DARK WEB MONITORING

Dark Web Monitoring – Is It Worth The Cost?

Consumers are coughing up anywhere from $10 to $30 per month for identity theft protection. Credit monitoring companies usually include dark web monitoring to their list of services. But is dark web monitoring really worth its salt? Consumers are under the false assumption that they can rely on these credit monitoring companies to keep them protected. THEY CAN’T!

Results of a recent survey by Consumer Federation of America (CFA)

~ 36% of those who’d seen ads for dark web monitoring incorrectly believed identity theft services can remove their personal info from the dark web.

~ 37% mistakenly believe dark web monitoring services will prevent stolen information, sold on the dark web, from being used.

Dark Web Monitoring

What is the Dark Web?

It is the go-to place on the internet where criminals buy and sell stolen personal information. Well known, commonly used internet browsers such as Google Chrome, Firefox or Mozilla won’t get you there. You need a special browser such as Tor. Most of this stolen information is gleaned from criminals that hack into compromised businesses and personal computers. Here’s what these nefarious actors are after: social security numbers, credit card info, usernames & passwords, bank account info, medical info, birth dates, email addresses, names, addresses, phone numbers, etc., etc.

REALITY CHECK!

No one can erase any of the stolen data that ends up on the dark web. No one can prevent your stolen data from being sold or used. Therefore, credit monitoring companies are only able to ‘alert’ you (after the fact) once they discover that your personal info is up for sale on the dark web.

If you’re wondering whether or not your personal info is on the dark web, the answer is YES, of course it is. You don’t need to pay a credit monitoring service to learn that! Hackers stole nearly a half a billion records in 2018 alone!

The Equifax data breach exposed the social security numbers, birth dates and other personal info of 148 million Americans. About 6.4 million records are reported stolen every day. If you’re still not convinced, and want to see the raw data, go here for real time data breach statistics.

Odds are very high that your info has already been bought and sold to numerous criminals on the dark web. You can’t change your social security number or date of birth. With so much of everyone’s info already compromised, individuals must do everything they can to make it more difficult for criminals to use that stolen data.

Does Dark Web Monitoring Have Any Value?

Security experts say dark web monitoring is just a scare tactic used by credit monitoring companies. Fear of the unknown motivates people. Neal O’Farrell, executive director of the Identity Theft Council  says it’s all really “just a smoke and mirrors deal” created by credit monitoring services to justify the monthly fee. O’Farrell states “They keep adding on these extra services that are truly valueless and don’t go to the cause of the problem”.

6 Important Things To Protect Yourself

1.) Check your credit report regularly with all 3 credit bureaus. By law you are entitled to a free annual report from Equifax, Trans Union and Experian. All three companies must provide a free credit report to you, upon request. So, NO EXCUSES – It’s FREE!  Stagger your requests throughout the year by requesting one credit report from one company, three different months during the year.

2.) Place a “Freeze” on your credit file with all three credit bureaus. There is no cost to freeze your credit. So, again, no excuses! Placing a credit freeze prevents a fraudster from obtaining credit in your name. A credit freeze is much more secure than the credit monitoring packages being sold by the credit bureaus and other credit monitoring companies such as LifeLock. Also, don’t let the credit bureaus try to talk you into placing a “Credit Lock” instead of a Credit Freeze”. Credit Locks do not have the same consumer protections that a Credit Freeze provides.

3.) Use two-factor authentication as a secondary firewall to prevent criminals from impersonating you. Also referred to as “2FA” – Two-Factor Authentication is an extra layer of security that requires not only a username and password, but also something that the user has on them like an email address or a cellphone that a code can be sent to. This proves that you are who you claim to be before you can obtain full access to your account.

4.) Use stealth and long passwords (at least 12 or more characters) that are hard to crack. The best passwords are phrases mixed in with symbols, numbers and upper & lower case letters. Don’t use obvious things like, mother’s maiden name, birth dates, addresses, phone numbers or any info that can be gleaned from your social media account. NEVER use the same password for other log-ins. Why? If your password is compromised, a criminal will try using that password to log-in to other websites, like banks, PayPal, Amazon and other commonly frequented websites. Also, be sure to change passwords every so often, especially if you learn of a data breach that affects a website or an account you have with a company.

