Posts Tagged: ‘Identity Theft’

Scam of the day – October 24, 2014 – President Obama’s Executive Order regarding credit card security and identity theft

October 24, 2014 Posted by Steven Weisman, Esq.

President Obama has signed an Executive Order leading the way for greater protection for Americans from data breaches and identity theft.   He also announced that a number of companies including Home Depot Target,  Walgreen and Walmart are accelerating their move to more secure chip and PIN credit card use at their stores. Although regulations that would encourage retailers to switch to these smart cards no later than October of 2015, these companies are planning on completing the move to smart card readers by January of 2015 with Walmart already leading the way.  Also starting in January Citi and FICO are joining together to make credit scores available free to Citi Bank credit cards.  Already providing free credit scores are Discover, Barclaycard, Pentagon Credit Union and First National Bank of Omaha.  It is hoped that more banks will follow this example.  Under the President’s order the reporting of credit card fraud will be made quicker and easier within two years.  Finally, the President announced that the Department of Justice and the FBI are working to improve greater information sharing between hacked companies and affected consumers with the National Cyber-Forensics and Training Alliance’s Internet Fraud Alert System.

TIPS

The President’s actions are a good first step and they do indicate a greater willingness of businesses to work with the government in order to better protect consumer data.  However, much remains to be done and Congressional action is definitely required to improve the laws necessary to protect consumers from data breaches and identity theft.  However, it is good to see the President taking the lead on this important issue. Meanwhile, the primary responsibility for protecting ourselves from identity theft still rests with all of us as individuals.  I urge you to pick up a copy of my new book “Identity Theft Alert” which provides simple steps you can take to dramatically improve your chances of avoiding identity theft.  You can order the book from Amazon by clicking on the link on the right hand side of this page.  I also urge you to read scamicide.com every day so you can become aware of the latest scams and identity theft schemes.

Scam of the day – October 15, 2014 – Medicare open enrollment scams

October 15, 2014 Posted by Steven Weisman, Esq.

The open enrollment period for Medicare begins today on October 15th and goes until December 7th.  This is the only time during the year that people enrolled in Medicare can change their Medicare health plans, supplemental or Medigap plans and their prescription drug plans.  By now, people already enrolled in Medicare should have received an Annual Notice of Change from their health insurance providers describing any changes to their plans such as the dropping of particular drugs from your prescription drug plan.  If you are satisfied with your plans, you do not need to do anything.

Scammers and identity thieves view the open enrollment period as senior citizen hunting season as myriads of Medicare scams are common during this time.  Among the scams are phone calls or emails purporting to be from Medicare informing you that Medicare is issuing new Medicare cards and that in order to continue to receive benefits, you need to obtain a new card which can be done by providing the person contacting you with your Medicare number which is your Social Security number.  If you provide this number, you will end up becoming a victim of identity theft.  Other times you may be contacting by someone purporting to be from your insurance company asking to verify information.  Again, this is a common tactic of identity thieves trying to trick you into providing information.  You also may be contacted by people claiming to have supplemental insurance programs that will save you thousands of dollars.  Here too, you cannot be sure that they are legitimate when they contact you by phone, text message, email or even regular mail.

TIPS

Medicare is not issuing new cards and they will never contact you by phone and ask for your Medicare number.  Never give personal information to anyone who calls you on the phone because you can never be sure who is actually on the other end of the line.  Through a technique called “spoofing” a scammer can fool your Caller ID and make it appear that the call is from the government or some legitimate company when in fact, it is from an identity thief who is eager to steal your money.  If you want to get information you can trust about what insurance plans are available to you and at what cost, merely go to the “Plan Finder” section of Medicare’s website www.medicare.gov.  If you want to speak with someone on the phone, call Medicare at its 24 hour hotline 1-800-MEDICARE.

Scam of the day – October 13, 2014 – Attention Kmart shoppers: You have been hacked

October 13, 2014 Posted by Steven Weisman, Esq.

