fire TV sticks or cheap smart gadgets because they promise unlimited shows at a low price. What most do not realize is that these devices often come with something much more costly. They can quietly steal credit card numbers, passwords, and personal information the moment you plug them in.

Various research shows that two in five people who used illegal streaming devices in the UK were financially hacked in one year. The average amount stolen was about $2,000, and some victims reported losses of more than $7,500. These users thought they were saving about $13 per month. Instead, the real cost was many times higher.

Security experts warn that people who use modified Fire sticks or suspicious IoT devices are trusting criminals with access to their network. Many of these products ship with hidden malware that activates as soon as the device connects to your WiFi.

Once the malware is running, attackers can spy on your traffic, steal stored passwords, open fake banking pages, or capture card numbers you enter online. Victims are often shocked when they discover fraudulent purchases or attempts to open accounts in their name.

Illegal streaming feels simple and harmless, but it creates a direct path into your personal life. The moment you plug in a modified device or install a shady app, you have already done most of the work for the attacker. The small monthly savings are not worth the risk of losing thousands or your life savings.

For safe streaming and smart home use, always buy official devices, update your software, avoid unknown apps, and treat any message asking for personal information with caution. The safest entertainment is the one that does not put your bank account on the line.

New twist on credit card fraud

As a follow-up to last week's article on phantom credit card charges, here's a new way scammers are stealing your money.

Instead of placing tiny test charges, criminals are posting real amounts on credit card statements. The charges can look like purchases from small shops, online services, or subscription companies you might not remember using.

What makes this scam more dangerous is that the transaction often includes a customer service phone number that looks completely legitimate.

I've included an image below of a valid credit card charge we made at Steve's Hallmark store showing their 510 area code phone number:

Now, here is how the scammer leverages a legitimate phone number and charge.

A charge appears on your credit card for twenty or thirty dollars, sometimes more. Next to the charge is a phone number that seems to belong to the merchant.

Most people assume this is the safest path to a quick refund, so they call the number. This is exactly what the scammers want.

When you call, the scammer acts helpful and apologetic. They promise to reverse the charge and then guide you through a fake refund process.

Instead of issuing a refund through your credit card, they ask for bank account information so they can “deposit the refund directly.” Once they have that information, they drain your account. Some victims report that their money was pulled out within minutes of ending the call.

The best protection is simple: never call the number listed next to an unfamiliar charge. Instead, contact your bank or credit card company directly using the number printed on your card. They can verify whether the charge is legitimate and handle the dispute safely. Never provide banking information to a merchant over the phone, even if the person sounds professional.

This scam works because it uses real charges and real phone numbers, which look trustworthy at first glance. A few extra minutes of caution can keep your financial accounts safe.

Data breaches this week

Most of the time these will be companies that you don’t have any personal data with, but scan the names to make sure you aren’t affected. This week, no one disclosed the number of individuals affected. You can see a list of previous breaches I reported here.

•  Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack

•  Princeton University Data Breach Impacts Alumni, Students, Employees

•  DoorDash Says Personal Information Stolen in Data Breach

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com