Coronavirus Phishing Emails on the Rise

Coronavirus
WASH YOUR HANDS

A global health disaster like coronavirus is a golden opportunity for criminals looking to steal your personal information or money through Coronavirus Phishing Emails.

Portions of this article were reprinted from the website of consumer advocate, Herb Weisbaum, also known as Consumerman. His website is here: https://consumerman.com/

If you got an email from the Centers for Disease Control and Prevention or the World Health Organization about the Coronavirus outbreak, would you read it? Maybe click on a link? Cybercriminals are counting on it!

The outbreak is a dream come true for criminals who will use it as basis for email attacks designed to snag personal information, steal money and infect computers with malware.

Coronavirus phishing emails are on the rise. Malicious emails linked to the Coronavirus first appeared in early February, making it one of the first big phishing campaigns of the year.

“A global health disaster like this one, creates a golden opportunity for fraudsters, as there is no population or demographic that is not paying attention. As a result, the potential for impulse clicking is higher than normal,” said Adam Levin, a digital security expert who is chairman of CyberScout, a data security firm, and the author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.”

The bogus emails look legit

Coronavirus Phishing Emails may look legit, but they’re not! Those who click on the provided link in the email will wind up on a site created by criminals to steal the victims’ email credentials.

With the current Coronavirus phishing emails, fraudsters are designing their emails to look like they’re coming from the CDC or the WHO. They typically have an attention-grabbing subject line, such as “Coronavirus outbreak in your city (Emergency)” and often include the agency’s logo — cut and pasted from the real website — to add credibility.

At first glance, the sender’s email address appears to be legitimate, for example cdc-gov.org or cdcgov.org. The crooks create domains that are very close to the real CDC site — cdc.gov — making the deception easy to miss.

Even though the link looks like it will take you to the CDC.gov website about the Coronavirus, it will not.

You will instead, land on a fake Microsoft Outlook login page, created by the crooks to steal user names and passwords. Criminals control this fake Outlook page. There is no reason to provide login credentials to visit a public website, such as the CDC.

“Once they capture your login credentials, they can use them to get access to your email account and look for anything worth stealing.

BUT IT GETS WORSE

The bad guys have taken things to the next level, using the Coronavirus to infect computers with Malware!

Emails impersonating the CDC include attachments to click on that proclaim the need for the reader to open it to get advice on how to protect yourself. If you open this attachment, it will download Malware or Ransomware onto your computer.

Ransomware locks out all of your computer files and demands a ransom payment to unlock your files. I have written more extensively about Ransomware in a prior article that you can read here.

Just remember that health agencies are NOT sending out mass emails about Coronavirus. There are plenty of legitimate news websites and the CDC website, CDC.gov  itself with important updates and everything you need to know about the Coronavirus outbreak.

How to protect yourself from coronavirus scams

You need to be skeptical of any email that asks you to click on a link or open an attachment — even when the email seems legitimate.

In most cases, you can probably get the information you need by typing in the URL yourself. For the latest on the Coronavirus outbreak go directly to the CDC website.

TIPS TO PROTECT YOURSELF:

  • Don’t be taken in by the sender’s name.Scammers can put any name they like in the “from” field.
  • Look out for spelling and grammatical errors.Not all crooks make mistakes, but many do. Take extra time to review messages for telltale signs that they’re fraudulent.
  • Check the URL before you type it in or click a link.If the website you land on doesn’t look right, steer clear. Do your own research and make your own choice about where to look.
  • Never enter data that a website shouldn’t be asking for. A site that’s open to the public, such as the CDC or WHO, will never ask for your login credentials.
  • If you realize you just revealed your password to impostors, change it as soon as possible.The crooks try to use stolen passwords immediately, so the sooner you change your password, the more likely you are to stop them for doing anything malicious.
  • Never use the same password on more than one site.Once crooks have a password, they’ll try it on every website where you might have an account, to see if they can get lucky.
  • Turn on two-factor authentication (2FA), if you can. Yes, it’s a slight inconvenience to enter a six-digit code when you want to log on, but it’s a huge barrier for the crooks. With 2FA, a stolen password, by itself, is useless to them.