Yesterday, I told you about Dairy Queen becoming the most recent company to announce that it had been hacked.  Today, it is my duty to tell you that Dairy Queen has lost that honor to Kmart, which, in a filing with the SEC announced that it too had been hacked and suffered a data breach in which debit card numbers and credit card numbers had been compromised through the same type of “Backoff” malware that I have been warning you about for months.  The data breach began in early September and was discovered by Kmart on October 9th.   Required filings with the SEC have become the most common way for the public to learn that they have been involved with a data breach at the companies where they shop.  The pattern of this data breach again follows what I described in my column for USA Today on September 27th entitled “Coming soon:  Another major retailer hacked” in which I provided a fill-in-the-blank format for the stories of future data breaches in which I predicted exactly how they would occur in the future which is precisely what happened at Kmart.  Here is a link to that column: http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/

Kmart has assured its customers that no debit card PINs were compromised, but this is of little consolation since as I described in my Scam of they day of January 1, 2014, identity thieves can often decipher PINs using computer programs that easily crack the many common PINs that people use.  To make things worse, even if you have a very secure PIN, as I described in my Scam of the day for September 12, 2014, identity thieves are exploiting vulnerabilities in bank security systems to merely change the PINs of the stolen cards and thereby bypass the need to know the PINs of the cards they steal.  Heads they win, tails you lose.

TIPS

As I so often say, you are only as safe as the places you do business with who have the weakest security.  Despite government warnings last July to retailers about the dangers of the “Backoff” malware, thousands of retailers have still not taken the necessary steps to protect their computer systems.  All that we can do is to refrain from using debit cards for retail purchases and only use credit cards.  The laws protecting you from fraudulent use of debit cards are not as strong as those that pertain to fraudulent use of credit cards.  Also, since there is always a time lag from the time that the data breach actually occurs and when the company realizes that it has been hacked, it is important to regularly monitor your credit card statements for fraudulent purchases.

These kind of retail hackings will continue to happen and provide tremendous profits to hackers and identity thieves until retailers in the United States join the rest of the world and implement the smart card with chip technology used throughout the rest of the world.

Kmart will be offering free credit monitoring to affected customers.  For more information, go to their website www.kmart.com or call them at 888-488-5978.

Scam of the day – October 11, 2014 – Nude photos of Emily Watson scam

October 11, 2014 Posted by Steven Weisman, Esq.

Emma Watson is a popular, young actress who is best known for her role as Hermione in the Harry Potter movies.  She is one of the most well searched celebrities on the Internet.  This intelligent Brown University graduate also may be one of the few celebrities who did not have nude photos of her stolen from the cloud.  It may even because she has not taken such pictures.  Regardless, there are many people who would very much like to see nude photographs of her which is why a new scam first reported by the security firm Bitdefender comes as no surprise.  This scam starts with a Facebook posting that promises nude videos of Emma Watson for free, merely by clicking on a link.  If you click on the link the image reproduced below appears on your screen.  Unfortunately, if you download the attachment in order to view the promised video, you will not succeed in seeing a video of Emma Watson, but you will succeed in downloading malware called Trojan.Agent.BFQZ which will steal the information from your computer or other electronic device and use it to make you a victim of identity theft, make postings using your name on Facebook and sign you up for expensive text message services for which you will be billed through your cellular service.

The Emma Watson Trojan virus being shared on Facebook

TIPS

Without even getting into the morality and ethics of viewing what appear to be privacy invading, stolen nude videos of public figures, the plain, hard truth is that many of these solicitations to view these videos are just bait by scammers and identity thieves to lure you into clicking on links and downloading attachments that will install malware on your computer or other electronic device that will end up costing you money and making you a victim of identity theft.  Trust me, you can’t trust anyone.  Never click on links or download attachments unless you are absolutely sure that they are legitimate.

 

Scam of the day – October 7, 2014 – Latest security updates from Department of Homeland Security

October 7, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates include a number of important security patches related to the Bash virus.

TIPS

Here are the links to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-279

Scam of the day – October 5, 2014 – More banks hacked by suspected hackers of J.P. Morgan Chase

October 4, 2014 Posted by Steven Weisman, Esq.

