Scam of the day – August 1, 2017 – Discover card now offering identity theft alert services

Discover is now offering free identity theft alert services through any of their credit cards.  Discover monitors websites on the Dark Web where criminals buy and sell stolen credit cards, Social Security numbers and other identity theft information.  They will then alert their customers if it is found that their Social Security number or credit card has been compromised.  In addition, Discover will also monitor the customer’s Experian credit report and alert the customer if new accounts, such as credit cards, car loans or mortgages are taken out in the name of the customer.  Finally, Discover representatives will offer some guidance in remedying the problem if the customer does become a victim of identity theft.  All of these services are offered by Discover to its customers at no charge.

TIPS

While this is a very significant benefit to consumers and Discover should be applauded for its efforts, it should be noted that there are numerous other ways that identity theft is accomplished beyond those that Discover will be monitoring.  In addition, Discover will only be looking at the customer’s Experian credit report and not those of the other credit reporting agencies, TransUnion and Equifax.  Often problems may appear on one of these companies reports and not on the others.  Perhaps most importantly, like all credit monitoring services, these services do nothing to help prevent someone from becoming a victim of identity theft in the first place.  There are many things that people can do to help protect themselves from becoming a victim of identity theft, perhaps most strongly by putting a credit freeze on their credit reports at all three of the credit reporting agencies.  In my book “Identity Theft Alert” I list more than sixty simple things people can do to protect themselves from becoming a victim of identity theft.

Scam of the day – July 2, 2017 – Anthem data breach class action settlement

I first reported to you about the huge data breach at Anthem, a major care health care company in February of 2015 when it was initially discovered. The data breach affected 78.8 million patients and employees.  The data stolen included birth dates, Social Security numbers and other information putting the victims in extreme danger of identity theft.    In response to the data breach Anthem offered free identity theft repair and credit monitoring services to current or former members of Anthem plans going back to 2004.

A class action filed by people affected by the data breach has recently been settled with the settlement now awaiting approval by a federal judge in California overseeing the case.

Here is a link to the settlement.

https://anthemdatabreachlitigation.girardgibbs.com/wp-content/uploads/2017/06/2017-0623-Dkt-869-8-Settlement-Agreement.pdf

Approval is expected shortly.  Under the terms of the settlement, Anthem will offer two more years of identity theft repair and credit monitoring services to those affected and will pay up to fifteen million dollars toward out of pocket costs incurred by victims of the data breach.  Anthem also agreed to make substantial changes to its cybersecurity systems.  The total amount to be paid to settle the class action is 115 million dollars which is more than five times what Target and Home Depot spent to settle similar charges.  The primary reason for this is that in the Target and Home Depot data breaches all that was lost was credit card information while in the Anthem breach, personal information that can lead to significant identity theft was stolen.  Hopefully, this will serve as a wake up call to companies to upgrade their cybersecurity.  It is important to also note that, as with so many data breaches, this was started when an employee clicked on a link in a simple phishing email.

TIPS

I will notify you when the settlement is approved and let you know how to make a claim and apply for the additional credit monitoring and identity theft protection as well as apply for out of pocket expense reimbursement.

Neither Anthem nor AllClear ID, the company Anthem is using to provide credit monitoring and identity theft protection services to victims of the data breach assists with credit freezes although it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian if you were a victim of this or any other data breach.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the top right hand corner of this page.

Scam of the day – March 25, 2017 – Multiple states’ JobLink database hacked

JobLink, which is a database managed by Job Link Alliance, maintains online databases that connects employers with job seekers.  JobLink is used by the state governments of Alabama, Arizona, Arkansas, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont. It has recently come to light that the database for all of the states using JobLink were hacked sometime prior to March 16th.  The total number of people affected is undetermined at this time, but potentially huge.  In Delaware alone personal information from more than 200,000 accounts were stolen. Included in the information stolen in this data breach were names, Social Security numbers and birth dates which could be readily used for purposes of identity theft.

