Two-factor Authentication Phishing  Scam

Two-factor Authentication Phishing Scam

Have you tried to log into an account of yours, such as your insurance or financial institution, and been told to confirm your identity in order to keep your credentials safe? You then receive a code either via text or email which is required for you to enter. Also known as 2FA, this SMS multi-step process has been the trusted security step to protect your accounts … until recently.

 

Unfortunately, there is an automated phishing attack on 2FA, which utilizes two tools: Muraena and NecroBrowser. Reported by Fortune, “The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber and NecroBrowser as the getaway driver.”

 

The attack was first demonstrated at the Hack in the Box Security Conference in Amsterdam last month. A video of the presentation was posted on YouTube on June 2nd bringing renewed attention to how hackers are getting better at penetrating extra layers of security, despite people using stronger tools, like 2FA.

 

So, what do you do? Do you still want to utilize SMS-based 2FA for your accounts? For the most part, the answer is yes.

 

Think of it like this. Say you want to put a lock on your front door to protect your home. Security professionals are arguing that the best type of lock available is way better than cheaper locks. Sure, makes sense. But if that more expensive lock isn’t available to you, isn’t having a cheaper lock still better than not having a lock at all?

 

As discussed on How-to-Geek’s website, there are some people who are more likely than others to be targeted by sophisticated hackers and should avoid using this SMS-based 2FA. For example, if you’re a politician, journalist, celebrity, or business leader, you could be targeted. Also, if you’re a person with access to sensitive corporate data, such as a system administrator, or just very wealthy, SMS may be too risky.

 

But, if you’re the average person with a Gmail or Facebook account and no one has a reason to spend a bunch of time getting access to your accounts, SMS authentication is fine and you should absolutely use it rather than using nothing at all.

 

If you suspect that your login credentials have been compromised, change your passwords as quickly as possible and report the website to the FTC and/or your identity theft resolution provider.

 

Sources:

https://conference.hitb.org/

https://Howtogeek.com/

 

 

Preventing a Mortgage Closing Scam

Preventing a Mortgage Closing Scam

Searching for a new home, can be as exciting as it is stressful, tedious and time-consuming. It will likely be one of your most memorable life moments, especially for first-time buyers. So when you do find that perfect home for you, your bid is accepted and the inspection comes back great, you and your family celebrate and start down the long check-list of things to do prior to your move.

 

As that closing date approaches, unfortunately, the risk of being a victim of a phishing scam does as well. The ultimate cost could be the loss of your entire life savings and there is usually not an insurance policy that will recover your money if this happens to you.

 

The FBI has reported that scammers are increasingly taking advantage of homebuyers with very complex, sophisticated schemes with reports of mortgage fraud rising over 1,100 percent each year. There was an estimated loss of nearly $1 billion in real estate transaction costs in 2017 alone.

 

How would mortgage fraud happen to you? Mortgage fraud, a sub-category of financial institution fraud (FIF), typically starts with a phishing email that appears to be coming from a trusted professional involved in your property purchase. The email claims to be notifying you of changes to your wiring instructions or that they had made a mistake and previously discussed the wrong wiring instructions with you. Wire fraud is so prevalent that many attorneys, lenders and realtors are starting to include a warning about it in their emails. “We do not accept or request wiring instructions or changes to wiring instructions via email. Always call to verify.” But, be wary that even phone conversations may be fraudulent.

 

What can you do to prevent mortgage fraud from happening to you? Consult the Consumer Financial Protection Bureau’s Mortgage Closing Checklist. Identity two trusted individuals involved in the closing process and have multiple ways for you to contact them. Real estate professionals suggest that you create a code phrase that is only known to the trusted parties involved in the transaction in case there is a need to confirm their identities in the future. Be mindful that email is never a secure way to send financial information or closing details.

 

What if mortgage fraud happens to you? Try to ask for a wire recall with your financial institution. Being swift in reporting the crime can greatly increase the likelihood of recovering your funds. Report the fraud to your identity theft resolution provider. Lastly, file a complaint with the FBI.

 

 

Sources:

https://www.fbi.gov/investigate/white-collar-crime/mortgage-fraud

https://consumerfinance.gov

 

Photo credit:

Tierra Mallorca via Unsplash

Sextortion: How to Protect Our Youth

Sextortion: How to Protect Our Youth

Unfortunately, our children are at risk from online predators in many different ways. Sextortion is a criminal act and horrible nightmare to victims and their families.  Learning what sextortion is and understanding how it could happen are the first steps in prevention.

