Scammers sometimes pretend to be government officials to get you to send them money. They might promise lottery winnings if you pay “taxes” or other fees, or they might threaten you with arrest or a lawsuit if you don’t pay a supposed debt. Regardless of their tactics, their goal is the same: to get you to send them money. Don’t do it. Federal government agencies and federal employees don’t ask people to send money for prizes or unpaid loans. Nor are they permitted to ask you to wire money or add money to a prepaid debit card to pay for anything.

How to Recognize a Government Impostor

It could be hard to recognize an impostor through the lies they tell. They use a variety of tricks to get your attention, whether it’s distracting you with a story about money you won or creating a fear that you’ll be sued or arrested.

Here are two deceptions that they have used successfully to steal money from people:

You’ve "Won" a Lottery or Sweepstakes

Someone claiming to be a government official calls, telling you that you’ve won a federally supervised lottery or sweepstakes. They may say they’re from “the national consumer protection agency,” the non-existent National Sweepstakes Bureau, or even the very real Federal Trade Commission — and it looks like they’re calling from a legitimate number. They also might send e-mails, text messages or letters.

They might:

• tell you you’ll have to pay taxes or service charges before you can collect your winnings
• ask you to send money to an agent of “Lloyd’s of London” or some other well-known insurance company to “insure” delivery of your prize
• ask you to wire money right away, often to a foreign country

The truth is that no government agency or insurance company is involved, and there are no winnings. There never were. Scammers take the money you paid them and disappear.

You Owe a Fake Debt

You might get a call or an official-looking letter that has your correct name, address and Social Security number. Often, fake debt collectors say they’re with a law firm or a government agency — for example, the FTC, the IRS or a sheriff’s office. Then, they threaten to arrest you or take you to court if you don’t pay on a debt you supposedly owe.

The truth: there’s no legitimate reason for someone to ask you to wire money or load a rechargeable money card as a way to pay back a debt. If you’re unsure whether the threat is legitimate, look up the official number for the government agency, office or employee (yes, even judges) and call to get the real story. Even if it is a real debt, you have rights under the Fair Debt Collection Practices Act.

Variations on these scams include people claiming to be with the IRS collecting back taxes, or scammers posing as representatives of the United States Citizenship and Immigration Service (USCIS) who target immigration applicants and petitioners.

Five Ways to Beat a Government Impostor Scam

Don’t wire money

Scammers often pressure people into wiring money, or strongly suggest that people put money on a prepaid debit card and send it to them. Why? It’s like sending cash: once it’s gone, you can’t trace it or get it back. Never deposit a “winnings” check and wire money back, either. The check is a fake, no matter how good it looks, and you will owe the bank any money you withdraw. And don’t share your account information, or send a check or money order using an overnight delivery or courier service. Con artists recommend these services so they can get your money before you realize you’ve been cheated.

Don’t pay for a prize

If you enter and win a legitimate sweepstakes, you don’t have to pay insurance, taxes, or shipping charges to collect your prize. If you have to pay, it’s not a prize. And companies, including Lloyd’s of London, don’t insure delivery of sweepstakes winnings.

If you didn’t enter a sweepstakes or lottery, then you can’t have won. Remember that it’s illegal to play a foreign lottery through the mail or over the phone.

Don’t give the caller your financial or other personal information

Never give out or confirm financial or other sensitive information, including your bank account, credit card, or Social Security number, unless you know who you're dealing with. Scam artists, like fake debt collectors, can use your information to commit identity theft — charging your existing credit cards, opening new credit card, checking, or savings accounts, writing fraudulent checks, or taking out loans in your name. If you get a call about a debt that may be legitimate — but you think the collector may not be — contact the company you owe money to about the calls.

Don’t trust a name or number

Con artists use official-sounding names to make you trust them. It’s illegal for any promoter to lie about an affiliation with — or an endorsement by — a government agency or any other well-known organization. No matter how convincing their story — or their stationery — they're lying. No legitimate government official will ask you to send money to collect a prize.

To make their call seem legitimate, scammers also use internet technology to disguise their area code. So even though it may look like they’re calling from Washington, DC, they could be calling from anywhere in the world.