5.) Monitor your accounts whenever your bank and credit card statements arrive. Be sure to also check your Explanation of Benefits for medical services. Correct any errors you find and report any discrepancies.

6.) Keep your software updated and back up your data. Whenever there is an update available for your software programs, be sure to follow through and perform a timely update. Better yet, set your programs to update automatically. Make a habit of backing up your important files on a regular basis. Back up all files that you wouldn’t want to lose if your computer ever crashed.

There’s no 100% guarantee that following these steps will fully protect you from becoming a victim of identity theft, but it will certainly lower your chances.  Awareness and constant vigilance is paramount in this game of cat and mouse.

You can read a prior article I wrote about Credit Freezes here

INTERNET OF THINGS TICKING TIME BOMB

THE INTERNET OF THINGS – Could Be A Ticking Time Bomb

The “Internet of Things” is a term that describes any gadget, gizmo or tech equipment that is connected wirelessly and controlled over the internet. Some examples of the connected devices that make up the internet of things are webcams, refrigerators, smart TVs, thermostats, copiers, medical devices, automobiles, alarm systems, baby monitors, fitness bands, computers, modems, routers, digital recorders, etc.  For purposes of this article, I will refer to them as “IOT” devices.

Presently, the estimated number of IOT devices is approaching around 5 billion devices. That number is expected to rise to 25 billion by 2020. A study by HP Security Research concluded that 70% of the most commonly used IOT devices had serious security flaws. 90% of these IOT devices were using unencrypted network service and 70% were vulnerable through weak passwords.

Internet of Things
Change the username & passwords on these gadgets

THIS POSES A VERY BIG PROBLEM!

The security flaws common in so many of these contraptions allow any skilled hacker to easily take control of one or more of these devices. Therefore, hackers are constantly searching the web trying to break into one of these IOT devices. Once a hacker gains control of one of these devices, the hacker can then gain access to the other connected devices – that are also connected to your Wi-Fi network.

Many of these devices are really only unsecure because the user doesn’t bother to change the assigned factory settings. They forget or neglect to change the username and password when they connect the device to their home Wi-Fi network. Hackers know the factory default passwords assigned to these devices.

So, if the user doesn’t change the default settings to something long and complex, then that device will be an open invitation to any hacker. Consumers are usually unaware of this and may not know how to even begin to secure these poorly-secured IOT devices. Furthermore, it is often up to the consumer to check to see if the manufacturer has a firmware update available for them to download.

Worse yet, there is no current security standard required of the manufacturers of these devices. Additionally, a lot of these devices are designed and manufactured in foreign countries that really don’t care about security vulnerabilities.

The FTC is starting to take this problem seriously and urging businesses to build better security into their IOT devices. They are also preparing to regulate IOT devices in an effort to protect consumer’s privacy and security.  They specifically want to start by regulating automobiles and mobile-payment methods such as Apple Pay.

TIPS TO HELP PROTECT YOURSELF

  • Don’t store personal information on any device – including your real name.
  • Change the default username and passwords on all of your home network devices.
  • Periodically check the manufacturer’s website to see if a firmware update is available.
  • Use a different complex password for each one of your devices, so that if one device gets hacked, your other devices will not be jeopardized.
  • Use anti-virus and anti-malware software on your home computer network and set them to automatically download any new updates.
  • Keep your smartphone protected – it is the gateway to your car’s connectivity and many other IOT devices. Be sure your smartphone is password protected and has anti-virus and anti-malware installed on it.

For more in depth information about the internet of things, Brian Krebs of Krebs on Security, has an excellent article about this topic. Here’s the link to it:  https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-stuff/

ALSO, be sure to read a previous article I wrote about Router Security

Sweetheart Scams – Your Money Your Heart

Sweetheart Scams can hurt both your heart and your bank account.

The National Consumers League (NCL) is sounding the alarm about Sweetheart Scams. It is also referred to as the Romance or Friends Scam. Con Artists are swindling their victims out of millions of dollars. According to the NCL report, the average victim loses approximately $18,831. The group says that complaints to their organization about Sweetheart Scams have spiked upwards by 45%. That’s double the amount of complaints from 2017.

