Scam of the day – August 1, 2017 – Discover card now offering identity theft alert services

Discover is now offering free identity theft alert services through any of their credit cards.  Discover monitors websites on the Dark Web where criminals buy and sell stolen credit cards, Social Security numbers and other identity theft information.  They will then alert their customers if it is found that their Social Security number or credit card has been compromised.  In addition, Discover will also monitor the customer’s Experian credit report and alert the customer if new accounts, such as credit cards, car loans or mortgages are taken out in the name of the customer.  Finally, Discover representatives will offer some guidance in remedying the problem if the customer does become a victim of identity theft.  All of these services are offered by Discover to its customers at no charge.

TIPS

While this is a very significant benefit to consumers and Discover should be applauded for its efforts, it should be noted that there are numerous other ways that identity theft is accomplished beyond those that Discover will be monitoring.  In addition, Discover will only be looking at the customer’s Experian credit report and not those of the other credit reporting agencies, TransUnion and Equifax.  Often problems may appear on one of these companies reports and not on the others.  Perhaps most importantly, like all credit monitoring services, these services do nothing to help prevent someone from becoming a victim of identity theft in the first place.  There are many things that people can do to help protect themselves from becoming a victim of identity theft, perhaps most strongly by putting a credit freeze on their credit reports at all three of the credit reporting agencies.  In my book “Identity Theft Alert” I list more than sixty simple things people can do to protect themselves from becoming a victim of identity theft.

Scam of the day – July 31, 2016 – Pennsylvania Revenue Department data breach

Earlier this month the Pennsylvania Revenue Department announced that it was notifying 865 taxpayers by mail that their unencrypted personal information was contained on one of four laptop computers stolen from a car used by Pennsylvania Revenue Department auditors while in California performing an audit.  The letters being sent to the Pennsylvania taxpayers affected by this data breach will provide information about free credit monitoring services through Experian for which the affected taxpayers are eligible.  Although this particular data breach is quite limited in scope, it once again points out the problems that numerous both state and federal government agencies have had in recent years, most notably, the massive data breach at the Office of Personnel Management (OPM) that resulted in the loss of personal data of more than four million people.

Too often basic security precautions have not been followed by these various government agencies including lack of password protection for laptops, lack of encryption and lack of proper security software.

TIPS

Even if you are extremely careful in following security precautions on all of your own electronic devices including your computer and smartphone, you are only as safe from identity theft as the places that have your information with the worst security.  Therefore, as much as you can, limit the amount of personal information you provide to any company or governmental agency to that which you absolutely must provide.  For instance, hospitals and medical care providers routinely ask for your Social Security number although they have no real use for it.  Provide them whenever possible with alternative forms of identification.

Scam of the day – April 22, 2015 – Watch out for the Simda botnet

Recently the Department of Homeland Security joined Interpol and the FBI to issue a serious warning about a botnet called the Simda botnet.  A botnet, as readers familiar with Scamicide will know, is a network of infected computers used by cybercriminals to spread malware.  According to the Department of Homeland Security more than 770,000 computers have already been affected by the Simda botnet which has been around since 2009 preying on computers that are not properly protected by up to date anti-malware software.  The Simda malware not only enables the cybercriminals to use their victims’ computers to spread this and other malware, but it also enables the cybercriminals to steal personal information from the infected computers that make up the botnet and then use that information for purposes of identity theft.

TIPS

Here is a link to which you can go to find out if your computer has been infected with the Simda malware.  http://www.cyberdefense.jp/simda/

If you have been a victim of the Simda malware, you should install anti-virus and anti-malware software to rid your computer of the Simda malware.  You should then change the passwords for all of your accounts because they have been compromised.  You should also get a copy of your credit report from each of the three credit reporting agencies, Equifax, TransUnion and Experian to determine if you have already become a victim of identity theft.  You should also lock up your credit reports with a credit freeze at each of the three credit reporting agencies.  You can find instructions as to how to do this here in the Scamicide archives.

Even if you have not become a victim of the Simda malware, you should make sure that your anti-virus and anti-malware software is constantly updated.

Scam of the day – March 22, 2015 – Obituary scams

Scammers have no sympathy for anyone as evidenced by the many scams that are based on obituaries.  For years, scammers would scan the obituaries and then go to Social Security’s Death Master File where the names of deceased Americans are available along with their Social Security numbers and then use this information to the deceased a victim of identity theft by obtaining credit, filing phony income tax returns or other tactics.  Easy access by scammers to the Death Master File has been largely closed by legislation that took a long time to be made effective.

Scammers also will look for information in obituaries about the names of family members and then use that information for purposes of the infamous Grandparent Scam where the grandparent gets a telephone call late at night from a scammer posing as the grandchild who under the guise of some emergency tricks the grandparent into sending money to the scammer.

Scammers also call the families of people they see in the obituaries and claim they are creditors of the deceased person and that the family must pay a debt owed by the deceased.

