You wouldn’t want to get into a car with bad brakes, but you may have signed up for a car sharing app that crashed on its security test.

This and more in this week’s scam alert.

Watch here:

Car Sharing Crooks

You can use a car-sharing app to share your car or to score a ride to get around town.

But a new report from Kaspersky Lab says many of these apps are hackable, allowing crooks to steal your bank info or even your car.

Kaspersky tested more than a dozen apps used by millions of people in the U.S., Europe and Russia. They didn’t name the apps.

Some tips for car sharing app safety:

—Don’t post your phone number or e-mail on social media. Attackers can use that to get your car-sharing app password.

—Use a separate bank card for online payments in case thieves get in.

Kaspersky Lab says social media posts like this one can help attackers get into your car sharing app. Image credit: Kaspersky Lab

Hackers in the Control Room

Are the Russians about to turn off your power? Probably not. 

The Department of Homeland Security is clarifying some info that came out this week about Russian hackers reportedly taking over U.S. power plant control rooms last summer.

The Wall Street Journal reported Monday that DHS said there were “hundreds of victims” and hackers “got to the point where they could have thrown switches.”

Now, DHS has released a statement saying the hackers targeted hundreds of energy and other companies, but only compromised one “very small generation asset” — and it would not have caused a big blackout if the hackers had taken it offline.

DHS says the Russian hackers infiltrated supply companies for power plants and other companies in order to get inside the plants themselves, then used sophisticated tools to take over.

This hacking campaign against US infrastructure has been going on since at least March, 2016, and the hackers are making progress toward being able to effectively attack infrastructure.

You can read more about the attacks and how to prevent and protect here from the United States Computer Emergency Readiness Team.

An example of a power plant. DHS did not specify which plant was compromised. Image credit: bhumann44

Cost of Crime

You can hire someone to hack for just a little cash.

A report from Positive Technologies says $40 on the dark web will get you an e-mail hack.

They’ll hack a whole website for $150 or more.

And for $1,500 they’ll steal from an ATM.

The best bargain might be $10 to buy remote access to someone’s computer, according to McAfee.

Security experts say with these cheap attacks, you need be on alert and prepared to face an online ambush at any time.

Criminals offer their services on the dark web — for as little as $40, you can get an e-mail hack. Image credit: abietams

Who Should Pay?

A bank in Virginia is suing over a $2 million hack.

The National Bank of Blacksburg is taking an insurance company to court for not covering the hack damage, according to Krebs on Security.

Court documents provided by Krebs on Security say the hacks started in 2016 with a phishing e-mail to a bank worker.

The employee fell for it and the hackers got in.

The documents say the attackers used hundreds of ATMs across the U.S. to drain some of the money in May of this year.

National Bank of Blacksburg in Blacksburg, Virginia. Image credit: Google Maps

The bank claims the insurance company is not living up to its promises.

The insurance company did not respond to Krebs on Security’s request for comment, but did say in court filings that the bank did not accurately characterize its terms of coverage, among other issues.

Protecting Your Privacy

Which state protects your privacy online the most?

New research shows it’s California, followed by Delaware and New Hampshire.

Comparitech looked at laws that protect the privacy of children, customers and employees, along with other factors.

The states that protect you the least?

Wyoming, Mississippi, South Dakota and Alabama, the report said.

California, Delaware and New Hampshire protect you and your child’s privacy online the most, according to Comparitech. Image credit: Nadine Doerle

Reading Your Hands 

You probably know about the smart speaker Alexa, the voice assistant you can talk to for the weather, music shopping and more. 

But what if you can’t speak or hear?

Now a developer has made an app so Alexa can understand sign language.

Abhishek Singh trained the app to recognize hand signs.

The app translates the signs into a spoken voice for Alexa to hear.

When Alexa responds, the app turns her voice into text for people to read.

Abhishek Singh demonstrates his app to allow Alexa to understand sign language. Video: Abhishek Singh

Voice assistants are becoming popular, and the BBC says advocates for the deaf don’t want people left behind in the new digital world.

Abhishek has made many tech creations, including a simple game where you use a virtual reality laser to entertain a virtual reality kitten.

See other scam alerts:

Scam Alert #23 — Hacking the military & a security bra

Scam Alert #22 — Travel bots & ship hacking

Scam Alert #21 — Lockdown app & Bitcoin Baron

See more Scam Alerts here at Archer News.