Capital One Breach Alert – 100 Million Impacted

Capital One Breach Alert – 100 Million Impacted

The Wall Street Journal reports that this latest massive consumer data breach stands to be one of the worst for U.S. consumers because of the type of financial information that was accessed. The hacker accessed personal information of Capital One credit card customers and applicants in the U.S and 6 million in Canada. “This valuable consumer financial information can be used to figure out the identities of the most creditworthy or affluent consumers and open a card or loans in their name.” READ MORE

 

Take Action
Though Capital One says login information wasn’t compromised in this hack, reusing old passwords is a major security vulnerability. We suggest that you immediately:

– Change your passwords

– Set up two-factor authentication

– Closely monitor your credit card activity and credit reports

We Are Here to Help!
Please contact our 24/7/365 Member Services team at 888.966.GUARD (4827) if you think you may have been a victim. You can also visit our website and click on Let’s Talk, where you can:

 – Schedule an in-person meeting or call

– Make a payment

– Send us a file

– Leave us your comments

– Access your account

– Click-to-call Member Services immediately

Do You Know What Alexa, Google and Siri Are Up To?

Do You Know What Alexa, Google and Siri Are Up To?

Not everyone has a smart speaker in their home or office, but most of us do have a smart phone. When setting up your device, you were likely asked whether or not you wanted to activate your assistant. Doing so doesn’t take very long … you say a few phrases when prompted so it can get to know your voice and that’s pretty much it … you officially have a virtual assistant. Have you ever wondered how your assistant actually works?

 

Virtual assistants, such as Amazon’s Alexa, Apple’s Siri and Google’s Assistant, use artificial intelligence (AI) to parse what is said or typed and then provide useful information back. Want to know something quickly without lifting a finger? Simply say a wakeword phrase such as, “Hey Siri,” or whatever your smart application is called, and ask away. You could say, “Who wrote Gone with the Wind?” or “What is 23.5 times 6?” or “Play I Can’t Get No Satisfaction.” When you talk to a smart phone or speaker, you know that your voice is being recorded and that there will be a result – sometimes it’s an answer, other times the correct action is taken or occasionally there may be an inquiry back to clarify the request. But, just as false starts happen in races, false positive recordings can be triggered by something as simple as someone zipping up their jeans because it sounds to Siri like the person’s muffled voice. If you have ever experienced Siri being accidentally activated during a time when not requested, you know that it can be a bit embarrassing … and a little unnerving.

 

If privacy is a big concern of yours, you might want to throw your smart speaker or device out the window. These instruments are indeed paying attention to us, but does this mean that they can listen and record all of the time? Amazon hopes so. A newly revealed patent application filed by the company is raising privacy concerns over an envisaged upgrade to the company’s smart speaker systems. This change would mean that, by default, the devices end up listening to and recording everything you say in their presence. The idea is similar to Apple’s live photos, where video is recorded before and after a user takes a picture. Since the application is being asked to do something for us, then we are basically acknowledging that our privacy isn’t desired at that point in time.

 

Amazon.com, Inc. employs thousands globally to help improve the Alexa digital assistant through its line of Echo speakers. Rene Ritchie explained in his latest blog (July 28, 2019) titled Why People Are Freaking Out Over Siri Privacy Right Now, that “the team listens to voice recordings captured in homes and offices. The recordings are transcribed, annotated and then fed back into the software as part of an effort to eliminate gaps in Alexa’s understanding of human speech and help it better respond to commands.” Ritchie remarked, “If Amazon does decide to use the tech in its products, it’s unclear whether customers would be able to opt out of the ‘always on’ recording.”

 

Ritchie continued on with detail about Amazon’s patent application. “While the patent application explains devices would record audio in 10 to 30 second increments and automatically delete unneeded clips, privacy experts say it is cause for concern because it demonstrates tech companies’ growing ability to surveil customers at all times and potentially misuse collected information.”

 

Let’s take a glance at another tech giant, Apple, who recently told The Guardian: “A small portion of Siri requests are analyzed to improve Siri and dictation. User requests are not associated with the user’s Apple ID. Siri responses are analyzed in secure facilities and all reviewers are under the obligation to adhere to Apple’s strict confidentiality requirements.” The company added that a very small random subset, less than 1% of daily Siri activations, are used for grading, like whether the request was intentional or a false positive that accidentally triggered Siri, or if the response was helpful. They added that those snippets used for grading are typically only a few seconds long.  But, what if those few seconds just happen to be you discussing a very private medical issue with your doctor or a very sensitive issue with a family member? How can you prevent being part of a company’s grading process? Currently, the only way to have peace of mind that a random stranger won’t listen in on your Apple device is to stop using Siri entirely.