With news of the massive data breach at J.P. Morgan Chase in which names, addresses, phone numbers and email addresses of 76 million households and 7 million small businesses were stolen by what appears to be Russian hackers who may or may not be affiliated with the Russian government dominating the news, it seems perfectly appropriate to wish you a happy National Cybersecurity Awareness month.  As frightening as the spectre of a major American bank being vulnerable to vulnerable to such a massive data breach, you may remember that when the story broke last August of the possible data breach at J.P. Morgan Chase, reports were that there were as many as four other banks that had similarly been hacked.  Now, according to a report in the New York Times, that number is actually risen to nine other major financial institutions that may have suffered data breaches at the hands of the same hackers.  Therefore even if you are not a customer of J.P. Morgan Chase, you should be extra vigilant in regard to all of your financial accounts.

TIPS

Now is the time to implement a eight step approach to protecting yourself from identity theft and data breaches.  The first step is to change your password regularly, such as every six months.  A good password has a mixture of capital letters, small letters, symbols and digits.  Don’t use any word in the dictionary because hackers have computer programs that can guess your password. Instead use a phrase, such as IHate2UsePasswords!!.  This is a very secure password.  You should also have a separate and distinct password for each of your accounts, but you can merely adapt this basic password by adding a couple of distinguishing letters for each account.  For example, you could make this your Amazon password by adding the letters “Am” at the end of your basic password so it reads IHate2UsePasswords!!Am.  This is easy to remember.

You should also use dual factor authentication on your accounts when available.  Dual factor identification provides you with an extra level of security by which more than a password is necessary to gain access to your account.  Generally, when you log in through your password to an account a code is then sent to your smartphone which you then must input in order to access your account.

You also should change the answer to your security question to something completely nonsensical.  Answering a security question is required if you forget your password or if you want to change your password.  Unfortunately the answers to common security questions, such as your mother’s maiden name can be found with a little effort by an identity thief in the many places on the Internet that store personal information.  So instead of the answer to your mother’s maiden name being “Jones,” change it to “Grapefruit.”  No identity thief will find it or guess it and it is silly enough for you to remember.

Don’t click on links or download attachments in any email, text message or social media posting unless you have absolutely confirmed that it is legitimate.  Identity thieves and hackers lure people into clicking on links in such communications that results in the victims downloading keystroke logging malware that can steal all of the information from your computer.

Don’t provide personal information over the phone to anyone whom you have not called.  You can never be sure if the person calling you is legitimate regardless of how compelling the reason he or she gives for you to provide personal information.  Don’t rely on your Caller ID because through a technique called “spoofing” an identity thief can make it appear that his or her call is from the IRS, your bank or some other legitimate entity.  If you think the call may be legitimate, hang up and call the company or agency at a number that you know is real, not the number the caller gives you.

Review all of your accounts regularly and carefully to note the smallest charge that should not be there.  Sometimes identity thieves will put regular reoccurring charges on your credit card or phone bill in the hope that you will not bother to look further into it because the charge is so small.  The earlier you catch identity theft, the easier it is to deal with.

Check your credit report from each of the three major credit reporting agencies every year for evidence of fraud or even mistakes that need to be corrected.  Here is the link to the only official place to get your free credit report https://www.annualcreditreport.com/index.action

Put a credit freeze on your credit report so that even if an identity thief obtains your Social Security number, he or she cannot gain access to your credit report.  Yesterday’s Scam of the day contains the links to the credit reporting agencies to use to freeze your credit.

Scam of the day – October 4, 2014 – J.P. Morgan update and credit freeze information

October 4, 2014 Posted by Steven Weisman, Esq.

