SHOPPING SAFELY ONLINE

Shopping Safely Online is Important! 

Shopping safely online is more important now than ever before. Since the COVID-19 pandemic began, online sales have been skyrocketing. More and more of us are opting to get our basic necessities via online shopping.

There are dangers lurking anytime you are required to provide personally identifiable information (PII), such as passwords and payment information online.  You need to be cyber smart to reduce the risk of becoming a cyber crime victim.

Shopping Safely Online
Don’t Use Your Debit Card

Credit Cards vs. Debit Cards

When it comes to shopping safely online, one of the best tips I can give you is to use your CREDIT card instead of your debit card. If you have the choice, you should always use your credit card instead of your debit card when making online purchases.

Debit Cards Are Tied to Your Bank Account

We often forget that every time we make a purchase using a debit card, the funds are withdrawn directly from our checking account. When making purchases with a credit card, you’re using the bank’s money. It’s a line of credit, not real money from your checking account.

With a credit card, it’s the bank’s money that’s on the line. Therefore, you’re not going to be held liable for fraud. The bank will need to deal with it.  When it comes to credit card fraud, the most you could be liable for is $50 and the majority of banks waive the fee.

Debit cards however, do not offer the same fraud protections as a credit card. With a debit card you should be able to get your money back when and IF you report fraud promptly, but it could take 10 days or more to get it back. While the bank is investigating the fraud, your account is frozen, so you will have no access to the funds in that account. This could be a huge problem, if you need that money to pay your bills, and even more so, if you have bills that are set up for auto-pay.

There are Different Rules for Debit Cards

If an unauthorized transaction appears on your bank statement (but your card or PIN has NOT been stolen) you won’t be liable for the debit if you report it within 60 days after your account statement is sent to you.  BUT – if the charge goes unreported for more than 60 days, your money could be lost. When you report the theft, the bank will investigate and decide if you they are required to credit the money back to your account.

Alternatively, the time frame is much shorter if your card or PIN was lost or stolen. You only have 2 business days in order to limit your liability to no more than $50 of unauthorized charges. After those 2 business days have passed, you’re liable for $500 of the amount lost, between 3 and 60 days. After 60 days, you are liable for the entire amount of your losses. You must, therefore, be sure to make a report as soon as you learn that your card is missing or that your PIN has been stolen.

How to Report a Suspicious Debit Charge

If you spot a fraudulent transaction, immediately call the card provider’s toll-free number on the back of the card. Ask them if you need to follow up with written correspondence. You can also read your monthly statement or error resolution notice for how and where to report any suspicious transactions. Lastly, if you get a replacement card, with a new number, remember to update any automatic payments that were linked to the original card.

More Tips for Shopping Safely Online

1.) Even when using a credit card, be careful where you shop online. Scammers have already set up millions of bogus online website shops. Especially since the Coronavirus pandemic began, fraudsters are trying to sell everything from COVID-19 DIY testing kits, to cleaning disinfectants and medical supplies.

2.) Only shop on websites that you know and trust and type the URL of the website yourself, instead of clicking on any links or attachments in emails. Be careful of your spelling too! Scammers often set up websites with incorrectly spelled names of common websites.

3.) When logging on to a website, utilize two-factor authentication (2FA) to ensure that the only person who has access to your account is you.

4.) Use long strong, stealth passwords or use a password manager. Always, use a separate stealth password for important sites you log on to. For example, be sure to use a separate password when logging into your online banking account than the one you will use to log on to your Facebook or Amazon account.

5.) Never use your debit card for recurring charges on the internet. Use a prepaid card with a limited amount of money available on it.

6.) Do not use public Wi-Fi at an airport, a hotel, a restaurant, etc. for online purchases. If you have no choice, then be sure to confirm the exact name of the network and login procedures to ensure that the network is legitimate.

7.) Use only websites that begin with “https://” when shopping online.  Watch out for website extensions.  Most online shopping website addresses end in “.com”

8.) Privacy is important too. Here’s a link to your privacy settings on Google.

You can read a prior article I wrote about shopping safely online here

 

Where is My Stimulus Check

Where is my stimulus check, you ask?  The IRS has started automatically directly depositing stimulus checks – referred to as “Economic Impact Payments”. Keep in mind, these payments need to be made to nearly 140 million eligible Americans.

Where IS My Stimulus Check

Some of you may have already received your payment. Lucky you! But, if not, don’t fret. Remember that this is going to be a process to get these payments out to all 140 million Americans. According to CNN, about 60 million Americans are still waiting for their money.

Some people, who don’t usually file a tax return, will need to submit basic information to the IRS before they will receive their payment. The IRS is regularly updating the Economic Impact Payment and the Get My Payment tool frequently asked questions pages on IRS.gov  as more information becomes available.

