Scam of the day – July 14, 2017 – Verizon suffers massive data breach

It was recently disclosed that Verizon had suffered a data breach affecting anywhere from six to fourteen million of its customers.  Included in the compromised information were the names, addresses, email addresses and PINs of Verizon customers who had called Verizon customer support during the past six months.

The data breach occurred when Nice Systems, a third party vendor that handles customer service for Verizon stored the information in a misconfigured cloud storage area that allowed anyone to access it.

The most sensitive of the compromised information are the PINs.  Access to a PIN could allow a hacker to gain access to the Verizon customer’s account.  Additionally, many people use the same PIN for many accounts, which means that their other accounts are also in jeopardy.

TIPS

If you called Verizon customer support during the past six months you should immediately change your PIN and if you use the same PIN for other accounts, you should change those PINs, as well.  Additionally, if you do use the same PIN for multiple accounts, now would be a good time to make all of your PINs unique.

In addition, you should be wary of emails that appear to come from Verizon asking for personal information or requesting that you click on links because the information compromised in the data breach could be used by a hacker to fashion spear phishing emails that attempt to lure you into providing information or clicking on links that can lead to your becoming a victim of identity theft or ransomware extortion.

Scam of the day – December 7, 2016 – Gift card scams

Buying a gift card as a gift is both an easy way to purchase a gift for someone and a good way to make sure that the gift is something that the receiver of the gift can actually use and enjoy.  It definitely is a win-win situation.  However, scammers are always present to take any good thing and turn it into a scam.  Scammers will go to racks of gift cards and using handheld scanners that are easy to obtain, they read the code on the strip of the card and the number on the front.  They then put the card back in the display and then periodically check with the retailer by calling its 800 number to check on whether the card has been activated and what the balance is on the card.  Once they have this information they can either create a counterfeit card using the information they have stolen or order material online without having the actual card in hand.

TIPS

When buying a gift card, only purchase cards from behind the customer service desk and if the card is preloaded, always ask for the card to be scanned to show that it is still fully valued.  Some retailers, in an effort to reduce gift card fraud, will also put a PIN on the gift card so that if the card is used online, the user must have access to the PIN which is generally covered and must have the covering material scratched off in order to be visible.  Unfortunately, many purchasers of gift cards are not aware of this so they don’t even notice that the PIN on the card that they are purchasing has already had the covering material scratched off by the scammer who has recorded the PIN.

Scam of the day – November 11, 2016 – Brazen debit card scam

Florida law enforcement authorities are warning people about a scam recently being perpetrated on unwary victims which starts with the victim receiving a phone call,  purportedly from their bank, informing them that there is a problem with their debit card and that a new debit card with a chip will be issued by the bank to replace the former debit card.  Here, however, is where the scam becomes particularly brazen.  The scammers then actually go to the house of the victim to pick up his or her  present debit card.  The new chip enabled debit card is promised by the scammer to be sent in the mail shortly.  Unsuspecting victims are turning over their debit cards and their PINs to the scammers who have been using them to steal cash from ATMs and make purchases at retail stores.

TIPS

This scam starts with a phone call and it is always important to remember that whenever you receive a phone call, you cannot be sure who is really calling you even if your Caller ID says the call is coming from your bank or some other legitimate source.  Caller ID can be tricked by a technique called “spoofing” to make a scammers call appear to be legitimate.  For this reason, you should never provide personal information over the phone to someone that you have not called unless you have absolutely confirmed that the call is legitimate.

As for this particular scam, no bank is going to send someone to your home to retrieve your debit card.  If you needed to confirm this fact, all you have to do is call the customer service number on the back of your debit card to find out that this is a scam.

Scam of the day – August 31, 2016 – Massive ATM heist

ATM robbery is increasing dramatically.  According to FICO Card Alert Service, a company that monitors ATM activity for banks, ATM skimming attacks increased by 546% from 2014 to 2015 and this trend shows no indication of slowing down in 2016.  Skimmers are small devices that can be attached to ATMs either on the outside or inside of the machine that capture the data from your card when you insert it into the ATM.  This problem is exacerbated by the fact that ATMs still are using the old-fashioned magnetic strip cards rather than being updated to take the newer EMV chip cards that create a new code for every transaction that would render the skimmer useless.   The trade regulations requiring the switch over to chip cards for ATMs  go into effect for ATM transactions using MasterCard debit cards  October 1, 2016, but Visa’s deadline is not until October 1, 2017.  The regulations themselves are not laws, but rather rules of the banks and credit card processors that shift liability for fraudulent card use to companies not switching over to the EMV card readers before the deadlines.  It has been estimated by the National ATM Council that less than half of ATMs will be EMV card ready by October 2016.

