Scam of the day – October 19, 2017 – Congress forces IRS to suspend multi-million dollar Equifax contract

In the Scam of the Day for October 8th, I reported to you about the recent announcement that Equifax, the company responsible through its own negligence for 145 million Americans becoming in serious danger of identity theft for the rest of their lives, was awarded a 7.25 million dollar contract to provide security and fraud detection services to the IRS.  Making the problem even worse was the fact that the contract was a no-bid contract.

Now under pressure from numerous members of Congress the IRS has temporarily suspended the contract while the IRS investigates Equifax’s systems and security.  The suspension of the contract means that taxpayers wishing to set up accounts with the IRS through its Secure Access program which enables taxpayers to access certain online services will be unable to do so.  Taxpayers who already had set up accounts with the IRS to use the Secure Access program, however,  will still be able to use their accounts.

 

TIPS

Relying on the IRS to protect the security of our data is somewhat problematic because the IRS itself has had a number of instances where its security practices have been lacking.  When it comes to protecting ourselves from identity theft there are numerous simple steps we should all take in order to protect ourselves.  I provide them in great detail in my book “Identity Theft Alert.”  However, here are a few of the things we all should do:  Freeze your credit, monitor your credit reports and all of your accounts, use complex passwords, use nonsensical security questions, use dual factor authentication, use security software on all of your devices and keep the software updated with the latest security patches,  never click on links or download attachments unless you have verified that they are legitimate and limit the places you provide your Social Security number as much as possible.  Your doctor, for instance,  may ask for it, but he or she doesn’t need it.

Scam of the day – October 18, 2017 – Anthem class action update

I first reported to you about the huge data breach at Anthem, a major  health care company in February of 2015 when it was initially discovered. The data breach affected 78.8 million patients and employees.  The data stolen included birth dates, Social Security numbers and other information putting the victims in extreme danger of identity theft.    In response to the data breach Anthem offered free identity theft repair and credit monitoring services to current or former members of Anthem plans going back to 2004.

A class action filed by people affected by the data breach has recently been settled with the settlement now awaiting approval by a federal judge in California overseeing the case.  A final approval hearing for the settlement is scheduled for February, 1, 2018.

Here is a link to the settlement.

https://anthemdatabreachlitigation.girardgibbs.com/wp-content/uploads/2017/06/2017-0623-Dkt-869-8-Settlement-Agreement.pdf

Approval is expected.  Under the terms of the settlement, Anthem will offer two more years of identity theft repair and credit monitoring services to those affected and will pay up to fifteen million dollars toward out of pocket costs incurred by victims of the data breach.  Anthem also agreed to make substantial changes to its cybersecurity systems.  The total amount to be paid to settle the class action is 115 million dollars which is more than five times what Target and Home Depot spent to settle similar charges.  The primary reason for this is that in the Target and Home Depot data breaches all that was lost was credit card information while in the Anthem breach, personal information that can lead to significant identity theft was stolen.  Hopefully, this will serve as a wake up call to companies to upgrade their cybersecurity.  It is important to also note that, as with so many data breaches, this was started when an employee clicked on a link in a simple phishing email.

TIPS

Notices to class members will start going out this month informing them that they will have 90 days to file a claim or opt out of the class action and file their own private lawsuit.  I will notify you when the settlement is approved and let you know how to make a claim and apply for the additional credit monitoring and identity theft protection as well as apply for out of pocket expense reimbursement.

Neither Anthem nor AllClear ID, the company Anthem is using to provide credit monitoring and identity theft protection services to victims of the data breach assists with credit freezes although it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian if you were a victim of this or any other data breach.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the top right hand corner of this page.

Scam of the day – October 17, 2017 – New report discloses all wifi networks vulnerable to hacking

Yesterday, a Belgian researcher, Mathy Vanhoef made public his discovery from this past summer that the security protocol used to protect most wifi connections is vulnerable to hacking such that data formerly thought to be encrypted and protected could be hacked and that it was also possible for a cybercriminal to inject ransomware and other malware into websites visited through  compromised wifi connections.  If your device supports wifi, it is most likely affected.

