How to Detect a Fraudulent eCommerce Site

How to Detect a Fraudulent eCommerce Site

The Washington Post just reported that U.S. consumers are expected to shell out a record $9.4 billion today on Cyber Monday, a 19% increase from last year. While Walmart, Target, Best Buy and Amazon are many holiday shopping ‘go-to’ websites, there are many others that you may visit, especially when looking for that perfect personalized gift. Unfortunately, fake eCommerce websites and scams during the holiday season are on the rise.

 

How do you decipher a legitimate website from a fake one? Yes, it is confusing … and that is by design. It’s not easy. There are some detailed things to watch out for:

 

– Scammers’ tactics include manipulation and will urge you to purchase. If you’re trying to make a purchase online and are offered help with the checkout process, do not give any personal identifying information (PII) in a chat room. If you are asked to do so, exit immediately.

 

– Hover over hyperlinks to make sure they’re going to a legitimate website. If there isn’t a padlock symbol and an ‘https’ in the address bar, exit immediately.

 

– A legitimate retailer will have full contact details, including address, email and phone number, on the website. If any of those are missing, exit immediately.

 

– Check out the website’s customer reviews. While many are legit, if you read beyond the star rating and check the reviewer’s history (especially if it is a very positive post), you may find that the reviewer uses the same phrases for other products and companies. Red flag! Also, if their reviews are not specific about the product, they have reviewed the same product before or they do not give useful feedback, recognize that they may not be legitimate and … guess what? … exit immediately. There are online tools such as Fakespot that can help you determine a customer’s review reliability.

 

– Don’t use a debit card for online purchases. Credit card companies won’t insure your purchase if you use a debit card. Dedicate one credit card for all online purchases and check the statement often. If you see any unusual activity, dispute the transaction immediately.

 

If you suspect identity theft or fraud, please contact us day or night at 888.966.GUARD (4827) or email memberservices@guardwellid.com. We’ve got your back and are always open for you.

Keeping Your Holidays Happy and Fraud-free

Keeping Your Holidays Happy and Fraud-free

Yes, it’s that wonderful time of year. The holidays are quickly approaching … and at lightning speed! Will you be traveling to see family in the next few weeks? Or, maybe you’ll be skipping off to a great vacation instead of decking the halls? Whatever your plans are, having time off of work, fun with friends and family, and hopefully a few days of laziness … are wonderful to look forward to. But, when we are caught up in the excitement about buying those last-minute gifts (or sunscreen and new flip-flops), we need to remember that there are some other ‘things to do’ on our checklist to help keep our family and identities safe during this special time of year.

 

In addition to stopping the mail, finding that special neighbor with a green thumb to water your plants, and arranging for pet care for your fur babies, there are some pre-trip actions that you can take to help prevent identity theft from becoming a huge holiday memory. Just some small preventative measures, such as updating the operating system and antivirus software on your mobile devices, can go a long way toward fending off a few identity thieves. Below are some tips for what you can do before you leave home, as well as while you’re away and after your return.

 

Before you leave home:

– Password protect your devices and update operating systems

– Alert your bank(s) about your travel plans

– Visit your post office and put your mail on a vacation hold

– Keep the number of credit cards you travel with to a minimum and have copies of your driver’s license, medical id cards, passports and travel confirmation numbers at home in a safe place

– Turn off auto-connect Wifi and Bluetooth connections

– Consider adjusting your social media account settings so posts aren’t tagged with GPS data

 

While out of town:

– Avoid using public Wifi and even your hotel’s if at all possible

– Do not use public computers

– Keep your travel documents in a hotel safe

– Log out of websites on your smart phone and any websites if you bring a laptop or other device with you on your trip

 

Upon your return home:

– Consider changing passwords for your major accounts

– Thoroughly go through your account statements for any irregularities

– Check your credit report to make sure no new accounts were opened in your name while you were away

 

We hope you have a wonderful holiday vacation. If you suspect identity theft or fraud, please contact us immediately at 888.966.GUARD (4827) or email memberservices@guardwellid.com. Day or night, we’ve got your back and will always be open for you.

Scams, Scams and More Darn Scams

Scams, Scams and More Darn Scams

Did you know that there are at least 48 different types of identity theft and the number of scams involved in each is growing daily? Romance scams, residence scams, utility scams, employment scams, telephone scams, email scams, charity scams, Apple care scams, AirBNB scams, PayPal scams, census scams, ticket scams, government scams, medical scams, insurance scams, real estate scams, investment scams, lottery and sweepstakes scams … there really isn’t one facet of our lives that isn’t ‘scam-able.’ As the weather turns colder, it kind of makes you want to curl up under an electric blanket and hibernate for a bit doesn’t it!