TIPS

If you used JobLink in any of the affected states, you should immediately freeze your credit with each of the three credit reporting agencies to help prevent anyone who may have access to your Social Security number from obtaining credit in your name.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the right hand corner of this page.

You should also carefully monitor all of your credit cards and other accounts regularly for any indications of identity theft.

Scam of the day – November 24, 2016 – Disturbing data breach at HUD

Earlier this week, the Department of Housing and Urban Development (HUD) disclosed that it had suffered two data breaches occurring on August 29th and September 14 in which personal information including Social Security numbers of approximately 480,000 people was made publicly available on the HUD website.  No hacking was involved by individuals or nation states.  The data breach was done through the negligence of HUD employees who inadvertently posted the information.  The information has been taken down and, at the moment, there is no evidence that the information has been used for purposes of identity theft.   HUD is investigating the data breach to determine the exact extent of the problem, how it occurred and what to do to prevent such data breaches in the future.

Letters are being sent by HUD to affected individuals and HUD is offering a year of free credit monitoring.

TIPS

Identity thieves will be sending letters appearing to come from HUD about this data breach asking for personal information.  You should not provide such information to anyone who calls you, emails you, text messages you or contacts you by mail.   Here is a link to the official HUD website with contact information if you have questions as to your rights in this matter.  http://portal.hud.gov/hudportal/HUD?src=/contact

This incident again highlights that you are only as secure as the places that have your personal information with the weakest security. Therefore, as much as possible, you should limit the amount of personal information you provide to any company, institution or government agency as much as possible.  However, unfortunately, in many instances, such as with HUD there will be times you need to provide your Social Security and other personal information.  Therefore it is important to protect yourself from identity theft as best you can.  The best thing you can do to protect yourself is to put a credit freeze on your credit report so that even if someone obtains your Social Security number, they will be unable to establish credit in your name.  You can learn how to put a credit freeze on your credit reports by going to the Search the Website section of Scamicide in the top of this page on the right hand corner and type in “credit freeze.”

Scam of the day – November 20, 2016 – Sex or cybersecurity? That is the question.

Although the question of whether you would give up sex for a year in return for total cybersecurity seems like an odd question, it is one that was posed to 2,000 adults in a poll taken by the Harris pollsters.  The response to the question might be startling to many people.  According to the poll, 39% of Americans are so fearful of their cybersecurity that they would willingly give up sex for an entire year in return for a lifetime of cybersecurity.

Unfortunately, you can never totally control your own cybersecurity because often people become victims of identity theft and other cybercrimes due to the neglect and failure of companies and government agencies to properly secure our personal information.  However, fortunately, the good news is that there are a number of relatively simple steps you can take to dramatically increase your personal cybersecurity and you don’t have to give up sex for a year in order to implement these steps.

TIPS

Here are a few of the more important steps you can take.  You can find even more things you can do to protect your cybersecurity in my book “Identity Theft Alert,” which you can order from Amazon by merely clicking on the icon on the right hand side of this page.

  1.  Use strong unique passwords for each of your online accounts so that even if there is a data breach at one account, all of your accounts will not be in jeopardy.  A strong password contains capital letters, small letters and symbols.  A password base made up of a phrase such as “IDon’tLike Passwords!!!” is strong and can be personally adapted for each  of your accounts by merely adding a few letters at the end to distinguish the particular account, such as  adding “Ama” to the base password to become your Amazon password.
  2. Install security software on your computer, smartphone and all of your electronic devices.
  3. Use dual factor authentication whenever possible.
  4. Don’t click on links or download attachments without confirming that the links or attachments are legitimate.  They may contain malware.
  5. Trust me, you can’t trust anyone.  Don’t provide personal information to anyone who contacts you by email, phone or text message unless you have confirmed both the legitimacy of the communication and the need for the information.
  6. Limit, as much as possible, the places that have your personal information.  Your doctor doesn’t need your Social Security number.
  7. Put a credit freeze on your reports at each of the three major credit reporting agencies.
  8. Only download apps from legitimate app stores and check the reviews and the privacy rules regarding the app before downloading them.
  9. Protect your smartphone with a password.
  10. Store important data on a portable hard drive to reduce the danger of ransomware.
  11. Avoid public WIFI for anything requiring personal information.  Use a Virtual Private Network (VPN).
  12. Monitor all of your accounts online regularly.

