NEW YORK — New York State Attorney General Letitia James is issuing a warning to New Yorkers amid the crisis in Ukraine and offering tips to people and businesses who could face price gouging and cybersecurity issues.
On Thursday, James issued a statement warning people to beware of any potential price gouging of fuel, other goods and services as well as encouraging people to protect themselves from cybersecurity threats.
“As the devastating conflict in Ukraine continues to escalate, New Yorkers must be prepared for potential impacts of the conflict on their wallets and their cybersecurity,” James said. “Both consumers and businesses should take the necessary precautions to address the ongoing risks. I encourage anyone who has experienced issues concerning the price gouging of fuel or threats to cybersecurity to contact my office."
The price of gas at the pump could be affected because Russia is the second-largest producer of natural gas. Unconscionably excessive prices during an abnormal market disruption is prohibited under New York law. That would include disruptions caused by world conflicts.
Consumers are urged to report dramatic gasoline price increases to OAG for investigation. When reporting people need to:
- Report the specific increased prices, the dates, and places that they saw the increased prices, and the types of fuel being sold.
- Provide copies of their sales receipts and photos of the advertised prices, if available.
- Buy only as much fuel as they need and not to stock up out of fear of a potential future shortage.
While there currently aren't any active cybersecurity alerts, the U.S. Department of Homeland Security has encouraged consumers and businesses to make sure they are protecting themselves.
The Attorney General's Office provided the following tips to do so:
- Use bot detection systems (software designed to block activity from “bots,” or automated software that may, for example, generate hundreds of thousands of login attempts), multi-factor authentication, and strong password requirements for most accounts.
- Develop processes to manage software updates, limit employee access to systems according to their job functions, maintain the security of remote access to company systems, and identify and manage security vulnerabilities (in particular, critical vulnerabilities or vulnerabilities known to be exploited in the wild).
- Implement antivirus software, endpoint detection and response software
- Implement technical safeguards to filter emails likely to be phishing attempts, and train employees on phishing and other potential scams.
- Review and test your incident response and business continuity plans. The response plan should include processes for investigation (e.g., determining what information/systems were accessed), remediation (e.g., blocking attackers’ continued access to impacted systems), and notice (e.g., alerting potentially impacted customers). The business continuity plan should include processes to maintain essential services and restore systems from offline backups.
In addition people need to protect their passwords, use two-factor authentication, beware of online scams, check for unauthorized activity, update software, run antivirus software, sign up for breach notification, and take suspicious activity seriously.