 

Although everyone with a social security number is at risk for identity theft, there are two groups that are targeted more often: children and seniors. The U.S. Department of Health & Human Services has studied why. They explain, “Children are targeted to establish a ‘clean slate.’ Seniors are targeted over the telephone and through phishing scams. Some studies suggest that people become more trusting as they age, which helps to explain why it’s more difficult for older adults to detect fraudsters.”

 

The next high-risk group that follows children and seniors are the military mostly due to deployment, which impacts their ability to respond to a threat in a timely manner. According to the Federal Trade Commission, military consumers are most affected by credit card and bank fraud. Another high-risk group is identity theft repeat victims. As reported in Consumer Affairs, “people who have previously been affected by identity theft are at a greater risk for future identity theft and fraud.” According to the Center for Victim Research, “7-10% of the U.S. population are victims of identity fraud each year and 21% of those experience multiple incidents of identity theft.”

 

Lastly, the deceased are targeted. Stealing a dead person’s identity, commonly known as “ghosting,” will often go unnoticed by surviving family for months or years. A report dating from 2012 stated that 2.5 million deceased American identities are stolen each year. Of those 2.5 million stolen identities, 800,000 were used to open lines of credit or get a mobile phone plan.

 

Fraudsters oftentimes repeat their favorite most lucrative scams, which are driven by major financial life moments, such as taxes and holiday shopping. Yes, it’s getting to be that time of year, and, guess what … the world’s largest online retailer, Amazon, is seeing a huge increase in fake Amazon.com order cancellation scams. If you receive an email about an order cancellation from Amazon, there’s a good chance it’s a scam. Click on links in the email and you could unintentionally download malware onto your device. Or you might be sent to a site that aims to collect your Amazon account information, like your username and password. If you receive such an email and recently placed an order, go to Amazon.com directly to check your order status.

 

Most of our blogs offer tips to help protect yourself and your family from identity theft. There is one tip in this blog: Remain aware of scams and that they can touch every facet of your life. By staying in-the-know, you can help every month be National Cybersecurity Awareness month … not just October.

 

If you suspect that you or a loved one has suffered identity theft, please reach out to us as soon as possible. Our Guard Well member services team is available around the clock, every day of the year. Email memberservices@guardwellid.com or call 888.966.GUARD (4827) for help.

SIM Swap Attack – the New Hijack

SIM Swap Attack – the New Hijack

Imagine no texting, no service, and no data for a minute. Yikes! Halloween or not, the lack of being able to connect is a very scary thought and it can happen to any of us due to a tiny piece of plastic called a SIM card. There is a SIM (subscriber identity module) in every mobile device and it is what connects the user to a cellular network. Unfortunately, there is a wide-spread SIM swap hack that allows a thief to hijack your cell number.

 

Also known as a port out scam, simjacking, swim swapping, and SIM splitting … this latest scam can wreak havoc in all of your accounts associated with your mobile phone number. Everyone with a cell phone is at risk of this type of takeover. The PEW Research Center, a nonpartisan organization based in Washington D.C., reported this year that 96% of Americans have a cellular device and 92% of them go online daily. Considering that there are approximately 330 million Americans, that’s a pretty large target market from a hacking standpoint. No one is immune. A number of high profile attacks have occurred via Instagram and Twitter. The website wired.com reported that Twitter CEO Jack Dorsey’s own twitter account was hacked via this method this year.

 

What is a SIM Swap?

This type of scam is an account takeover fraud. It targets a weakness in two-factor authentication and two-step verification in which the second factor (step) is either a text message or a call placed to a mobile telephone. This is achieved by the fraudster impersonating the victim using personal details to appear authentic and claiming that they have lost their phone. The victim’s phone will then lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows them to intercept any one-time passwords sent via text or telephone calls sent to the victim, and thus to circumvent any security features of accounts (such as bank accounts, social media accounts, etc.) that rely on text messages or telephone calls.

 

Damage from a SIM swap can have a snowball effect. Since the scammer would be armed with your login credentials, not only can they steal your money, take over your email and social media accounts, but they can lock you out of them all and open up a new cellular account in your name … or buy that new phone you’ve been eyeing for months but won’t have the joy of using yourself.