Sweetheart Scams
Don’t Let Someone You Love Get Duped

Con Artists are Masters of Persuasion

They prey on their intended victim’s powerful emotions. Examples of those powerful emotions are fear, greed, urgency, pride, loneliness and love. Realize that Love and Loneliness are two of the most powerful emotions on earth. Victims of Sweetheart Scams act on both of those emotions, rather than using reason. It’s as if the con artist has cast an impenetrable spell on their victim.

Con Artists are not looking for affection or a loving relationship

Their goal is to separate you from your money.  It’s also much easier now for them to pull off these romance scams because of the digital age.  Kindling a relationship with their victim can be a long drawn out process or it can happen fairly quickly.

It may begin with a phishing email, a contact on social media or when someone joins an online dating website such as Match.com.  The con artist will create a fake online profile that’s designed to lure you in. They will use a fake name and photo. They often falsely take on the identity of a trusted person such as a professional working abroad or someone in the military or perhaps an aid worker in a foreign country.

Realize that these con artists will strike up a relationship with not just you, but with hundreds of potential victims. Be especially wary if your new-found-friend or lover quickly asks you to move your conversations from the website’s messaging platform to your personal email or phone.

Eventually, that new special someone in your life will convince you to send them money to pay for some kind of emergency. They may even ask you for money so they can travel to visit you.  Either way it’s a trap!

Younger people claim they would never fall for this type of scam, but the statistics say otherwise. Con artists work to gain the victim’s trust and separate them from their support system. Victims are so convinced that they have found their true love, that they will even put themselves in harm’s way. One woman, a teacher, flew to Jamaica to meet her lover and was murdered in the process.

The elderly population also seems to be vulnerable to the Sweetheart Scam. Many of them have suffered a painful loss, like the death of a spouse or other family member. Many of them live alone and are yearning for companionship or love. Con artists easily manipulate and swindle people who are in such an emotional state of mind.

Keep in mind that when money is sent via a gift card, MoneyGram, or a prepaid debit card it is untraceable and you will never get your money back!

Scams-of-the-heart are especially egregious, because victims are hurt both emotionally and financially.  To read the National Consumers League article on this topic go to:  https://www.nclnet.org/romance_scams

Apple iPhone Scam – Very Convincing

I did not write this article, but I copied the important main parts of it here. It was written by Brian Krebs who is a security news and investigator. His website is called KrebsonSecurity.  Here is the link to his original article:  https://krebsonsecurity.com/2019/01/apple-phone-phishing-scams-getting-better/

I thought it was important enough to alert you to this new Apple iPhone scam – Read on…

Apple Phone Phishing Scams Getting Better

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.

Jody Westby is the CEO of Global Cyber Risk LLC, a security consulting firm based in Washington, D.C. Here is an account of what happened to her. Earlier in the day she received an automated call on her iPhone warning that multiple servers containing Apple user IDs had been compromised (the same scammers had called her at 4:34 p.m. the day before, but she didn’t answer that call). The message said she needed to call a 1-866 number before doing anything else with her phone.

Here’s what her iPhone displayed about the identity of the caller when they first tried her number at 4:34 p.m. on Jan. 2, 2019:

Apple iPhone Scam

Note in the above screen shot that it lists Apple’s actual street address, their real customer support number, and the real Apple.com domain (albeit without the “s” at the end of “http://”). The same caller ID information showed up when she answered the scammers’ call this morning.

Westby said she immediately went to the Apple.com support page (https://www.support.apple.com) and requested to have a customer support person call her back. The page displayed a “case ID” to track her inquiry, and just a few minutes later someone from the real Apple Inc. called her and referenced that case ID number at the start of the call.

Westby said the Apple agent told her that Apple had not contacted her and that the call was almost certainly a scam. Apple said they would never do that — all of which she already knew. But when Westby looked at her iPhone’s recent calls list, she saw the legitimate call from Apple had been lumped together with the scam call that spoofed Apple.

“I told the Apple representative that they ought to be telling people about this, and he said that was a good point,” Westby said. “This was so convincing I’d think a lot of other people will be falling for it.”

KrebsOnSecurity called the number that the scam message asked Westby to contact (866-277-7794). An automated system answered and said I’d reached Apple Support, and that my expected wait time was about one minute and thirty seconds. About a minute later, a man with an Indian accent answered and inquired as to the reason for my call.