Put your number on the National Do Not Call Registry

Ok, so this won’t stop scammers from calling. But it should make you skeptical of calls you get from out of the blue. Most legitimate sales people generally honor the Do Not Call list. Scammers ignore it. Putting your number on the list helps to “screen” your calls for legitimacy and reduce the number of legitimate telemarketing calls you get. Register your phone number at donotcall.gov.

Report the Scam

If you get a call from a government imposter, file a complaint at ftc.gov/complaint. Be sure to include:

• date and time of the call
• name of the government agency the imposter used
• what they tell you, including the amount of money and the payment method they ask for
• phone number of the caller; although scammers may use technology to create a fake number or spoof a real one, law enforcement agents may be able to track that number to identify the caller
• any other details from the call

Regardless of an organization’s security posture, there is no perfect security. On the other hand, there is no excuse not to implement fundamental security best practices. All organizations, regardless of size, must plan for inevitable attacks and loss of (or loss of access to) critical data. By recognizing risks, planning ahead and instilling a culture of security and privacy in the entire organization, losses and their impact can be minimized. As in previous years, OTA analyzed reported breaches through Q3 2017 and found that 93% were avoidable, which is consistent with previous years’ findings. Of the reported breaches, 52% were the result of actual hacks, while 11% were due to lack of internal controls resulting in employees’ accidental or malicious events. Regular patching and paying close attention to vulnerability reports has always been a best practice and neglecting them is a known cause of most breaches,24 but this category received special attention this year in light of the Equifax breach.

The vast majority of other types of attacks – ransomware and BEC – are initiated by deceptive or malicious emails. Analysis reveals that these too are avoidable, by blocking fake messages and training users to recognize spearphishing attacks. In addition to better processing of email, there are several other steps that can prevent or limit the impact of ransomware, which include updated system and security software as well as regular data backups.25 Since BEC attacks rely almost entirely on “social engineering” deception and rarely include any malicious links or attachments, better processing of email can generally stop these attacks in their tracks. Unfortunately, the day-to-day urgency of business often prevents organizations from appropriately defending against these emailbased attacks.

Key avoidable causes for incidents:

• Lack of a complete risk assessment, including internal, third-party and cloud-based systems and services • Not promptly patching known / public vulnerabilities, and not having a way to process vulnerability reports • Misconfigured devices / servers • Unencrypted data and/or poor encryption key management and safeguarding • Use of end of life (and thereby unsupported) devices, operating systems and applications • Employee errors and accidental disclosures - lost data, files, drives, devices, computers, improper disposal • Failure to block malicious email • Users succumbing to Business Email Compromise & social exploits

Coincheck, a Tokyo-based cryptocurrency exchange, has suffered what appears to be the biggest hack in the history of cryptocurrencies, losing $532 million in digital assets (nearly $420 million in NEM tokens and $112 in Ripples). Apparently, the cryptocurrency markets reacted negatively to the news, which resulted in 5% drop in Bitcoin price early this morning.

In a blog post published today, the Tokyo-based cryptocurrency exchange confirmed the cyber heist without explaining how the tokens were stolen, and abruptly froze most of its services, including deposits, withdrawals and trade of almost all cryptocurrencies, except Bitcoin.

Coincheck also said the exchange had even stopped deposits into NEM cryptocurrencies, which resulted in 16.5% drop in NEM coin value, as well as other deposit methods including credit cards.

During a late-night press conference at the Tokyo Stock Exchange, Coincheck Inc. co-founder Yusuke Otsuka also said that over 500 million NEM tokens (then worth around $420 million) were taken from Coincheck's digital wallets on Friday, but the company didn’t know how the tokens went missing, according to new source Asahi.

The digital-token exchange has already reported the incident to the law enforcement authorities and to Japan's Financial Services Agency to investigate the cause of the missing tokens.

"We will report on the damage situation and cause of the case, measures to prevent recurrence, but first we would like you to take every possible measure to protect our customers," said Executives of the Financial Services Agency (translated).

This incident marks yet another embarrassing hack in the world of digital currency technology, once again reminding us that the volatility in cryptocurrency prices is not going away anytime soon.