 

Is a SIM swap preventable?

No. It’s impossible to completely prevent someone from gaining access to your phone number through a SIM swap due to the fact that the scam requires no misstep on your part (such as clicking on a bogus link). All the scammer needs to do is convince your carrier that they are you and to transfer your phone number to their SIM. As described by Michael Grothaus with Fast Company, “There’s nothing inherently shady with doing a SIM card swap. If you lose your phone or your SIM card is damaged, for instance, you might go to a mobile carrier store or even call up customer service to have your number transferred to a new SIM.”

 

Even though you can’t prevent a swap from happening to you, there are ways to make it more difficult for a scammer. Grothaus suggests to use an authenticator app such as Authenticator by Google, Microsoft AuthenticatorLastPass Authenticator, and 1Password. A single authenticator app can handle all your authentication codes no matter how many different accounts you use.

 

Other courses of action you can do to help prevent a swap include:

– Limit the personal information you share online. Identity thieves will find information to answer the security questions you may have set up to verify your identity. For example, if one of your security questions is, “What is my high school mascot?” and you list your high school name on your Facebook account and that information is not on a private setting, it’s not difficult for a good sleuth to figure out your mascot’s name.

– Set up a PIN for your cellular account and do not share it with anyone.

– Do not reply to calls, emails and SMS messages that could be a phishing attempt to request your personal data. Make sure to read our blog “Accidentally Clicked on a Phishing Link – Now What” to get up-to-speed on phishing scams.

 

The Federal Trade Commission offers a few tips on what to do if you suspect that you’ve been swapped:

– First, contact your cellular service provider immediately to take control of your phone number. After you re-gain access to your phone number, change your account passwords.

– Check your banking, credit card and insurance statements for unauthorized charges or changes to your profile.

– Call your identity theft resolution provider. A Guard Well Member Services team professional is always on hand for you 24 hours a day, seven days a week and every day of the year … yes, even Halloween. There are enough tricks flying around. Here’s to receiving a treat this year!

 

 

BBB’s Torch Awards for Marketplace Ethics

BBB’s Torch Awards for Marketplace Ethics

Join us in celebrating businesses and charities that go above and beyond to exemplify ethical behavior and create a trusted marketplace. We are a proud sponsor of the Better Business Bureau’s Torch Awards event, which will take place Friday, October 18th at the Sharonville Convention Center 11:30am – 1:30pm.

 

2019 Torch Award Winners include:

– Camp Joy

– The Basement Doctor of Cincinnati

– Ace Exterminating Co.

– Deviant Designs Tattoo Studio

– Impact 100, Inc.

 

We look forward to honoring these exceptional organizations. For more information and to reserve your seat, visit torchtickets.org or click HERE.

DoorDash Data Breach: How to Tell if You’ve Been Hacked

DoorDash Data Breach: How to Tell if You’ve Been Hacked

Remember when home-cooked meals happened six nights a week instead of just during the holidays? I don’t really do either. Delivery is indeed a major convenience though. From groceries and prescriptions to corporate lunches, family dinners and late night snacks, if you can order it on an app, such as Uber Eats, it can be on your doorstep in about an hour. Yes, delivery is a major convenience but, just like with everything in life, there are risks and your data can be compromised. Just ask the almost $5 million DoorDash users, merchants and workers who were recently hacked. Hits a little too close to home.

 

Consumer behavior, along with the concept of dinnertime itself, have both evolved in the past few years, making food delivery one of the the newest up and coming fads. The industry, referred to as third party logistics, is experiencing “unprecedented growth to the tune of $43 billion in deliveries (2018) and is forecasted to rise to $76 billion by 2022.” As reported in Barron’s, GrubHub this past spring was losing the food-delivery war with DoorDash stealing the show. “For the industry, DoorDash’s pace of share gain is the dominant trend,” reported KeyBanc analyst Andy Hargreaves, March, 2019. DoorDash just recently surpassed Uber Eats as the second-largest food-delivery service in the U.S. after GrubHub. We regularly use all three providers, but with a preference for DoorDash only because of the availability of restaurant choices.

 

What actually was hacked?