The United States Computer Emergency Readiness team issued a warning yesterday that lists all of the systems affected.  Here is a link to that warning.

http://www.kb.cert.org/vuls/id/228519

As is often the case when discoveries of computer vulnerabilities are made, researchers notify the technology companies first to allow them time to come up with patches.  In this case, the technology companies were notified on August 28th about this problem.  Google has indicated that it expects to have a patch available “in the coming weeks.”  Microsoft has said, “we have released a security update to address this issue.  Customers who apply the update, or have automatic updates enabled, will be protected.”

TIPS

This is one instance where things may not be as bad as they initially appear.  Hackers exploiting the vulnerability would need to be physically close to the attacked device to accomplish an attack and connections to secure websites using HTTPS will still be safe.  Online banking and online shopping websites will generally use https technology which you can confirm by looking at the address line for the letter “s” after the initial http in the website address.  In addition, as I have long advised you, if you are going to use public wifi you should use Virtual Private Network (VPN) which is not affected by this vulnerability.

This discovery also emphasizes the importance of having your security patches and updates installed automatically or as soon as they are available.  I will update you on this situation as new information becomes available.

Scam of the day – October 16, 2017 – Breast Cancer Awareness Month telemarketing scams

October is Breast Cancer Awareness month and scammers are taking full advantage of the increased attention to this disease which is diagnosed in 200,000 women each year.   Recently, I received a telephone call from a telemarketer seeking a contribution to a breast cancer charity or at least that is what she said.  Even if you are on the federal Do-Not-Call List, the law permits charities and politicians to contact you.  However, whenever you receive a telephone call, you can never be sure who is really calling you.  Even if your Caller ID indicates that the call you are getting is coming from a charity the name of which you recognize, the call actually may be from a scammer using a technique called Spoofing to make it appear that the call is legitimate when it is not.  The truth is that the call you receive may or may not be from a legitimate charity or a telemarketer on behalf of a legitimate charity and you can’t tell who is really on the other end of the line.

TIPS

When you receive such a call from a telemarketer or someone purporting to represent a charity, if you are interested in the particular charity, the best thing you can do is just to ask them to send you written material.  Do not provide your credit card number over the phone to anyone who calls you because you cannot be sure that they are legitimate.   Also, as I have warned you in the past, many phony charities have names that are similar to real charities so it is always a good idea to investigate a charity before you make a charitable contribution.  In addition, when you receive a charitable solicitation telephone call from a telemarketer, the telemarketer is generally being paid a commission for the money he or she collects.  Thus, your contribution to the charity is diluted by the amount that goes to the telemarketer and as Jerry Seinfeld would say, “not that there is anything wrong with that.”    However, if you really want to make your charitable contribution go farther, you will  be  better served by first checking out the particular charity at www.charitynavigator.org where you can find out not only if the particular charity is legitimate, but also how much of your contribution goes toward administrative costs and how much actually goes toward the charity’s charitable purposes.  Then you can make your contribution directly to the charity without any amount being deducted for fund raising expenses.

Scam of the day – October 15, 2017 – Medicare open enrollment scams

The open enrollment period for Medicare begins today, October 15th and continues until December 7th.  This is the only time during the year that people enrolled in Medicare can change their Medicare health plans, Medigap plans and their prescription drug plans.  By now, people already enrolled in Medicare should have received an Annual Notice of Change from their health insurance providers describing any changes to their plans such as the dropping of particular drugs from their prescription drug plan.  If you are satisfied with your plans, you do not need to do anything.