Prevention, Symptoms and Treatment of COVID-19

There’s currently no vaccine to prevent COVID-19. The best way to prevent illness is to avoid being exposed to this virus. The CDC recommends preventive actions every day to help prevent the spread of respiratory diseases, including:

  • Avoid close contact with people who are sick.
  • Avoid touching your eyes, nose and mouth.
  • Stay home when you’re sick.
  • Cover your cough or sneeze with a tissue, then throw the tissue away.
  • Clean and disinfect frequently touched objects and surfaces using a regular household cleaning spray or wipe.
  • Follow CDC’s recommendations for using a face mask. (see below)
  • Wash your hands often with soap and water for at least 20 seconds, especially after going to the bathroom, before eating and after blowing your nose, coughing, or sneezing or being out in public.
  • If soap and water aren’t available, use an alcohol-based hand sanitizer with at least 60% alcohol. Always wash hands with soap and water if hands are visibly dirty.

MORE TIPS FROM THE CDC:

The CDC doesn’t recommend that people who are well wear a face mask to protect themselves from respiratory diseases, including COVID-19.

Face masks should ONLY be used by people who show symptoms of COVID-19 to help prevent the spread of the disease to others. The use of facemasks is also crucial for health workers and people who are taking care of someone in close settings.

Reported illnesses have ranged from mild symptoms to severe illness and death for COVID-19 cases, the CDC said. Symptoms may appear two to 14 days after exposure to the virus and include fever, cough and shortness of breath.

There’s no specific treatment recommended for COVID-19. People with COVID-19 should get care to help relieve symptoms. For severe cases, treatment should include care to support vital organ functions, the CDC said.

People who think they may have been exposed to COVID-19 should contact their healthcare provider immediately.

IRS TAX SEASON SCAMS

IRS TAX SEASON SCAMS

It’s Tax Time again!  Be on the lookout for IRS Tax Season Scams. Thieves want to trick people in order to steal their personal information, scam them out of money, or talk them into engaging in questionable behavior with their taxes.

Phishing scams – like imposter emails, calls and texts — are the No. 1 way thieves steal personal data. Don’t open links or attachments on suspicious emails. Con artists will attempt to trick you into providing your social security number and date of birth. That info allows them to file a fraudulent tax return and get a big refund – before you even get around to filing your own return.  Always try to file your tax return as early as possible.

IRS tax season scams also come by way of con artists, posing as IRS agents. They will demand money for unpaid back taxes owed. They will use fear and intimidation to convince you to send them money. Oftentimes, these imposters will instruct you to pay your fake tax bill through the purchase of gift cards.

IRS Tax Season Scams

Here’s How Many IRS Tax Season Scams Go Down:
  • Someone posting as an IRS agent calls the taxpayer and informs them their identity has been stolen.
  • The IRS imposter claims that the taxpayer’s identity was used to open up fake bank accounts.
  • Alternatively, the IRS imposter may simply claim that you owe the IRS money and then demand immediate payment.
  • The caller tells the taxpayer to buy gift cards from various stores and await further instructions.
  • The scammer then contacts the victim again telling them to provide the gift card’s access numbers.

Once a scammer has been given the access numbers from a gift card, they can anonymously collect the money loaded on the card. You, the victim, have no recourse to reverse the transaction and get your funds returned to you.

IRS USES SNAIL MAIL NOT EMAIL

Be aware that the IRS will never call or email you. If you really legitimately owe the IRS money, the IRS will always first mail you a bill. The written letter from the IRS will state how much you owe and instructions on how to remedy the amount they say you owe. You are always given the chance to agree or disagree with the stated amount owed. You are also given 30 days to respond to their letter.

Most importantly, whenever you mail a payment to the IRS, you will always make the check payable to the United States Treasury. It will need to be mailed to one of just a few locations in the U.S.  You can go online and verify where the payment needs to be mailed. The address will vary, depending on your geographic location.

IF YOU BELIEVE YOU’VE BEEN TARGETED:

  • Contact the Treasury Inspector General for Tax Administration to report a phone scam. Use their IRS Impersonation Scam Reporting web page or call them at 800-366-4484.
  • Report phone scams to the Federal Trade Commission. Use the FTC Complaint Assistant on FTC.gov.  Be sure to add the words “IRS Telephone Scam” in the notes.
  • Report an unsolicited email, claiming to be from the IRS, or an IRS-related component like the Electronic Federal Tax Payment System (EFTPS) by forwarding your email to the IRS at: phishing@irs.gov. Remember to change the subject line in your email to “IRS Phone Scam”.

You can read prior articles I wrote about IRS scams here and here

Holiday Shopping Safety

Tis the Season…to learn about Holiday Shopping Safety!

Scammers love this time of year, because there are many opportunities for them to separate you from your money. To be a smarter and safer consumer, you need to educate yourself, so you can avoid falling victim. Here are holiday shopping safety tips to help keep your holidays merry.