Scam of the day – November 13, 2016 – Important update for victims of the OPM data breach

I initially reported to you in 2014  that  the federal Office of Personnel Management (OPM) was hacked by Chinese hackers who stole personal information of  what was initially thought to be the personal information of about four million present and former federal employees as well as non-employees whose information was gathered by the OPM during the course of background investigations of federal employees.  At that time, the OPM offered free credit restoration services and credit monitoring to the victims through Winvale/CSID.  Then in 2015,  the OPM discovered a much larger data breach affecting more than twenty-one million people and again offered free credit restoration services and credit monitoring services.   Now the contract of  OPM with Winvale/CSID to supply those free credit restoration and monitoring services will end on December 1st.  If you were affected by the initial breach and had availed yourself of the free services offered by OPM, you will need to re-register with the new company, ID Experts.  You can do so by clicking on this link. https://www.opm.gov/cybersecurity

Victims of the second OPM data breach who applied for free credit restoration and monitoring services were already covered by ID Experts so they need not reapply.

TIPS

If you were a victim of the first  OPM data breach,  you should click on the link above and sign up for the free services.

It is important to remember that no identity theft protection company can prevent you from becoming a victim of identity theft.  The best they can do is notify you earlier that you have become a victim.    In fact, the OPM offered these services a year after the data breach actually occurred so the danger of identity theft is significant.   None of the identity theft protection companies help you with the one best step you can take to protect yourself from identity theft which is to put a credit freeze on your credit report.  With a credit freeze on your credit report, even if someone has your personal information including your Social Security number, they cannot access your credit report for purposes of gaining credit or loans in your name.  You can find information about how to put a credit freeze on your credit reports at each of the three major credit reporting agencies by going to the Archives section of Scamicide and putting in the words “credit freeze.”

Scam of the day – September 24, 2016 – Massive Yahoo data breach

Today’s Scam of the day will be a bit longer than usual, but the added length is necessary to discuss the recent announcement of the massive data breach at Yahoo affecting as many as five hundred million people, making it the largest data breach in history.   Yesterday, Yahoo announced that it had been the victim of a data breach that began two years ago.  Yahoo has attributed the attack to what it called a “state-sponsored actor” and indicated that the compromised information included names, email addresses, telephone numbers, birth dates, encrypted passwords and security questions.  The good news is that no bank account, credit card or debit card information appears to have been involved in the data breach.  However, the information that was stolen is more than sufficient to be utilized for spear phishing emails specifically tailored for purposes of identity theft.

The first indication that there was a problem occurred in June when word of stolen Yahoo data started to be discussed in online forums on the Dark Web where cybercriminals communicate as well as buy and sell stolen data.  Later, in August large batches of stolen Yahoo customers’ data began being sold on a black market website on the Dark Web called TheRealDeal.  Now that the data breach has been confirmed, Yahoo is contacting affected customers, however it is important to remember that scammers are going to also be contacting people through phishing emails attempting to lure people into clicking on links that will download keystroke logging malware that will steal information to be used for purposes of identity theft or to trick people into providing personal information directly in response to the email. Official Yahoo emails will display the Yahoo icon and will not ask you to click on links, download attachments or provide personal information.

TIPS

As I have suggested many times in the past, you should have a unique password for each of your online accounts so that in the event of a data breach at one online company with which you do business, your accounts at your bank and other online accounts are not in jeopardy.  Although Yahoo has indicated that the passwords stolen were hashed, which is a form of encryption, there is still concern that these passwords could still be cracked.  Go to the June 7, 2016 Scam of the day for tips about how to pick strong passwords that are easy to remember.