Last Thursday, in a required SEC filing,  J.P. Morgan Chase & Co. reported that the data breach, which we reported to you about when it was first discovered during the summer, was much larger than initially thought.  At the time, J.P. Morgan believed that only a million accounts were compromised, but now, J.P. Morgan is indicated that information on 76 million households and 7 million small businesses was stolen by hackers thought to be from Russia or another Eastern European country.  According to the SEC filing, J.P. Morgan says that the information stolen included names, addresses, phone numbers and email addresses.  At this time J.P. Morgan is saying that they are not aware of fraudulent activities tied to the data breach and that no account numbers, passwords, user IDs or Social Security numbers were stolen.  The data breach apparently began in June and went on until discovered in mid August, which is especially troubling because it provided time for the hackers to cover their tracks for what may have been their true goal.  The hackers did manage to gain access to the entire list of applications and programs used by J.P. Morgan Chase on its computers which could then be evaluated by the hackers for inevitable vulnerabilities that could be exploited at a later time.  Obviously J.P. Morgan is busy trying to protect against this threat.

TIPS

For customers of J.P. Morgan Chase, now is not the time to run and hide nor take your money out of the bank.  In fact, at the time that the FBI began its initial investigation of this data breach during the summer, it indicated that it was looking into possible data breaches of as many as four other banks as well.  It may well be that we are not yet aware of the breaches that occurred and may still be going on in other banks.  You can expect either the hackers, people who the hackers sell the information they gathered and even totally independent identity thieves to start contacting people through emails, text messages and phone calls purporting to be from J.P. Morgan Chase.  In these contacts, they will attempt to lure unsuspecting victims into providing personal information under various guises or clicking on links to obtain what may appear to be important information.  However, if you provide that personal information all you will do is end up a victim of identity thief.  If you click on the links in emails or text messages appearing to be from J.P. Morgan you may well end up downloading keystroke logging malware that will steal all of the information from your computer that will be used to make you a victim of identity theft.  Trust me, you can’t trust anyone.  Even if your Caller ID appears to show that the call you receive is form J. P. Morgan Chase, scammers are able to make their calls appear to be from J.P. Morgan Chase through a tactic called spoofing.  The best course of action if you receive any purported communication from the bank is to not respond directly, but instead contact the bank independently on your own to find out what the truth is.

This also may be a good time to consider putting a credit freeze on your credit report so that even if someone manages to obtain your Social Security number and other personal information, they will be unable to access your credit report and run up large debt in your name.  A separate credit freeze needs to be established at each of the three major credit reporting agencies to be effective.  Here are the links to the pages at Experian, TransUnion and Equifax where you can put a credit freeze on your report and get some peace of mind.

TransUnion http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page

Equifax https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Experian https://www.experian.com/freeze/center.html

Scam of the day – October 1, 2014 – Supervalu stores hacked for second time in two months

October 1, 2014 Posted by Steven Weisman, Esq.

Regular readers of Scamicide.com may remember that it was just last August 17th that I told you about the hacking at grocery chain Supervalu.  Well, it has happened again.  Now the company is saying that a second, entirely different hacking and data breach occurred just a few weeks after the previous hacking was discovered that affected customers at some of its Shop ‘n Save, Shoppers Food & Pharmacy and Cub Foods stores as well as some of its liquor stores.  Although the company is saying that due to what it calls its “enhanced” security technology installed after the last data breach, it believes that no cardholder data was actually taken by the hackers, it is still too early in the investigation to definitively make that statement.  In last Saturday’s USA Today, I wrote a column about the commonality of the data breaches over the last year that you may find interesting.  Here is a link to that column:

http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/

You can well expect there to be continuing problems at retailers in the weeks and months ahead with data breaches.

TIPS

Specifically for people who think they may have been affected by the most recent Supervalu data breach, you can go to Supervalu’s website for more detailed information.  Supervalu’s website is www.supervalu.com.  They have also established a call center for information about free credit monitoring being offered through the company AllClear ID.  You can reach the call center at 855-731-6018.  If you receive an email or text message purporting to be from AllClearID or Supervalu asking you to click on a link to access the free credit monitoring services, don’t do so.  You can’t be sure that the email or text message is legitimate and all you may end up doing is downloading malware on to your own computer or other electronic device that will enable the identity thief to steal all of the personal information stored on your computer or other personal electronic device  and use it to make you a victim of identity theft.  Instead go directly to Suprevalu’s true website at www.supervalu.com.

