Scam of the day – April 18, 2017 – New study about seniors and susceptibility to scams

A recently released  preliminary study by researchers at Cornell University published in the Journals of Gerontology concluded that naturally occurring changes in the brains of older people makes them vulnerable to financial exploitation.  The changes noted were in a part of the brain that alert us when facing a risky situation as well as another part of the brain that controls the ability to read social cues.  This deterioration of the brain can and is exploited by scammers to swindle older people.

A previous study by the University of Iowa also found changes in another part of the brain during aging that controls belief and doubt that would make older people less skeptical and therefore more likely to be a scam victim.

According to a study by the MetLife Mature Market Institute the cost of financial exploitation of the elderly is approximately 3 billion dollars annually.

TIPS

If you have an elderly family member who may be undergoing a decline in mental acuity, it is important to take specific steps to help prevent them from becoming a victim of financial exploitation.  First, it is important to recognize that many elderly victims of financial exploitation are victimized by their own family members or caregivers.  Keeping personal financial information and account information safe and secure is an important first step to take.  It is also important to regularly monitor the accounts of seniors.  Limits on access to funds such as through debit cards that can be customized to monitor spending, block certain types of transactions and set spending limits can be useful to some people.

Scam of the day – December 5, 2016 – Online credit card fraud increasing

Anti-fraud company Iovation is reporting that credit card fraud for online shopping during the first shopping weekend of the holiday shopping season that began on November 25th increased by 20% over last year and 34% over 2014.  This is not surprising because safer EMV credit cards with a chip that issue a new authorizing code every time the card is used cannot use the chip capability when shopping online,  leaving them more vulnerable to hackers accessing the victim’s credit card number which can then be used by the criminal for online purchases.  Victims may become victims of this type of identity theft through either security weaknesses in their own devices or at websites where they shop.

TIPS

This year 55% of online shoppers used their smartphones and other portable devices to make their online purchases and while many people have security software installed and regularly updated on their computers, many people do not take the same type of precautions with their smartphones or other portable devices, leaving them in greater danger of being hacked.  The key is to protect all of your devices with security software and keep it updated to protect you from the latest strains of malware as well as to prevent the malware from ever being installed on your devices.  The best thing you can do to prevent the malware from becoming installed on your devices is to never click on links in emails or text messages unless you have absolutely confirmed that the communication and the link are genuine.  Clicking on tainted links in specifically tailored spear phishing emails and text messages are still the most common method that malware is spread.

It is also important when shopping online to use your credit card rather than your debit card.  The consumer protection laws are stronger in regard to credit cards than debit cards and the inconvenience of having your debit card hacked is much greater than the problems you encounter when your credit card is hacked.

Scam of the day – October 18, 2016 – Update on Home Depot data breach settlement

As I reported to you last year, in March of 2015 a settlement was reached between Home Depot and the plaintiffs in a class action on behalf of the 56 million victims of Home Depot’s massive data breach which occurred between April and September of 2014.  The settlement provides for a 13 million dollar fund to reimburse victims for out of pocket losses incurred  with an additional 6.5 million dollars being set aside for legal fees and other related expenses.  You are eligible to receive payments through the settlement if you used your credit or debit card at a self checkout lane at Home Depot between April 10, 2014 and September 23, 2014 and your card information was stolen.  You also are eligible for a payment if you received notification that your email address was compromised or if you specifically received a settlement notice informing you that you are a member of the class action.  Payments of as much as $10,000 will be made to claimants who suffered out of pocket losses and unreimbursed charges as a result of the data breach.  In addition, affected shoppers can receive payments of $15 per hour for time spent remedying the problems they encountered as a result of the data breach.

Similar to the major data breach at Target which occurred a year earlier, Home Depot’s computers and credit card processing equipment were hacked when a third party party vendor’s computers were hacked thereby enabling the hackers to steal the passwords necessary for the third party vendor’s to access Home Depot’s computers.  As an additional part of the settlement Home Depot committed to make greater efforts at data security.

TIPS

If you were affected by this data breach, you must file a claim and the deadline for filing a claim is October 29th which is rapidly approaching.  Here is the link to go to in order to file a claim.

https://gilardigateway.com/HomeDepotBreachSettlement/Claimant/UnKnownClaimForm

However, even if you were not a victim of this particular data breach, it is important to remember that we are only as safe as the places with which we do business that have the weakest security. Greater use of EMV smart chip credit cards will reduce the effects of data breaches aimed at gaining credit card and debit card information, but many stores still have not shifted over to the new equipment required to process EMV smart chip credit cards.  However, whenever you can, you should use your EMV chip card.

Also, do not use your debit card for retail purchases.  Limit its use to ATMs.  There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not as strong and you potentially risk losing your entire bank account to which the card is attached.  In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account.