This is also a good time to check your credit reports with each of the three major credit reporting agencies for indications that your identity may have been compromised. You can get your free credit reports by going to www.annualcreditreport.com   Beware of going to other sites that appear to offer free credit reports, but actually sign you up for costly services.  And while you are at it, you should consider putting a credit freeze on your credit reports at each of the three major credit reporting agencies so that even if an identity thief does manage to steal your personal information, he or she cannot access your credit report to open new accounts.  For more information about credit freezes and links on how to set them up go to the Scam of the day for June 27, 2016.

Whenever possible use dual factor authentication for you accounts so that when you attempt to log in, a one-time code will be sent to your smartphone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.

Security questions are notoriously insecure.  Information such as your mother’s maiden name, which is the topic of a common security question can be readily obtained by identity thieves.  The simple way to make your security question strong is to use a nonsensical answer for the question, so make something like “firetruck” the answer to the security question as to your mother’s maiden name.

As always, don’t click on links or download attachments in any email or text message you get unless you have absolutely confirmed that it is legitimate.  Any email you may get purporting to be from Yahoo will not contain links or attachments and will not ask you to provide personal information.  For help directly from Yahoo on this matter go to https://help.yahoo.com/kb/helpcentral

Since you can never be sure if a company is going to be subjected to a data breach, try and limit the personal information you provide to all companies.  Don’t leave your credit card number on file for convenience sake and don’t provide your Social Security number unless you absolutely must do so.  Many companies ask for this information although they have no real need for it.

As for the companies themselves, they should be utilizing encryption to protect stored data as well as utilizing modern analytics programs that can detect unusual activity.

Scam of the day – June 27, 2016 – Why you should have a credit freeze

Regular readers of Scamicide are probably familiar with credit freezes, but it is important to remind everyone about the benefits of this tool that is simply the best thing you can do to protect yourself from identity theft.  A credit freeze is, as the name implies, is a freezing of your credit report at your request whereby no one can have access to your credit report even if they have your Social Security number and other personal information about you.  You control access to the credit report through a special PIN that you choose.   Thus, even if someone was able to steal your Social Security number, they could not parlay that into access to your credit report and use it to purchase things or set up accounts using your name.  If you need to thaw out your credit report at such times as you want to apply for credit in the future, it is an easy procedure to do by using your PIN; then, after your new credit has been established, you can freeze your credit report again.

Here is a link to the National Conference of State Legislature’s webpage that describes the credit freeze laws for each individual state.  Because the laws differ from state to state, you should check on the laws for your own particular state when putting on a credit freeze because the costs differ from state to state.  http://www.ncsl.org/research/financial-services-and-commerce/consumer-report-security-freeze-state-statutes.aspx

The credit reporting bureaus and many of the companies offering identity theft protection services advise people to put a fraud alert on their credit reports at each of the three major credit reporting agencies, Experian, Equifax and TransUnion, if you think you are in danger of identity theft rather than use a credit freeze. With a fraud alert in place, you are supposed to be notified if anyone attempts to open a new account or access credit in your name, which sounds like a good thing and it would be if it weren’t often ignored by businesses opening new accounts or granting credit in your name by identity thieves.

And what is the penalty, you might ask for a company failing to contact you before granting someone credit if you have a fraud alert on your credit report? Zero. Zilch. Nada. There is absolutely no penalty whatsoever if a company chooses to ignore a fraud alert and fails to notify you when someone attempts to open a new account using your name.  So why do credit reporting agencies recommend that people use fraud alerts to protect themselves from identity theft?  The answer is simple. The credit reporting agencies make billions of dollars by selling your information to banks and other companies. With a fraud alert in place, they can continue to sell your information however, if you have a credit freeze in place, they cannot sell your information. With a credit freeze in place, even an identity thief who already has your Social Security number will not be able to access your credit reports to use your credit to make purchases or open accounts in your name.