Finally, scammers will also deliver packages by messengers on a COD basis claiming that the package was something ordered by the deceased person.  It is only after the family member has paid the Cash On Delivery charges and opened the package that the family finds that the package is just filled with old newspapers or magazines merely used as weight for the package.

TIPS

Scammers prey on people at their most vulnerable so it is at times like the death of a family member that you must be your most vigilant.  When writing an obituary, don’t put in specific information such as names that can be used by a scammer.  Also, contact the three major credit reporting bureaus, Equifax, TransUnion and Experian to seal the credit report of the deceased in order to avoid the risk of identity theft.  If someone contacts you claiming a debt was owed by the deceased, demand written confirmation for you to review before paying any alleged debts.  Don’t be pressured to act quickly by a purported debt collector.  Finally, if a COD package comes, refuse to pay until you can confirm that the delivery is legitimate.

Scam of the day – February 27, 2015 – Texas court dismisses data breach class action

More and more massive data breaches have become a part of everyday life.  Breaches such as recently occurred at Anthem and in the past few years affected Target, Home Depot and many other companies affect just about everyone.  Sometimes the data breaches, such as occurred with Target only affect credit card information, but other data breaches, such as the recent Anthem data breach result in much personal information being stolen which can then be used to turn the person whose information has been stolen into a victim of identity theft.  Recently a number of class actions on behalf of the victims of these data breaches have been filed against the breached companies for failing to use proper security measures.  Recently the Federal District Court for Southern Texas dismissed a class action brought by Beverly Peters on behalf of herself and others whose information had been compromised following a February 2014 data breach affecting 405,000 employees and patients of the St. Joseph Health System, a Texas hospital and health clinic company.  The class action was dismissed by the court because as of the date of the court hearing there was no evidence that any of the people affected had become victims of identity theft.

TIPS

The problem with this decision is that in many instances, identity thieves wait before using the stolen information in the hope that as time goes by, people will be less vigilant in guarding their identities.  In massive data breaches such as the one suffered by the St. Joseph Health System, the hackers often steal all of the information and then sell it in batches on black market websites to identity thieves whose use of the information results in the victims suffering identity theft.  While credit monitoring is often offered on a free basis, as it was in this case, by the hacked company following the data breach, credit monitoring does nothing to stop identity theft.  It only tells you that you have become a victim sooner than you might otherwise become aware.  A much better alternative is to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  This will prevent even someone with your personal information from accessing your credit report to obtain credit in your name and thus help keep you from becoming a victim of identity theft.  You can find information in the Archives of Scamicide about how to put a credit freeze on your credit reports.

Scam of the day – February 19, 2015 – Anthem data breach update

As I reported to you right after it happened earlier this month, Anthem, a major care health care company suffered a data breach that could affect as many as 80 million Americans.  The data stolen included birth dates, Social Security numbers and other information putting the affected victims in extreme danger of identity theft.  Anthem is now offering free identity theft repair and credit monitoring services to current or former members of affected Anthem plans going back to 2004.  This includes customers of Anthem, Inc. companies Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore and Unicare.  It also includes customers of affiliated Blue Cross and Blue Shield companies who used their Blue Cross Blue Shield insurance in any of the states where Anthem, Inc. does business.  Those state are California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.

TIPS

Anthem has contracted with AllClear ID to provide two years of identity theft repair and credit monitoring services to affected customers.  Identity repair assistance is available without enrollment by merely calling AllClear ID at 877-263-7995.  Additionally, affected customers may enroll at no charge in the AllClear PRO credit monitoring service during this two year period.  You can enroll either by phone at 877-263-7995 or online at https://anthem.allclearid.com/

Additionally although neither Anthem nor AllClear ID provides this service, if you were a victim of this data breach, it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  You can find more information about credit freezes and how to put them on your credit reports at no charge by going to the Scamicide archives.

Scam of the day – October 31, 2014 – Free credit score scams

Based on the information contained in your credit reports, your credit score can have a significant effect on whether you are granted a loan and at what interest rate, whether you will be hired for a job, whether you will be sold insurance, whether you can rent an apartment or many other purposes.  We all have a right to an annual free credit report from each of the three major credit reporting agencies, however, your free credit report will not provide you with your credit score.  Recently many people are receiving emails with offers to provide a free copy of your credit score.  Unfortunately, as with any other email or text message that requires you to provide personal information such as your Social Security number which is required to obtain your credit report or credit score, you cannot be sure that the offer is legitimate.  In some instances, companies offering to provide “free” credit reports or scores are actually signing you up for a continuing service that you may not either desire or need.  These sites generally ask for your credit card number, but tell you that they only need the credit card number for verification purposes.  Of course, that it is a lie.  If you were getting something free, you would not need to provide a credit card number.   They are getting your number to use it to charge you monthly fees for services that you may not have thought you ordered.  Even worse however, are scams in which the company offering to provide you with your free credit score is actually just scamming you in order to get your Social Security number which they will use to make you a victim of identity theft.

