Scam of the day – September 8, 2017 – Massive data breach at Equifax

Yesterday Equifax, one of three major credit reporting agencies announced that it had been victimized by a data breach between mid May and July that resulted in personal information of approximately 143 million Americans being stolen.  To put this number into perspective it accounts for nearly 44% of the entire population of the United States.  The compromised information included names, Social Security numbers, birth dates and more.  This information puts the victims of the data breach in serious danger of identity theft.  In the past when major data breaches such as this have occurred, the cybercriminals sell the information to other cybercriminals on the Dark Web.  To date, we have not yet seen this information being sold, but it will be.

Equifax is offering to affected customers a free year of credit monitoring and the ability to freeze your Equifax credit report.  To find out if your records were affected by the breach, click on this link provided by Equifax

Potential Impact

TIPS

If you have been affected by the data breach, you should sign up for the free services offered by Equifax and definitely should freeze your credit report at all of the credit reporting agencies because the information stolen puts you in jeopardy of identity theft at all of the credit reporting agencies.

Even if you have not been a victim of the data breach, you should consider taking this as the opportunity to put a credit freeze on your credit reports. Credit freezes are the best thing you can do to protect yourself from becoming a victim of identity theft.

To get started, it’s best to first understand the laws and fees governing credit freezes in your state. The National Conference of State Legislatures describes the credit freeze laws for each state. 

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them for information about how to get a credit freeze: 

Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.

Scam of the day – March 25, 2017 – Multiple states’ JobLink database hacked

JobLink, which is a database managed by Job Link Alliance, maintains online databases that connects employers with job seekers.  JobLink is used by the state governments of Alabama, Arizona, Arkansas, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont. It has recently come to light that the database for all of the states using JobLink were hacked sometime prior to March 16th.  The total number of people affected is undetermined at this time, but potentially huge.  In Delaware alone personal information from more than 200,000 accounts were stolen. Included in the information stolen in this data breach were names, Social Security numbers and birth dates which could be readily used for purposes of identity theft.

TIPS

If you used JobLink in any of the affected states, you should immediately freeze your credit with each of the three credit reporting agencies to help prevent anyone who may have access to your Social Security number from obtaining credit in your name.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the right hand corner of this page.

You should also carefully monitor all of your credit cards and other accounts regularly for any indications of identity theft.

Scam of the day – November 24, 2016 – Disturbing data breach at HUD

Earlier this week, the Department of Housing and Urban Development (HUD) disclosed that it had suffered two data breaches occurring on August 29th and September 14 in which personal information including Social Security numbers of approximately 480,000 people was made publicly available on the HUD website.  No hacking was involved by individuals or nation states.  The data breach was done through the negligence of HUD employees who inadvertently posted the information.  The information has been taken down and, at the moment, there is no evidence that the information has been used for purposes of identity theft.   HUD is investigating the data breach to determine the exact extent of the problem, how it occurred and what to do to prevent such data breaches in the future.

Letters are being sent by HUD to affected individuals and HUD is offering a year of free credit monitoring.

TIPS

Identity thieves will be sending letters appearing to come from HUD about this data breach asking for personal information.  You should not provide such information to anyone who calls you, emails you, text messages you or contacts you by mail.   Here is a link to the official HUD website with contact information if you have questions as to your rights in this matter.  http://portal.hud.gov/hudportal/HUD?src=/contact

This incident again highlights that you are only as secure as the places that have your personal information with the weakest security. Therefore, as much as possible, you should limit the amount of personal information you provide to any company, institution or government agency as much as possible.  However, unfortunately, in many instances, such as with HUD there will be times you need to provide your Social Security and other personal information.  Therefore it is important to protect yourself from identity theft as best you can.  The best thing you can do to protect yourself is to put a credit freeze on your credit report so that even if someone obtains your Social Security number, they will be unable to establish credit in your name.  You can learn how to put a credit freeze on your credit reports by going to the Search the Website section of Scamicide in the top of this page on the right hand corner and type in “credit freeze.”

Scam of the day – November 11, 2014 – New study on effectiveness of phishing

Phishing, as you probably know, is the term for the tactic used by scammers and identity thieves who pose as a legitimate company, government agency or some other person or entity you trust and lure you into providing personal information that can either be used to make you or someone you know a victim of identity theft.  Recently, Google and the University of California, San Diego completed a study that showed just how effective phishing is.  A common phishing technique is to send an email to someone with a link directing them to a phony, but legitimate appearing website.  Other times, the phony email itself contains a request for personal information.  Startlingly, the study showed that at tHE most effective of these phishing websites up to 45% of people targeted provided the information requested.  Sometimes, the scammers are merely looking to take over your email account so that they can send targeted emails to people on your email list that appear to come from you and may be directed to your friends by name.  This type of phishing is called spear phishing.   Phishing is a tremendously effective scam technique and was at the core of the hacking of Target, Home Depot and many other companies and people.