Scammers and identity thieves view the open enrollment period as senior citizen hunting season as myriads of Medicare scams are common during this time.  Among the scams are phone calls or emails purporting to be from the Centers for Medicare & Medicaid Services (CMS) informing you that Medicare is issuing new Medicare cards and that in order to continue to receive benefits, you need to obtain a new card which can be done by providing the person contacting you with your Medicare number which is your Social Security number.  If you provide this number, you will end up becoming a victim of identity theft.  What makes this scam particularly troublesome is that there is a kernel of truth to this scam.   Starting in 2018, new cards will be sent by regular mail to all 60 million Americans enrolled in Medicare.  Between April 2018 and December 31, 2019 a Medicare recipient has the option to use either his or her old number or the new, more secure Medicare number.  Starting in 2020 only the new numbers will be used.

Scammers are already taking confusion about this transition to the new Medicare numbers by pretending to be Medicare employees, calling Medicare recipients and telling them that they need to register on the phone to get their new card or they will lose benefits.  They then ask for their intended victim’s Medicare number which is the same as their Social Security number and use that information to make them a victim of identity theft.  In another variation of the scam, targeted victims are told they need to pay for the new card through a credit card or by giving the caller their bank account number.  The truth is that there is no charge for the new card, but anyone providing this information to a scammer will quickly become a victim of identity theft.

You also may be contacted by someone purporting to be from your insurance company asking  you to verify information.  Again, this is a common tactic of identity thieves trying to trick you into providing information.  You also may be contacted by people claiming to have supplemental insurance programs that will save you thousands of dollars.  Here too, you cannot be sure that they are legitimate when they contact you by phone, text message, email or even regular mail.

TIPS

Medicare is not issuing new cards to Medicare recipients at this time and they will never contact you by phone and ask for your Medicare number.  Never give personal information to anyone who calls you on the phone because you can never be sure who is actually on the other end of the line.  Through a technique called “spoofing,” a scammer can manipulate your Caller ID and make it appear that the call is from the government or some legitimate company when in fact, it is from an identity thief who is eager to steal your money.  If you want to get information you can trust about what insurance plans are available to you and at what cost, merely go to the “Plan Finder” section of Medicare’s website www.medicare.gov.  If you want to speak with someone on the phone, call Medicare at its 24 hour hotline 1-800-MEDICARE.

Scam of the day – October 14, 2017 – “Psychic”pleads guilty to tax evasion

Recently Sally Ann Johnson pleaded guilty in federal court in Boston to failing to report more than 3.5 million dollars paid to her by an elderly Massachusetts woman who paid Johnson $3,567,000 according to the IRS to perform “spiritual cleaning and healing services to rid her of demons.”  In accordance with a plea agreement, Johnson has agreed to repay all of the $3,567,000 to her victim as well as pay restitution to the IRS for the taxes avoided.  One would think that Johnson would have seen this coming.

I have written many times over the years about phony psychic scams.  Often they begin with letters, email or telephone calls from psychics either offering good fortune or the ending of bad fortune.  The positive psychic scams occur when the psychic promises to share a secret with you that will bring you fame and fortune.  Often the psychic offers to sell you a special good luck charm that is guaranteed to bring you good fortune.    The negative psychic scam occurs when you are told that you are in danger from a demonic force and that if you do not send money to the psychic to ward off the threatening force, something terrible will happen to you.

TIP

If you want to believe in psychics, it is your business, but when you receive an unsolicited email, letter or telephone call from someone claiming to be a psychic, it doesn’t take a psychic to predict it is a scam.

Scam of the day – October 13, 2017 – FTC sending refunds to victims of “free trial” weight loss scams

The Federal Trade Commission (FTC) is mailing 227,000 refund checks to victims of phony weight loss products and supplements sold by Health Formulas LLC and a number of other related companies.  According to the FTC, Health Formulas LLC lured victims with “free trials” and tricked their victims into providing their credit and debit card information.  Health Formulas LLC then enrolled their victims into a program with continuing automatic monthly payments for their bogus weight loss products.