Answers to the Most Common Questions:

How are payments calculated and where will they be sent?
If taxpayers have already filed their 2019 tax return and requested direct deposit of their refund, the IRS will use this information to calculate and send their payment. Those who didn’t provide 2019 direct deposit information or owed tax, can use the Get My Payment tool to provide account information or a payment will be mailed. For those who haven’t filed their 2019 return, the IRS will use their 2018 tax return to calculate the payment.

Payments will also be automatic for those who receive Social Security, railroad retirement or Social Security Disability Insurance (SSDI and SSI) and veteran’s benefits who don’t normally file a tax return.

However, to add the $500 per eligible child amount to these payments, the IRS needs the dependent information before the payments are issued. Otherwise, their payment at this time will be $1,200 and, by law, the additional $500 per eligible child amount would be paid in association with a return filing for tax year 2020.

What if the IRS doesn’t have the taxpayer’s direct deposit information?
If the IRS has not processed the taxpayer’s payment, the taxpayer  may be able to use the Get My Payment tool to provide their banking information to the agency so their payments can be directly deposited. If no banking information is provided, IRS will mail a check to the taxpayer’s address on record. The direct debit account information used to make payments to the IRS cannot be used as the account information for the direct deposit of your payment.

Can taxpayers who aren’t required to file a tax return receive a payment?
Yes. People who don’t normally file can use Non-Filers: Enter Payment Info tool to give IRS basic information to get their Economic Impact Payments. This includes low-income or no income taxpayers.

Can taxpayers who haven’t filed a tax return for 2018 or 2019 still receive a payment?
Yes. Anyone who is required to file a tax return and has not filed a tax return for 2018 or 2019 should file their 2019 return do so as soon as possible to receive a payment. They should include direct deposit banking information on their return.

WATCH OUT FOR SCAMMERS!

The bad guys are out there phishing with renewed fervor. Phishing sites have increased 235% since the COVID-19 outbreak. Scammers have set up over 180,000 fake Coronavirus-themed websites to steal data or misinform taxpayers. Don’t take the bait.

According to the Treasury Inspector General for Tax Administration, (TIGTA) the agency has already begun to see IRS Imposters playing every trick in the book to get personal information they can use to steal money. While the IRS Criminal Investigation Unit is doing all they can to combat this problem, people are still falling victim to these scams. Scammers are preying on vulnerable individuals who are not sure how best to get their stimulus payment.

TIPS TO NOT FALL VICTIM

  • Do not respond to anyone contacting you if they claim to be from the IRS. The IRS will never ever call you.
  • You may receive emails, text messages or contacted via social media by someone asking for verification of personal and/or banking info. They’ll claim the information is needed before you can receive your stimulus payment. Never give out your personal information.
  • NEVER click on links or open attachments in emails or text messages. Always go directly to the website using your internet browser.
  • You are not required to pay a fee to receive your payment, nor will paying an upfront fee result in you receiving your stimulus check faster.
  • Pay attention to web address extensions. The IRS website ends in “.gov” NOT “.com” or “.org” or “.net”.
  • Watch your spelling when entering a website address. Scammers register websites with misspelled names or similar names of legitimate websites  in hopes of tricking you.

If you receive an unsolicited email from someone claiming to be from the IRS, forward the email to phishing@irs.gov.  If you are looking for information about the COVID-19 pandemic you can go here.

To read a prior article I have recently written about IRS scams, go here

Pandemic Related Hazards Tsunami

Pandemic Related Hazards

I am urging all of you to be aware of an escalating number of pandemic related hazards. There is a full menu of scams, fraud and financial challenges lurking. Fraudsters are having a field day exploiting the uncertainties caused by the Coronavirus outbreak – COVID-19. They are using your fear and vulnerability as a weapon.

Here’s some examples of what these criminals are up to: From price gouging that’s preventing purchases of critical supplies, to fake products – promising cures; from loan payments to travel cancellations, from work-at-home schemes to Government Imposters seeking your personal information. AND – that’s just the tip of the iceberg!

Surviving Pandemic Related Hazards
In the meantime – Educate Yourself

How to Protect Yourself from the Coming Pandemic Related Hazards

  • Hang up on robocalls. Scammers are using illegal robocalls to pitch everything from fake coronavirus treatments to work-at-home schemes.
  • Ignore online offers for vaccinations and home test kits. At this time, there is no cure or vaccination for COVID-19, and there are no FDA-authorized home test kits. Visit the FDA’s website to learn more.
  • Do not respond to texts or emails about checks from the government from contacts you do not know. If someone tells you they can get you money immediately, it is a scam.
  • Do not click on web links from unfamiliar sources. These links could download viruses onto your computer or device.
  • Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying they have information about the virus. For reliable and up-to-date information and updates, it is always best to visit the CDC’s website or the World Health Organization’s website.
  • Do your research before donating to charities claiming to help with COVID-19 efforts. Be wary of donations that require payment in cash, by gift card, or by wiring money.

