New York officials: Watch for price gouging, cybersecurity threats tied to war in Ukraine | Local News | Auburn, NY | Auburnpub.com

“As the devastating conflict in Ukraine continues to escalate, New Yorkers must be prepared for potential impacts of the conflict on their wallets and their cybersecurity,” James said in a news release. “Both consumers and businesses should take the necessary precautions to address the ongoing risks. I encourage anyone who has experienced issues concerning the price gouging of fuel or threats to cybersecurity to contact my office.”

Due to Russia’s role as the world’s second-largest producer of natural gas and one of the world’s largest oil-producing nations, the AG's office said that the crisis may lead to market disruptions and potentially inflated prices at the pump. New York law prohibits sellers of fuel and other vital and necessary goods from charging unconscionably excessive prices during an abnormal market disruption, including disruptions caused by world conflicts. New York consumers are urged to report dramatic gasoline price increases to OAG for investigation, including:

• The specific increased prices, the dates, and places that they saw the increased prices, and the types of fuel being sold

• Provide copies of their sales receipts and photos of the advertised prices, if available

• Buy only as much fuel as they need and not to stock up out of fear of a potential future shortage.

Cybersecurity Best Practices

Safeguards for businesses include:

• Use bot detection systems (software designed to block activity from “bots,” or automated software that may, for example, generate hundreds of thousands of login attempts), multi-factor authentication, and strong password requirements for most accounts

• Develop processes to manage software updates, limit employee access to systems according to their job functions, maintain the security of remote access to company systems, and identify and manage security vulnerabilities

• Implement antivirus software, endpoint detection and response software;

• Implement technical safeguards to filter emails likely to be phishing attempts, and train employees on phishing and other potential scams

• Review and test your incident response and business continuity plans. The response plan should include processes for investigation (e.g., determining what information/systems were accessed), remediation (e.g., blocking attackers’ continued access to impacted systems), and notice (e.g., alerting potentially impacted customers).

Additionally, James recommends consumers take the following steps to safeguard their online accounts against cybersecurity threats:

• Protect your passwords: Use a password manager to keep track of your passwords, and never reuse passwords. While reusing login information may be convenient, it can also put your information at risk.

• Enable two-factor authentication: 2FA can provide an extra layer of security by requiring anyone logging in to an account to provide another credential, such as a one-time code sent by SMS or email.

• Watch out for online scams: Scammers may email, text message, or even call you to trick you into clicking a link, sharing your personal information, or sending money or gift cards. These scammers might pretend to be familiar companies, the government, or someone you know.

• Check regularly for unauthorized activity: Not all companies will notify users when their online accounts have been compromised.

• Regularly run antivirus software: Computer viruses can run in the background without your knowing, so we encourage you to run antivirus software regularly to identify and address unknown threats.

• Update your software: Software updates often include important security updates, so make sure you are using the most up-to-date software and applications on all your devices.

• Sign up for breach notifications: You should register with a breach notification service, like Have I Been Pwned, that will send a notification if an account associated with your email or phone number has been compromised.

• Take suspicious activity seriously: If an online service notifies you of suspicious activity on your account, change your password immediately. If you use the same password for other accounts, change the passwords for those accounts as well.