 

What is sextortion? The Federal Bureau of Investigations (FBI) explains that sextortion occurs when an adult, through threat or manipulation, coerces a minor into producing a sexually explicit image and send it over the Internet.

 

How would this happen? The perpetrators utilize social media, games, chat and dating apps to capture their victims. The criminals will tell children that they will make them famous or pay them an exorbitant amount of game credits, crypto-currency, cash, or gift cards if they will participate.

 

Why would my child engage in this act? Sextortion is happening when minors feel most comfortable … when they are on their device, using an app, or playing an online game that is part of their daily routine. The adults that do this crime know that your children might not yet be mature enough to consider the consequences of an action and make decisions like an adult would. Any child with Internet access is at risk. The FBI has interviewed victims as young as 8 and reports that the crime affects all children regardless of gender, ethnicity, and socioeconomic groups. The victims have been honor-roll students, children of teachers, and student athletes. The only common trait is that they are all online.

 

Why don’t victims ask for help? Once the criminal has your child’s single photo or video, they will threaten them with exposure; essentially, coercing your son or daughter to provide them with additional photos or videos and in even more compromising, explicit situations. The criminal knows that fear drives action. … fear of being in trouble by their guardians, of having their device taken away, of being persecuted for pornography, and of feeling massive embarrassment and shame.

 

What can we do to prevent sextortion? Discuss this topic openly with your children. Let them know that they can tell you anything and you are always there to help them. Communicate that you do not want them to chat with anyone they don’t already know online. Educate them that any photo or video they may take is already public information and not just on their device. Limit their device use. Make sure their social media accounts are kept private. Make them aware that some profiles are not real and that there are adults purposely pretending to be someone else to get them to chat and hurt them. Most importantly, trust your instincts. If something feels not quite right, it probably isn’t.

 

For more information, visit https://fbi.gov. 

Financial Tips for 2019 Grads

Financial Tips for 2019 Grads

It’s that exciting time of year! Cap and gowns are coming in and Pomp and Circumstance is running through your head as you prepare for the big event. If you’re a parent of a soon-to-be high school graduate, dollar signs may be running through your head as well, along with advice … and lots of it!

 

If you’re a grad, get ready to hear life experience stories from your graduation speaker and many others. The Federal Trade Commission (FTC) has some advice for you as well. Learn how to recognize financial scams. Younger people report losing money to fraud more often than older generations. According to Colleen Tressler, Consumer Education Specialist, FTC, 43% of those who reported fraud were in their 20s, while only 15% were in their 70s. Read More

 

What can you do to help avoid financial fraud?

– Never give out money or any personal identifying information (PII) in response to an unexpected request. Be wary of texts, phone calls and emails. Scammers commonly pretend to be someone you trust.

– Do your research. Be smart with your online searches and use terms like “complaint,” “scam” or “alert” along with the company name when you search.

– Understand that there’s no such thing as truthful caller ID anymore.

– Don’t wire money. Government and legitimate companies will not require you to pay for products or services with a reloadable gift card. Even using cards like iTunes and Google Play are risky.

– Recognize that robocalls are illegal and should be reported to the FTC. If you mistakenly answer one of these calls, hang up immediately.

 

Looking for a job?

– Check out job placement firms closely. These companies should not be charging high fees in advance for any type of service without a guarantee of placement.

– Keep in mind that the promise of a job isn’t the same thing as job. If you have to pay for that promise, it’s likely a scam. Read More

– Realize that there are many fake jobs listed on social media. Google the company name and visit their website along with the search term “career.” If jobs are not listed on their website and nothing comes up on Google, those are red flags.

– Don’t give out any credit or bank account information over the phone to a company unless they have hired you and have agreed to pay you something.

– Get job details in writing and take time to go over the small print. A legitimate company won’t pressure you into making an on-the-spot decision regarding your career.

 

Congratulations and make sure you enjoy your special day. We wish you the best of luck in your future endeavors!

 

For more information, visit https://www.consumer.ftc.gov.

Ten Signs You Have Been a Victim of Identity Theft

Ten Signs You Have Been a Victim of Identity Theft

Identity theft is rampant. One in three data breach victims will experience fraud according to a 2018 study by Javelin Strategy & Research. The number of identity fraud victims in the United States alone is at 16.7 million with over $16.8 billion stolen. Read More

 

Do you know the latest signs of identity theft? Here are the top ten red flags that trouble is brewing:

– You receive a notice, either in the mail or via email, that you have been a part of a data breach.

– Your credit score quickly drops without explanation.

– Withdrawals from your bank account start to occur … and they are withdrawals that you haven’t scheduled or already made.