However, things aren’t as bad as you think.  They are far worse.

Enterprising criminals recently managed to hack 21 ATMs of the Government Savings Bank in Thailand stealing approximately $350,000.  What was significant about this particular hacking was that in this case, skimmers weren’t used in the attack on the ATMs and money was not stolen from individual account holders as in the recent 13 million dollar heist from Japanese ATMs located at convenience stores over a three hour period.  In this case, the hackers inserted a malware infected card into the ATMs that reprogrammed the ATMs to allow them to withdraw money from the ATMs directly without being allocated to any particular account.  Inserting malware through portable USB external hard drives into ATMs and reprogramming them to release cash to hackers is exposing vulnerabilities in the security of many ATMs.

TIPS

The banking industry has got to keep pace with the attacks by sophisticated criminals upon ATMs.  Switching to EMV chip cards will help significantly from the less sophisticated hackers using skimmers, but it won’t help against the more sophisticated hackers attacking ATMs by changing the machine’s programming.  Better security needs to be implemented to combat this threat immediately.

Meanwhile as for us as customers, the best you can do is to generally refrain from using private ATMs and ATMs  that are not embedded in walls.  The stand-alone ATMs are more vulnerable to a number of different types of hacking.  You should also feel around to see if anything is loose where you insert your card and for any evidence of tampering and use another machine if you find any indication that the ATM has been altered in anyway.  Also cover the keypad when you insert your PIN.  Finally, monitor the bank account to which your ATM card is attached regularly to recognize any fraudulent use as soon as possible to avoid personal liability if you delay in reporting fraudulent use of your card.

Scam of the day – April 18, 2015 – TD Bank hit by a skimmer

The Chelmsford Massachusetts police are investigating a skimmer that was found installed on a branch of TD Bank in Chelmsford Massachusetts.  Skimmers are small electronic devices that are easily installed by an identity thief on ATMs and other card reading devices, such as at gas pumps.  The skimmer steals all of the information from the credit card or debit card which then permits the identity thief to access that information to access the victim’s bank account when the skimmer is used on a debit card attached to a bank account.  Each skimmer can hold information on as many as 2,400 cards.

TIPS

Always look for signs of tampering on any machine through which you swipe your credit card or debit card.  If the card inserting mechanism appears loose or in any other way tampered, don’t use it.   Debit cards, which are used at ATMs when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if they do not report a theft promptly.   Skimmers at ATMs are often coupled with a thin, clear electronic device that goes on top of the keyboard to capture the victim’s PIN to enable the identity thief to access the account of the victim whose account number was captured through the skimmer.

Scam of the day – March 17, 2015 – ATM skimmer using criminal convicted

Recently, Dinu Horvat was convicted of a host of charges including conspiracy to commit bank fraud and aggravated identity theft in regard to a scheme in which he installed skimmers on ATMs and hidden cameras to observe people using the ATMs as they input their PINs. Skimmers are small devices that can read a credit or debit card and capture the information on the card for the criminal to use.  They may be installed on an ATM or a gas pump or any other device into which you directly swipe your credit card or debit card Horvat installed these devices on ATMs in New Jersey, Connecticut and Florida.  Along with his accomplices, twelve of whom have already pleaded guilty to charges related to the scam, he managed to steal more than five million dollars from the accounts of thousands of customers.  Horvat will be sentenced in June and faces a maximum prison sentence of thirty years.

TIPS

So what can you do to protect yourself?  The first line of defense is to always check the particular ATM you are using for evidence of tampering such as loose fitting pieces in the slot where you insert your card.  This could be evidence of the installation of a skimmer.  Also, cover your hand as you input your PIN.  Also, feel around the keypad to make sure that plastic covering has not been placed over the keypad, as this is another way that scammers obtain your PIN.  These plastic covers can have electronic sensors to steal your PIN.  However, the best thing you can do is probably to regularly monitor your account balance online so that if you become a victim of identity theft due to an identity thief getting access to your account through an ATM, you can limit the damage and report it to the bank immediately.  It is not very comforting to know that no matter how careful you are, banks with less than appropriate ATM security put you in jeopardy, but that, unfortunately, is a fact of modern life.