Playing the part of someone who had received the scam call, I told him I’d been alerted about a breach at Apple and that I needed to call this number. After asking me to hold for a brief moment, our call was disconnected.

No doubt this is just another scheme to separate the unwary from their personal and financial details, and to extract some kind of payment (for supposed tech support services or some such). But it is remarkable that Apple’s own devices (or AT&T, which sold her the phone) can’t tell the difference between a call from Apple and someone trying to spoof Apple.

Phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. If a call has you worried that there might be something wrong and you wish to call them back, don’t call the number offered to you by the caller. If you want to reach your bank, for example, call the number on the back of your card. If it’s another company you do business with, go to the company’s Web site and look up their main customer support number.

Relying on anything other than a number obtained directly from the company in question — such as a number obtained from a direct search on Google or another search engine — is also extremely risky. In many cases, the scammers are polluting top search engine results with phony 800-numbers for customer support lines that lead directly to fraudsters.

These days, scam calls happen on my mobile so often that I almost never answer my phone unless it appears to come from someone in my contact list. But as this scam shows, even that’s not always a great strategy.

It’s a good idea to advise your friends and loved ones to ignore calls unless they appear to come from a friend or family member, and most importantly to just hang up the moment the caller starts asking for personal information.

AGAIN, I DID NOT WRITE THIS ARTICLE. IT WAS COPIED HERE FROM AN ARTICLE WRITTEN BY BRIAN KREBS.  HERE IS HIS HOME PAGE LINK:

https://krebsonsecurity.com/

CYBERSECURITY RESOLUTIONS

As 2018 comes to an end, I am putting together my recommended list of Cybersecurity Resolutions for 2019. Although the number of data breaches went down in 2018, the actual number of individuals affected by those breaches dramatically increased.  So, you must continue to remain ever vigilant if you want to protect yourself.

Cybersecurity Resolutions to head off Cyber disasters
Head Off Pending Disasters

Here are some important Cybersecurity Resolutions you should adhere to.

  1. I WILL USE STRONG, LONG, STEALTH PASSWORDS that are unique for each different website. A good password is one that uses a combination of upper and lower case letters, numbers and special characters. Don’t use the same password for different websites. Be creative and don’t use obvious things like your Mother’s Maiden name, your date of birth, street address, your pet’s names, etc. Your social media page will give any scammer clues of what you might use to create a password. So, don’t make it so easy for them to crack it.
  2. I WILL KEEP MY SOFTWARE UPDATED as soon as I am notified that an update is available. If you do so, in a timely manner, then you won’t have to worry about your devices getting compromised. Set your programs to perform updates automatically.
  3. I WILL BACK UP MY FILES REGULARLY. Backing up your files has become an essential security continuity practice. If you are a victim of Ransomware, a Malware infection or even Mother Nature, you’ll be glad you backed up your data to a separate hard drive or thumb drive. Always remove the backup device from your computer after doing the routine backup.
  4. I WILL USE 2 FACTOR AUTHENTICATION WHENEVER POSSIBLE. Also known as 2FAs, it adds a second layer of security onto your account access, by confirming that you are who you claim you are. It also protects you from those who unlawfully attempt to access your account. Not all businesses and online accounts offer this extra security, but take advantage of the companies that do.
  5. I WILL ONLY VISIT SITES THAT BEGIN WITH HTTPS. Not every website, even some popular ones, begin their web address with the more secure HTTPS. It is not safe to enter any of your personal information on a website that begins with HTTP instead of HTTPS. The “S” stands for secure. Security must go hand-in-hand with privacy. There are extensions that you can install to your browser that will only connect automatically to HTTPS versions of websites. For example, try installing “HTTPS Everywhere” on your google browser. It’s what I use.
  6. I WILL HANDLE MY EMAILS CAREFULLY. Repeat after me: I will never click on links or open up attachments in any email unless I am 150% sure that the email is legitimate. Emails are the easiest way a criminal can gain access to your system. Ask yourself, does the email seem fishy? Is the grammar and spelling correct? Does it sound too good to be true? OR does the email contain an urgent message that you must click on in order to solve a problem? These are all telltale signs of a phishing email. If you click on that link, or open that attachment, you will surely infect your computer. Hover your mouse over the sender’s email address and see if it appears legitimate. My advice is to go onto the business’ website by typing in the URL yourself rather than the provided link in the email. Don’t hesitate to call the business to verify that the email is legit. Most companies will never ask you for your personal information.  You’ve been warned!!!
  7. I WILL BE CAREFUL AND THINK BEFORE I POST. Privacy is dead. Whatever you post is open season for anyone who wants to exploit that information. Sharing details of a personal nature can be dangerous. Criminals can and will use your information against you. The information you so freely give away online, can be used to access your accounts or steal your identity. Tone down the stuff you post about yourself or people close to you.
  8. I WILL KEEP ABREAST OF THE LATEST CYBERSECURITY THREATS AND SCAMS. Knowledge is power! The more you know the more you’ll be able to protect yourself and your loved ones.
Cybersecurity Resolutions to help lprotect your data
Everyone is after your data! You must protect it.

