Scam of the day – July 6, 2017 – FTC mailing refunds to victims of DeVry University scam

For profit universities have been a target of state and federal investigations for years.  I have written about this topic since 2012.  It should be noted that not all for profit colleges are scams, but there are a large number of for profit colleges, sometimes referred to as “diploma mills” that at times offer credit for your “life experience” and lure students in with promises of a helpful degree, but the students end up with a worthless degree and an empty wallet.  Sometimes the names of these scamming colleges and universities are confusingly similar to legitimate colleges.  For instance, Columbia State University is a diploma mill while Columbia University is an eminent Ivy League school.

In February of 2016 I told you about the Federal Trade Commission’s lawsuit against  DeVry University alleging that the university’s advertising, particularly as it related to their graduates’ opportunities for getting a job after graduation were false and deceptive. Specifically, DeVry made the false claims that 90% of its graduates got jobs within six months of graduation and that its graduates had 15% higher incomes a year after graduation than the graduates of other colleges. Now that lawsuit has been settled.

As a part of its 100 million dollar settlement with the FTC, DeVry has agreed to pay 49.4 million dollars for partial refunds to some students and 50.6 million dollars of debt forgiveness for loans made to students by DeVry.

TIP

If you attended DeVry University and want to find out if you qualify for the refunds, check out the “FTC Scam Refunds” tab at the top of this page. You also can find there information about the mailing of the refund checks.

If you are considering attending a for profit school, first check it out with the United States Department of Education’s website at www.ope.ed.gov/accreditation to make sure it is an accredited institution.

You also should investigate whether a local college, university or community college would be more cost effective for you.  For profit colleges and universities are often more expensive than these other alternatives without offering any distinct advantages.  Also, check out the graduation rates of any for profit college you are considering and finally, investigate the job prospects in your field of study.  Don’t just take the word of the college.

Scam of the day – July 5, 2017 – IRS private collection scams

Many people have been scammed by criminals calling them on the phone purporting to be from the IRS making various threats unless the targeted victim immediately pays alleged overdue taxes.  For years, I have been telling people that the simplest way to know that the person calling you is not from the IRS is to remember that the IRS will never initiate contact with a taxpayer about overdue taxes through a phone call.  But that has changed.  In 2016 I told you about a new law Congress passed requiring the IRS to use the services of private collection agencies to collect some outstanding taxes.  This law is flawed on many levels including, as was pointed out by the IRS Taxpayer Advocate Service, the fact that this program not only had been tried unsuccessfully twice previously, but also is not cost effective.  But from my perspective, perhaps the greatest problem with this new law is that it increases the likelihood of scammers being able to pose as tax collectors and lure unsuspecting victims into paying these scammers money.

The law has now gone into effect and the IRS is sending letters by regular mail to people whose overdue tax accounts have been turned over to one of the four private collection agencies authorized by Congress to collect overdue taxes for the IRS.  The IRS is also at this time warning people to be wary of people claiming to be working for one of these companies who are, in truth, just scammers.  Of course, the IRS did not give any concrete advice as to how to know if the caller is legitimate or not.

TIPS

As I have often said, whenever you get a phone call, you can never be sure who is really on the other end of the line.  Even your Caller ID can be fooled by a technique called Spoofing by which it can be made to appear that your call is coming from someone other than the real caller.  It is for this reason that I advise you never to give out personal information such as your Social Security number or credit card information to anyone who calls you on the phone unless you have absolutely confirmed that they are legitimate.  In the case of a call from someone purporting to be collecting a debt on behalf of the IRS, you should not give them any information or agree to do anything on the phone.  Ask them to send you written information about the alleged debt and then call the IRS to find out if the debt is legitimate or not.

In addition, the debts assigned to the private collection agencies are tax debts that are many years old and about which the taxpayer would have been contacted by mail previously by the IRS.  Also, be aware that none of the Congress authorized collectors will ask you to make a payment by credit card over the phone and certainly not ask you to wire money or pay by an iTunes card or gift card as some tax scammers have done.

Scam of the day – July 4, 2017 – JobLink data breach update

JobLink is a database managed by Job Link Alliance that maintains online databases that connect employers with job seekers.  JobLink is used by the state governments of Alabama, Arizona, Arkansas, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont. In March I informed you that the database for all of the states using JobLink were hacked sometime prior to March 16th.  The total number of people affected was undetermined, but potentially huge.  In Delaware alone personal information from more than 200,000 accounts was stolen. Included in the information stolen in this data breach were names, Social Security numbers and birth dates which could be readily used for purposes of identity theft.