 

Heidi Messer for The New York Times wrote that “consumers should not be so paranoid about privacy. “The right to absolute privacy no longer exists and excessive regulation of tech companies will only stifle innovation and prevent job creation.” Privacy in the digital age may not be completely deceased but it is hanging on by its fingernails. Just remember, when you agree to use these products, you’re often giving up much more than you think.

 

 

 

 

Flying This Summer? How to Prevent Juice Jacking

Flying This Summer? How to Prevent Juice Jacking

Vacations are indeed wonderful. Traveling to a new destination or to a familiar favorite locale is a treasured experience with memories that can last a lifetime. On the other hand, traveling on business might not be as fun, but it is a must for many. Going from point A to point B can be stressful at times. Weather, flight delays, overbooked flights, long layovers or not having enough time between flights causing you to miss your next connection … you name it, it can happen. Next thing you know, your device battery is getting low. So, what do you do? Is it safe to recharge at a public charging station? Not always.

 

Juice jacking is a type of cyber attack and typically involves public USBs. Public charging stations, such as those found in airports, train stations, hotel lobbies, and even your rental car, can make your personal data very vulnerable and open your device up to malware.

 

As reported in Forbes, a growing number of nation-state hackers have been training their sights on travelers. New research from IBM, in the 2019 IBM X-Force Threat Intelligence Index, reveals that the transportation industry has become a priority target for cybercriminals as the second-most attacked industry — up from tenth in 2017. Since January 2018, 566 million records from the travel and transportation industry have been leaked or compromised in publicly reported breaches.”

 

What steps can you take to prevent juice jacking from happening to you?

– Don’t leave home without a fully charged battery.

– Carry a charging cord with you so you can use a wall socket instead of a public USB.

– Purchase an external battery pack.

– Turn off your phone to save your battery when feasible.

– Learn how to optimize your device’s battery settings.

 

 

 

Guard Well Founder and CEO Panelist in HR Forum Discussion

Guard Well Founder and CEO Panelist in HR Forum Discussion

On Thursday, June 13, 2019 the Cincinnati Business Courier hosted a live panel discussion with industry experts concerning the ongoing changes and critical issues impacting Human Resources. The panel covered a a variety of topics including workforce issues around employee engagement, retention strategies, organizational development, compensation, benefits and educating tomorrow’s business leaders. Our Founder and CEO, E. Allan Hilsinger, was among three of the panelists. Other industry experts included Deirdre Bird, Director of HR Consulting, VonLehman CPA & Advisory Firm and Brian Dershaw, Partner, Taft, Stettinius & Hollister LLP.

 

You can read the entire discussion HERE.

Top 10 Identity and Access Management Solution Providers – 2019

Top 10 Identity and Access Management Solution Providers – 2019

An Intelligent Way to Protect Your Employees

Guard Well Identity Theft Solutions was listed as one of the “Top 10 Identity and Access Management (IAM) Solutions Providers – 2019” in Enterprise Security Magazine. “What has intrigued us the most is that Guard Well always takes the driver’s seat in addressing the identity theft and restoration challenges through its full resolution solutions, cutting edge advanced monitoring tools and proprietary API technology. The company has been on the pinnacle in combining their 24/7 availability and an intense focus on customer service to provide the best IAM solutions today,” remarked Michael Brown, Managing Editor.

 

You can read the entire article HERE.

Two-factor Authentication Phishing  Scam

Two-factor Authentication Phishing Scam

Have you tried to log into an account of yours, such as your insurance or financial institution, and been told to confirm your identity in order to keep your credentials safe? You then receive a code either via text or email which is required for you to enter. Also known as 2FA, this SMS multi-step process has been the trusted security step to protect your accounts … until recently.

 

Unfortunately, there is an automated phishing attack on 2FA, which utilizes two tools: Muraena and NecroBrowser. Reported by Fortune, “The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber and NecroBrowser as the getaway driver.”

 

The attack was first demonstrated at the Hack in the Box Security Conference in Amsterdam last month. A video of the presentation was posted on YouTube on June 2nd bringing renewed attention to how hackers are getting better at penetrating extra layers of security, despite people using stronger tools, like 2FA.

