NEW YORK (WKBW) — New York Attorney General Letitia James warned New Yorkers Thursday of possible price gouging of fuel amid Russia's invasion of Ukraine.
According to the AG, Russia is the second-largest producer of natural gas and one of the world’s largest oil-producing nations. According to information provided by AAA, the invasion of Ukraine has led to an increase of prices at the pump.
"New York law prohibits sellers of fuel and other vital and necessary goods from charging unconscionably excessive prices during an abnormal market disruption, including disruptions caused by world conflicts," a release says.
The AG urges New Yorkers to report dramatic gasoline price increases and provided the following tips:
- Report the specific increased prices, the dates, and places that they saw the increased prices, and the types of fuel being sold;
- Provide copies of their sales receipts and photos of the advertised prices, if available; and
- Buy only as much fuel as they need and not to stock up out of fear of a potential future shortage.
AG James also issued a reminder to individuals and businesses to ensure they are taking measures to protect their cybersecurity.
For individuals:
- Protect your passwords: Use a password manager to keep track of your passwords, and never reuse passwords. While reusing login information may be convenient, it can also put your information at risk. A password manager on your phone, computer, or browser can help you generate strong passwords and automatically fill them in when you log in to a website or an app. Password managers can also check if your passwords have been stolen in a data breach.
- Enable two-factor authentication (2FA): 2FA can provide an extra layer of security by requiring anyone logging in to an account to provide another credential, such as a one-time code sent by SMS or email. Most attackers that have access to a stolen password will not have access to a secondary credential. If a website or app offers 2FA, make sure to enable it for your account.
- Watch out for online scams: Scammers may email, text message, or even call you to trick you into clicking a link, sharing your personal information, or sending money or gift cards. These scammers might pretend to be familiar companies, the government, or someone you know. Make sure you double check the email address or phone number contacting you to see if it’s legitimate. Instead of responding to an email or text from a company, we encourage you to go to the company’s official website and call the customer service number listed. Also, be careful about publicly sharing your information, such as through social media.
- Check regularly for unauthorized activity: Not all companies will notify users when their online accounts have been compromised. You should regularly check your online accounts for unauthorized transactions and activity, and immediately contact the service (and credit card company, if appropriate) if you see something suspicious.
- Regularly run antivirus software: Computer viruses can run in the background without your knowing, so we encourage you to run antivirus software regularly to identify and address unknown threats.
- Update your software: Software updates often include important security updates, so make sure you are using the most up-to-date software and applications on all your devices.
- Sign up for breach notifications: You should register with a breach notification service, like Have I Been Pwned, that will send a notification if an account associated with your email or phone number has been compromised.
- Take suspicious activity seriously: If an online service notifies you of suspicious activity on your account, change your password immediately. If you use the same password for other accounts, change the passwords for those accounts as well.
For businesses:
- Use bot detection systems (software designed to block activity from “bots,” or automated software that may, for example, generate hundreds of thousands of login attempts), multi-factor authentication, and strong password requirements for most accounts;
- Develop processes to manage software updates, limit employee access to systems according to their job functions, maintain the security of remote access to company systems, and identify and manage security vulnerabilities (in particular, critical vulnerabilities or vulnerabilities known to be exploited in the wild);
- Implement antivirus software, endpoint detection and response software;
- Implement technical safeguards to filter emails likely to be phishing attempts, and train employees on phishing and other potential scams; and
- Review and test your incident response and business continuity plans. The response plan should include processes for investigation (e.g., determining what information/systems were accessed), remediation (e.g., blocking attackers’ continued access to impacted systems), and notice (e.g., alerting potentially impacted customers). The business continuity plan should include processes to maintain essential services and restore systems from offline backups.
As the devastating conflict in Ukraine continues to escalate, New Yorkers must be prepared for potential impacts of the conflict on their wallets and their cybersecurity. Both consumers and businesses should take the necessary precautions to address the ongoing risks. I encourage anyone who has experienced issues concerning the price gouging of fuel or threats to cybersecurity to contact my office.