TIPS

Never click on links or download attachments unless you are absolutely sure that they are legitimate.  Even if they appear to be in an email or text message from a friend, you cannot trust the communication because your friend’s account may have been hijacked by an identity thief or scammer.  Never provide personal information on websites unless you have confirmed that it is legitimate.

If your email account is compromised here are the steps to take:

1. Change your password on your email account. If you use the same password for other accounts, you should change those as well.
2. Change your security question. I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”
3. Report the hacking to your email provider.
4. Contact people on your email list and let them know you have been hacked and not to click on links in emails that may appear to come from you. You have already done this.
5. Scan your computer thoroughly with an up to date anti-virus and anti-malware program. This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.
6. Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.
7. Get a free copy of your credit report. You can get your free credit reports from www.annualcreditreport.com. Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.
8. Consider putting a credit freeze on your credit report. You can find information about credit freezes here on Scamicide.

Scam of the day – July 19, 2014 – Houston Astros hacked

No company is safe from the danger of hacking including, as we recently learned Major League Baseball teams.  The Houston Astros were recently embarrassed to announce that their computers had been hacked by unknown hackers who released information about trade discussions involving the Astros and a number of other Major League Baseball teams including the Miami Marlins with which a trade for All-Star outfielder Giancarlo Stanton was discussed.  The hacking did not appear to be for any reason other than to expose and embarrass the management of the Astros, however that is of little consolation to employees of the Astros whose personal information can also be found in the Astros’ computers and which, if released could lead to identity theft.

TIPS

This is just another example that no entity including governmental agencies as well as private companies is safe from the danger of hacking.   A recent report by the State of New York indicated that in New York alone there were more than 900 data breaches that exposes personal and financial records of 7.3 million New Yorkers thus making them victims and potential victims of identity theft.  It is important to remember that you are only as safe as the place with the weakest security that holds your personal information so whenever possible do not provide your personal information, such as your Social Security number to everyone who asks for it.  Health care providers do not need your Social Security number although most request it.  Often the only reason that they want it is to make it easier to collect an unpaid bill from you.  The health care industry in general has done a poor job of protecting personal data from hackers.  The place to find a helping hand in protecting your data is at the end of your own arm.  Limit the places that have your personal information as best you can.  When companies request your Social Security number, offer them another identifier for example.  I recently did this with my eye doctor and the doctor agreed.  You may also want to place a credit freeze on your credit report so that even if your Social Security number and other personal information is stolen, the identity thief will not be able to access your credit report.  You can find information as to how to put a credit freeze on your credit report in the credit freeze section on the right hand side of this page.

Scam of the day – January 28, 2014 – The untold story of the hacking of Michaels

This past weekend, Chuck Rubin, the CEO of Michaels, the country’s biggest arts and crafts stores issued the following statement: “We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue.” Thus Michaels becomes the third large national retail store chain to become involved with a major hacking of its credit and debit card data following Target and Neiman Marcus.  What Michaels’ short statement did not indicate is that the company is still not even sure that it has been hacked although every indication is that it has been.   As in the case of the hackings of both Target and Neiman Marcus, it was not the company that discovered that its security had been breached, but rather the banking industry which discovered a pattern of fraudulent purchases using credit and debit cards recently used at Michaels.  So although the evidence is pretty strong that Michaels has been hacked, security experts and Michaels have still not been able to identify how the hacking occurred, which is indeed troubling because it means that newer and even more advanced malware was likely used to perpetrate the hacking.  As I told you just a couple of days ago, you can expect to hear this story again and again in the new year.

TIPS

Once again, I want to advise you that you should limit your debit card’s use to ATM machines.  Do not use it for retail purchases because the consumer protections provided to you by law just are not as great as they are for fraudulent use of your credit card.  Also, as I advised you previously, you may wish to consider putting a credit freeze on your credit report at each of the three major credit reporting agencies to protect you from an identity thief getting access to your credit report in order to use your credit to make large purchases in your name.  you can find detailed instructions as to how to put a credit freeze on your credit report by clicking on the link designated as “credit freezes” on the right hand side of this page.  Finally, for your own protection of your computer, smart phone and other electronic devices, you should make sure that you have installed anti-virus software and anti-malware software.  You should also make sure that you keep this software current with the latest updates as soon as they are available, however, as the situation with Michaels illustrates, new strains of malware are always at least thirty days ahead of anti-malware software to protect you from those malware programs so you should always be wary of phishing and other techniques used to lure you into unwittingly downloading malware.  You can learn in detail how to protect yourself from phishing and other threats by reading my book “50 Ways to Protect Your Identity in a Digital Age” which can be ordered by clicking on the icon of the book on the right hand side of this page.