So, there you have it.  If you follow these Cybersecurity Resolutions, you’ll be a whole lot safer from scammers, crooks and fraudsters in 2019.  Stay safe out there and Happy New Year to all.

MALWARE – Malicious Software

You’ve probably heard the term Malware, but do you really know what it is and how it gets onto your devices?

Malware refers to malicious software that is unwittingly downloaded on your computer or other devices. Once downloaded, you will more-than-likely become a victim of identity theft.

Malware
My Malware Protection Recommendation

Malware Infections Happen in Several Ways: 

Links or Attachments in Emails & Text Messages: You may open an attachment or click on a link in a phishing email or text message. Fraudsters will include links with an urgent message to entice or require you to click on them. In other words, the message is crafted to convince you that there is a need for you to take action or suffer the consequences of your inaction.

Fake Websites: Scammers often create authentic-looking, but fake websites, to trick you into entering your personal information. You may think you’re purchasing merchandise at a great price, or applying for a job, or perhaps you clicked on an article that caught your interest. Oftentimes, you just landed on a fake website because you typed the website address incorrectly by misspelling it or clicked on the wrong website during an internet search.

E-cards: These electronic cards are a fun and inexpensive way to celebrate a special occasion or holiday. But e-cards can be dangerous if they do not originate from a well-known e-card website. If someone sends one of these to you and it originated from a fake website, you may download Malware instead of an e-card.

Scammers: The “Tech Support Scam” is a good example of how it’s done.  An imposter, claiming to be from Microsoft, contacts you. They manage to convince you that your computer is infected with a virus. Next they ask you to give them control of your device, so as to assist you with getting rid of the virus. Alternatively, the imposter may convince you to download a program from their fake website to help erase the virus. Just realize that whichever of these options you choose, you will instead, be actually infecting your computer with Malware.

Once Malware is installed – you have opened yourself up to identity theft.

The malicious program will allow a criminal to have access to all the files on your computer. If you have any files that have personal information, such as copies of your credit report, tax return, bank or financial statements, the criminal will then be able to view all of these files.

Additionally, all the email addresses of those in your contact list will be readily available to exploit. The criminal will use the Malware program to send SPAM emails to everyone in your contact list – which will include tainted malicious links or attachments. Recipients of these SPAM emails, will think it is safe to open them, because the email came from you. As a result, everyone in your contact list can easily be infected with the same Malware.

Worst of all, the Malware program gives the criminal the ability to log (read) your keystrokes. This keystroke-logging program allows them to capture the pins, passwords, credit card or other personal information whenever you type them, via your keypad.

Moral of the story: 
  • NEVER click on links or open attachments in email or text messages.
  • Be wary of emails containing links or attachments even IF they appear to come from someone you know.
  • Type all website addresses very carefully.  Take notice how easy it is to misspell a web address or add or miss a letter. For example: ammazon.com or amzon.com or amazon.cm
  • Be careful what you click on when browsing the internet, including Ads, surveys or discount coupons – even on legitimate websites.
  • Don’t open e-cards unless you’re sure it’s legitimate. Do not open it if the sender is unknown to you.
  • Never give control of your computer to anyone you don’t know or trust.

SYNTHETIC IDENTITY THEFT

According to the Federal Trade Commission, 80 to 85% of all identity fraud stems from Synthetic Identity Theft. Fictitious identities are created when an Identity thief creates a fresh new identity using elements of valid and/or fabricated forms of personal information.