A few days ago Vermont officials indicated that none of the 180,000 people in Vermont affected by the data breach have yet reported identity theft problems.  While this is a good sign, it does not mean that the compromised information could not still turn up in the hands of an identity thief possibly purchasing this information on the Dark Web and use it for purposes of identity theft, but it definitely is good news.

TIPS

If you used JobLink in any of the affected states, you should freeze your credit with each of the three credit reporting agencies to help prevent anyone who may have access to your Social Security number from obtaining credit in your name.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the right hand corner of this page.

You should also carefully monitor all of your credit cards and other accounts regularly for any indications of identity theft.

Scam of the day – July 3, 2017 – Delta Airlines Facebook scam

For years I have been reporting to you about numerous scams involving airline tickets.  Delta Airlines is  now reporting a scam where the targeting victim of the scam receives a a Facebook request purporting to be from Delta asking for SkyMiles numbers and other personal information.  This information is used by the scammer for purposes of identity theft.

TIPS

Neither Delta nor any of the other airlines will contact you through Facebook and ask for personal information or account information.  Delta and the other airlines will only ask for your account information if you go to their secure website or if you contact them in order to verify your identity.

Scam of the day – July 2, 2017 – Anthem data breach class action settlement

I first reported to you about the huge data breach at Anthem, a major care health care company in February of 2015 when it was initially discovered. The data breach affected 78.8 million patients and employees.  The data stolen included birth dates, Social Security numbers and other information putting the victims in extreme danger of identity theft.    In response to the data breach Anthem offered free identity theft repair and credit monitoring services to current or former members of Anthem plans going back to 2004.

A class action filed by people affected by the data breach has recently been settled with the settlement now awaiting approval by a federal judge in California overseeing the case.

Here is a link to the settlement.

https://anthemdatabreachlitigation.girardgibbs.com/wp-content/uploads/2017/06/2017-0623-Dkt-869-8-Settlement-Agreement.pdf

Approval is expected shortly.  Under the terms of the settlement, Anthem will offer two more years of identity theft repair and credit monitoring services to those affected and will pay up to fifteen million dollars toward out of pocket costs incurred by victims of the data breach.  Anthem also agreed to make substantial changes to its cybersecurity systems.  The total amount to be paid to settle the class action is 115 million dollars which is more than five times what Target and Home Depot spent to settle similar charges.  The primary reason for this is that in the Target and Home Depot data breaches all that was lost was credit card information while in the Anthem breach, personal information that can lead to significant identity theft was stolen.  Hopefully, this will serve as a wake up call to companies to upgrade their cybersecurity.  It is important to also note that, as with so many data breaches, this was started when an employee clicked on a link in a simple phishing email.

TIPS

I will notify you when the settlement is approved and let you know how to make a claim and apply for the additional credit monitoring and identity theft protection as well as apply for out of pocket expense reimbursement.

Neither Anthem nor AllClear ID, the company Anthem is using to provide credit monitoring and identity theft protection services to victims of the data breach assists with credit freezes although it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian if you were a victim of this or any other data breach.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the top right hand corner of this page.

Scam of the day – July 1, 2017 – Airbnb scams

Airbnb is a deservedly popular service that connects homeowners wishing to rent a room or their entire house with vacationers and other travelers in 190 countries around the world.  Unfortunately, anything popular with the public is also popular with scammers and reports are increasing about scams involving people paying scammers for renting a non-existent room or a place that the scammer does not own.  Many of the victims of these scams do not find out that they have been scammed until they show up at the rental which may be far away only to learn that it is not for rent and there money is gone.

Generally, a telltale sign that the Airbnb listing is a scam occurs when the “homeowner” or “host” as they are referred to in Airbnb asks to communicate with the victim off of the Airbnb website.  They also ask for the money to be wired to the scammer’s account .  As I have told you many times before, once you have wired funds, they are gone forever.

TIPS

Only communicate with hosts through the Airbnb website and use the Airbnb payment system with a credit card.  Airbnb does not forward payment to the host sooner than 24 hours after the guest checks in. Never use wired funds, certified checks or any other method of payment other than a credit card through the Airbnb payment system to pay for accommodations.

Scam of the day – June 30, 2017 – Government agency criticizes IRS for failure to protect victims of identity theft

It was just a little over two weeks ago that I complimented the IRS for actions it was taking in regard to resolving the claims of victims of income tax identity theft as announced in a report by the Treasury Inspector General for Tax Administration (TIGTA).  Unfortunately, a newly issued TIGTA report about employment related identity theft found the IRS is doing a miserable job of protecting innocent victims of this type of fraud.

