Scam of the day – October 5, 2017 – Yahoo data breach update

Not wanting to be outdone by Equifax and its data breach affecting 145 million Americans (sarcasm), Yahoo, which was recently bought by Verizon has just announced that its massive 2013 data breach which it had previously said “only” affected a billion people actually affected all 3 billion of its customers.

Included in the stolen information was names, email addresses, telephone numbers, dates of birth, hashed passwords as well as security questions and answers, only some of which were encrypted.

While no credit card information or Social Security numbers were lost in this data breach, which has been attributed to Russian hackers by the Justice Department, the risk of identity theft from this data breach is significant.

Scammers are already contacting people through phishing emails posing as Yahoo and in an attempt to lure the targeted victims to click on links or download attachments containing malware.  In other instances, the scammers will ask for personal information in an effort to gain information that can be used for purposes of identity theft.  The real Yahoo does not do this.  If you have questions about your Yahoo account, you can contact help.yahoo.com for free assistance.

TIPS

As I have suggested many times in the past, you should have a unique password for each of your online accounts so that in the event of a data breach at one online company with which you do business, your accounts at your bank and other online accounts are not in jeopardy. Although Yahoo has indicated that the passwords stolen were hashed, which is a form of encryption, there is still concern that these passwords could still be cracked.  Go to the June 7, 2016 Scam of the day for tips about how to pick strong passwords that are easy to remember.

Whenever possible use dual factor authentication for you accounts so that when you attempt to log in, a one-time code will be sent to your smartphone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.  Yahoo provides for dual factor authentication.

Security questions are notoriously insecure.  Information such as your mother’s maiden name, which is the topic of a common security question can be readily obtained by identity thieves.  The simple way to make your security question strong is to use a nonsensical answer for the question, so make something like “firetruck” the answer to the security question as to your mother’s maiden name.

As always, don’t click on links or download attachments in any email or text message you get unless you have absolutely confirmed that it is legitimate.

Scam of the day – September 18, 2017 – Update on Equifax class actions

The fallout from the huge data breach at Equifax affecting 143 million Americans continues.  Senators Orrin Hatch and Ron Wyden of the Senate Committee on Finance have sent requests to Equifax for detailed information about the data breach.  In addition, the number of class actions filed against Equifax related to the data breach is now up to twenty three.

Class actions are lawsuits brought by a few individuals on behalf of many others similarly situated.  It is an effective way for consumers to seek redress from companies and the lawyers are paid on a contingency basis so there are no out of pocket expenses to the people who make up the class of harmed individuals.  Once the cases have been certified by the judges hearing the cases as appropriate  for class action status a federal panel will be convened to join the cases into a single lawsuit on behalf of all of the victims.  At that time there will be, most likely, a negotiated settlement, but if one cannot be reached, a trial will occur.   Generally in class actions, class members have the opportunity to either opt in or opt out of the class action, in which case they could bring their own individual lawsuits, although this is rarely productive.

TIPS

I will keep you informed as to the progress of the class actions so that you will be able to make intelligent decisions as to what to do in your own particular case in this matter.

Meanwhile it is imperative, if you have not already done so that you get copies of your credit reports from each of the three major credit reporting agencies and that you freeze your credit at each of the three major credit reporting agencies.

You can get your free copies of your credit reports by using this link.

https://www.annualcreditreport.com/index.action

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 10, 2017 – Further important Equifax updates

It is unusual here at Scamicide to discuss the same scam for multiple consecutive days, however, the massive Equifax data breach story is continually evolving, affects you and warrants such coverage.

Under pressure from New York Attorney Eric Schneiderman and others, Equifax has removed the waiver of your rights to participate in a class action from the contract you must agree to in order to obtain free identity protection services from its TrustedID  program.  Therefore it makes sense to sign up for the program, which you can do here.

https://www.equifaxsecurity2017.com/enroll/

While Equifax also represented that you could find out from them whether or not you were specifically involved in the data breach, that representation is not accurate.  Numerous people have used fake names to test the system and in each instance were told that they probably were affected by the data breach.  This is mildly upsetting, but no more than that.  The sheer size of the data breach is so large and the potential harm so great that you should assume that you were affected.

