Your Face – The Truth About Biometric Data Theft

Your Face – The Truth About Biometric Data Theft

It all started with a smile. Byron’s new fitness app promised to tell him his new “biological age” but required a selfie to validate his account. So guess what he did? Snapped it for the app and went about his day. Although he didn’t quite agree with their age calculation later that night, he totally brushed it off and slathered on more skin care product.

A few weeks later, he saw a delivery app charge him for food several states away. Then his bank app asked him to confirm a new device. The kicker was when his pharmacy required him to update his new insurance card before picking up a prescription. He didn’t even have a prescription to pick up. “I better change my passwords,” he told his wife. That didn’t work. Stranger things kept happening. And she kept asking him about it. Annoying.

Even though he was proactive about updating his accounts, the problem was that he couldn’t change his face (well, technically he could have but extreme plastic surgery wasn’t in his five-year plan).

Hackers know you can’t just change the features that make you uniquely you. That data is one-of-a-kind and as permanent as it gets … which is why it is so powerful for authentication and totally devastating when compromised.

That fun little fitness app that quietly stored his facial data, their security wasn’t so great. They got hacked. Unlike that password you can’t quite remember, you can’t swap out your face or your fingerprints for new ones. So, what can you do?

– Make multi-factor authentication your new best friend. It might add an extra 15 seconds to your day, but your bank account’s balance is worth it in the long run.

– When your device tells you, “Software Update Available: Install Now?” don’t blink!

– Don’t automatically opt in. Get your readers out and check the fine print before handing over your face, fingerprints or your eyeballs to an app.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Smart Home, Dumb Security? The Truth About IoT Devices

Smart Home, Dumb Security? The Truth About IoT Devices

Somewhere between switching your coffee to half-caf and trying to figure out TikTok, you may have dipped a toe or entire foot into the smart home world. Think Ring doorbell, Nest thermostat, Google Home and your smart TV for a start. Apartment or house, size doesn’t really matter. Hackers don’t discriminate against your 850 sq ft new digs or 12,000 sq ft whopping investment money pit … they just want in!

Welcome to the future. Today we can tell your house to turn on the lights, lower the thermostat, play smooth jazz and spy on your pets all without lifting a finger. Yes, these wonderful Internet of Things (IoT) devices are super convenient, but IoTs aren’t always built with strong security in mind. If a device doesn’t have good protection, it can be hacked. Some guy halfway across the globe could use your Wi-Fi to check out your emails and get details on your bank accounts. They could peek in through your security camera, listen (and talk …creepy!) through your baby monitor or just keep it mildly annoying and slow down your internet with junk traffic or turn your home into a sauna.

Maybe your teen gave you an Alexa because they were tired of you yelling, “Hey Google, turn up the volume” at your bluetooth speaker. However you got to the land of smartness, your gadgets might be clever but your security settings may be stuck in 2005. So how do we prevent the midlife crisis your Wi-Fi didn’t ask for?

“Admin” is not a password … it’s an invitation. If your smart speaker, router or security cam is still set to the factory default, you’re officially easier to hack. Choose a password that you need to write down. And I’m not talking about ones that are easy to remember like “ILoveMyCat123.”

Educate yourself on all aspects of smart home technology. Your smart plug doesn’t need your location and microphone access.

– Different devices on a shared network all need different passwords. Huge tip: use your guest Wi-Fi for all of your smart devices.

Don’t buy off-brands with three reviews. Just because ElectroZing sounds like something fun out of The Jetsons, that new toaster oven can wreak havoc on your life.

– If your fridge has Wi-Fi, a touchscreen and your social security number, it might be time to re-evaluate. That almond milk that is getting low may cost you the depletion of your bank account. Just because your new condo comes with one that can connect to the internet doesn’t mean that it has to!

Keep your devices updated. They have trust issues, too.

– If you ever see a message like “Unknown device connected to your network” … immediately take action!

Yeah, smart tech is awesome but if it’s not protected, it can cause more problems than it solves. Be smart about your smart stuff! Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

QR Code Scam Alert: A New Twist on Brushing

QR Code Scam Alert: A New Twist on Brushing

A new scam is making its way into mailboxes, combining brushing scams with QR code fraud. A brushing scam is a deceptive scheme where online sellers send unsolicited packages to random people to boost their rankings and post fake reviews. These packages often contain cheap items such as socks or phone cases. The goal is to make it look like a real purchase was made and reviewed, tricking online marketplaces into improving the seller’s visibility.