The FTC is administering the refunds through Epiq systems, Inc, which began mailing checks earlier this week.  The checks must be cashed within 60 days and there is no fee or charge to obtain the refunds.

TIPS

For more information about this refund program go to the tab at the top of this page entitled “FTC Scam Refunds.”  You can also call the refund administrator directly at 800-690-2366 if you have questions about the refund program.

As for weight loss products, the truth is that there are no quick fixes when it comes to weight loss and you should be wary of any product that promises you can lose tremendous amounts of weight quickly without dieting or exercise.  You should also be wary of any weight loss product that is sold exclusively either over the Internet or through mail-order advertisements.  It is also important to remember that no cream that you rub in your skin can help you lose substantial weight and no product can block the absorption of fat or calories.  The best course of action is to ask your physician about the effectiveness of a particular weight loss product or program before you reduce your wallet in an effort to reduce your waistline.

Finally, there never is a reason to provide your credit or debit card information for a “free” offer.

Scam of the day – October 12, 2017 – Changes to FAFSA student aid form

The Free Application for Federal Student Aid (FAFSA) is a part of the U.S. Department of Education used by college students to apply for much needed financial aid to assist them in furthering their education.  Some of the forms used in the application process require inserting information from past income tax returns.  To make the process more convenient, FAFSA provided for a data retrieval service directly to the IRS to obtain the necessary information, however scammers hacked into the data retrieval system of FAFSA applicants to get the tax information which they then used to commit income tax identity theft.

In response to these problems, FAFSA temporarily suspended its data retrieval system.    Now however, the Data Retrieval Tool has been returned to service in a manner that the tax return information will be encrypted and hidden from view of even the borrower as well as someone hacking into the borrower’s account.  When you use the tool, instead of numbers will appear the words “Transferred from the IRS” in the data entry fields in the FAFSA form.  You also should be aware that if you use the Data Retrieval Tool, you may get a snail mail letter from the IRS notifying you that your tax information has been transferred.

TIPS

Quite often, as Shakespeare said, the fault is not in the stars, the fault is in ourselves. Too often we become victims of identity theft when the security of particular websites, companies or government agencies that have our personal data is compromised because we provide our passwords and user names to identity thieves by falling prey to spear phishing emails or downloading malware.   It is important to never click on a link in an email or download an attachment unless you have confirmed that it is legitimate.  Also, never provide personal information to anyone unless you have confirmed that the request is legitimate.

As for students seeking to use the Data Retrieval Tool of the IRS for filing a FAFSA form, the tool is much more secure now.  Online filing of the FAFSA form for the 2018-2019 filing season is now open and available.  You can access the form online at https://fafsa.ed.gov/

Scam of the day – October 11, 2017 – Phony car crash scammer sentenced

Staged automobile accidents done to defraud insurance companies are a major problem.   Recently, Mackenzy Noze was sentenced to four years in prison for his role as the ringleader in an automobile insurance fraud scam operated between 2011 and 2014.  The manner in which the accidents were staged  was that Noze would drive someone’s care into a tree or pole on remote roads in Connecticut.  He would then leave the vehicle and the car’s owner would then get in the car, call for help and tell their insurance company that they were driving when they lost control of their car due to bad weather or swerved to avoid hitting an animal. In Noze’s scam, the car owners themselves were complicit, but scammers also stage automobile accidents in many  other ways taking advantage of innocent victims, such as when they slam on their brakes while driving in front of you without giving you an opportunity to stop, causing you to hit them from behind.  Generally, the scammers will have phony witnesses to bolster their case.  Sometimes they are willing to settle with you for cash rather than involve your insurance company, but other times they are looking to defraud your insurance company.

TIP

If you are involved in an automobile accident, call the police.  When you exchange license and registration information, be careful not to provide more information than necessary  in order to protect yourself from identity theft.  Report all accidents to your insurance company and make sure that you get the license and registration of the other driver.  Make sure you see the actual license and registration rather than just take the information provided by the other driver.