TIPS

The advice as to what to do is still the same.  You should put a credit freeze on your credit reports at all of the three major credit reporting agencies.  Fraud alerts are worthless.  In addition, you should get copies of your credit reports from each of the three major credit reporting agencies to look and see if you have already been a victim because it is important to remember that this data breach has gone on for months.  You have the right to a free copy of your credit report from each of the three credit reporting agencies once each year.  What many of us do is stagger the request among the TransUnion, Equifax and Experian by requesting one every four months.

You can get your free copies of your credit reports by using this link.

https://www.annualcreditreport.com/index.action

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 8, 2017 – Massive data breach at Equifax

Yesterday Equifax, one of three major credit reporting agencies announced that it had been victimized by a data breach between mid May and July that resulted in personal information of approximately 143 million Americans being stolen.  To put this number into perspective it accounts for nearly 44% of the entire population of the United States.  The compromised information included names, Social Security numbers, birth dates and more.  This information puts the victims of the data breach in serious danger of identity theft.  In the past when major data breaches such as this have occurred, the cybercriminals sell the information to other cybercriminals on the Dark Web.  To date, we have not yet seen this information being sold, but it will be.

Equifax is offering to affected customers a free year of credit monitoring and the ability to freeze your Equifax credit report.  To find out if your records were affected by the breach, click on this link provided by Equifax

Potential Impact

TIPS

If you have been affected by the data breach, you should sign up for the free services offered by Equifax and definitely should freeze your credit report at all of the credit reporting agencies because the information stolen puts you in jeopardy of identity theft at all of the credit reporting agencies.

Even if you have not been a victim of the data breach, you should consider taking this as the opportunity to put a credit freeze on your credit reports. Credit freezes are the best thing you can do to protect yourself from becoming a victim of identity theft.

To get started, it’s best to first understand the laws and fees governing credit freezes in your state. The National Conference of State Legislatures describes the credit freeze laws for each state. 

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them for information about how to get a credit freeze: 

Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.

Scam of the day – June 27, 2016 – Why you should have a credit freeze

Regular readers of Scamicide are probably familiar with credit freezes, but it is important to remind everyone about the benefits of this tool that is simply the best thing you can do to protect yourself from identity theft.  A credit freeze is, as the name implies, is a freezing of your credit report at your request whereby no one can have access to your credit report even if they have your Social Security number and other personal information about you.  You control access to the credit report through a special PIN that you choose.   Thus, even if someone was able to steal your Social Security number, they could not parlay that into access to your credit report and use it to purchase things or set up accounts using your name.  If you need to thaw out your credit report at such times as you want to apply for credit in the future, it is an easy procedure to do by using your PIN; then, after your new credit has been established, you can freeze your credit report again.

Here is a link to the National Conference of State Legislature’s webpage that describes the credit freeze laws for each individual state.  Because the laws differ from state to state, you should check on the laws for your own particular state when putting on a credit freeze because the costs differ from state to state.  http://www.ncsl.org/research/financial-services-and-commerce/consumer-report-security-freeze-state-statutes.aspx

The credit reporting bureaus and many of the companies offering identity theft protection services advise people to put a fraud alert on their credit reports at each of the three major credit reporting agencies, Experian, Equifax and TransUnion, if you think you are in danger of identity theft rather than use a credit freeze. With a fraud alert in place, you are supposed to be notified if anyone attempts to open a new account or access credit in your name, which sounds like a good thing and it would be if it weren’t often ignored by businesses opening new accounts or granting credit in your name by identity thieves.

And what is the penalty, you might ask for a company failing to contact you before granting someone credit if you have a fraud alert on your credit report? Zero. Zilch. Nada. There is absolutely no penalty whatsoever if a company chooses to ignore a fraud alert and fails to notify you when someone attempts to open a new account using your name.  So why do credit reporting agencies recommend that people use fraud alerts to protect themselves from identity theft?  The answer is simple. The credit reporting agencies make billions of dollars by selling your information to banks and other companies. With a fraud alert in place, they can continue to sell your information however, if you have a credit freeze in place, they cannot sell your information. With a credit freeze in place, even an identity thief who already has your Social Security number will not be able to access your credit reports to use your credit to make purchases or open accounts in your name.