This is important because before opening new accounts, most companies will do a credit check of the applicant. With a credit freeze in place, a credit check cannot be done and consequently an identity thief will be prevented from opening new accounts

Having your credit frozen will not affect your ability to get your annual free credit reports from each of the three major credit-reporting agencies Equifax, Experian and TransUnion.  It is important to put a credit freeze on your credit report at each of the three major credit reporting agencies.  Here are the links to each of them where you can go to freeze your credit.

Equifax  https://www.freeze.equifax.com

TransUnion:  https://transunion.com/securityfreeze

Experian   https://www.experian.com/freeze/center.html

Scam of the day – April 18, 2016 – New York identity theft ring busted

New York police recently indicted twelve people from Brooklyn and Queens, charging them with an intricate identity theft conspiracy by which they are alleged to have leveraged easily obtained personal information to obtain credit cards in their victims’ names.  They are then alleged to have used these cards to go on shopping sprees at stores, such as Barneys New York, Saks Fifth Avenue, Louis Vuitton and the Apple Store where they purchased expensive items that they could turn into cash on the black market.

One of the more disturbing element of this identity theft ring is that they obtained enough personal information from public data bases and companies that search those data bases for you to apply for credit cards in the names of their victims.  They also made counterfeit IDs to provide when they purchased items.  Other times they were able to merely add their names to existing accounts.  They also used the fraudulent credit cards to activate “Apple Pay” on their iPhones so they didn’t even have to provide a credit card when making purchases.  After the cards were ordered from the credit card issuers, they would have a member of the ring wait at the address where the cards were to be delivered to intercept the delivery.  They also were able to avoid credit card company fraud alert telephone calls inquiring about suspicious purchases by having their victims’ telephone numbers forwarded to phones they controlled.

TIPS

The ease with which the alleged criminals were able to obtain sufficient personal information in order to obtain credit cards in the names of their victims and forward their victims’ telephone calls points out the importance of companies taking stronger measures to protect our personal information and require more comprehensive security to confirm that they are not dealing with identity thieves.  The best thing that we as consumers can do to protect ourselves from this type of crime is to put a credit freeze on your credit report so that credit cards cannot be obtained in your name without your specific authorization.  For more information about how to put a credit freeze on your credit reports,  go to the section entitled “Search this Website” at the top of this Scamicide page and type in “credit freeze.”

Scam of the day – January 2, 2016 – New law to protect children from identity theft

North Carolina became the latest state to enact a law providing for credit freezes for children to protect against child identity theft. Unfortunately, less than half of the states provide this much needed protection of minors from identity theft.  This is important because in recent years, children have been a prime target of identity thieves who, if they are able to get identifying information on a child such as the child’s Social Security number, can open a credit report on behalf of the child and obtain credit in the child’s name.  The identity thief never pays back the money accessed through the child’s credit and the child is burdened with a bad credit report that can have a deleterious effect on the child when he or she applies for credit, applies for a job, applies for a scholarship or applies for an apartment.

TIPS

If you live in North Carolina, you should go to the website www.ncdoj.gov/creditfreeze for information about how to put a credit freeze on credit reports of your children.  If you live in one of the other states that have similar laws, take advantage of the law, set up a credit report for your children and immediately freeze the account. And while you are at it, you should also freeze your own credit reports as your best precaution against identity theft. For information about how to put a credit freeze on your own credit reports go to the Search This Website section of Scamicide at the top of the page and type in “credit freeze.”  If your state does not have such a law, let your state legislators know that you want them to pass such a law.  I am proposing such a law in my own home state.  Also, as much as possible try to limit the places that have your child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and lets you opt out of information sharing by the school with third parties.  Finally, the security company AllClear ID (www.allclearid.com) provides a free service called ChildScan which not only searches credit records tied to your child’s Social Security number, but also checks employment records, criminal records and medical records to recognize at an early stage if your child has become a victim of identity theft.