As an example – a thief with a stolen valid Social Security number will combine it with a fake name, address and date of birth to create a brand new identity.  Because a valid Social Security # is used, there is no actual victim or true identity behind this false combination of identity elements.

Synthetic Identity Theft

 

Once Created – The Mischief Begins!

The merger of this real and fake personal data is then used to commit criminal, medical or financial fraud. Once an ID thief creates a new synthetic identity, they will attempt to apply for loans, credit or a job; get medical services, obtain cellphone service or even use the synthetic ID if they get arrested.

Remember that this newly created identity still contains your social security # as the main component and source of reference. Therefore, it becomes part of a fragmented or sub-file to your main credit file.

Additionally, fraud alerts, credit freezes and credit monitoring services will not indicate that anything is amiss. These usual protective measures do not stop Synthetic Identity Theft.

Unfortunately, the massive Equifax data breach, reported in September of 2017, exposed the valid social security numbers of nearly 148 million Americans. Realize also that those stolen social security numbers have already been purchased by criminals on the dark web – in underground black markets. Unfortunately, you cannot change your social security number!

 

What are Banks and Credit Card Companies Doing to Combat This?

Financial institutions understand the need to use any and all tools available to stop synthetic identity theft. They’re using advanced analytics, device intelligence and monitoring of underground websites. Credit Bureaus utilize tools that are able to detect when identity elements appear to be used inconsistently. They have developed analytical scores that help them determine whether a Social security # and identity belong to the right person.

A new federal law should also make it easier for creditors to verify ownership of a Social Security # with the Social Security Administration – which should help them verify that credit applicants actually exist.

 

THERE’S NO SILVER BULLET – BUT THESE STEPS MAY HELP

  • Only use an identity theft monitoring service that includes dark web monitoring. The service will check for personal identity elements, such as a SSN, that may have been exposed in a recent data breach.
  • It’s still worth placing a credit freeze with all three of the credit bureaus. Credit Freezes are now FREE in all 50 States as of September, 2018. Here’s is a previous article of mine explaining how to place a freeze
  • Get your free credit report at annualcreditreport.com from one of the three credit bureaus and check to see that there hasn’t been any unauthorized accounts opened.
  • A child’s SSN is often used to create Synthetic ID Theft. So, be sure to also place a credit freeze for your minor children as well.
  • National databases hold the key to discovery of Synthetic ID Theft. The DMV, insurance companies, data brokers, employers, prison or police records may all contain synthetic identities that include your social security number. Use a credit monitoring service that checks national databases.

 

Synthetic identity theft is a complicated and growing problem because it’s hard to detect and prevent this type of fraud. Once these synthetic identities are created, they become ‘verifiable’ identities and can therefore pass traditional security checks.

Unfortunately, it’s going to be up to you to be ever diligent if you want to protect yourself in the age of rampant fraud and deception.

DISASTER CHARITY SCAMS

DISASTER CHARITY SCAMS  Good Intentions – Bad Outcome

Beware of disaster charity scams! Fraudsters – posing as reputable Charitable Organizations – have been out in full force to trick you into making donations, to help victims of disasters.

Criminals always take advantage of kind-hearted, well-intentioned people who want to help after a disaster makes headline news. All of us need to be vigilant, because disaster charity scams will always appear to be totally legitimate.

Disaster Charity Scams
When Disaster Hits Watch Out For Fake Charities

Disaster Charity Scams normally start with unsolicited contacts in several ways. The scammer will contact their possible victim by telephone, social media, email solicitations, or at your door.

Then scammers use a variety of tried-and-proven tactics to lure information out of people. Donors should not give out personal financial information to anyone who solicits a contribution. This includes things like Social Security #, passwords or credit card and bank account numbers. You must always do your homework first.

Disaster Charity Scams Are Abundant
Always Do Your Research First!