This is important because before opening new accounts, most companies will do a credit check of the applicant. With a credit freeze in place, a credit check cannot be done and consequently an identity thief will be prevented from opening new accounts

Having your credit frozen will not affect your ability to get your annual free credit reports from each of the three major credit-reporting agencies Equifax, Experian and TransUnion.  It is important to put a credit freeze on your credit report at each of the three major credit reporting agencies.  Here are the links to each of them where you can go to freeze your credit.

Equifax  https://www.freeze.equifax.com

TransUnion:  https://transunion.com/securityfreeze

Experian   https://www.experian.com/freeze/center.html

Scam of the day – April 22, 2015 – Watch out for the Simda botnet

Recently the Department of Homeland Security joined Interpol and the FBI to issue a serious warning about a botnet called the Simda botnet.  A botnet, as readers familiar with Scamicide will know, is a network of infected computers used by cybercriminals to spread malware.  According to the Department of Homeland Security more than 770,000 computers have already been affected by the Simda botnet which has been around since 2009 preying on computers that are not properly protected by up to date anti-malware software.  The Simda malware not only enables the cybercriminals to use their victims’ computers to spread this and other malware, but it also enables the cybercriminals to steal personal information from the infected computers that make up the botnet and then use that information for purposes of identity theft.

TIPS

Here is a link to which you can go to find out if your computer has been infected with the Simda malware.  http://www.cyberdefense.jp/simda/

If you have been a victim of the Simda malware, you should install anti-virus and anti-malware software to rid your computer of the Simda malware.  You should then change the passwords for all of your accounts because they have been compromised.  You should also get a copy of your credit report from each of the three credit reporting agencies, Equifax, TransUnion and Experian to determine if you have already become a victim of identity theft.  You should also lock up your credit reports with a credit freeze at each of the three credit reporting agencies.  You can find instructions as to how to do this here in the Scamicide archives.

Even if you have not become a victim of the Simda malware, you should make sure that your anti-virus and anti-malware software is constantly updated.

Scam of the day – March 22, 2015 – Obituary scams

Scammers have no sympathy for anyone as evidenced by the many scams that are based on obituaries.  For years, scammers would scan the obituaries and then go to Social Security’s Death Master File where the names of deceased Americans are available along with their Social Security numbers and then use this information to the deceased a victim of identity theft by obtaining credit, filing phony income tax returns or other tactics.  Easy access by scammers to the Death Master File has been largely closed by legislation that took a long time to be made effective.

Scammers also will look for information in obituaries about the names of family members and then use that information for purposes of the infamous Grandparent Scam where the grandparent gets a telephone call late at night from a scammer posing as the grandchild who under the guise of some emergency tricks the grandparent into sending money to the scammer.

Scammers also call the families of people they see in the obituaries and claim they are creditors of the deceased person and that the family must pay a debt owed by the deceased.

Finally, scammers will also deliver packages by messengers on a COD basis claiming that the package was something ordered by the deceased person.  It is only after the family member has paid the Cash On Delivery charges and opened the package that the family finds that the package is just filled with old newspapers or magazines merely used as weight for the package.

TIPS

Scammers prey on people at their most vulnerable so it is at times like the death of a family member that you must be your most vigilant.  When writing an obituary, don’t put in specific information such as names that can be used by a scammer.  Also, contact the three major credit reporting bureaus, Equifax, TransUnion and Experian to seal the credit report of the deceased in order to avoid the risk of identity theft.  If someone contacts you claiming a debt was owed by the deceased, demand written confirmation for you to review before paying any alleged debts.  Don’t be pressured to act quickly by a purported debt collector.  Finally, if a COD package comes, refuse to pay until you can confirm that the delivery is legitimate.

Scam of the day – February 27, 2015 – Texas court dismisses data breach class action

More and more massive data breaches have become a part of everyday life.  Breaches such as recently occurred at Anthem and in the past few years affected Target, Home Depot and many other companies affect just about everyone.  Sometimes the data breaches, such as occurred with Target only affect credit card information, but other data breaches, such as the recent Anthem data breach result in much personal information being stolen which can then be used to turn the person whose information has been stolen into a victim of identity theft.  Recently a number of class actions on behalf of the victims of these data breaches have been filed against the breached companies for failing to use proper security measures.  Recently the Federal District Court for Southern Texas dismissed a class action brought by Beverly Peters on behalf of herself and others whose information had been compromised following a February 2014 data breach affecting 405,000 employees and patients of the St. Joseph Health System, a Texas hospital and health clinic company.  The class action was dismissed by the court because as of the date of the court hearing there was no evidence that any of the people affected had become victims of identity theft.