Holiday Shopping Safety

Spam Phishing Emails will be finding their way into your inbox. These emails have urgent messages or will contain offers for bargain prices or discount coupons. These spam emails will always include a clickable link or an attachment to open. If you click on the provided link or attachment, you will infect your device with Malware. It is advisable to never click on email links or attachments.

Package Delivery Scams are a Fraudster’s favorite trick. They know that most of you are either sending or expecting to receive a package during the holidays. Many millions of spam emails, pretending to be from known shippers (like the Post Office, FedEx or UPS) will be sent out to unsuspecting victims. The emails will include a link to click on that lets you “track” a problem with a package you recently mailed or “track” a package that’s on its way to your house.

E-cards are a fun, easy & inexpensive way to send holiday cheer to family and friends. Make sure any e-card you receive comes from a well-known reputable e-card company. Do NOT open it if the sender is unknown to you.  Many fake e-cards contain spyware and viruses.

Gift cards make popular holiday gifts. Be sure to only purchase them from official retail stores or websites that you know and trust. Beware of websites or ads offering steep discounts to buy their gift cards. Chances are the cards are fraudulent or stolen cards from third-party vendors.

Fake websites are set up all over the internet, that sell stuff that doesn’t even exist. They will offer fantastic bargains that are truly too good to be true. Also, beware of copy-cat websites that appear to be the real shopping site.  Some fake websites use similar or misspelled names of legitimate retailers. You may not realize that you’re on a fake website and enter your password or credit card information. You think you actually made a purchase, but your merchandise will never arrive and your credit card information gets sent straight to the criminal and will be used to make illegal purchases.

Fake online Ads will appear on social media sites and even on legitimate News websites. The ads exist to entice you to click on links that will ask you to provide personal information. If you see an Ad for something you like, instead of clicking on that Ad, go to the retailer’s website directly. If you don’t know the web address, use Google to search for it. The real legitimate website will be at the top of the Google results – about 99% of the time.

Public Wi-Fi is neither private nor secure. Never ever use public Wi-Fi to shop online. You can never be sure whether you’re using the authorized Wi-Fi of the retailer or actually the Wi-Fi of the thief, who is likely sitting a few tables away. When using public Wi-Fi, it is advisable to use a Virtual Private Network (VPN) for better online security.

Debit Cards should NEVER be used while shopping online. Your debit card is tied to the money in your checking account. You have better consumer fraud protections when using your credit card. Better yet, use a gift card or prepaid debit card for all of your online purchases.

STAY SAFE OUT THERE AND HAPPY HOLIDAYS TO YOU AND YOURS!

Here’s a good website to learn more about Shopping Safely Online

Here’s an article I wrote about Online Shopping

OBJECT TO THE EQUIFAX SETTLEMENT BY NOVEMBER 19TH

We should all collectively object to the Equifax settlement.

November 19th is the deadline date if you want to object to the Equifax settlement. So please do it TODAY – as soon as you finish reading this. Why?  This settlement is an insult to the millions of consumers who had their data compromised. This settlement is not only completely inadequate, but also barely a slap on the wrist for Equifax.

This Puts it in Perspective:

  1. The consumer cash portion is less than 5% of the total settlement pool.
  2. The proposed credit monitoring supplier (Experian) has had recent and large-scale data breaches of their own.
  3. The payment is likely to be magnitudes less than what was advertised.
  4. The attorneys representing the class are getting double the total cash portion of their consumer client base.
Object to the Equifax Settlement
SHAME ON YOU EQUIFAX!

I was among the millions of unfortunate victims of the Equifax Data Breach.  Equifax recently announced that a settlement to the class action against them had been finalized. Remember that nearly 148 million consumers were violated in this totally preventable breach. Our most private sensitive data was hacked and exposed. Equifax makes a handsome profit selling our data. Yet, they failed miserably when it came to protecting that data.

Here’s What Happened

When the class action settlement was first announced, many of us signed up and chose the option for the $125 cash payment – instead of the offer for free credit monitoring.  Shortly thereafter, the lawyers sent out a follow-up email. The email informed consumers that because so many people chose the cash payment option (instead of the free credit monitoring) that the cash settlement amount would be decreased from $125 to just $5.00.  Wait…WHAT???

INSUFFICIENT FUNDS

There was only a meager $31 million set aside in the settlement for those who chose to opt for the cash payment. Apparently, they greatly underestimated the number of consumers who would opt for the cash payment, instead of the free credit monitoring.