Employment related identity theft occurs when someone steals your Social Security number for purposes of getting a job.  The victim does not generally learn about the crime until they are notified by the IRS that they did not include all of their income on their income tax return.  The recent TIGTA report found that the IRS’ procedures for both identifying the phony returns filed by the identity thieves and its procedures for helping the victims whose Social Security numbers had been stolen and used  were seriously lacking.  In particular,  TIGTA concluded that 548,968 victims of this type of crime were not being properly helped by the IRS.

TIPS

TIGTA made seven specific recommendations to the IRS as to steps it should be taking, including developing procedures to notify parents of children whose Social Security numbers had been stolen and used for employment related identity theft, however, the IRS did not agree with five of the recommendations, leaving victims in danger and with less help from the IRS than they should receive.

The best thing that anyone can do to protect themselves from becoming a victim of identity theft is to keep your Social Security number as private as possible.  Don’t give it as an identifier to anyone or any company that asks for it unless you are legally required to do so.  For example, your doctor or dentist does not need your Social Security number although many ask for it.  The more places that have your Social Security number, the greater your risk of identity theft.

Scam of the day – June 29, 2017 – Latest security updates from the Department of Homeland Security

As shown by the recent massive WannaCry  and Petya ransomware attacks that took advantage of computer users that had not patched their Windows operating system with available updates, constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security includes critical updates for Adobe software including Adobe Flash.

I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  According to security company, Symantec 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash.

TIPS

Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB17-177

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.

Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Scam of the day – June 28, 2017 – FTC paying victims of timeshare resale scam

Timeshares are a legitimate vacation option for many people, but resales have sometimes been difficult for timeshare owners and scammers have been  preying upon timeshare owners trying to sell their interests with promises of buyers that never materialize after charging the timeshare owners upfront fees of sometimes thousands of dollars.

The FTC took action recently against one of these timeshare resale scammers, Information Management Forum, Inc which did business as Vacation Property Marketing as well as its owner Edward Lee Windsor.  In this scam, victims were lured by telemarketing calls into paying registration fees for a service that the scammers promised would provide renters or buyers for the victims’ timeshare units.  Unfortunately, it was all a scam.  Fortunately, the FTC was able to recover funds that are now being returned to the victims of this particular timeshare scam.

TIP

If you were a victim of this particular scam, go to the top of the page and click on “FTC Scam Refunds” for more specific information about the refund program.

As for anyone who is considering selling their timeshare unit, always check out the legitimacy of anyone proposing to help you sell your timeshare.  You can check with your state’s attorney general at and your local consumer protection agencies.  Make sure you have a lawyer review any contract before you sign it and it is a good idea not to pay in advance for the services of someone purporting to assist you in reselling your timeshare unit.

Breaking news story – June 27, 2017 – Much of the world hit by another massive ransomware attack.

According to the old saying, “fool me once, shame on you, fool me twice, shame on me.”  Reports are rapidly surfacing of another massive ransomware attack involving, Russia, Ukraine, Spain, France, India and the UK similar to the attack of only a few weeks ago that used the WannaCry malware.  The new malware, which appears to be a variation of the Petya malware is being called GoldenEye and it is demanding bitcoin ransoms from banks, government agencies and companies in the attacked countries.  The malware appears to exploit the same Microsoft Windows Operating System flaw called EternalBlue which was made public by hackers of the National Security Agency.

This is a problem that should not have happened for many reasons.  The particular Microsoft vulnerability that this ransomware exploits has been patched, but some companies, government agencies and individuals had not yet installed the patches when they had become available recently.  In addition, many of the affected computers were using outdated Windows operating systems, such as Windows XP which are no longer regularly updated with new security patches.  These older unsupported systems should not be used by anyone.  Microsoft has taken the unprecedented step of providing security patches for these unsupported systems now in addition to its already issued security updates for presently supported Microsoft programs.  Here is a link to an important memo from Microsoft with links to free security updates if you are still using one of those older operating systems.

Customer Guidance for WannaCrypt attacks

TIPS

This ransomware attack was primarily launched using phishing emails to lure unsuspecting people into clicking on links or downloading attachments tainted with the GoldenEye ransomware.  As I am constantly reminding you, never click on links or download attachments until you have confirmed that they are legitimate.

You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically.

As for protecting yourself specifically from ransomware, you should back up all of your data in at least two different platforms, such as in the Cloud and on a portable hard drive. Companies and agencies which can afford to do this, should also use Whitelisting software which prevents the installation of any unauthorized computer software programs.

I will update you as further developments occur.