The latest report according to Business Insider, detailed that the breach occurred in May and affects some users who started using the DoorDash app before April 5, 2018…. “DoorDash said an unauthorized third party was able to access some users’ profile information, including names, email addresses, delivery addresses, order history and phone numbers.” The article continued to report that the last four digits of some consumers’ credit cards were also accessed, but not full card numbers or CVVs. “For some delivery workers and restaurants, the unauthorized third party accessed the last four digits of bank-account numbers.” DoorDash did announce that the “credit card and banking information is not sufficient to make fraudulent charges or withdrawals.” That gives us a little peace of mind. Maybe.

 

How do you know if you were hacked?

DoorDash reported to Business Insider that it had begun contacting people affected by the data breach and will continue to do so as they become known. The company did recommend that even those who hadn’t been contacted by DoorDash regarding the breach should still change their password immediately to be safe.

 

– If you signed up for DoorDash after April 5, 2018, your data is likely safe. If you can’t recall when you signed up, contact them to find out.

– Check your bank account(s) which are tied to your DoorDash account for fraudulent activity. Hackers count on people not reviewing every item on their credit card and bank statements.

– Contact your identity theft solutions provider immediately and especially if you notice anything “off” in your statement(s).

– Do you use the same password for multiple accounts? We recommend that your passwords are updated on a routine basis and that the same one isn’t used across multiple accounts.

 

Hackers will continue to hack. That is a definite certainty in this day and age. When we set up any type of home delivery, it is unnerving to not be able to trust that they will keep us safe as well as our food. Maybe we all should go back to those home-cooked meals … now, how do you turn the oven on again?

 

Need help? Our Member Services team is here for you 24/7/365. Call us at 888.966.GUARD (4827) or email memberservices@guardwellid.com.

 

References:

Fortune. Morris, Chris. “DoorDash Data Breach: What to Do If Your Account Was Compromised.” September 27, 2019.

Business Insider. Holmes, Aaron. “DoorDash Hack: How to Tell If You’re Affected.” September 26, 2019.

Accidentally Clicked on a Phishing Link – Now What

Accidentally Clicked on a Phishing Link – Now What

You know that searing flush-faced feeling when you pretty much know you made a mistake with a slip of the finger? Sometimes it’s sending a text too soon or responding to an email without editing your response. Other times it’s when you click on something you likely shouldn’t have … and then the “uh oh” escapes … and then the big sigh.

 

When we multitask, whether it is at work or at home, we do tend to slip up at times and open something that we shouldn’t. Then enters adware, malware, ransonmare, spyware, and whatever-else-is-next-ware into our lives.

 

Oops! Now what?

 

There are some imperative steps to take to alleviate harm to you and/or the network you may be connected with:

– Try not to panic. This happens to everyone. Antivirus and anti-malware will come into play and you will need to have a full system scan. But first …

– End the session immediately by turning off Wi-Fi, unplugging from an ethernet cable or completely shutting down all of your devices.

– Initiate a back up of your files. Since you won’t be connected to the internet at this point, you won’t be able to accomplish this to the cloud. Having an external drive, DVD or thumb drive are always nice to have on hand during times like these.

– Change your login/password to email account(s) and enable two-factor authentication if this hasn’t already occurred.

– If you are employed by a company or organization, reference your manual and let your network administrator know of the potential issue.

– After all is said and done, check your antivirus/anti-malware software and run a full scan.

 

Being informed of what steps you may need to take before a slip up happens can help ease the potential damage (and your stress level) if it does. As always, if you need help or have any concerns, we are available 24/7/365 for you.

DNA – Genetic Testing Hacks

DNA – Genetic Testing Hacks

Yes, we all would love to know more about our pasts … some from a medical necessity and others just from plain curiosity. Unfortunately, genetic testing is one of the newer “gotcha” identity theft hacks. The U.S. Department of Health and Human Services of Inspector General has just alerted the public about this new fraud scheme.

 

What is Genetic Testing?

According to the U.S. National Library of Medicine, genetic testing is a voluntary medical test “that identifies changes in chromosomes, genes, or proteins. The results of a genetic test can confirm or rule out a suspected genetic condition or help determine a person’s chance of developing or passing on a genetic disorder.” With more than 1,000 genetic tests currently in use, genetic testing labs are sprouting up all over the country, and in some circumstances, health insurers now pay for the testing. For example, the Centers for Medicare and Medicaid Services pays for next-generation sequencing for people with advanced cancer or a family history if the test is medically necessary and ordered by a treating physician. These tests may cost $10,000 or more.

 

How Does Genetic Testing Fraud Happen?