Presently, that $31 million is insufficient to grant the full $125 to everyone who chose the cash option. Therefore, those who still wish to receive a cash payment, should only expect to receive a mere $5.00 or perhaps even less than that!

It was revealed that while nearly 148 million Americans were impacted by the Equifax breach, only 3 million consumers had signed up for the free credit monitoring. Most consumers chose the cash payment option instead.

Adding insult to injury, the lawyers involved in this class action settlement have already been awarded $77 million and are now asking for even more money.

CONSUMERS CAN AND SHOULD OBJECT

Today I visited a website that walked me through the steps needed to object to the Equifax Settlement.  (See my second choice option below)

Remember, you have the right to file an objection to this absurdity. BUT – the objection must be completed by the deadline date of November 19th. Consumers have two choices on how to go about filing an objection.

The first choice – is by sending a letter to the Equifax Data Breach Class Action Settlement Administrator. The instructions are available at the Equifax Breach Settlement website on its FAQ page here:  Then see Question # 25. Warning: they don’t make it easy.

THE SECOND CHOICE IS AN EASIER WAY!

Begin by reading an article written by consumer advocate Bob Sullivan on his website here

In his article, Bob Sullivan explains that Reuben Metcalfe, founder of Class Action Inc., has made filing an objection with the court a lot easier – using a bot he created. His website is named ‘NoThanksEquifax.com’. Here’s the link

The website features a bot that semi-automates the objection letter-writing process. The bot, named Clarence, also has a sense of humor. He cheers you on as you walk through the steps of filing your objection.

The ‘NoThanksEquifax’ bot helps consumers opt-out for FREE. He thinks massive objections or opt-outs would force negotiations and hopefully result in a better deal for consumers. He states “I believe a mass opt-out campaign for the Equifax settlement would result in an additional $2 to $3 billion in… consequences”.

Once the objection date (November 19th) expires, the judge overseeing the settlement must legally consider all objections at a fairness hearing scheduled for Dec. 19.  FYI – Objections do NOT remove consumers from the class. If the settlement is approved, claimants can still receive payment or credit monitoring services offered to other class members.

To find out if you were one of the victims of Equifax’s data breach and an eligible class member, call 1-833-759-2982 or go here:

IMPORTANT NOTE: if you wish to join the class action and file a claim in the Equifax class action settlement, you must do so by January 22, 2020.

REMEMBER: THE DEADLINE TO OBJECT TO THE ABSURD DECREASE IN THE CASH OPTION AMOUNT IS NOVEMEBER 19th.  SO HURRY!  DO IT TODAY. THE MORE OBJECTIONS, THE BETTER!!!

FYI: I wrote an earlier article about the Equifax breach settlement in August. It provides many of the details about the settlement. You can read my article by clicking here. 

BEWARE OF CHARITY SCAMMERS

Beware of Charity Scammers

While natural disasters, such as Hurricane Dorian, bring out the best in people who want to help, unfortunately it also brings out charity scammers.  People with good intentions are moved to want to help the victims of a disaster, while charity scammers are moved to take full advantage of the abundance of good will.

Charity scammers exploit disasters by posing as fake charities. Instead of collecting money to help disaster victims, they keep the money for themselves.

So – How Do They Do It?

In the aftermath of most disasters, charity scammers are hard at work sending out unsolicited emails, text messages, snail mail solicitations, social media advertisements and even come knocking at your door asking for donations.

Disaster Relief Charity Scammers
Choose Your Charity Wisely!

You can never be sure whether the person contacting you is legitimate or not!

Charity scammers are also very adept at creating phony, but legitimate-looking websites that appear to be real charities. They choose names of similar sounding charities to fool you into thinking they are legit. Charity scammers will provide you with a link to their fake websites. These fake websites capture unsuspecting victims who innocently enter their personal info including their SS#, address, phone # and credit card info.

Keyboard with Donate Button
Beware of Spoofed Charity Websites

FOLLOW THESE IMPORTANT TIPS:

  • Go directly to the charity yourself. You can find the address of a charity’s website and either mail them a check or go directly to the charity’s website (by typing in the website address yourself) and make your donation online.
  • Look for the padlock symbol and the website address to start with https, not just http. The “s” stands for a secure website. Also, realize that most charity websites will end in “.org”, not “.com”.  Be careful of making typos when entering web addresses too.
  • Never, ever click on links in an email, no matter how legitimate the email looks! The US Computer Emergency Readiness Team (US-CERT) is reminding everyone that malware purveyors frequently use natural disasters and breaking news stories to trick people into clicking on malicious links or opening up booby-trapped email attachments.
  • Be careful of what you see on your ‘Caller ID’. Most phone numbers are “spoofed” to look like the call is coming from a charity, when in fact, it’s a scammer calling.
  • Telemarketers who call you, representing a charity, receive a commission for each donation they receive. So only about half of your donation actually goes to help the charity. Besides, how can you be sure that the person calling you is from a legitimate charity?  You can’t!
  • To check out a charity, you should go to either charitynavigator.org or www.charitywatch.org  Both websites help you determine if a charity is legitimate. If the charity is not on the list, then beware! You can also learn how much of the money a charity collects, actually goes to the people they are supposed to be helping.
  • Always contribute by check or credit card to have a record of your donation. Never make a donation with cash, a pre-paid debit card, bank wire, or especially an iTunes or Amazon gift card.
  • The IRS allows taxpayers to use their Tax Exempt Organization Search Tool to help find or verify qualified charities. Donations to these qualified charities may be tax-deductible.
  • Contact any organization you’re considering, and ask for the charity’s address, phone number and financial records. Consider how much of your donation will go to the program you want to support, and how much will cover administrative costs. Legitimate groups will gladly provide information about their mission and how your donation will be used. If the charity you contact is unwilling to provide you with such information, be suspicious!

You can read a previous article I wrote about charity scams here.

 

 

Equifax Settlement after Massive Data Breach

An Equifax settlement has finally been reached – nearly two years after their massive data breach. The company has agreed to a global settlement with the Federal Trade Commission and the Consumer Financial Protection Bureau. The settlement includes a Consumer Restitution Fund totaling up to $425 million to help people affected by the data breach and another $175 million going to all 50 U.S. states and territories.

Padlock with Identity Theft Theme
Nearly 148 Million Records Exposed!

TOTAL INEPTNESS

It was in September of 2017 that Equifax, one of the largest consumer reporting agencies in the world, suffered a data breach that affected roughly 148 million consumers – nearly half the U.S. population.

Equifax’s failure to maintain and update their security system is what caused this preventable breach. Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems. The breach went unnoticed for 76 days.

This epic breach enabled hackers to penetrate Equifax’s systems and exposed the private data of 56% of American adults. Breached information included Social Security numbers, names, addresses, birthdates, credit card numbers and some driver’s license numbers too.  It was, and still is, the largest and most damaging breach of highly sensitive consumer data.

RESTITUTION FUND – JUST A MERE $2.87 – PER VICTIM!
Equifax Settlement
Barely A Slap On The Wrist!

The Equifax Settlement includes a Consumer Restitution Fund totaling up to $425 million that will go to consumers who can demonstrate that they were financially harmed by the breach.  $300 million is dedicated to addressing consumer redress. However, if the $300 million is exhausted, the fund can increase by up to an additional $125 million. The company must also offer up to 10 years of credit monitoring services to those affected by the breach. If you don’t want the credit monitoring service, you may be able to opt for a $125 cash payment, unless they run out of funds. You can’t get both!

Furthermore, Equifax has agreed to take several additional steps to assist consumers who are either facing ID Theft issues, or who have already had their identities stolen. It includes making it easier for consumers to freeze and thaw their credit and making it easier for consumers to dispute inaccurate information contained in their credit reports.

Additionally, the Equifax settlement requires the company to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft. For at least seven years, Equifax will provide free assistance to victims via their Identity Restoration Services. In other words, if you discover there was misuse of your personal information, call the settlement administrator at 1-833-759-2982 and you will be given instructions for how to access Equifax’s free Identity Restoration Services.

WHAT DO I NEED TO DO NOW?

Equifax is offering FREE Credit Reports for ALL U.S. Consumers. Starting in January 2020, all U.S. consumers can get 6 free credit reports per year for 7 years from the Equifax website. That is in addition to the mandatory free credit report everyone is entitled to each year from each of the three credit bureaus that you get from going to www.AnnualCreditReport.com

To find out if you were one of the over 147 million victims of Equifax’s data breach and an eligible class member, call 1-833-759-2982 or you can click here

*NOTE: If you wish to file a claim, you must file your claim by January 22, 2020.

Visit the Federal Trade Commission’s website for info on How to File a Claim

Read a previous article I wrote about the Equifax Breach to learn how it all came about. And Here for Part Two of that article.

PUBLIC WIFI IS NOTORIOUSLY RISKY

Public WiFi is Notoriously Risky!

If you intend to bring your internet devices with you when you travel, you must consider the inherent dangers of Public WiFi.