 

So, what do you do? Do you still want to utilize SMS-based 2FA for your accounts? For the most part, the answer is yes.

 

Think of it like this. Say you want to put a lock on your front door to protect your home. Security professionals are arguing that the best type of lock available is way better than cheaper locks. Sure, makes sense. But if that more expensive lock isn’t available to you, isn’t having a cheaper lock still better than not having a lock at all?

 

As discussed on How-to-Geek’s website, there are some people who are more likely than others to be targeted by sophisticated hackers and should avoid using this SMS-based 2FA. For example, if you’re a politician, journalist, celebrity, or business leader, you could be targeted. Also, if you’re a person with access to sensitive corporate data, such as a system administrator, or just very wealthy, SMS may be too risky.

 

But, if you’re the average person with a Gmail or Facebook account and no one has a reason to spend a bunch of time getting access to your accounts, SMS authentication is fine and you should absolutely use it rather than using nothing at all.

 

If you suspect that your login credentials have been compromised, change your passwords as quickly as possible and report the website to the FTC and/or your identity theft resolution provider.

 

Sources:

https://conference.hitb.org/

https://Howtogeek.com/

 

 

Preventing a Mortgage Closing Scam

Preventing a Mortgage Closing Scam

Searching for a new home, can be as exciting as it is stressful, tedious and time-consuming. It will likely be one of your most memorable life moments, especially for first-time buyers. So when you do find that perfect home for you, your bid is accepted and the inspection comes back great, you and your family celebrate and start down the long check-list of things to do prior to your move.

 

As that closing date approaches, unfortunately, the risk of being a victim of a phishing scam does as well. The ultimate cost could be the loss of your entire life savings and there is usually not an insurance policy that will recover your money if this happens to you.

 

The FBI has reported that scammers are increasingly taking advantage of homebuyers with very complex, sophisticated schemes with reports of mortgage fraud rising over 1,100 percent each year. There was an estimated loss of nearly $1 billion in real estate transaction costs in 2017 alone.

 

How would mortgage fraud happen to you? Mortgage fraud, a sub-category of financial institution fraud (FIF), typically starts with a phishing email that appears to be coming from a trusted professional involved in your property purchase. The email claims to be notifying you of changes to your wiring instructions or that they had made a mistake and previously discussed the wrong wiring instructions with you. Wire fraud is so prevalent that many attorneys, lenders and realtors are starting to include a warning about it in their emails. “We do not accept or request wiring instructions or changes to wiring instructions via email. Always call to verify.” But, be wary that even phone conversations may be fraudulent.

 

What can you do to prevent mortgage fraud from happening to you? Consult the Consumer Financial Protection Bureau’s Mortgage Closing Checklist. Identity two trusted individuals involved in the closing process and have multiple ways for you to contact them. Real estate professionals suggest that you create a code phrase that is only known to the trusted parties involved in the transaction in case there is a need to confirm their identities in the future. Be mindful that email is never a secure way to send financial information or closing details.

 

What if mortgage fraud happens to you? Try to ask for a wire recall with your financial institution. Being swift in reporting the crime can greatly increase the likelihood of recovering your funds. Report the fraud to your identity theft resolution provider. Lastly, file a complaint with the FBI.

 

 

Sources:

https://www.fbi.gov/investigate/white-collar-crime/mortgage-fraud

https://consumerfinance.gov

 

Photo credit:

Tierra Mallorca via Unsplash

Sextortion: How to Protect Our Youth

Sextortion: How to Protect Our Youth

Unfortunately, our children are at risk from online predators in many different ways. Sextortion is a criminal act and horrible nightmare to victims and their families.  Learning what sextortion is and understanding how it could happen are the first steps in prevention.

 

What is sextortion? The Federal Bureau of Investigations (FBI) explains that sextortion occurs when an adult, through threat or manipulation, coerces a minor into producing a sexually explicit image and send it over the Internet.

 

How would this happen? The perpetrators utilize social media, games, chat and dating apps to capture their victims. The criminals will tell children that they will make them famous or pay them an exorbitant amount of game credits, crypto-currency, cash, or gift cards if they will participate.

 

Why would my child engage in this act? Sextortion is happening when minors feel most comfortable … when they are on their device, using an app, or playing an online game that is part of their daily routine. The adults that do this crime know that your children might not yet be mature enough to consider the consequences of an action and make decisions like an adult would. Any child with Internet access is at risk. The FBI has interviewed victims as young as 8 and reports that the crime affects all children regardless of gender, ethnicity, and socioeconomic groups. The victims have been honor-roll students, children of teachers, and student athletes. The only common trait is that they are all online.