If you think you are a victim of any of these pandemic related hazards involving COVID-19, you can report it without leaving your home through a number of platforms:

Some Additional Tips

Please know that government, the IRS and businesses have policies in place that are rapidly changing. Therefore, if you are seeking the latest policy of a particular entity, it is best to directly check their website rather than clicking on links in emails or attachments.

Government imposters have begun calling about COVID-19 relief. Imposters will call victims and suggest that you may qualify for a Government grant, but you have to verify your identity to process your request. Variations of the scheme involve contacts through text messages and social media posts.

Scams Coming About Stimulus Checks

IRS Pandemic Related Hazards
DON’T TAKE THE BAIT

The IRS is warning taxpayers of a tsunami of calls and phishing attempts about COVID-19 Stimulus checks. These contacts can lead to tax-related fraud and identity theft.

Scammers will suggest that you can get your Stimulus check faster if you share personal details like your Social Security number and banking information and also require you to pay a “processing fee”. DON’T TAKE THE BAIT!

Stimulus checks are free money provided from the Government. You do NOT need to spend money to receive your check. There are no short-cuts – even for a fee. The IRS will deposit your check into the direct deposit info you entered on your tax return or alternatively they will mail you a check.

The IRS will never call you or ask you to verify payment details.  Do not give out your bank account information, your debit or credit card number, or your PayPal payment details to someone who contacts you unsolicited.

The IRS has a webpage with information about the COVID-19 Stimulus payments that is updated quickly whenever new information is available. Here is the link

It’s impossible for me to cover all of the upcoming pandemic related hazards. However, the details listed above are a good refresher, especially for those who have been reading my prior articles. Remember that recognizing the red flags is one of the best weapons against scams and fraud.

You can read my prior article about Coronavirus Phishing Emails here.

I wish you and your loved ones all the best. BE SAFE OUT THERE.

Coronavirus Phishing Emails on the Rise

Coronavirus
WASH YOUR HANDS

A global health disaster like coronavirus is a golden opportunity for criminals looking to steal your personal information or money through Coronavirus Phishing Emails.

Portions of this article were reprinted from the website of consumer advocate, Herb Weisbaum, also known as Consumerman. His website is here: https://consumerman.com/

If you got an email from the Centers for Disease Control and Prevention or the World Health Organization about the Coronavirus outbreak, would you read it? Maybe click on a link? Cybercriminals are counting on it!

The outbreak is a dream come true for criminals who will use it as basis for email attacks designed to snag personal information, steal money and infect computers with malware.

Coronavirus phishing emails are on the rise. Malicious emails linked to the Coronavirus first appeared in early February, making it one of the first big phishing campaigns of the year.

“A global health disaster like this one, creates a golden opportunity for fraudsters, as there is no population or demographic that is not paying attention. As a result, the potential for impulse clicking is higher than normal,” said Adam Levin, a digital security expert who is chairman of CyberScout, a data security firm, and the author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.”

The bogus emails look legit

Coronavirus Phishing Emails may look legit, but they’re not! Those who click on the provided link in the email will wind up on a site created by criminals to steal the victims’ email credentials.

With the current Coronavirus phishing emails, fraudsters are designing their emails to look like they’re coming from the CDC or the WHO. They typically have an attention-grabbing subject line, such as “Coronavirus outbreak in your city (Emergency)” and often include the agency’s logo — cut and pasted from the real website — to add credibility.

At first glance, the sender’s email address appears to be legitimate, for example cdc-gov.org or cdcgov.org. The crooks create domains that are very close to the real CDC site — cdc.gov — making the deception easy to miss.

Even though the link looks like it will take you to the CDC.gov website about the Coronavirus, it will not.

You will instead, land on a fake Microsoft Outlook login page, created by the crooks to steal user names and passwords. Criminals control this fake Outlook page. There is no reason to provide login credentials to visit a public website, such as the CDC.

“Once they capture your login credentials, they can use them to get access to your email account and look for anything worth stealing.

BUT IT GETS WORSE

The bad guys have taken things to the next level, using the Coronavirus to infect computers with Malware!

Emails impersonating the CDC include attachments to click on that proclaim the need for the reader to open it to get advice on how to protect yourself. If you open this attachment, it will download Malware or Ransomware onto your computer.

Ransomware locks out all of your computer files and demands a ransom payment to unlock your files. I have written more extensively about Ransomware in a prior article that you can read here.

Just remember that health agencies are NOT sending out mass emails about Coronavirus. There are plenty of legitimate news websites and the CDC website, CDC.gov  itself with important updates and everything you need to know about the Coronavirus outbreak.

How to protect yourself from coronavirus scams

You need to be skeptical of any email that asks you to click on a link or open an attachment — even when the email seems legitimate.