Public Wi-Fi Is Not Safe
Public Wi-Fi You Must Protect Your Data

Pubic WiFi is Not a Private Secure Internet Connection

Therefore anyone can access the network and anyone can eavesdrop on what’s being transmitted via Public WiFi. People tend to let their guard down while traveling. Security is put on the back burner and we tend to do things that increase our chances of getting hacked.

According to a survey conducted by Morning Consult for IBM Security, 70% of travelers take unnecessary risks while on the road. They connect to public WiFi, charge a device on a public USB station, or enable auto-connect on their wireless devices.

Hackers Set Up Fake Public WiFi Hot Spots

A skilled Hacker will typically give their fake WiFi Network a name that’s similar to an authentic connection. If it’s a hotel, they will choose a name with the hotel’s name in it or if it’s the airport, they will choose a network name that includes the airport’s name or the name of the airlines. The same goes for coffee shops or other internet hubs.

If you are inadvertently fooled by a hacker’s fake WiFi Network, you’re now giving that network permission to start taking data off your device. Furthermore, if your device is set to auto-connect, you might be leaking your personal data and not even know it.

You can’t eliminate all digital threats when you’re on vacation, but you can significantly reduce your chances of having a problem by following these tips.

TIPS TO KEEP YOU SAFE

  • Any device you use, outside your own home network, including your smartphone, laptop or tablet should have a VPN (Virtual Private Network) installed. A VPN encrypts the data leaving your device.
  • Before turning the VPN on, be sure to shut off WiFi and close all apps. After connecting to Wi-Fi, via your VPN, it’s safe to open up any app.
  • Never have your devices set to auto-connect. If your device automatically connects to a free WiFi Hotspot, your device is vulnerable to hacking.
  • Keep the WiFi on your smartphone turned off until you need it. Cellphone data is encrypted when it travels via your phone’s mobile network.
  • Never bring your business laptop with you when on vacation. Bring a spare one that has no corporate data on it. If you need to access corporate data or your company email, do it through the cloud.

Remember, we’re more vulnerable to digital security intrusions when we travel. Don’t opt for convenience over security.

Here is the link to the IBM Survey

Read a previous article of mine about how to keep your online data safe

 

VOICE ACTIVATED ASSISTANTS

VOICE ACTIVATED ASSISTANTS POSE PRIVACY CONCERNS

Voice Activated Assistants, aka Digital Assistants, like “Alexa” and “OK Google” have become very popular. Over 20 million homes already have a voice activated assistant installed in their homes.

These digital assistants may be the latest rave in cool technology, but the devices have created new privacy concerns and security vulnerabilities. They could potentially expose personal data like your bank account info and your contact list. So, while it may be fun to own one, be aware that voice activated assistants pose a risk, if a cyber-criminal is able to hack into it.

The digital security firm Symantec released a report about voice activated assistants. The report states that “The range of activities that can be carried out by these speakers, means that a hacker or even a mischief-minded friend could create havoc, if they were able to gain access”.

Voice Activated Assistants
THEY’RE LISTENING!

WHY? IT’S ALWAYS LISTENING!

The user must first use a wake-up command such as “Alexa” or “OK Google” to activate the digital assistant. Therefore, the device must always be listening, waiting to be activated by that command. This can cause unintentional or accidental triggering. Even a radio, TV or streaming video, playing in the background, might inadvertently set it off.

Once the device is awake, it will record what is said and then sends that recording to a server, where it is stored. However, you do have the option to listen back to these recordings and delete them if you wish.

Symantec’s threat researcher sees a potential danger from these ‘always listening’ digital assistants. He states, “Someone could hack into these devices remotely and then turn them into a listening device”. “Some of them even come with cameras, so they can also see what you are doing”.

Pam Dixon, executive director of the World Privacy Forum, cautions against allowing your digital assistants to store passwords, your contact info or credit card data. Additional dangers include the fact that the device may come with a purchasing option, which is usually turned ON by default. You should set a security PIN or disable the feature.

CRIMINALS CAN TAKE CONTROL

Voice Activated Assistants are designed to be hubs that can control other devices or appliances in your home. These other external devices are referred to as the “Internet of Things” (IoT). Gadgets like lights, cameras, thermostats, coffee makers, alarm systems and door locks are all part of the Internet of Things.

Be aware that the convenience of these IoTs, may create new vulnerabilities. For example: if you connect your door locks or alarm system to your digital hub, then a burglar could command your digital assistant to “open the door and turn off the alarm”.  Additionally, any device connected to the internet is vulnerable to Malware. Always be sure to change the default password and assign a stealth password to each of them.