Scam of the day – October 13, 2016 – Vera Bradley stores hacked

Luggage and handbag manufacturer, Vera Bradley announced yesterday that its retail stores suffered a data breach in which credit card numbers, customer names, card expiration dates and verification codes for customers who used credit and debit cards at its stores between July 25th and September 23rd were stolen by criminals who hacked into the company’s payment processing equipment.  Vera Bradley was notified of the data breach by law enforcement on September 15th.  Generally, breaches like this are discovered when a pattern for stolen credit cards being sold on the Dark Web where criminals buy and sell stolen credit cards indicates a common source or when the card issuing banks notice a pattern of fraudulent use traceable back to a single common denominator, namely the victims all shopped at a particular store.  Vera Bradley could have avoided this data breach had it switched over to EMV chip cards instead of continuing to use the old-style magnetic strip credit cards which are so much more susceptible to theft through data breaches.

Unlike most companies that suffer such data breaches, Vera Bradley is not offering free credit monitoring at this time.

TIPS

If you were a customer at a Vera Bradley store between July 25th and September 23rd, you should go online right away to monitor use of your credit card or debit card.  It is a good policy not to use your debit card for retail purchases because you have less protection under the law for unauthorized use.  Further, even if you report fraudulent use of your debit card immediately to your bank, your bank account to which the card is tied will be frozen and inaccessible to you while the bank investigates the matter.  Use your EMV chip card whenever possible and even if you were not a shopper at Vera Bradley, you should regularly monitor your credit card statement online so that you can discover any fraudulent use early.  Finally, be wary of any emails or text messages you may get that appear to be from Vera Bradley that require you to provide personal information.  Scammers often take advantage of data breaches such as this to send phishing emails to lure people into providing personal information they can use to make you a victim of identity theft.

For more information about Vera Bradley, you can go directly to its website at http://www.verabradley.com/

Scam of the day – April 30, 2016 – Class action against P.F. Chang’s restaurant chain continues

In June of 2014 I first reported to you about a data breach at P.F. Chang’s China Bistro a major restaurant chain.  A large number of credit cards and debit cards used at P.F.Chang’s restaurants  between March 2014 and May 19, 2014 were compromised.   A class action was filed by John Lewert and Lucas Kosner in 2014 on behalf of themselves and other similarly situated victims of the data breach.  P.F.Chang was initially successful in having the lawsuit dismissed on the ground that Lewert and Kosner had not personally suffered any harm at this time due to the data breach.  However, recently, the Seventh Circuit Court of Appeals revived the lawsuit, ruling in favor of the plaintiffs and allowing the case to proceed because, the court determined, the plaintiffs and others whose data was stolen faced the “concrete” possibility of becoming a future victim of identity theft.

If you were a customer of P.F. Chang’s affected by the data breach, here is a link to the website of the law firms handling the class action to which you can go for more information.  http://www.siprut.com/ and http://www.litedepalma.com/

TIPS

So what does this mean to you?  As I have cautioned you many times, you should not use your debit card for anything other than an ATM card.  Using it for retail purchases potentially puts your entire bank account tied to the card in jeopardy.  By using a credit card, your liability is limited to no more than $50 for fraudulent charges and many companies do not even charge you anything for fraudulent charges.  Everyone should monitor their credit card statements carefully each month to make sure that no fraudulent charges appear and if they do, you should contact your credit card company to have those charges removed immediately and to get a new credit card.

Scam of the day – May 6, 2015 – Another data breach at Sally Beauty stores

It was just a little over a year ago that I told you about a massive data breach at beauty supply company, Sally Beauty and apparently they have not learned their lesson.  Earlier this week the store said it was looking into “reports of unusual activity” on credit and debit cards used at some of its stores.  According to the store, “Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure our customers are protected.” It appears that more than 25,000 transactions were compromised by the data breach.  Once again, however, Sally Beauty did not take the prudent step of moving to smart card technology as some companies, such as Wal Mart have done ahead of the October 2015 deadline for doing so.

TIPS

Just as I advised you yesterday, the best thing you can do to protect yourself when shopping in a retail store is to not use your debit card which, if compromised can potentially put your entire bank account in jeopardy.  You also should carefully monitor your credit card statements to look for fraudulent purchases so that in the event of a data breach, you can quickly determine if you have become a victim of identity theft and close down the account so that all it will cost you is the inconvenience of getting a new credit card.

Scam of the day – April 18, 2015 – TD Bank hit by a skimmer

The Chelmsford Massachusetts police are investigating a skimmer that was found installed on a branch of TD Bank in Chelmsford Massachusetts.  Skimmers are small electronic devices that are easily installed by an identity thief on ATMs and other card reading devices, such as at gas pumps.  The skimmer steals all of the information from the credit card or debit card which then permits the identity thief to access that information to access the victim’s bank account when the skimmer is used on a debit card attached to a bank account.  Each skimmer can hold information on as many as 2,400 cards.

TIPS

Always look for signs of tampering on any machine through which you swipe your credit card or debit card.  If the card inserting mechanism appears loose or in any other way tampered, don’t use it.   Debit cards, which are used at ATMs when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if they do not report a theft promptly.   Skimmers at ATMs are often coupled with a thin, clear electronic device that goes on top of the keyboard to capture the victim’s PIN to enable the identity thief to access the account of the victim whose account number was captured through the skimmer.