In most cases, you can probably get the information you need by typing in the URL yourself. For the latest on the Coronavirus outbreak go directly to the CDC website.

TIPS TO PROTECT YOURSELF:

  • Don’t be taken in by the sender’s name.Scammers can put any name they like in the “from” field.
  • Look out for spelling and grammatical errors.Not all crooks make mistakes, but many do. Take extra time to review messages for telltale signs that they’re fraudulent.
  • Check the URL before you type it in or click a link.If the website you land on doesn’t look right, steer clear. Do your own research and make your own choice about where to look.
  • Never enter data that a website shouldn’t be asking for. A site that’s open to the public, such as the CDC or WHO, will never ask for your login credentials.
  • If you realize you just revealed your password to impostors, change it as soon as possible.The crooks try to use stolen passwords immediately, so the sooner you change your password, the more likely you are to stop them for doing anything malicious.
  • Never use the same password on more than one site.Once crooks have a password, they’ll try it on every website where you might have an account, to see if they can get lucky.
  • Turn on two-factor authentication (2FA), if you can. Yes, it’s a slight inconvenience to enter a six-digit code when you want to log on, but it’s a huge barrier for the crooks. With 2FA, a stolen password, by itself, is useless to them.

Prevention, Symptoms and Treatment of COVID-19

There’s currently no vaccine to prevent COVID-19. The best way to prevent illness is to avoid being exposed to this virus. The CDC recommends preventive actions every day to help prevent the spread of respiratory diseases, including:

  • Avoid close contact with people who are sick.
  • Avoid touching your eyes, nose and mouth.
  • Stay home when you’re sick.
  • Cover your cough or sneeze with a tissue, then throw the tissue away.
  • Clean and disinfect frequently touched objects and surfaces using a regular household cleaning spray or wipe.
  • Follow CDC’s recommendations for using a face mask. (see below)
  • Wash your hands often with soap and water for at least 20 seconds, especially after going to the bathroom, before eating and after blowing your nose, coughing, or sneezing or being out in public.
  • If soap and water aren’t available, use an alcohol-based hand sanitizer with at least 60% alcohol. Always wash hands with soap and water if hands are visibly dirty.

MORE TIPS FROM THE CDC:

The CDC doesn’t recommend that people who are well wear a face mask to protect themselves from respiratory diseases, including COVID-19.

Face masks should ONLY be used by people who show symptoms of COVID-19 to help prevent the spread of the disease to others. The use of facemasks is also crucial for health workers and people who are taking care of someone in close settings.

Reported illnesses have ranged from mild symptoms to severe illness and death for COVID-19 cases, the CDC said. Symptoms may appear two to 14 days after exposure to the virus and include fever, cough and shortness of breath.

There’s no specific treatment recommended for COVID-19. People with COVID-19 should get care to help relieve symptoms. For severe cases, treatment should include care to support vital organ functions, the CDC said.

People who think they may have been exposed to COVID-19 should contact their healthcare provider immediately.

Holiday Shopping Safety

Tis the Season…to learn about Holiday Shopping Safety!

Scammers love this time of year, because there are many opportunities for them to separate you from your money. To be a smarter and safer consumer, you need to educate yourself, so you can avoid falling victim. Here are holiday shopping safety tips to help keep your holidays merry.

Holiday Shopping Safety

Spam Phishing Emails will be finding their way into your inbox. These emails have urgent messages or will contain offers for bargain prices or discount coupons. These spam emails will always include a clickable link or an attachment to open. If you click on the provided link or attachment, you will infect your device with Malware. It is advisable to never click on email links or attachments.

Package Delivery Scams are a Fraudster’s favorite trick. They know that most of you are either sending or expecting to receive a package during the holidays. Many millions of spam emails, pretending to be from known shippers (like the Post Office, FedEx or UPS) will be sent out to unsuspecting victims. The emails will include a link to click on that lets you “track” a problem with a package you recently mailed or “track” a package that’s on its way to your house.

E-cards are a fun, easy & inexpensive way to send holiday cheer to family and friends. Make sure any e-card you receive comes from a well-known reputable e-card company. Do NOT open it if the sender is unknown to you.  Many fake e-cards contain spyware and viruses.

Gift cards make popular holiday gifts. Be sure to only purchase them from official retail stores or websites that you know and trust. Beware of websites or ads offering steep discounts to buy their gift cards. Chances are the cards are fraudulent or stolen cards from third-party vendors.

Fake websites are set up all over the internet, that sell stuff that doesn’t even exist. They will offer fantastic bargains that are truly too good to be true. Also, beware of copy-cat websites that appear to be the real shopping site.  Some fake websites use similar or misspelled names of legitimate retailers. You may not realize that you’re on a fake website and enter your password or credit card information. You think you actually made a purchase, but your merchandise will never arrive and your credit card information gets sent straight to the criminal and will be used to make illegal purchases.