TIPS TO KEEP YOU SAFE

  • Be careful which accounts you connect. Don’t connect things you don’t need to use, like your address book or calendar.
  • Always use long strong passwords and enable 2-step authentication if it’s available. Remember that anyone with access to your account can listen in remotely, play back recordings, change settings and access personal information.
  • Be sure that your voice activated assistant is linked to your private home or office Wi-Fi network. Password protect your Router.
  • Devices made by Amazon and Google both offer voice recognition, so use that feature. But realize it’s not foolproof.
  • Remember to put the device on Mute when you go on vacation.

To learn more about the danger posed by these gadgets, read my prior article about the Internet of Things.

Deceased Identity Theft – Victimizing the Dead

Deceased Identity Theft is on the rise. Identity thieves will go to great lengths to steal personal information. But how low are they willing to go? They will steal information from the recently deceased.

Assuming the Identity of a Deceased Person Can be a Profitable Venture

Victimizing the dead by stealing their identity is often referred to as ‘Ghosting’. Understand that Identity Theft happens in a variety of ways – including Tax ID Theft, Medical ID Theft, Financial ID Theft and Employment Fraud. Ghosting can encompass any or all of these different types of ID theft.

Deceased Identity Theft
You Must Protect Your Loved Ones

Here are some examples of what these criminals can do with the information stolen from a recently deceased person. File phony tax returns, apply for loans, establish fraudulent credit accounts, create fake driver’s licenses, apply for employment and file false medical claims. Ghosting can also result in creditors coming after the heirs of a deceased loved one or create problems with their estate.

How Do Thieves Get the Information?

Identity Thieves often glean a deceased person’s information from the Social Security Administration’s Death Master File. The Social Security Administration (SSA) maintains a national file of reported deaths for the purpose of paying appropriate benefits. The Death Master File contains the following information: Social Security number, name, date of birth, date of death, State of last known residence, and zip code of last lump sum payment. This information is a virtual gold mine for an identity thief!

In addition, relatives and funeral directors also notify States of recent deaths and then the States notify the SSA. When the SSA receives a death notice, it will flag the deceased person’s Social Security number as “inactive.”

Keep in mind that thieves can also glean a deceased person’s information from hospitals, funeral homes, social media and obituaries.  Because it can take weeks or months to process a death, thieves have plenty of time to commit fraud before it is ever detected.

Signs of Deceased Identity Theft

Calls from a creditor or collection agency on an account opened or used in the deceased’s name after death. If you discover such signs, contact the affected creditor or collection agency in writing, explaining that the account was opened or used fraudulently. Surviving spouses and children can also be liable if they shared accounts with the deceased.

Deceased Identity Theft Stolen Info
Freeze Out the Thieves

Reduce the Risk of Deceased Identity Theft:  

  • Send copies of the death certificate to all three credit bureaus asking them to flag the person’s credit report with the following alert: “Deceased – Do Not Issue Credit”.
  • Request a copy of the credit report of the deceased person with all three credit bureaus. You’ll need to do this in writing. The report will list all active credit accounts. Be on the lookout for any questionable activity.
  • Place a credit freeze with each of the three credit bureaus to stop thieves from opening any new credit accounts in the name of the deceased.
  • Send the IRS a copy of the death certificate to prevent Tax ID Theft. The IRS will then flag the account to reflect that the person is now deceased. Go to irs.gov and enter “Deceased Taxpayers” in the search box.
  • Notify banks, credit card companies, loan holders, financial institutions and mortgage holders to close any accounts. Also notify medical professionals and health insurers too.
  • Notify the Motor Vehicle Department to take their Driver’s License out of circulation.
  • Avoid putting too much information in an obituary. Don’t give a birth date, current address, mother’s maiden name or other identifying information that could be useful to identity thieves. The same goes for social media.

It is devastating for a grieving family to have to go through the process of proving to various agencies that their loved one is indeed dead. The emotional impact of unwinding the mess, stalls the grieving process for the family. Therefore, once a loved ones passes away, it’s important to designate someone to take immediate action to help secure their personal information from these heinous criminals.

If you want to know more about how to place a credit freeze, read this

DARK WEB MONITORING

Dark Web Monitoring – Is It Worth The Cost?

Consumers are coughing up anywhere from $10 to $30 per month for identity theft protection. Credit monitoring companies usually include dark web monitoring to their list of services. But is dark web monitoring really worth its salt? Consumers are under the false assumption that they can rely on these credit monitoring companies to keep them protected. THEY CAN’T!

