NEW YORK — Warnings and tips have been made available to residents and businesses as the Russian invasion of Ukraine continues.
Consumers and businesses should be mindful of any potential price gouging of fuel, other goods and services, said state Attorney General Letitia James in a news release. They are also advised to and take actions to protect themselves against potential cybersecurity threats that may develop.
“As the devastating conflict in Ukraine continues to escalate, New Yorkers must be prepared for potential impacts of the conflict on their wallets and their cybersecurity,” James said. “Both consumers and businesses should take the necessary precautions to address the ongoing risks. I encourage anyone who has experienced issues concerning the price gouging of fuel or threats to cybersecurity to contact my office.”
Due to Russia’s role as the world’s second-largest producer of natural gas and one of the world’s largest oil-producing nations, the crisis may lead to market disruptions and inflated prices at the pump.
State law prohibits sellers of fuel and other vital and necessary goods from charging unconscionably excessive prices during an abnormal market disruption, including disruptions caused by world conflicts. New York consumers are urged to report dramatic gasoline price increases to OAG for investigation.
When reporting price gouging to OAG, consumers are advised to:
n Report the specific increased prices, the dates, and places that they saw the increased prices, and the types of fuel being sold.
n Provide copies of their sales receipts and photos of the advertised prices, if available.
Buy only as much fuel as they need and not to stock up out of fear of a potential future shortage.
Although there is currently no active cybersecurity alert, the U.S. Department of Homeland Security has encouraged consumers and businesses of all sizes to ensure they are taking appropriate measures to protect their systems.
The OAG has previously investigated issues relating to cybersecurity and provided guidance to both consumers and businesses about how they can best protect themselves from cybersecurity threats.
Businesses safeguards include:
n Use bot detection systems.
Bots are automated programs which generate hundreds of thousands of login attempts, and similar hacking behavior.
n Use multi-factor authentication, and strong password requirements for most accounts.
n Develop processes to manage software updates; limit employee access to systems according to their job functions; maintain the security of remote access to company systems; and identify and manage security vulnerabilities — in particular, critical vulnerabilities or vulnerabilities known to be exploited in the wild.
n Implement antivirus software, endpoint detection and response software..
n Implement technical safeguards to filter emails likely to be phishing attempts, while training employees on phishing and other potential scams.
n Review and test your incident response and business continuity plans.
The response plan should include processes for investigation — such as determining what information/systems were accessed — remediation, and alerting potentially affected customers. The business continuity plan should include processes to maintain essential services and restore systems from offline backups.
Safeguards for residents include:
n Protect your passwords.
Use a password manager to keep track of your passwords, and never reuse passwords. Although reusing login information may be convenient, it can also put personal information at risk.
A password manager on a phone, computer, or browser can help you generate strong passwords and automatically fill them in when you log in to a website or an app.
Password managers can also check if your passwords have been stolen in a data breach.
n Enable two-factor authentication.
Two-factor authentication can provide an extra layer of security by requiring anyone logging in to an account to provide another credential, such as a one-time code sent by SMS or email.
Most attackers who have access to a stolen password will not have access to a secondary credential. If a website or app offers two-factor authentication, make sure to enable it for your account.
n Watch out for online scams.
Scammers may email, text message, or even call you to trick you into clicking a link, sharing your personal information, or sending money or gift cards. These scammers might pretend to be familiar companies, the government, or someone you know.
Make sure you double check the email address or phone number contacting you to see if it’s legitimate. Instead of responding to an email or text from a company, we encourage you to go to the company’s official website and call the customer service number listed.
Also, be careful about publicly sharing your information, such as through social media.
n Check regularly for unauthorized activity.
Not all companies will notify users when their online accounts have been compromised. You should regularly check your online accounts for unauthorized transactions and activity, and immediately contact the service — and credit card company, if appropriate — if you see something suspicious.
n Regularly run antivirus software.
Computer viruses can run in the background without your knowing, so we encourage you to run antivirus software regularly to identify and address unknown threats.
Software updates often include important security updates, so make sure you are using the most up-to-date software and applications on all your devices.
n Sign up for breach notifications.
You should register with a breach notification service, like Have I Been Pwned, that will send a notification if an account associated with your email or phone number has been compromised.
n Take suspicious activity seriously.
If an online service notifies you of suspicious activity on your account, change your password immediately. If you use the same password for other accounts, change the passwords for those accounts as well.
Gloss