Fake online Ads will appear on social media sites and even on legitimate News websites. The ads exist to entice you to click on links that will ask you to provide personal information. If you see an Ad for something you like, instead of clicking on that Ad, go to the retailer’s website directly. If you don’t know the web address, use Google to search for it. The real legitimate website will be at the top of the Google results – about 99% of the time.

Public Wi-Fi is neither private nor secure. Never ever use public Wi-Fi to shop online. You can never be sure whether you’re using the authorized Wi-Fi of the retailer or actually the Wi-Fi of the thief, who is likely sitting a few tables away. When using public Wi-Fi, it is advisable to use a Virtual Private Network (VPN) for better online security.

Debit Cards should NEVER be used while shopping online. Your debit card is tied to the money in your checking account. You have better consumer fraud protections when using your credit card. Better yet, use a gift card or prepaid debit card for all of your online purchases.

STAY SAFE OUT THERE AND HAPPY HOLIDAYS TO YOU AND YOURS!

Here’s a good website to learn more about Shopping Safely Online

Here’s an article I wrote about Online Shopping

OBJECT TO THE EQUIFAX SETTLEMENT BY NOVEMBER 19TH

We should all collectively object to the Equifax settlement.

November 19th is the deadline date if you want to object to the Equifax settlement. So please do it TODAY – as soon as you finish reading this. Why?  This settlement is an insult to the millions of consumers who had their data compromised. This settlement is not only completely inadequate, but also barely a slap on the wrist for Equifax.

This Puts it in Perspective:

  1. The consumer cash portion is less than 5% of the total settlement pool.
  2. The proposed credit monitoring supplier (Experian) has had recent and large-scale data breaches of their own.
  3. The payment is likely to be magnitudes less than what was advertised.
  4. The attorneys representing the class are getting double the total cash portion of their consumer client base.
Object to the Equifax Settlement
SHAME ON YOU EQUIFAX!

I was among the millions of unfortunate victims of the Equifax Data Breach.  Equifax recently announced that a settlement to the class action against them had been finalized. Remember that nearly 148 million consumers were violated in this totally preventable breach. Our most private sensitive data was hacked and exposed. Equifax makes a handsome profit selling our data. Yet, they failed miserably when it came to protecting that data.

Here’s What Happened

When the class action settlement was first announced, many of us signed up and chose the option for the $125 cash payment – instead of the offer for free credit monitoring.  Shortly thereafter, the lawyers sent out a follow-up email. The email informed consumers that because so many people chose the cash payment option (instead of the free credit monitoring) that the cash settlement amount would be decreased from $125 to just $5.00.  Wait…WHAT???

INSUFFICIENT FUNDS

There was only a meager $31 million set aside in the settlement for those who chose to opt for the cash payment. Apparently, they greatly underestimated the number of consumers who would opt for the cash payment, instead of the free credit monitoring.

Presently, that $31 million is insufficient to grant the full $125 to everyone who chose the cash option. Therefore, those who still wish to receive a cash payment, should only expect to receive a mere $5.00 or perhaps even less than that!

It was revealed that while nearly 148 million Americans were impacted by the Equifax breach, only 3 million consumers had signed up for the free credit monitoring. Most consumers chose the cash payment option instead.

Adding insult to injury, the lawyers involved in this class action settlement have already been awarded $77 million and are now asking for even more money.

CONSUMERS CAN AND SHOULD OBJECT

Today I visited a website that walked me through the steps needed to object to the Equifax Settlement.  (See my second choice option below)

Remember, you have the right to file an objection to this absurdity. BUT – the objection must be completed by the deadline date of November 19th. Consumers have two choices on how to go about filing an objection.

The first choice – is by sending a letter to the Equifax Data Breach Class Action Settlement Administrator. The instructions are available at the Equifax Breach Settlement website on its FAQ page here:  Then see Question # 25. Warning: they don’t make it easy.

THE SECOND CHOICE IS AN EASIER WAY!

Begin by reading an article written by consumer advocate Bob Sullivan on his website here

In his article, Bob Sullivan explains that Reuben Metcalfe, founder of Class Action Inc., has made filing an objection with the court a lot easier – using a bot he created. His website is named ‘NoThanksEquifax.com’. Here’s the link

The website features a bot that semi-automates the objection letter-writing process. The bot, named Clarence, also has a sense of humor. He cheers you on as you walk through the steps of filing your objection.

The ‘NoThanksEquifax’ bot helps consumers opt-out for FREE. He thinks massive objections or opt-outs would force negotiations and hopefully result in a better deal for consumers. He states “I believe a mass opt-out campaign for the Equifax settlement would result in an additional $2 to $3 billion in… consequences”.

Once the objection date (November 19th) expires, the judge overseeing the settlement must legally consider all objections at a fairness hearing scheduled for Dec. 19.  FYI – Objections do NOT remove consumers from the class. If the settlement is approved, claimants can still receive payment or credit monitoring services offered to other class members.