Results of a recent survey by Consumer Federation of America (CFA)

~ 36% of those who’d seen ads for dark web monitoring incorrectly believed identity theft services can remove their personal info from the dark web.

~ 37% mistakenly believe dark web monitoring services will prevent stolen information, sold on the dark web, from being used.

Dark Web Monitoring

What is the Dark Web?

It is the go-to place on the internet where criminals buy and sell stolen personal information. Well known, commonly used internet browsers such as Google Chrome, Firefox or Mozilla won’t get you there. You need a special browser such as Tor. Most of this stolen information is gleaned from criminals that hack into compromised businesses and personal computers. Here’s what these nefarious actors are after: social security numbers, credit card info, usernames & passwords, bank account info, medical info, birth dates, email addresses, names, addresses, phone numbers, etc., etc.

REALITY CHECK!

No one can erase any of the stolen data that ends up on the dark web. No one can prevent your stolen data from being sold or used. Therefore, credit monitoring companies are only able to ‘alert’ you (after the fact) once they discover that your personal info is up for sale on the dark web.

If you’re wondering whether or not your personal info is on the dark web, the answer is YES, of course it is. You don’t need to pay a credit monitoring service to learn that! Hackers stole nearly a half a billion records in 2018 alone!

The Equifax data breach exposed the social security numbers, birth dates and other personal info of 148 million Americans. About 6.4 million records are reported stolen every day. If you’re still not convinced, and want to see the raw data, go here for real time data breach statistics.

Odds are very high that your info has already been bought and sold to numerous criminals on the dark web. You can’t change your social security number or date of birth. With so much of everyone’s info already compromised, individuals must do everything they can to make it more difficult for criminals to use that stolen data.

Does Dark Web Monitoring Have Any Value?

Security experts say dark web monitoring is just a scare tactic used by credit monitoring companies. Fear of the unknown motivates people. Neal O’Farrell, executive director of the Identity Theft Council  says it’s all really “just a smoke and mirrors deal” created by credit monitoring services to justify the monthly fee. O’Farrell states “They keep adding on these extra services that are truly valueless and don’t go to the cause of the problem”.

6 Important Things To Protect Yourself

1.) Check your credit report regularly with all 3 credit bureaus. By law you are entitled to a free annual report from Equifax, Trans Union and Experian. All three companies must provide a free credit report to you, upon request. So, NO EXCUSES – It’s FREE!  Stagger your requests throughout the year by requesting one credit report from one company, three different months during the year.

2.) Place a “Freeze” on your credit file with all three credit bureaus. There is no cost to freeze your credit. So, again, no excuses! Placing a credit freeze prevents a fraudster from obtaining credit in your name. A credit freeze is much more secure than the credit monitoring packages being sold by the credit bureaus and other credit monitoring companies such as LifeLock. Also, don’t let the credit bureaus try to talk you into placing a “Credit Lock” instead of a Credit Freeze”. Credit Locks do not have the same consumer protections that a Credit Freeze provides.

3.) Use two-factor authentication as a secondary firewall to prevent criminals from impersonating you. Also referred to as “2FA” – Two-Factor Authentication is an extra layer of security that requires not only a username and password, but also something that the user has on them like an email address or a cellphone that a code can be sent to. This proves that you are who you claim to be before you can obtain full access to your account.

4.) Use stealth and long passwords (at least 12 or more characters) that are hard to crack. The best passwords are phrases mixed in with symbols, numbers and upper & lower case letters. Don’t use obvious things like, mother’s maiden name, birth dates, addresses, phone numbers or any info that can be gleaned from your social media account. NEVER use the same password for other log-ins. Why? If your password is compromised, a criminal will try using that password to log-in to other websites, like banks, PayPal, Amazon and other commonly frequented websites. Also, be sure to change passwords every so often, especially if you learn of a data breach that affects a website or an account you have with a company.

5.) Monitor your accounts whenever your bank and credit card statements arrive. Be sure to also check your Explanation of Benefits for medical services. Correct any errors you find and report any discrepancies.

6.) Keep your software updated and back up your data. Whenever there is an update available for your software programs, be sure to follow through and perform a timely update. Better yet, set your programs to update automatically. Make a habit of backing up your important files on a regular basis. Back up all files that you wouldn’t want to lose if your computer ever crashed.

There’s no 100% guarantee that following these steps will fully protect you from becoming a victim of identity theft, but it will certainly lower your chances.  Awareness and constant vigilance is paramount in this game of cat and mouse.

You can read a prior article I wrote about Credit Freezes here