Scammers prey on curiousity. If you receive a mysterious gift on your front porch, naturally you’re going to want to know who sent it, right? That gift may look like a free gift, but it oddly doesn’t include any details on who sent it. What it does have is a note inside instructing you to scan a QR code to “find out who sent this gift” or to “scan here to get return instructions.”

Scanning that QR code can lead to serious risks:

– Phishing websites that steal your login credentials, credit card details or other sensitive data.

– Malware downloads that infect your phone, allowing hackers access to your device.

– Identity theft if scammers collect enough of your personal information to do massive damage.

Cybercriminals are constantly finding new ways to exploit technology. If you receive an unsolicited package with a QR code, think before you scan! Avoid interacting with it, and always verify sources before providing any personal information.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Identity Theft Trends to Watch in 2025

Identity Theft Trends to Watch in 2025

As technology advances at lightening speed, cybercriminals are developing increasingly sophisticated methods to commit identity theft. We are seeing several emerging trends this year posing significant challenges to individuals and organizations. Here are the top five to be aware of:

AI-Driven Cyberattacks – Artificial intelligence (AI) is being used to create synthetic identities by combining real and fabricated information from social media platforms to create fake profiles, open fraudulent accounts and apply for loans. This type of fraud, known as synthetic identity fraud, is projected to generate at least $23 billion in losses in the U.S. alone by 2030. Watch out for fake friend requests or messages that seem a bit ‘off’ or ‘not quite right.’ You can protect yourself by setting your social media accounts to private and limit public personal details. Regularly check for fake accounts impersonating you and make sure to enable account settings with up-to-date contact information so you can regain access if your account is hacked.

Deepfake and Voice Cloning Scams – Advancements in AI have also led to the creation of fake videos and voice cloning enabling scammers to impersonate individuals in very convincing ways. The use of this biometric technology is used in phishing attacks, fraudulent communications and social engineering schemes. Be on the lookout for urgent video or voice calls from anyone pretending to be a close relative or friend or even your local bank teller asking you for a money transfer or to confirm confidential information. Don’t fall for it and make sure that voice authentication is disabled at your financial institutions.

Medical Identity Theft and AI-Driven Insurance Fraud – Healthcare remains one of the most targeted industries for cyberattacks. According to the U.S. Department of Health & Human Services, over 133 million healthcare records were exposed in breaches in 2024. This year we will continue to see the creation of fake patient profiles, which mimic real individuals. We are expecting an increase in deepfake telehealth scams where fraudsters use AI-generated voices and videos to impersonate real patients during telemedicine appointments. And, AI-powered fraud rings are using AI to automate medical fraud, reducing the time and effort needed to process fake claims. AI can do everything from altering medical records to submitting fraudulent claims on a grand scale. Specifically, be on the lookout for incorrect diagnoses or treatments in your records and check bills and insurance claims for services you never received.

QR Code Phishing Attacks – QR codes are everywhere these days: in the grocery store, on the products we buy, in our museums, on posters … anywhere that taking a second to scan will reveal additional content for the viewer. In typical fashion, criminals are taking advantage of the widespread use of QR codes to conduct phishing attacks, malware downloads and unauthorized transactions linked to stolen payment credentials. Watch out for unsolicited packages with QR codes asking you to “verify the sender.” Scammers prey on curiousity and the convenience of QR codes is making it easy for people to scan without thinking twice. If you do receive a suspicious package asking you to scan a QR code, report it immediately to the retailer it came from, the postal service or the Federal Trade Commission.

Quantum Computing Threats – Quantum computing, a revolutionary approach to computation that harnesses the principles of quantum mechanics, isn’t exactly an everyday term in the household yet, but it will be. How is it different from computing we know of today? Your regular computer, like your laptop, desktop or phone, uses tiny switches called bits that can either be on (1) or off (0). These bits are how computers process information, one step at a time, like flipping light switches on and off. A quantum computer is like a super-powered version of that. Instead of bits, it uses qubits (pronounced ‘cue-bits’) which can be on, off or both at the same time. Basically quantum computers can solve problems much faster than regular computers and they pose a significant risk to current encryption methods. The threat is that cybercriminals might steal encrypted sensitive data today planning to decrypt it in the future when quantum computers become powerful enough to do so, which puts the idea of secure transactions, digital wallets and identities as things of the past. Industries at specific risk are expected to be healthcare and finance.