To find out if you were one of the victims of Equifax’s data breach and an eligible class member, call 1-833-759-2982 or go here:

IMPORTANT NOTE: if you wish to join the class action and file a claim in the Equifax class action settlement, you must do so by January 22, 2020.

REMEMBER: THE DEADLINE TO OBJECT TO THE ABSURD DECREASE IN THE CASH OPTION AMOUNT IS NOVEMEBER 19th.  SO HURRY!  DO IT TODAY. THE MORE OBJECTIONS, THE BETTER!!!

FYI: I wrote an earlier article about the Equifax breach settlement in August. It provides many of the details about the settlement. You can read my article by clicking here. 

Equifax Settlement after Massive Data Breach

An Equifax settlement has finally been reached – nearly two years after their massive data breach. The company has agreed to a global settlement with the Federal Trade Commission and the Consumer Financial Protection Bureau. The settlement includes a Consumer Restitution Fund totaling up to $425 million to help people affected by the data breach and another $175 million going to all 50 U.S. states and territories.

Padlock with Identity Theft Theme
Nearly 148 Million Records Exposed!

TOTAL INEPTNESS

It was in September of 2017 that Equifax, one of the largest consumer reporting agencies in the world, suffered a data breach that affected roughly 148 million consumers – nearly half the U.S. population.

Equifax’s failure to maintain and update their security system is what caused this preventable breach. Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems. The breach went unnoticed for 76 days.

This epic breach enabled hackers to penetrate Equifax’s systems and exposed the private data of 56% of American adults. Breached information included Social Security numbers, names, addresses, birthdates, credit card numbers and some driver’s license numbers too.  It was, and still is, the largest and most damaging breach of highly sensitive consumer data.

RESTITUTION FUND – JUST A MERE $2.87 – PER VICTIM!
Equifax Settlement
Barely A Slap On The Wrist!

The Equifax Settlement includes a Consumer Restitution Fund totaling up to $425 million that will go to consumers who can demonstrate that they were financially harmed by the breach.  $300 million is dedicated to addressing consumer redress. However, if the $300 million is exhausted, the fund can increase by up to an additional $125 million. The company must also offer up to 10 years of credit monitoring services to those affected by the breach. If you don’t want the credit monitoring service, you may be able to opt for a $125 cash payment, unless they run out of funds. You can’t get both!

Furthermore, Equifax has agreed to take several additional steps to assist consumers who are either facing ID Theft issues, or who have already had their identities stolen. It includes making it easier for consumers to freeze and thaw their credit and making it easier for consumers to dispute inaccurate information contained in their credit reports.

Additionally, the Equifax settlement requires the company to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft. For at least seven years, Equifax will provide free assistance to victims via their Identity Restoration Services. In other words, if you discover there was misuse of your personal information, call the settlement administrator at 1-833-759-2982 and you will be given instructions for how to access Equifax’s free Identity Restoration Services.

WHAT DO I NEED TO DO NOW?

Equifax is offering FREE Credit Reports for ALL U.S. Consumers. Starting in January 2020, all U.S. consumers can get 6 free credit reports per year for 7 years from the Equifax website. That is in addition to the mandatory free credit report everyone is entitled to each year from each of the three credit bureaus that you get from going to www.AnnualCreditReport.com

To find out if you were one of the over 147 million victims of Equifax’s data breach and an eligible class member, call 1-833-759-2982 or you can click here

*NOTE: If you wish to file a claim, you must file your claim by January 22, 2020.

Visit the Federal Trade Commission’s website for info on How to File a Claim

Read a previous article I wrote about the Equifax Breach to learn how it all came about. And Here for Part Two of that article.

PUBLIC WIFI IS NOTORIOUSLY RISKY

Public WiFi is Notoriously Risky!

If you intend to bring your internet devices with you when you travel, you must consider the inherent dangers of Public WiFi.

Public Wi-Fi Is Not Safe
Public Wi-Fi You Must Protect Your Data

Pubic WiFi is Not a Private Secure Internet Connection

Therefore anyone can access the network and anyone can eavesdrop on what’s being transmitted via Public WiFi. People tend to let their guard down while traveling. Security is put on the back burner and we tend to do things that increase our chances of getting hacked.

According to a survey conducted by Morning Consult for IBM Security, 70% of travelers take unnecessary risks while on the road. They connect to public WiFi, charge a device on a public USB station, or enable auto-connect on their wireless devices.

Hackers Set Up Fake Public WiFi Hot Spots

A skilled Hacker will typically give their fake WiFi Network a name that’s similar to an authentic connection. If it’s a hotel, they will choose a name with the hotel’s name in it or if it’s the airport, they will choose a network name that includes the airport’s name or the name of the airlines. The same goes for coffee shops or other internet hubs.