Genetic testing fraud occurs when, in this case, Medicare is billed for a test or screening that was not medically necessary and/or was not ordered by a treating physician. For example, Mr. Smith, a retiree, attended a county fair and stopped by a booth offering “free genetic testing.” Not realizing that a treating physician’s orders would be needed for Medicare to cover the cost of the test and being naturally curious about his family’s risk of cancer, Mr. Smith provided his Medicare personal identifying information to the booth worker prior to getting his cheek swabbed. In some cases, sample kits are mailed to the victim. He was then told to expect test results in about three weeks. Medicare was billed for the test and denied the claim. Mr. Smith was then charged the full amount of the test and likely never received his results. Basically, Mr. Smith’s scammer found a laboratory willing to split the profit from the testing once the DNA samples were in hand.

 

How Can I Prevent This?

– If a genetic test is mailed to you unsolicited, do not accept it. Just write ‘return to sender’ on the envelope and send it back.

– Understand that there are schemes that say genetic testing is free. Although it may falsely appear as a no cost test, realize that there are no free genetic tests. Someone always has to pay.

– Only a physician that you know (and trust) should be discussing genetic testing with you or ordering it.

– If someone you do not know asks for your health insurance or Medicare information, do not provide it. Only provide this type of information in person at your physician’s office.

– Be aware that anytime your personal information is compromised, it may be used in other fraud schemes. Closely monitor your credit report and make sure your identity theft resolution services coverage is current.

 

If you suspect genetic testing fraud, please contact the HHS OIG (U.S. Department of Health and Human Services – Office of Inspector General) hotline at 1.800.HHS.TIPS or email spoof@oig.hhs.gov immediately. Not sure what to do or have concerns about this topic? Contact us day or night. We are always open for you.

 

 

Guarding Against Business Identity Theft

Guarding Against Business Identity Theft

Individuals aren’t the only targets for identity theft. Corporate, also known as commercial identity theft, saw a 46% increase last year according to the National Cybersecurity Society (NCSS). Although businesses of all sizes are at risk, small businesses are particularly vulnerable. “Small business identity theft—stealing a business’ identity to commit fraud—is big business for identity thieves,” remarks Mary Ellen Seale, CEO of NCSS.

 

She explains, “Unlike larger corporations, small businesses don’t always have the required security controls in place to detect and deter fraudulent activity, which can make them easier targets. There is also a general unawareness, among large and small businesses alike, of the magnitude of the threat and the devastating effects that business identity theft can have.”

 

Stealing an organization’s identity takes a lot less work than one might think. State laws require the public disclosure of proprietary business information in annual reports, names and addresses of key company personnel as well as the employee identification number (EIN). All of this information can be used by thieves to apply for a line of credit or loan as well as intercept business credit card information.

 

What can business owners do to help mitigate their risk?

– Educate your employees about phishing scams. Phishers aren’t just targeting your business … they are grabbing your customers, employees, partners and vendors. Make sure your employees know what red flags to look for when they receive an email that is asking for an action from them. Examples include bad grammar, mispelled words, links to unfamiliar websites and attachments.

– Don’t post sensitive company information on your website.

– Stay on top of computer security updates.

– Check your credit reports regularly.

– Follow the IRS new procedures to protect businesses. Visit https://www.irs.gov/individuals/identity-theft-guide-for-business-partnerships-and-estate-and-trusts for detailed information.

– File your company’s annual report on time and regularly check the secretary of state’s website. Keep in mind that if you operate your business in more than one state, each state may have their own due date.

 

Unfortunately, identity theft is here to stay. With the number of incidents growing each year, and financial losses piling up, it’s more important than ever for businesses to be vigilant. Do you have an anti-phishing plan for your business? Please contact us if you need assistance developing one or educating your employees about the topic.

Zoofari 2019

Zoofari 2019

Join us! We are a proud sponsor of Cincinnati Zoo & Botanical Garden’s Zoofari event, which will take place Friday, September 13, 2019 from 6:30 pm to midnight. This year’s theme is A Masquerade Ball.

 

Zoofari attracts over 2,600 guests and raises integral support for the Zoo’s initiatives, including the care and sustenance of more than 500 animal and 3,000 plant species, ground-breaking conservation efforts and educational outreach programs that reach more than 330,000 students annually.

 

The event is usually sold out so get your tickets fast. We hope to see you there!

 

Follow #Zoofari2019