The concepts of not trusting and always verifying will continue to gain traction this year to help prevent losses from these scams. Maintaining good cyber hygiene practices such as updating your security settings, changing your passwords regularly, enabling multi-factor authentication and keeping up with software updates will all be helpful in mitigating these cyber threats. The best defense is think before you scan, click or share! But, with this being Identity Theft Awareness Week, the only thing we do suggest you sharing is this blog to help spread the word.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

Cyber Shocks of 2024: Unpacking the Year’s Biggest Security Breaches

Cyber Shocks of 2024: Unpacking the Year’s Biggest Security Breaches

The catastrophic surge in data breaches in 2024 has left virtually no industry untouched. You name it, this year has witnessed it: high-profile corporate hacks, billions of daily phishing emails, ransomware attacks targeting industry giants, endless supply chain compromises, the largest healthcare data breach in history impacting a third of the population of the United States, national election breaches compromising our democracy and the enormous role that Artificial Intelligence (AI) has had by empowering cybercriminals even more.

Here is a breakdown of the top data breaches that rocked the world this year:

National Public Data Breach: In early 2024, National Public Data (NPD), an online background check and fraud prevention service, reported that a malicious actor gained access to their systems in December 2023 and leaked sensitive data starting in April 2024. Bloomberg Law stated that “the breach allegedly exposed 2.9 billion records containing highly sensitive personal data of up to 170 million people in the US, UK, and Canada.” This breach has been described as potentially one of the largest in history, with personal information, including Social Security numbers, full names, mailing addresses, email addresses, phone numbers and family member details, being sold on the Dark Web. For a review of our recommendations and details of the breach, review our blog on the subject HERE.

Snowflake Data Breach: This prominent cloud data platform with 9,800+ global customers, suffered a breach where hackers used stolen passwords to access data from companies like Adobe, AT&T, Honeywell, Mastercard, Pfizer and Ticketmaster. Campaigns have targeted at least 165 organizations associated with Snowflake cloud storage systems. This particular type of crime highlights vulnerabilities in cloud data storage and the critical importance of securing access credentials to prevent unauthorized data access. To read how millions were potentially exposed by a Snowflake breach, click HERE for our blog about Neiman Marcus.

CDK Global Breach: If you tried to buy a car this summer, you might have hit a snag or two. In June 2024, CDK Global, a leading provider of dealer management solutions to the automotive industry, experienced a significant ransomware attack affecting approximately 15,000 auto dealerships. The attack paralyzed dealerships leaving them to go back to pen and paper to complete deals. Read More

Salt Typhoon Attack: A Chinese hacking group known as Salt Typhoon infiltrated U.S. telecommunications networks, enabling them to geolocate millions of Americans and record their phone calls. Politico.com reported that high-profile victims included President-elect Donald Trump and senior Biden administration officials. Details of this breach that targeted AT&T and Verizon are still coming to light. It raises significant national security concerns and highlights vulnerabilities in critical infrastructure, prompting calls for enhanced cybersecurity measures in the telecommunications sector. Read More

Change Healthcare Ransomware Attack: Change Healthcare is a major healthcare technology company that suffered a massive ransomware attack by the ALPHV/BlackCat group, impacting over 100 million people. Hackers broke into one of its subsidiaries and disrupted healthcare providers across the United States for months. The Verge reported that UnitedHealth paid a $22 million ransom to regain access to their systems. Read More

“Mother of All Data Breaches” (MOAB) is an extraordinary aggregation of over 4,000 breaches that took place over several years with data amassed from thousands of companies and platforms. This collection of data breaches involved the exposure of 26 billion records making it the largest consolidated data breach in history affecting millions of individuals across multiple countries. The breach included records from major platforms and services such as Adobe, Canva, Dropbox, LinkedIn, X (formerly Twitter) and Venmo. The records contained usernames, email addresses, passwords and, in some cases, financial information leaving those impacted facing increased risks of identity theft, phishing attacks and financial fraud. The data was sold on the Dark Web and widely distributed among cybercriminal communities. Read More

The breaches of 2024 taught many things:

1) The dangers of reusing passwords across multiple accounts. We suggest that you use strong, unique passwords and change them regularly. Also consider enabling two-factor authentication where possible.

2) The importance of persistent, regular credit and threat monitoring. Keep a close eye on your bank accounts, credit cards and other financial records for any suspicious or unauthorized transactions. We also suggest that you consider setting up alerts to notify you of any unusual activity.

3) The need for companies to continue to reduce the collection and storage of unnecessary data to limit exposure in the event of a breach.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: Chris Ried via unsplash.com.

 

 

Holiday Scams: Don’t Let Them Steal Your Cheer

Holiday Scams: Don’t Let Them Steal Your Cheer

The holidays are a time for joy, but scammers are working overtime to turn your festive spirit into frustration. Here are three popular scams making the rounds this season with tips to keep your holiday merry and bright.