If you are inadvertently fooled by a hacker’s fake WiFi Network, you’re now giving that network permission to start taking data off your device. Furthermore, if your device is set to auto-connect, you might be leaking your personal data and not even know it.

You can’t eliminate all digital threats when you’re on vacation, but you can significantly reduce your chances of having a problem by following these tips.

TIPS TO KEEP YOU SAFE

  • Any device you use, outside your own home network, including your smartphone, laptop or tablet should have a VPN (Virtual Private Network) installed. A VPN encrypts the data leaving your device.
  • Before turning the VPN on, be sure to shut off WiFi and close all apps. After connecting to Wi-Fi, via your VPN, it’s safe to open up any app.
  • Never have your devices set to auto-connect. If your device automatically connects to a free WiFi Hotspot, your device is vulnerable to hacking.
  • Keep the WiFi on your smartphone turned off until you need it. Cellphone data is encrypted when it travels via your phone’s mobile network.
  • Never bring your business laptop with you when on vacation. Bring a spare one that has no corporate data on it. If you need to access corporate data or your company email, do it through the cloud.

Remember, we’re more vulnerable to digital security intrusions when we travel. Don’t opt for convenience over security.

Here is the link to the IBM Survey

Read a previous article of mine about how to keep your online data safe

 

Deceased Identity Theft – Victimizing the Dead

Deceased Identity Theft is on the rise. Identity thieves will go to great lengths to steal personal information. But how low are they willing to go? They will steal information from the recently deceased.

Assuming the Identity of a Deceased Person Can be a Profitable Venture

Victimizing the dead by stealing their identity is often referred to as ‘Ghosting’. Understand that Identity Theft happens in a variety of ways – including Tax ID Theft, Medical ID Theft, Financial ID Theft and Employment Fraud. Ghosting can encompass any or all of these different types of ID theft.

Deceased Identity Theft
You Must Protect Your Loved Ones

Here are some examples of what these criminals can do with the information stolen from a recently deceased person. File phony tax returns, apply for loans, establish fraudulent credit accounts, create fake driver’s licenses, apply for employment and file false medical claims. Ghosting can also result in creditors coming after the heirs of a deceased loved one or create problems with their estate.

How Do Thieves Get the Information?

Identity Thieves often glean a deceased person’s information from the Social Security Administration’s Death Master File. The Social Security Administration (SSA) maintains a national file of reported deaths for the purpose of paying appropriate benefits. The Death Master File contains the following information: Social Security number, name, date of birth, date of death, State of last known residence, and zip code of last lump sum payment. This information is a virtual gold mine for an identity thief!

In addition, relatives and funeral directors also notify States of recent deaths and then the States notify the SSA. When the SSA receives a death notice, it will flag the deceased person’s Social Security number as “inactive.”

Keep in mind that thieves can also glean a deceased person’s information from hospitals, funeral homes, social media and obituaries.  Because it can take weeks or months to process a death, thieves have plenty of time to commit fraud before it is ever detected.

Signs of Deceased Identity Theft

Calls from a creditor or collection agency on an account opened or used in the deceased’s name after death. If you discover such signs, contact the affected creditor or collection agency in writing, explaining that the account was opened or used fraudulently. Surviving spouses and children can also be liable if they shared accounts with the deceased.

Deceased Identity Theft Stolen Info
Freeze Out the Thieves

Reduce the Risk of Deceased Identity Theft:  

  • Send copies of the death certificate to all three credit bureaus asking them to flag the person’s credit report with the following alert: “Deceased – Do Not Issue Credit”.
  • Request a copy of the credit report of the deceased person with all three credit bureaus. You’ll need to do this in writing. The report will list all active credit accounts. Be on the lookout for any questionable activity.
  • Place a credit freeze with each of the three credit bureaus to stop thieves from opening any new credit accounts in the name of the deceased.
  • Send the IRS a copy of the death certificate to prevent Tax ID Theft. The IRS will then flag the account to reflect that the person is now deceased. Go to irs.gov and enter “Deceased Taxpayers” in the search box.
  • Notify banks, credit card companies, loan holders, financial institutions and mortgage holders to close any accounts. Also notify medical professionals and health insurers too.
  • Notify the Motor Vehicle Department to take their Driver’s License out of circulation.
  • Avoid putting too much information in an obituary. Don’t give a birth date, current address, mother’s maiden name or other identifying information that could be useful to identity thieves. The same goes for social media.

It is devastating for a grieving family to have to go through the process of proving to various agencies that their loved one is indeed dead. The emotional impact of unwinding the mess, stalls the grieving process for the family. Therefore, once a loved ones passes away, it’s important to designate someone to take immediate action to help secure their personal information from these heinous criminals.

If you want to know more about how to place a credit freeze, read this

DARK WEB MONITORING

Dark Web Monitoring – Is It Worth The Cost?