Scam of the day – December 9, 2014 – Banks win first round in Target lawsuit

Last year’s massive data breach at Target was the first of a series of data breaches that continue unabated to this day with no end in sight.  While millions of Target customers were inconvenienced by the theft of their credit card or debit card information, banks that issued those cards and had to replace those stolen cards suffered financial losses involved with replacing the stolen cards as high as 400 million dollars.  Five of these banks, Umpqua Bank, Mutual Bank, Village Bank, CSE Federal Credit Union and First Federal Savings filed a class action in federal court on behalf of themselves and other affected banks seeking payment from Target for the losses they incurred as a result of the Target data breach.  Target responded to the lawsuit by filing a Motion to Dismiss the lawsuit arguing that it was not responsible for the data breach, however Judge Paul A. Magnuson, in denying Target’s motion ruled that there was sufficient evidence of Target’s negligence to warrant a trial.  Specifically, the judge said that Target ignored security software program alerts that there was a problem and also actually disabled some of its own security features which contributed to the data breach.  According to Judge Magnuson, “Plaintiffs have plausibly alleged that Target’s conduct both caused and exacerbated the harm they suffered.”

TIPS

The importance of this early ruling in the case of the banks against Target cannot be overestimated.   While in the past retailers were not held responsible for the occasional data breach occurring in the processing of credit and debit card transactions, an ultimate verdict in favor of the banks could signal a major change in how retailers conduct business in general and in particular what security steps they will need to take in order to avoid financial responsibility for future data breaches.  Coupled with regulations shifting responsibility for data breaches to retailers who fail to switch to new smart credit cards with computer chips by October of 2015, this ruling may signal a new paradigm for company electronic security.

Scam of the day – September 12, 2014 – Latest Home Depot developments

The Home Depot hacking, which could well end up to be the largest commercial data breach in history continues to evolve.  The latest developments involve those people who unwisely used their debit cards for making purchases at Home Depot stores.  Although Home Depot attempted to comfort those people who used debit cards at their stores by telling them that no PINs were among the data stolen, banks are already reporting a large increase in fraudulent ATM withdrawals using those compromised debit cards.  So how could this happen?  Unfortunately, armed with the debit card number, the full name of the card holder, the city, state and zip code where the card was used, enterprising identity thieves are able to gain access to the Social Security numbers and birth dates of those customers.  They are then able to call automated systems at the banks issuing the cards and change the PIN.  Most of these systems will allow the caller to be able to change PINs if the caller passes three of five security checks including the customer’s date of birth and the last four digits of the customer’s Social Security number and the card’s expiration date.  These can be obtained by identity thieves and we are now seeing hundreds of thousands of dollars already emptied from the bank accounts of people who used their debit cards to shop at Home Depot.  This same problem occurred following the Target data breach last Fall.

TIPS

First and foremost, DO NOT USE DEBIT CARDS FOR RETAIL PURCHASES.  I can’t say this too often or too loudly.  The risk to your financial well being is just too great, particularly with more and more retailers being hit with the same data breaches that have happened at Target, Home Depot and many other stores.  This will continue to happen as cyber security experts still have not come up with a viable solution to the threat posed by the hackers behind these data breaches.  When making purchases, use your credit card where the risk is only one of inconvenience in having to get a new card if your card is part of a data breach.  Meanwhile banks have got to recognize that their present system of allowing people to change PINs by phone with information easily obtained by identity thieves is not effective and the system must change.

Scam of the day – September 3, 2014 – Major data breach at Home Depot

According to the old saying, “fool me once, shame on you, fool me twice, shame on me.”  Reports have surfaced of yet another major data breach similar to the kind we first saw with Target and repeated regularly since then.  As usual, it is not the company that is discovering the loss of data on credit  cards and debit cards used at the store, but rather banks that monitor the sale of stolen credit and debit cards on black market websites noting the common thread of the cards having been used at Home Depot.  First indications are that the data breach may have affected every one of Home Depot’s 2,200 stores throughout the United States.  The potential loss of data may well be far greater than suffered by Target.  It also appears that the breach may have been done by the same Eastern European hackers that stole data from Target, P.F. Chang’s and others using the same “backdraft” malware that I have warned you about for a long time and about which the Department of Homeland Security warned retailers on July 31st.  This will not be the last major data breach as retailers are still not doing enough to protect the security of their data or the privacy of their customers.  In addition, the loss of credit card data could have been avoided had retailers seen the writing on the wall when the Target data breach occurred and advanced the switch over to smart credit cards with computer chips that generate a unique code each time the card is swiped thereby thwarting hackers and identity thieves who would be stealing a number that was worthless for further use.  Present regulations put no incentive on retailers to switch to these cards which are used throughout the world, but not in the United States, until October of 2015.

So what do you do?

TIPS

For starters, do not use your debit card for retail purchases.  Limit its use to ATMs.  There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not strong and you potentially risk losing your entire bank account to which the card is attached.  In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account.  Another thing you should always do is monitor all of your financial accounts regularly for fraudulent use.