– Although you haven’t filed any insurance claims, your rates rapidly rise.

– Your Social Security statements aren’t matching your records.

– There are suspicious charges on your credit card.

– You are turned down for a loan or credit card unexpectedly.

– Your credit report shows accounts that you have not opened.

– Either federal, your state or local taxing authority alerts you to their receipt of multiple filings in your name.

– You receive a bill for an item or service that you have not purchased … and from a company that you have never done business with.

 

Have you experienced any of the above? If yes, contact a fraud resolution specialist immediately.

Quick Steps for Lost Wallet

Quick Steps for Lost Wallet

You know that flustered feeling when you can’t find your cell phone? Imagine if you had your driver’s license, ATM debit card and your AMEX in a pocket inside your phone. Not only would you have a lost wallet, but you would have a lost cell phone as well. Talk about panic.

There are many reasons why you should not carry every ID you have on you at any given point in time. Your Social Security card … should be in a safe. Your passport should be in there as well. If you own more than one credit card, don’t carry all of them in your wallet at the same time. Your health insurance card? Now, that’s a toss-up.

Before a lost wallet scenario could happen to you:

• Make a detailed list and/or keep photocopies of the contents in your wallet in a safe place (ideally in a home safe or bank lock box). Make sure phone numbers are included for your providers as well so you can swiftly contact your creditors if the moment arises.

What to do if you have a lost or stolen phone, wallet or both:

• Call your bank(s) immediately to report your debit and/or any credit cards as stolen. This is different from canceling or closing your credit cards, which can cause problems with your credit reports. “You’re only responsible for up to $50 in unauthorized purchases if you report a debit card as missing within two business days of the loss. But, if you wait more than two days (but less than 60), you could be on the hook for up to $500 in unauthorized purchases.
• Call your cell phone carrier if your lost wallet also included your phone. Service providers have tracking that can help trace the footsteps of your burglar as well as the ability to shut off any apps, suspend social media accounts and email for the time being.
• File a police report.
• Initiate a fraud alert on your credit report.
• Replace your driver’s license as soon as possible. Every state has different requirements for replacing a license. Some may ask you for a police report number if your ID has been stolen.

• IF your Social Security card was in your wallet (not recommended), contact the Social Security Administration immediately. They can send you a new card but they won’t give you a new number.

• Download a credit report. If you see anything you don’t recognize, call the IRS Identity Protection Unit 800.908.4490.

What types of cards and documents can be replaced?

It can be overwhelming when we think of everything that could be in our wallet. Your driver’s license, debit card, passport, military ID, health insurance card, Medicare/Medicaid, auto insurance card, US Visa or residency card, even retail store cards and any specialized license or driver’s permit all can be replaced, but it takes time.

It’s best to minimize what you carry with you. Our Lost Wallet service assists our Members in quickly and effectively terminating and re-ordering wallet contents. Our services include:

• Identifying missing documents.
• Contacting document issuers while Member is on call (if required by issuer).
• Cancelling of all lost cards and report documents missing.
• Completing the required forms and delivering to subscriber for completion.
• Initiating fraud affidavit and police reports for stolen wallets.
• Additional resolution calls based on the severity of issue, as needed

The Rise in Health Care Fraud

The Rise in Health Care Fraud

Health care data is increasingly becoming a top target for scammers and hackers. A reason why fraudsters may be going after health care data more is because of its longer shelf life and rich potential for identity theft. Financial data has a finite lifespan and loses its worth as soon as the consumer notices the frauds and cancels their accounts or cards. However, health care data contains information that can’t be cancelled or changed as easily as a credit card.

Every year, with the exception of 2015, the number of healthcare data breaches has increased 70%, rising from 199 breaches in 2010 to 344 in 2017.[1] According to a study published by the Journal of American Medical Association, “those breaches have resulted in the loss, theft, exposure, or impermissible disclosure of 176.4 million healthcare records. 75% of those records were exposed or stolen as a result of hacking or IT incidents.” Medical identity theft not only affects the patient (consumer), but has potentially disastrous ramifications on insurance providers as well as the healthcare providers.

What is medical identity theft?

Medical identity theft occurs when a fraudster illegally obtains and uses a patient’s Personally Identifiable Information (PII), such as name, Social Security number, and/or medical insurance identity number, to fraudulently obtain or bill for medical goods or services. This kind of fraud also includes the unauthorized personal gain of insurance benefits, prescription drugs, employment, government benefits, or other financial gain acquired through the theft of another individual’s PII. Hackers have also been known to sell stolen health care records on the black market.[2]

The ten largest data breaches of patient data in 2018 involved email, targeted phishing attacks, and database misconfigurations. The largest health data breach during this same time was caused by a hack on a billing vendor, AccuDoc Solutions. 2.65 million Atrium Health patients were involved in the breach.