Consumers are coughing up anywhere from $10 to $30 per month for identity theft protection. Credit monitoring companies usually include dark web monitoring to their list of services. But is dark web monitoring really worth its salt? Consumers are under the false assumption that they can rely on these credit monitoring companies to keep them protected. THEY CAN’T!

Results of a recent survey by Consumer Federation of America (CFA)

~ 36% of those who’d seen ads for dark web monitoring incorrectly believed identity theft services can remove their personal info from the dark web.

~ 37% mistakenly believe dark web monitoring services will prevent stolen information, sold on the dark web, from being used.

Dark Web Monitoring

What is the Dark Web?

It is the go-to place on the internet where criminals buy and sell stolen personal information. Well known, commonly used internet browsers such as Google Chrome, Firefox or Mozilla won’t get you there. You need a special browser such as Tor. Most of this stolen information is gleaned from criminals that hack into compromised businesses and personal computers. Here’s what these nefarious actors are after: social security numbers, credit card info, usernames & passwords, bank account info, medical info, birth dates, email addresses, names, addresses, phone numbers, etc., etc.

REALITY CHECK!

No one can erase any of the stolen data that ends up on the dark web. No one can prevent your stolen data from being sold or used. Therefore, credit monitoring companies are only able to ‘alert’ you (after the fact) once they discover that your personal info is up for sale on the dark web.

If you’re wondering whether or not your personal info is on the dark web, the answer is YES, of course it is. You don’t need to pay a credit monitoring service to learn that! Hackers stole nearly a half a billion records in 2018 alone!

The Equifax data breach exposed the social security numbers, birth dates and other personal info of 148 million Americans. About 6.4 million records are reported stolen every day. If you’re still not convinced, and want to see the raw data, go here for real time data breach statistics.

Odds are very high that your info has already been bought and sold to numerous criminals on the dark web. You can’t change your social security number or date of birth. With so much of everyone’s info already compromised, individuals must do everything they can to make it more difficult for criminals to use that stolen data.

Does Dark Web Monitoring Have Any Value?

Security experts say dark web monitoring is just a scare tactic used by credit monitoring companies. Fear of the unknown motivates people. Neal O’Farrell, executive director of the Identity Theft Council  says it’s all really “just a smoke and mirrors deal” created by credit monitoring services to justify the monthly fee. O’Farrell states “They keep adding on these extra services that are truly valueless and don’t go to the cause of the problem”.

6 Important Things To Protect Yourself

1.) Check your credit report regularly with all 3 credit bureaus. By law you are entitled to a free annual report from Equifax, Trans Union and Experian. All three companies must provide a free credit report to you, upon request. So, NO EXCUSES – It’s FREE!  Stagger your requests throughout the year by requesting one credit report from one company, three different months during the year.

2.) Place a “Freeze” on your credit file with all three credit bureaus. There is no cost to freeze your credit. So, again, no excuses! Placing a credit freeze prevents a fraudster from obtaining credit in your name. A credit freeze is much more secure than the credit monitoring packages being sold by the credit bureaus and other credit monitoring companies such as LifeLock. Also, don’t let the credit bureaus try to talk you into placing a “Credit Lock” instead of a Credit Freeze”. Credit Locks do not have the same consumer protections that a Credit Freeze provides.

3.) Use two-factor authentication as a secondary firewall to prevent criminals from impersonating you. Also referred to as “2FA” – Two-Factor Authentication is an extra layer of security that requires not only a username and password, but also something that the user has on them like an email address or a cellphone that a code can be sent to. This proves that you are who you claim to be before you can obtain full access to your account.

4.) Use stealth and long passwords (at least 12 or more characters) that are hard to crack. The best passwords are phrases mixed in with symbols, numbers and upper & lower case letters. Don’t use obvious things like, mother’s maiden name, birth dates, addresses, phone numbers or any info that can be gleaned from your social media account. NEVER use the same password for other log-ins. Why? If your password is compromised, a criminal will try using that password to log-in to other websites, like banks, PayPal, Amazon and other commonly frequented websites. Also, be sure to change passwords every so often, especially if you learn of a data breach that affects a website or an account you have with a company.

5.) Monitor your accounts whenever your bank and credit card statements arrive. Be sure to also check your Explanation of Benefits for medical services. Correct any errors you find and report any discrepancies.

6.) Keep your software updated and back up your data. Whenever there is an update available for your software programs, be sure to follow through and perform a timely update. Better yet, set your programs to update automatically. Make a habit of backing up your important files on a regular basis. Back up all files that you wouldn’t want to lose if your computer ever crashed.

There’s no 100% guarantee that following these steps will fully protect you from becoming a victim of identity theft, but it will certainly lower your chances.  Awareness and constant vigilance is paramount in this game of cat and mouse.

You can read a prior article I wrote about Credit Freezes here