Security experts at Checkmarx discovered two security vulnerabilities in the Tinder Android and iOS dating applications that could be exploited by an attacker on the same wi-fi network as a target to spy on users and modify their content. Attackers can view a target user’s Tinder profile, see the profile images they view and determine the actions they take.

“The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising orother type of malicious content (as demonstrated in the research).” reads the analysis published by Checkmarx.

“While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.”

An attacker can conduct many other malicious activities, including intercepting traffic and launching DNS poisoning attacks.

The first issue is related to the fact that both the iOS and Android Tinder apps download profile pictures via insecure HTTP connections, this means that an attacker can access the traffic to determine which profiles are viewed by a Tinder user.

“Attackers can easily discover what device is viewing which profiles,” continues the analysis. “Furthermore, if the user stays online long enough, or if the app initializes while on the vulnerable network, the attacker can identify and explore the user’s profile.” “Profile images that the victim sees can be swapped, rogue advertising can be placed and malicious content can be injected,”

Obviously, such kind of issue could be mitigated with the adoption of HTTPS.

Checkmarx also discovered another issue related to the use of HTTPS, the flaw was called “Predictable HTTPS Response Size”.

“By carefully analyzing the traffic coming from the client to the API server and correlating with the HTTP image requests traffic, it is possible for an attacker to determine not only which image the user is seeing on Tinder, but also which action did the user take.” states Checkmarx. “This is done by checking the API server’s encrypted response payload size to determine the action,” 

An attacker that is in the position of analyzing the traffic can discover the user’s interest in a specific profile by detecting a 278-byte encrypted response that is delivered by the API server when he swipes left on a profile picture. Swiping right, the Tinder user likes a particular profile, in this case, the response generated is composed of 374 bytes.

The researchers also noticed that Tinder member pictures are downloaded to the app via HTTP connection, this makes possible for an attacker to view the profile images of those users being swiped left and right.

In order to mitigate this issue, researchers suggest padding requests, if the responses were padded to a fixed size, it would be impossible to discriminate the user’s action.

Checkmarx disclosed both vulnerabilities to Tinder.

Dealing with files on your Android phone or tablet can be intimidating, especially since there are several file transfer standards and dozens of different apps for file management. Do you find yourself overwhelmed by all the different Android file management options? Or are you just not sure where to get started?

Don’t worry. Today we’ll go over everything you need to know about file management on Android, including the best apps for managing files and how to transfer files seamlessly to other devices.

Utilize the Built-In Android File Manager

Android got a native file manager in Android 6.0 Marshmallow. It’s pretty barebones, but it gets the job done for basic file management.

Here’s how to access it on your stock Android device running 6.0 Marshmallow or higher.

Open Settings > Storage & memory. Here, you should see what files are hogging up space on your device. You should see a visual breakdown of your device’s storage into various categories like Apps, Images, Video, Audio, Cached data, etc.

To access the traditional Android file manager, scroll down and tap Explore. Switch to the Storagetab. You should see various partitions such as internal storage, external storage (if your phone supports SD card or USB OTG), and Google Drive.

You can tap on a particular item to cut, copy, delete, share or perform other file manipulation operations.

If your phone is running Android 8.0 Oreo, the location of the file manager is different. Open the Downloads app from the app drawer. Tap the three-dot overflow menu button and select Show internal storage. Here, you can manage your files and perform file manipulation operations such as cut, copy, delete, share, etc.

Note that if your device is not running stock Android, the built-in file manager might look pretty different. Some manufacturers, like Samsung, include their own file managers with their modified version of Android.

Use Third-Party File Managers for Extra Functionality

While the native Android file manager works great for basic file operations, it lacks advanced features. If you’re looking to do more with your files, a third-party file manager is what you need.

Here are some of our favorite third-party file managers for Android.

Solid Explorer

Solid Explorer is a powerful file manager wrapped with the beautiful material design. It features a dual-pane setup, rich customization options, and supports various network protocols like FTP, SFTP, WebDAV, etc.

For the uninitiated, FTP lets you host files in one location and access them from anywhere. Perhaps the best thing about Solid Explorer is that it supports extensions, so you can extend its functionality.