 

Why don’t victims ask for help? Once the criminal has your child’s single photo or video, they will threaten them with exposure; essentially, coercing your son or daughter to provide them with additional photos or videos and in even more compromising, explicit situations. The criminal knows that fear drives action. … fear of being in trouble by their guardians, of having their device taken away, of being persecuted for pornography, and of feeling massive embarrassment and shame.

 

What can we do to prevent sextortion? Discuss this topic openly with your children. Let them know that they can tell you anything and you are always there to help them. Communicate that you do not want them to chat with anyone they don’t already know online. Educate them that any photo or video they may take is already public information and not just on their device. Limit their device use. Make sure their social media accounts are kept private. Make them aware that some profiles are not real and that there are adults purposely pretending to be someone else to get them to chat and hurt them. Most importantly, trust your instincts. If something feels not quite right, it probably isn’t.

 

For more information, visit https://fbi.gov. 

Financial Tips for 2019 Grads

Financial Tips for 2019 Grads

It’s that exciting time of year! Cap and gowns are coming in and Pomp and Circumstance is running through your head as you prepare for the big event. If you’re a parent of a soon-to-be high school graduate, dollar signs may be running through your head as well, along with advice … and lots of it!

 

If you’re a grad, get ready to hear life experience stories from your graduation speaker and many others. The Federal Trade Commission (FTC) has some advice for you as well. Learn how to recognize financial scams. Younger people report losing money to fraud more often than older generations. According to Colleen Tressler, Consumer Education Specialist, FTC, 43% of those who reported fraud were in their 20s, while only 15% were in their 70s. Read More

 

What can you do to help avoid financial fraud?

– Never give out money or any personal identifying information (PII) in response to an unexpected request. Be wary of texts, phone calls and emails. Scammers commonly pretend to be someone you trust.

– Do your research. Be smart with your online searches and use terms like “complaint,” “scam” or “alert” along with the company name when you search.

– Understand that there’s no such thing as truthful caller ID anymore.

– Don’t wire money. Government and legitimate companies will not require you to pay for products or services with a reloadable gift card. Even using cards like iTunes and Google Play are risky.

– Recognize that robocalls are illegal and should be reported to the FTC. If you mistakenly answer one of these calls, hang up immediately.

 

Looking for a job?

– Check out job placement firms closely. These companies should not be charging high fees in advance for any type of service without a guarantee of placement.

– Keep in mind that the promise of a job isn’t the same thing as job. If you have to pay for that promise, it’s likely a scam. Read More

– Realize that there are many fake jobs listed on social media. Google the company name and visit their website along with the search term “career.” If jobs are not listed on their website and nothing comes up on Google, those are red flags.

– Don’t give out any credit or bank account information over the phone to a company unless they have hired you and have agreed to pay you something.

– Get job details in writing and take time to go over the small print. A legitimate company won’t pressure you into making an on-the-spot decision regarding your career.

 

Congratulations and make sure you enjoy your special day. We wish you the best of luck in your future endeavors!

 

For more information, visit https://www.consumer.ftc.gov.

Ten Signs You Have Been a Victim of Identity Theft

Ten Signs You Have Been a Victim of Identity Theft

Identity theft is rampant. One in three data breach victims will experience fraud according to a 2018 study by Javelin Strategy & Research. The number of identity fraud victims in the United States alone is at 16.7 million with over $16.8 billion stolen. Read More

 

Do you know the latest signs of identity theft? Here are the top ten red flags that trouble is brewing:

– You receive a notice, either in the mail or via email, that you have been a part of a data breach.

– Your credit score quickly drops without explanation.

– Withdrawals from your bank account start to occur … and they are withdrawals that you haven’t scheduled or already made.

– Although you haven’t filed any insurance claims, your rates rapidly rise.

– Your Social Security statements aren’t matching your records.

– There are suspicious charges on your credit card.

– You are turned down for a loan or credit card unexpectedly.

– Your credit report shows accounts that you have not opened.

– Either federal, your state or local taxing authority alerts you to their receipt of multiple filings in your name.

– You receive a bill for an item or service that you have not purchased … and from a company that you have never done business with.

 

Have you experienced any of the above? If yes, contact a fraud resolution specialist immediately.