For the rest of us who may not be personally affected by this latest data breach, this serves as a reminder that we should not use debit cards when shopping in retail stores because of the greater harm that can come if your debit card is hacked.  It also is important to remember to regularly monitor your credit card statement, preferably online to look for fraudulent charges.  Remember, when it comes to data breaches, the retail merchants who get hacked are always months behind when the hacking occurred so you need to be monitoring your accounts for improper activity.

Scam of the day – September 30, 2014 – U.S. Bancorp fined and ordered to pay customers millions

September 30, 2014 Posted by Steven Weisman, Esq.

Headlines last week trumpeted the fining by the Consumer Financial Protection Bureau of U.S. Bancorp 9 million dollars.  U.S. Bancorp was also ordered to return 48 million dollars to customers for illegal billing practices regarding its identity theft products.  The Consumer Financial Protection Bureau (CFPB) alleged that U.S. Bancorp charged its customers for credit monitoring services, but that the customers often did not receive the services promised and paid for.  Before you start judging U.S. Bancorp too harshly, however, it is important to note that the credit monitoring program of the bank was provided by a third party contractor, Affinion Group, which had previously run into similar problems with Capital One and Bank of America.  According to Affinion, this problem was not one of intentionally trying to cheat consumers, but more a matter of customers not being sufficiently told that they would need to submit more detailed information in order to fully activate the credit monitoring services, leaving the customers assuming that they were covered, when in fact, they were not.  Affinion says it has corrected this communications failure by now requiring authorizations for immediate access to credit reports for credit monitoring when customers initially enroll in their programs.  However, this change does not alter the fact that many customers were cahrged for services they either did not agree to or just did not receive.  In some cases the interest payments and fees from these programs resulted in customers going over their credit limit and being subject to bank penalties.  For its part, U.S. Bancorp has agree along with paying the fine to better monitor the third party vendors it uses.

TIPS

If you were directly affected by this, you should contact your local U.S. Bancorp branch.  For the rest of us, the first lesson is to make sure that you fully understand the details of any contract you sign up for.  Specifically as to credit monitoring services, you should make sure you understand what you need to do to activate the services and precisely what services are provided and at what cost.  Remember, credit monitoring services do nothing to actually prevent identity theft; they only help you become aware of the crime earlier.  It is also important to note that no credit monitoring service does anything for you that you cannot do for yourself at much less cost and often free.  For more details as to what you can do to protect yourself from identity theft, I suggest you get a copy of my new book “Identity Theft Alert.”  You can order it from Amazon merely by clicking on the link on the right hand side of this page.

Scam of the Day – September 26, 2014 – Bank tellers charged with identity theft

September 26, 2014 Posted by Steven Weisman, Esq.

For a long time I have told you that you are only as safe from identity theft as the places with the weakest security that have your information.  It is for this reason that I urge you to limit the places that do have your personal information, such as your Social Security number as much as you can.  For example,  your doctor asks for your Social Security number, ask in return if they would be willing to accept your driver’s license.  A doctor does not need your Social Security number; they generally ask for it merely to make collection of overdue bills easier.  Sometimes, however, you have no control over the security breaches that can make you a victim of identity theft.  New York Attorney General Eric T. Schneiderman announced recently that three bank tellers and two other people stole more than $850,000 from the accounts of customers of the banks where the tellers worked and had access to personal and financial information of hundreds of customers.  The banks have reimbursed the customers who lost money in this scam.

TIPS

It is very important to be vigilant in regard to monitoring all of your financial accounts for fraudulent activities.  This means regularly reviewing all of the transactions in your bank accounts, brokerage accounts, credit cards and all other financial accounts that you may have.  The earlier you spot a problem, the easier it is to correct.  This also means monitoring your bills such as your telephone bills for fraudulent charges that may appear through a scam called cramming where regular small charges, sometimes easy to overlook, are put on your phone bill by scammers in various ways.