THINGS YOU NEED TO KNOW:

  • Thieves pretend they are from a familiar sounding charity. Their goal is to get money or personal financial information from unsuspecting donors.
  • Bogus websites use names that are the same name or a similar name of a legitimate charity. Emails that appear to come from a real charity will always provide a link that will take you to a fraudster’s bogus website.
  • Scammers may even try to get you to provide your social security number, claiming they need it for your receipt or for tax reporting. This is a falsehood! Never give a charity your SS#.
  • Always go directly to the source when making a charitable donation. Don’t trust strangers at your door, telemarketers on the phone or emails with links that will lead you to a fake charity website that appears legitimate.
  • Always contribute by check or credit card to have a record of your donation. Never make a donation with cash, a pre-paid debit card, bank wire, or an iTunes or Amazon gift card.
  • You can check out whether a charity is legitimate by going to www.charitynavigator.org or www.charitywatch.org  If the charity is not on the list, then beware!
  • Scammers may even claim to be working for ― or on behalf of ― the IRS. The thieves tell disaster victims they can help them file casualty loss claims to get big tax refunds.
  • The IRS website allows taxpayers to use their Tax Exempt Organization Search to help find or verify qualified charities. Donations to these qualified charities may be tax-deductible.
  • Contact any organization you’re considering, and ask for the charity’s address, phone number and financial records. Consider how much of your donation will go to the program you want to support, and how much will cover administrative costs. Legitimate groups will gladly provide information about their mission and how your donation will be used. If a charity is unwilling to provide you with such information, be suspicious!

EQUIFAX BREACH AFTERMATH

Aftermath of the Equifax Breach    (PART TWO)

It’s barely been a year since the Equifax Breach became one of the largest data breaches in U.S. history. Equifax’s gross negligence resulted in hackers stealing the social security numbers and other sensitive information of 148 million Americans.

Equifax Breach
Guard your identity with everything you’ve got

As a result of the Equifax breach, the company offered one full year of free credit monitoring. Knowing this, criminals are just biding their time, waiting for the year to expire. They know that once the free credit monitoring expires, the public will feel safe again. They expect consumers  will become more lax about protecting and monitoring their personal information. This would be a big mistake for consumers. Since you can’t change your SS#, you must remain ever vigilant.

YOUR DATA WAS ALREADY OUT THERE!

News Flash! Although the Equifax breach was massive, much of the consumer data exposed in that breach was already available to criminals. The majority of American’s most sensitive personal data has already been compromised for several years. It is then sold on the cyber-underground to the highest bidder. If you have any doubt, realize there were 1579 separate data breaches in 2017 alone. Millions of records are exposed in those breaches.

Therefore, even if you were not a party to the Equifax breach, you need to assume that your personal info is already out there for sale. So you need to continue to protect your data for the rest of your life. One of the best ways to protect yourself is to place a freeze on your credit file.

 

EEquifax Breach Credit Freeze
Credit Freezes keep the bad guys out!

Credit Freezes – will soon be FREE

Starting September 21, 2018 you can place, temporarily lift, or remove a Credit Freeze for FREE.  Because each person has their own credit file, each individual should lock down their credit report by placing a freeze on their file.

Once the freeze is in place, only you, (the person who placed the freeze), can view your credit file. Everyone else would be locked out, unless you choose to grant them access to it. Access to your credit file is granted by either placing a temporary lift or by removing the freeze.

According to the U.S. Federal Trade Commission, all three credit bureaus must set up a web page to assist consumers with placing a credit freeze.

A WORD OF CAUTION!

Once you begin the process of freezing your credit, you may be enticed to place a Credit “Lock” instead of a Credit “Freeze”. Do NOT be fooled into placing a Credit “Lock”. These are being pushed as an alternative to a Credit “Freeze” by all 3 credit bureaus. Credit Locks do not offer the same legal protections to consumers as a Credit Freeze. So, don’t be fooled!

You should also be sure to place a credit freeze for your minor children. Child ID theft is a criminal’s dream. The theft of a child’s identity is usually not discovered until years later. By that time, the damage is done, and the thief is long gone.

Additionally, all 3 credit bureaus are now required to offer FREE electronic credit monitoring services to all active duty personnel.

CONTINUE TO MONITOR REPORTS

As a habit, consumers should obtain a free credit report from each of the 3 credit bureaus by visiting www.annualcreditreport.com  This is the only federally authorized website to get your free credit report. Each of the credit bureaus must provide consumers with a free credit report, once a year. The smartest way to accomplish this is to stagger your requests during the year.

Here’s How:

In January, go to the website and request only one free report from Equifax. Then again in May, request one free report from Trans Union. Lastly in September, request your free report from Experian. This method gives you the opportunity to review your credit report for free over the entire year.