Who is at risk?

Everyone is at risk for medical identity theft but seniors are increasingly targeted. Navigating the Medicare system isn’t easy to begin with. When confusion enters the picture, scammers view it as an especially ripe time to take advantage of the ever-growing aging population. Always keep in mind that Medicare will never call to ask for sensitive personal financial information.[3]

How can you help protect yourself?[4]

  • Review the Explanations of Benefits (EOB) statement or Medicare Summary Notice that your health plan sends after treatment. Immediately report any mistakes or unfamiliar charges, such as a doctor’s visit you did not make or prescriptions that you did not fill.
  • Check in with your doctor(s) to ensure your medical records are accurate. Make sure the records contain your procedures, treatments, prescriptions, and other medical activities. If you notice inaccurate health details such as the wrong blood type, pre-existing conditions, or allergies, it may be a sign that an identity thief has accessed your records.
  • Get a copy of your medical records periodically and keep them in a safe.
  • Do not share your medical or insurance information with other individuals.Especially do not provide your medical information over the phone or via email unless you initiated the contact and have verified the entity you are contacting.
  • Treat your medical identity with the same care and caution you do any of your other sensitive information, such as your financial credentials. Shred health documents you no longer need. Peel the labels off of your prescription bottle and shred them as well.
  • Read the Privacy Policy on a website before you provide your Personally Identifiable Information. Find out why your Social Security number or insurance account numbers may be needed and how the website will keep it safe, or if it will be shared, and if so, with whom. (Websites with “https” in their URL are secure.)

If you are unsure about sharing your personal information with someone who says they are from your health plan—DON’T. Directly contact the Member Services number on your ID card so you can be sure the person is a verified health representative.

Don’t Let Identity Theft Become a Vacation Memory

Don’t Let Identity Theft Become a Vacation Memory

We all look forward to vacations … time off of work, fun with the family, a few days of laziness… but, when we are excited about buying sunscreen and new flip-flops, we need to remember that there are some other ‘things to do’ on our checklist to help keep our family and identities safe.
In addition to finding pet care, remembering your passport and making sure your  lighting is on schedule, there are some pre-, during and post-trip items that you can do to help prevent identity theft from becoming a huge vacation memory.

Just some small preventative measures like updating the operating system and antivirus software on your mobile devices can go a long way toward fending off a few identity thieves.

Before you leave home:

  • Password protect your devices and update operating systems
  • Alert your bank(s) about your travel plans
  • Visit your post office and put your mail on a vacation hold
  • Keep the number of credit cards you travel with to a minimum and have copies of your driver’s license, medical id cards, passports and travel confirmation numbers at home in a safe place
  • Turn off auto-connect Wifi and Bluetooth connections
  • Consider adjusting your social media account settings so posts aren’t tagged with GPS data

While out of town:

  • Avoid using public Wifi and even your hotel’s if at all possible
  • Do not use public computers
  • Keep your travel documents in a hotel safe
  • Log out of websites on your smart phone and any websites if you bring a laptop or other device with you on your trip

Upon your return home:

  • Consider changing passwords for your major accounts
  • Thoroughly go through your account statements for any irregularities
  • Check your credit report to make sure no new accounts were opened in your name while you were away
  • We hope you have a wonderful vacation. Stay safe!
14 Apps (Social Media Apps Parents Should Know About)

14 Apps (Social Media Apps Parents Should Know About)

As children get older and become more independent, their time on smart phones and laptops increase substantially. Yes, you can set screen time limits for them but, as a parent, you likely won’t be able to implement that control continuously through the years. It is important to help your children be aware that predators have the ability to find them through some of the apps they use.

Ways to Help Protect Your Children:

  • Approve every app on your child’s phone
  • Understand how to use privacy settings and check them regularly
  • Discuss what you expect of your children in regard to phone usage
  • Educate yourself and your children on social media etiquette
  • Research the popular apps in your particular geographic area
  • Check your child’s phone periodically for any new apps

 

These 14 apps can be dangerous and expose your children to a range of events from bullying and unwanted sexual messages to kidnapping and identity theft.