TIPS

The problem with this decision is that in many instances, identity thieves wait before using the stolen information in the hope that as time goes by, people will be less vigilant in guarding their identities.  In massive data breaches such as the one suffered by the St. Joseph Health System, the hackers often steal all of the information and then sell it in batches on black market websites to identity thieves whose use of the information results in the victims suffering identity theft.  While credit monitoring is often offered on a free basis, as it was in this case, by the hacked company following the data breach, credit monitoring does nothing to stop identity theft.  It only tells you that you have become a victim sooner than you might otherwise become aware.  A much better alternative is to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  This will prevent even someone with your personal information from accessing your credit report to obtain credit in your name and thus help keep you from becoming a victim of identity theft.  You can find information in the Archives of Scamicide about how to put a credit freeze on your credit reports.

Scam of the day – February 19, 2015 – Anthem data breach update

As I reported to you right after it happened earlier this month, Anthem, a major care health care company suffered a data breach that could affect as many as 80 million Americans.  The data stolen included birth dates, Social Security numbers and other information putting the affected victims in extreme danger of identity theft.  Anthem is now offering free identity theft repair and credit monitoring services to current or former members of affected Anthem plans going back to 2004.  This includes customers of Anthem, Inc. companies Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore and Unicare.  It also includes customers of affiliated Blue Cross and Blue Shield companies who used their Blue Cross Blue Shield insurance in any of the states where Anthem, Inc. does business.  Those state are California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.

TIPS

Anthem has contracted with AllClear ID to provide two years of identity theft repair and credit monitoring services to affected customers.  Identity repair assistance is available without enrollment by merely calling AllClear ID at 877-263-7995.  Additionally, affected customers may enroll at no charge in the AllClear PRO credit monitoring service during this two year period.  You can enroll either by phone at 877-263-7995 or online at https://anthem.allclearid.com/

Additionally although neither Anthem nor AllClear ID provides this service, if you were a victim of this data breach, it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  You can find more information about credit freezes and how to put them on your credit reports at no charge by going to the Scamicide archives.

Scam of the day – October 31, 2014 – Free credit score scams

Based on the information contained in your credit reports, your credit score can have a significant effect on whether you are granted a loan and at what interest rate, whether you will be hired for a job, whether you will be sold insurance, whether you can rent an apartment or many other purposes.  We all have a right to an annual free credit report from each of the three major credit reporting agencies, however, your free credit report will not provide you with your credit score.  Recently many people are receiving emails with offers to provide a free copy of your credit score.  Unfortunately, as with any other email or text message that requires you to provide personal information such as your Social Security number which is required to obtain your credit report or credit score, you cannot be sure that the offer is legitimate.  In some instances, companies offering to provide “free” credit reports or scores are actually signing you up for a continuing service that you may not either desire or need.  These sites generally ask for your credit card number, but tell you that they only need the credit card number for verification purposes.  Of course, that it is a lie.  If you were getting something free, you would not need to provide a credit card number.   They are getting your number to use it to charge you monthly fees for services that you may not have thought you ordered.  Even worse however, are scams in which the company offering to provide you with your free credit score is actually just scamming you in order to get your Social Security number which they will use to make you a victim of identity theft.

TIPS

As I always say, you cannot trust any email or text message to be legitimate.  Never click on links, download attachments or provide personal information in response to unsolicited emails or text messages.  The risk is too great.  If you want your free credit reports from each of the three major credit reporting agencies, Equifax, Transunion and Experian, the only place to go is the website www.annualcreditreport.com.  It is important to monitor your credit report not just to find evidence of identity theft, but also to find mistakes that may appear on your report that can adversely affect your credit score.  As for your credit score, the website www.creditkarma.com is a legitimate website that you can trust, that encrypts your data and provides your credit score for free.