Scam of the day – September 12, 2014 – Latest Home Depot developments

The Home Depot hacking, which could well end up to be the largest commercial data breach in history continues to evolve.  The latest developments involve those people who unwisely used their debit cards for making purchases at Home Depot stores.  Although Home Depot attempted to comfort those people who used debit cards at their stores by telling them that no PINs were among the data stolen, banks are already reporting a large increase in fraudulent ATM withdrawals using those compromised debit cards.  So how could this happen?  Unfortunately, armed with the debit card number, the full name of the card holder, the city, state and zip code where the card was used, enterprising identity thieves are able to gain access to the Social Security numbers and birth dates of those customers.  They are then able to call automated systems at the banks issuing the cards and change the PIN.  Most of these systems will allow the caller to be able to change PINs if the caller passes three of five security checks including the customer’s date of birth and the last four digits of the customer’s Social Security number and the card’s expiration date.  These can be obtained by identity thieves and we are now seeing hundreds of thousands of dollars already emptied from the bank accounts of people who used their debit cards to shop at Home Depot.  This same problem occurred following the Target data breach last Fall.

TIPS

First and foremost, DO NOT USE DEBIT CARDS FOR RETAIL PURCHASES.  I can’t say this too often or too loudly.  The risk to your financial well being is just too great, particularly with more and more retailers being hit with the same data breaches that have happened at Target, Home Depot and many other stores.  This will continue to happen as cyber security experts still have not come up with a viable solution to the threat posed by the hackers behind these data breaches.  When making purchases, use your credit card where the risk is only one of inconvenience in having to get a new card if your card is part of a data breach.  Meanwhile banks have got to recognize that their present system of allowing people to change PINs by phone with information easily obtained by identity thieves is not effective and the system must change.

CREDIT FREEZE

A credit freeze is, as the name implies, a freezing of your credit report at your request whereby no one can have access to your credit report even if they have your Social Security number and other personal information about you.  You control access to the credit report through a special PIN that you choose.   Thus, even if someone was able to steal your Social Security number, they could not parlay that into access to your credit report to be  able to purchase things or set up accounts using your name.  If you need to thaw out your credit report at such times as you want to apply for credit in the future, it is an easy procedure to do so using your PIN; then, after your new credit has been established, you can freeze your credit report again.

Here is a link to Consumers Union’s webpage that describes the credit freeze laws for each individual state.  Because the laws differ from state to state, you should check on the laws for your own particular state when putting on a credit freeze because the costs differ from state to state.  http://defendyourdollars.org/document/guide-to-security-freeze-protection

Having your credit frozen will not affect your ability to get your annual free credit reports from each of the three major credit-reporting agencies Equifax, Experian and TransUnion.  It is important to put a credit freeze on your credit report at each of the three major credit reporting agencies.  Here are the links to each of them where you can go to freeze your credit.

Equifax  https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

TransUnion:  https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp

Experian   https://www.experian.com/freeze/center.html

Scam of the day – July 13, 2012 – Yahoo data breach and how to protect yourself

Data breaches are a fact of modern digital life.  This week hundreds of thousands of Yahoo users had their usernames and passwords stolen from one of their databases and just within the past month social network sites Formspring and LinkedIn had their databases hacked into resulting in the loss of personal information of millions more people.  It is important to remember that your own personal security is only as safe as the company with the weakest security that holds your information.  But there are things you can do to protect yourself.

TIPS

Do not give your Social security number to companies that request it unless you truly legally must do so.  Your Social Security number is the key to identity theft and can provide access to to your credit report which in turn can provide an identity thief with access to your credit.  Use complex passwords and use different passwords for each of your accounts so that if a breach occurs, not all of your accounts are in jeopardy.  It is easy to pick  a passowrd with numbers and letters and just vary it slightly from account to account.  Put a credit freeze on your credit report so that even if someone gets your Social Security number and name, they cannot get access to your credit report. With a credit freeze, you credit report can only be accessed through a PIN that you keep private.

Scam of the day – May 25, 2012 – Debit card phishing scam

A scam that is making its way around the country involves victims receiving text messages purportedly from their bank telling them that their debit card had been deactivated and to call a telephone number provided in the text message to straighten the matter out.  Victims who fell for this ploy called the number and were instructed to provide their debit card numbers and PINs.  What makes the scammers initial communication appear to be legitimate is that it often contains the first four digits of your debit card.  However, the first four digits do not relate to you individually, but are associated with the particular financial institution and its location.  This information is easy to get

TIPS

Financial institutions will never ask for your debit card number or PIN.   They already have this information.  Do not trust any such text messages that you receive.  If you have any concerns, call the bank at a number you know is accurate to find out if there is a problem.