TIPS

As I always say, you cannot trust any email or text message to be legitimate.  Never click on links, download attachments or provide personal information in response to unsolicited emails or text messages.  The risk is too great.  If you want your free credit reports from each of the three major credit reporting agencies, Equifax, Transunion and Experian, the only place to go is the website www.annualcreditreport.com.  It is important to monitor your credit report not just to find evidence of identity theft, but also to find mistakes that may appear on your report that can adversely affect your credit score.  As for your credit score, the website www.creditkarma.com is a legitimate website that you can trust, that encrypts your data and provides your credit score for free.

Scam of the day – September 29, 2014 – Child identity theft

Last week, Florida became the latest state to enact a law to help combat identity theft of children’s identities.  The new law has the clever acronym of KIDS, which stands for the Keeping ID Safe act.  Under this law, parents of minors are able to open a file with each of the major credit reporting agencies, Equifax, TransUnion, and Experian and then immediately freeze the accounts so that even if an identity thief managed to obtain the child’s Social Security number and other personal information, the identity thief would not be able to access the credit report for purposes of running up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when he or she might first apply for a car loan or financial aid for college.  Identity theft of children’s identities is a huge national problem.  According to a study by the Carnegie Mellon CyLab, children are more than 51 times more likely to become a victim of identity theft than adults.

TIPS

If you live in one of the states that has a law such as Florida’s, take advantage of the law, set up a credit report for your children and immediately freeze the account. And while you are at it, you should also freeze your own credit reports as your best precaution against identity theft.  If your state does not have such a law, let your state legislators know that you want them to pass such a law.  I am proposing such a law in my own home state.  As much as possible try to limit the places that have your child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and lets you opt out of information sharing by the school with third parties.  Finally, the security company AllClear ID (www.allclearid.com) provides a free service called ChildScan which not only searches credit records tied to your child’s Social Security number, but also checks employment records, criminal records and medical records to recognize at an early stage if your child has become a victim of identity theft.

Scam of the day – July 14, 2014 – Chinese hackers steal information from Federal Office of Personnel Management

Hacking of American companies by Chinese hackers is not particularly startling as it is going on all of the time, however the federal government is now admitting that back in March Chinese hackers were able to hack into the data bases of the Office of Personnel Management and gain access to personal information on thousands of government workers.  What is particularly troublesome is that the Office of Personnel Management manages a program called e-QIP where federal employees who are seeking security clearances must provide much personal information including personal financial data.  It is not known what the purpose of the hacking was and whether or not it was government sanctioned or not.  What is known is that, just as the hacking into the computers of the United States Department of Energy last week, showed, government databases are just as vulnerable as those of private companies.

TIPS

So what does this mean to you?

First and foremost if you are someone whose information was maintained by the Office of Personnel Management you should be on heightened alert for identity theft.  You should check your credit report with each of the three major credit reporting agencies, Equifax, TransUnion and Experian.  You also would be wise to put a credit freeze on your credit reports at each of the three major credit bureaus to prevent someone with personal information about you from gaining access to your credit report and utilizing your credit.  You can find a detailed explanation of credit freezes along with instructions for getting one in the right hand column of the first page of Scamicide.  As for the rest of us, this is yet another lesson that you are only as safe from identity theft as the places with the weakest security that hold personal information about you.  Whenever possible limit the amount of personal information held by companies and governmental agencies with which you do business.  Also, do not leave your credit card number on file with any retailer with which you do business regularly.  It may be convenient to do so, but it increases your risk of identity theft if the company is hacked and your data is compromised.

Scam of the day – March 20, 2014 – Maricopa County Community College hacked

As the old saying goes, “fool me once, shame on you; fool me twice, shame on me.”  Recently the Maricopa County Community College revealed that its computers had been hacked and personal information including Social Security numbers and banking information of more than 2.4 million students, former students, employees and vendors covering a period of more than thirty years was compromised.  As I have indicated to you in a number of Scams of the day, colleges and universities have been prime targets for hackers because they provide the perfect combination of often lax security and large amounts of personal information.  What makes this security breach even more egregious is the fact that Maricopa County Community College was hacked back in 2011, but steps to improve the security of their computer systems were not taken despite the recommendations of employees of the colleges information technology department and their warning that the 2011 breach which only affected 400 people exposed a flaw that could affect many more people.

TIPS

Presently a class action is being prepared by the Phoenix law firm of Gallagher and Kennedy. If you have been affected by the data breach, you may wish to contact them.  You also should check your credit report at www.annualcreditreport.com to get your free credit report from each of the three credit reporting agencies, Equifax, Experian and TransUnion in order to look for evidence of identity theft.  You should also consider putting a credit freeze on your credit report to prevent it from being accessed by an identity theft armed with your Social Security.  You can find instructions here on the Scamicide website as to how to put a credit freeze on your credit report.  This data breach also brings up the question again as to why Maricopa retained personal information on people who have long ago ceased to have a relationship with the college.