The Bourbon Scam

Here’s the scene: you’ve been hunting for a bottle of rare bourbon … something like Pappy Van Winkle … to impress the in-laws. Then, like a holiday miracle, you spot it online at a price that’s almost too good to be true. Here’s the gist: it is! Scammers lure bourbon lovers with fake websites or ads, promising rare bottles at bargain prices. The result? No bourbon, and a bank account that’s taken a hit.

How to Keep Your Bourbon Dreams From Going Up in Smoke:

– Only buy from reputable retailers or distilleries.

– If the price seems suspiciously low, it’s probably a scam. (No one is going to be selling Pappy for the cost of a gas station’s whiskey).

– Research websites before purchasing. Your wallet will thank you.

 

The Fake Gift Kit Scam

Who doesn’t love a good gift kit during the holidays? They’re simple, smart and scammers are hoping you don’t realize it’s a cover for them. They prey on unsuspecting shoppers with ads for “luxury skincare kits,” “gourmet gift baskets,” or other must-have bundles. You pay, and then what do you receive? Either nothing at all or a cheap knockoff that wouldn’t fool even your dog.

How to Avoid Getting Fooled:

– Shop from reputable sellers or well-known brands and verify the legitimacy of their website.

– Be skeptical of unsolicited ads offering steep discounts.

– Pay with a credit card so you can dispute fraudulent charges.

 

The Online Pet Adoption Scam

Few things warm the heart like the thought of bringing a new furry friend home for the holidays. I have tried very hard not to adopt a new kitty this holiday so I totally understand the desire. Scammers know we are weak for new fur babies and set up fake listings for puppies or kittens in need of a home. They’ll tug at your heartstrings, ask for payment upfront for adoption fees or transportation, and then vanish, leaving you with nothing but disappointment.

How to Protect Your Heart (and Wallet):

– Insist on meeting the pet in person before making any payments. At a minimum, ask to Facetime with them before meeting up.

– Research breeders (or rescue organizations) thoroughly. Ask for recommendations from neighbors, family and friends.

– Be cautious of unusually low adoption fees or emotional pleas.

– Use a secure payment method. Credit cards offer better fraud protection than wire transfers or gift cards.

 

Cheers to a scam-free holiday! Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. And remember, we are never closed on a holiday! Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Peter Zhang via unsplash.com.

Keeping Your Holidays Happy and Fraud-free

Keeping Your Holidays Happy and Fraud-free

Yes, it’s that wonderful time of year. The holidays are quickly approaching … and at lightning speed! Will you be traveling to see family in the next few weeks? Or, maybe you’ll be skipping off to a great vacation instead of decking the halls? Whatever your plans are, having time off of work, fun with friends and family, and hopefully a few days of laziness … are wonderful to look forward to. But, when we are caught up in the excitement about buying those last-minute gifts (or sunscreen and new flip-flops), we need to remember that there are some other ‘things to do’ on our checklist to help keep our family and identities safe during this special time of year.

In addition to stopping the mail, finding that special neighbor with a green thumb to water your plants, and arranging for pet care for your fur babies, there are some ‘before your trip’ actions you can take to help prevent identity theft from becoming a huge holiday memory. Just some small preventative measures, such as updating the operating system and antivirus software on your mobile devices, can go a long way toward fending off a few identity thieves. Below are some tips for what you can do before you leave home, as well as while you’re away and after your return.

Before you Leave Home:

– Password protect your devices and update operating systems. Add multi-factor authentication where available.

– Alert your bank(s) about your travel plans.

– Visit your post office and put your mail on a vacation hold.

– Keep the number of credit cards you travel with to a minimum and have copies of your driver’s license, medical id cards, passports and travel confirmation numbers at home in a safe place.

– Turn off auto-connect Wifi and Bluetooth connections.

– Consider adjusting your social media account settings so posts aren’t tagged with GPS data. Best practice is to avoid posting vacation pics while on vacation.

While Out of Town:

– Avoid using public Wifi and even your hotel’s Wifi if at all possible.

– Do not use public computers

– Keep your travel documents in the hotel room safe.

– Log out of websites on your smart phone and any websites if you bring a laptop or other device with you on your trip.

Upon Your Return Home:

– Consider changing passwords for your major accounts.

– Thoroughly go through your account statements for any irregularities.

– Check your credit report to make sure no new accounts were opened in your name while you were away.

 

We hope you have a wonderful holiday season! If you suspect identity theft or fraud, please contact us immediately at 888.966.GUARD (4827) or email [email protected]. Day or night, we’ve got your back and will always be open for you.