  • BUMBLE – similar to the Tinder dating app but requires females to make the first contact. Children have been known to use Bumble to create fake accounts with a false age.
  • ME – a live-streaming video service that utilizes geolocation so users can find out each broadcaster’s exact location. Users of this app can earn"coins" as a way to "pay" minors for their photos and videos.
  • FM – a cyber-bullying app that encourages anonymous people to ask anonymous questions. The answers are then used to cyber bully the account holders.
  • SNAPCHAT – most popular app amongst middle and high schoolers. Users can take photos/videos and create "storie" that can be viewed for 24 hours before it disappears. This app also has geolocation so users can see each person’s exact location.
  • HOLLA – is one of the most self-proclaimed addicting video apps where users can chat with people all over the world in just seconds. Racial slurs, explicit content and identity theft are to be expected.
  • CALCULATOR% – is one of several secret apps used to hide photos, videos, files and browser history. The app looks like a calculator but functions like a secret photo vault.
  • KIK – provides account holders unlimited access to direct message anyone anywhere. This app also has built-in apps and web content that would be typically filtered on a home computer.
  • WHISPER – another anonymous social network that promotes the sharing of secrets with strangers. A user’s location can be revealed so people can meet up.
  • HOT OR NOT – this app encourages users to rate your profile, check out people in their geographic area and chat with strangers with the goal of hooking up.
  • OMEGLE – is a free online chat website that promotes chatting anonymously with strangers.
  • YELLOW – another "tinder" like app that allows teens to flirt with each other.
  • BURN BOOK – known to be the app where anonymous rumors can be spread through audio messages, text, and photos.
  • WISHBONE – allows users to compare kids against each other and rate them on a scale.
  • INSTAGRAM – is a very popular photo/video sharing app that allows users to assign filters to photos and share them with their followers. Everyone who creates an Instagram account has a profile as well as a newsfeed. There are privacy settings that can make accounts public or private. It is popular for children to create fake accounts with fake names, ages and pictures.

New apps are developed daily so stay in the know regarding the social media scene and what your children are talking about with their friends. Utilizing the same apps your children use can also help you keep up-to-date on what privacy controls are available and how they work.

Taking the Mystery out of Shopping Scams

Taking the Mystery out of Shopping Scams

It’s no secret that being a mystery shopper for a reputable company is a legitimate way for an individual to earn some income. Mystery shopping, also known as secret shopping, is estimated to be a $1.5 – 2 billion dollar industry with over 8.1 million mystery shops conducted a year. This profitable enterprise has been around for decades.

Contrary to what many believe, mystery shoppers don’t get paid to shop. They are independent contractors who pose as shoppers in order to gather data about the customer experience in a specific environment. Mystery shoppers complete reports, often using an online form, after leaving the establishment they observe. They get paid for their work and do not front any money first in order to work.

Fake check fraud is an exploding epidemic and scams involving the mystery shopping industry have made a big comeback … unfortunately, our tech-savvy teenagers are the targets of late.

Anyone with a bank account and the desire to make some extra cash on the side can be a victim. High school and university students across the nation are increasingly being pursued. Why students? Students are easy targets for scammers due to their need for money to help fund their education.

Thousands are being contacted and thousands of dollars are being lost. The latest mystery shopping scam reported in the media last month disclosed that University students in Fargo, North Dakota had been targeted. One devastated student ended up losing $3,850.75. Being educated on how this type of scam operates will help prevent this from happening to you and your child.

How Does a Mystery Shopping Scam Work?

  • Scammer reaches out to victim with an offer in the mail to be a secret shopper and a check is included. Often times the amount on the check is for over a thousand dollars. The victim is told to deposit the check and understands that they will eventually keep several hundred dollars as payment for their upcoming shopping services.
  • Victim deposits the check and waits the expected day or two for the funds to clear. Note that even if the bank says the funds are available in a couple of days, the process of uncovering a fake check can take financial institutions weeks.
  • Victim is asked to buy something. Typically, the first shopping task is to test the in-store money transfer service like Western Union or MoneyGram by sending some of the money that was deposited back to the company.
  • Victim is then asked to buy a product, “often from a Walmart,” according to the Federal Trade Commission. Common items purchased are reloadable gift cards, such as iTunes. Part of this task requires the victim to send pictures of the purchased cards or to give the numbers on the cards to the company.
  • Two to three weeks later, the victim receives a notification from their bank that the deposited check was a fake. The realization that they have been scammed sets in. Victim is responsible for paying back the amount to their bank. Another unfortunate bonus is that the reloadable gift cards that the victim had purchased are suddenly empty of funds.

 

What Can You Do?

Help stop these scammers from making money. Educate your children about the issue. Explain what check fraud is. Let them know that they should never pay to become a mystery shopper. The fact that these scammers are targeting our children is another great reason to make sure that your identity theft protection covers every member of your immediate family.