THAT’S NOT ALL FOLKS

To further protect yourself, it’s also important to request a report, monitor or lock down four other lesser-known consumer reporting agencies such as:

ChexSystems: provides account verification services for banks & financial institutions.

Innnovis: provides ID verification data to assist with fraud detection and prevention.

(NCTUE) National Consumer Telecommunications & Utilities Exchange.  NCTUE is a credit checking clearinghouse used by mobile phone providers and utility companies.

Lexis-Nexis: Collects info from public records & data sources such as real estate ownership, liens, judgments, bankruptcies.

 

NEVER HEARD OF THEM

There are dozens of other companies you never heard of that provide consumer reports to specific industries. The Consumer Financial Protection Bureau (CFPB) produced a list of all the known entities that maintain, sell and share tons of data on U.S. citizens. The link to the pdf document is here

The pdf document provides information and the links to the websites of 46 different entities. It also provides information about your legal rights to obtain the data in your reports and dispute any inaccuracies contained in them.

Remember that your data is only as safe as the companies and organizations that are tasked to protect that data. The vast majority of them are doing an abysmal job. So, it is up to you to protect your data and to remain vigilant at all times.

ONE MORE REASON

If I haven’t yet convinced you to freeze your credit file, here’s one more reason to do so. All 3 credit bureaus make a nice profit from selling copies of your file to others. Thus, freezing your credit file will deny them a steady revenue stream. Why should they be allowed to profit from selling your personal info; especially when they do such a lousy job at protecting it. What a perfect way to hit them where it hurts – their corporate bottom line!

You can learn more about credit freezes by reading a prior article of mine HERE

EQUIFAX DATA BREACH – 1 YEAR ANNIVERSARY

Equifax Data Breach – one year later     (PART ONE)

It’s been about a year since the Equifax Data Breach was announced. It was one of the largest data breaches in U.S. history. Their negligence resulted in hackers stealing the social security numbers and other sensitive information of 148 million Americans. What has happened since?

Equifax Data Breach
GUARD YOUR NUMBER

Equifax is one of three major credit reporting agencies. Their data files contain highly sensitive information on millions of us. Any company responsible for collecting sensitive data should be required to take any and all precautions necessary to protect that information from criminals. The Equifax data breach proved that they failed miserably! As with so many prior breaches, this one was entirely preventable.

The scope of this massive breach should have shocked Washington to enact sweeping reforms. You would think that if the social security numbers of over half the adult population of the U.S. were exposed, that Congress would take appropriate action to fix the problem. So what did Congress do to punish Equifax and protect its citizens from future calamities?

Well – One year later, not much has changed

At first, there were Congressional hearings where discussions focused on setting new Federal standards for how companies like Equifax secure data.

Investigators looking into how the breach occurred discussed imposing a penalty for Equifax’s failure to timely patch the vulnerability hackers exploited to steal their data.

A national breach notification law was discussed that would require a time frame wherein companies must notify the public once personal info is stolen from a data breach.

BOTH BILLS PETERED OUT! 

Why? “Regulation is tough in this political climate,” said Tom Gann, the chief public policy officer at McAfee.  Congress was too busy focusing on another more pressing cyber-security issue – Russian interference in our elections. Congress can’t seem to focus on more than one cyber-security issue at a time.

Equifax Data Breach
Are You Angry Yet?

The government’s Consumer Financial Protection Bureau (CFPB) recently reported that the Equifax investigation is ongoing.

Michelle Richardson, director of the Privacy and Data Project at the Center for Democracy and Technology (CDT) says she is still optimistic about Equifax-type legislation in the new Congress.

ON THE BRIGHT SIDE

States like New York and California have since put their own protection regulations in place and 48 State Attorneys General are investigating the firm. Equifax also faces more than 240 class action lawsuits.

The FTC is also examining the Equifax data breach, which may result in Equifax facing large financial penalties. In a prior 2012 settlement with the FTC, Equifax was slapped with a $393,000 penalty.

Additionally, the Equifax breach did at least cause a spike in the number of financial firms that have since beefed up their investment in better cybersecurity.

You can read my original article about the Equifax Data Breach here

In PART TWO of my article, I will give you tips on things you can do to protect yourself. So stay tuned…