Download: Solid Explorer (Pro version, 14-day free trial)

ES File Explorer

ES File Explorer has lately faced criticism for its heavy advertising nature and unnecessary bloatware. While it’s true to some extent, there’s no denying that the once-favorite file manager still comes with a powerful set of features.

It boasts of real-time search, built-in support for compression and encryption, and remote file management using FTP.

Download: ES File Explorer (Free with ads, $2.99 for Pro)

Transferring Files Between Android Phone and PC

Now that we have seen various apps for on-device file management, here’s how to simplify file transfers between your Android phone and your computer.

Transfer Files With a USB Cable

This one is fairly obvious, but it’s still pretty reliable. Simply connect your phone by plugging it via USB to your computer. Unlock your device and tap the “USB for…” notification. Select Transfer Files. A file transfer window should pop up on your computer. You can now transfer files seamlessly.

If you’re using a Mac, you need to download Android File Transfer first. Then connect your phone by plugging it into your Mac. Android File Transfer should launch automatically. Unlock your Android device. You should be able to transfer files back and forth between your Mac and your Android device.

Transfer Files Using Bluetooth

Bluetooth transfer can be pretty slow, but it’s always nice to have a quick, easy wireless option.

Start by pairing your Android device with your PC or your Mac. To transfer a file, just hit the Share button inside any file manager app and select the paired computer from the list.

USB On-the-Go

Most Android phones these days support USB On-The-Go. USB OTG lets your Android device read data from a USB connection without requiring a PC. This essentially means that you can connect a USB flash drive or a portable hard drive directly to your Android phone and transfer files easily.

To check if your device supports USB OTG, you can download this free app called USB OTG Checker. Alternatively, you can check the device specifications on the manufacturer’s website.

Transfer Files Using AirDroid

If you don’t like fumbling around with USB cables, you can transfer files remotely using AirDrop. To begin, download AirDroid on your Android device and your desktop. After you sign up for a free account, you can easily transfer files to nearby devices and other registered devices. You can transfer files remotely even when the devices aren’t connected to the same Wi-Fi network.

Download: AirDroid for Android (Free) | AirDroid Desktop Client (Free)

Browse Your Files Remotely From Anywhere

Until now, we’ve seen how to manually transfer files between your computer and your Android phone. But what if you forget an important file on your work computer, and have no physical access to the computer?

Pushbullet provides an easy solution. Pushbullet’s Remote Files feature lets you access your files remotely from anywhere. To get started, download Pushbullet and sign up for a free account. Head over to Pushbullet’s support page for instructions on how to enable Remote Files.

Download: Pushbullet (Free)

Transfer Files Between Android Devices Using Files Go

Late last year, Google launched Files Go, its very own file manager app aimed at lower-end smartphones. Its primary focus is to make storage management easier, but it also comes with a nifty feature to transfer files securely without the internet.

To use it, both the Android devices should have Files Go installed.

To send a file, switch to the Files tab and tap on Send. If you’re using it for the first time, tap Allow to grant the required permissions and enable Allow modify system settings. Enter your name and tap Next. The setup is now complete.

Ask your friend to open the app and tap Receive. It creates a secure Bluetooth connection to let you share files quickly. It might take a while to transfer the file to the other device, depending on the file size.

Note that you can alternatively use AirDroid and Pushbullet to transfer files between Android devices.

Download: Files Go (Free)

Transfer Files From Android to iPhone Using ShareIT

ShareIT has been the go-to app for sharing files between Android and iOS devices for a while now. It doesn’t require an active internet connection, but it requires both devices to be connected to the same WiFi network. It utilizes a feature called WiFi Direct for blazing fast transfer speeds.

Download: ShareIT for Android (Free) | ShareIT for iOS (Free)

Automatically Sync All Your Files Across Several Devices

Do you have some important files on your Android that you want to keep up-to-date always, across all your devices?

Enter Resilio Sync.

Resilio Sync lets you sync all your files/folder across your phone, computer, and NAS. Every time you make changes to a file, it instantly syncs the changes seamlessly across all your registered devices. It also features a proprietary file transfer service that the company claims “skips the cloud and finds the shortest distance between devices.”

Download: Resilio Sync ($59.99, business plans start at $29/mo)