Rite Aid Breach Alert Impacts Millions

Rite Aid Breach Alert Impacts Millions

Our security teams have recently discovered large data set(s) of compromised cyber elements on the Dark Web from the Rite Aid ransomware attack. Rite Aid, a Pennsylvania-based pharmacy and online store, is the third-largest pharmacy chain in the United States. The company’s security incident notice reported that “in early June 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems.”

The attackers are linked to RansomHub, a ransomware group that has made plenty of news in the past. Rite Aid detected the cybersecurity event within 12 hours and sent a notice of the data breach to its customers stating that any purchases made from June 6, 2017 to July 30, 2018 could be compromised.

The breach size is over 12 million. Data exposed includes names, addresses, dates of birth, driver’s license numbers or other government-issued IDs and Rite Aid rewards numbers. The company reported confirmed that no social security numbers, financial information or patient information was impacted by the incident. READ MORE

Guard Well Identity Theft Solutions exists to protect you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Erfan Parhizi via unsplash.com

Phone Call Scam Alert: Never Answer to these Four Words

Phone Call Scam Alert: Never Answer to these Four Words

Phone scams are becoming increasingly sophisticated, but one of the simplest traps involves a scammer asking you these four innocent words: “Can you hear me?” Answering “yes” could unknowingly put you at risk.

Here’s how it works: Scammers record your voice and use your verbal consent to authorize fraudulent charges on your credit card, utility bills or other accounts. By capturing your “yes,” they can confirm a login and claim you agreed to purchases or services you never requested.

Along with being cautious with every call (and thinking before you speak):

– Avoid answering unfamiliar calls. If you don’t recognize the number, let it go to voicemail.

– Understand that there are chatbots and artificial intelligence (AI). With AI technology, a person’s voice can be mimicked where it becomes very hard to tell the difference between a real person and a machine. There is a newer version of the phone scam that starts with a line like “I’m sorry, I’m having issues with my headset..” just so you think that a real live person is on the other end. Don’t fall for it.

– Never say “yes” or give out personal information. If someone asks, “Can you hear me?” or other questions, hang up immediately.

– Sign up for the National Do Not Call Registry and consider using a call-blocking app.

– Report the call to the Federal Trade Commission (FTC). By sharing the scammer’s phone number, the FTC can track and block illegal callers.

Contact us immediately if you do accidentally fall for a phone call scam. We also suggest that you change your passwords and enable two-factor authentication when available. Although they might be easier to remember, try to resist the urge to use the same password across multiple accounts.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo credit: John Tuesday via unsplash.com.

 

Protect Yourself from Hurricane and Flooding Scams

Protect Yourself from Hurricane and Flooding Scams

In the aftermath of hurricanes and floods, it’s crucial to stay vigilant – not just about physical recovery, but also about potential scams. Fraudsters target disaster victims when they’re most vulnerable, using various methods to steal money or personal information. Likewise, opportunistic scammers often take advantage of those not directly impacted by the storm, but who want to help those in peril.

Scam activity spikes significantly after major storms hit. In 2022, the aftermath of Hurricane Ian saw a sharp rise in fraud with the Federal Trade Commission (FTC) warning about fake contractors, Federal Emergency Management Agency (FEMA) impersonators and donation scams costing Americans billions. Similar trends in scams were also seen after Tropical Storm Hillary in 2023. And now we have the aftermaths of Hurricanes Helene and Milton. North Carolina’s Gov. Roy Cooper’s administration noted that there are at least “a record $53 billion in damages and recovery needs in western North Carolina alone.”

Here are some things you can do to help protect yourself from disaster scams:

Verify contractor licenses and avoid upfront payments. Scammers are good actors who impersonate contractors. It is critical to check credentials and references before hiring an individual or company to repair property. Don’t fall for a seemingly quick fix and/or low rates.

Avoid FEMA scams. Criminals apply to FEMA for assistance using names, addresses and social security numbers they have stolen. If someone claiming to be from FEMA knocks on your door, remember that real officials carry photo identification badges and they do not charge for any services including filling out an application. Likewise, FEMA officials are not authorized to gather any personal financial information. If someone promises a disaster grant in return for full payment, that’s a scam and you should contact your state’s attorney general office or police.

Watch out for donation scams. It is suggested to only donate money to trusted organizations like the Red Cross https://www.redcross.org/. If you are solicited and unsure of an organization, check the ratings with the Better Business Bureau, search the word “scam” with the organization’s name and read online reviews. To verify that a website is legitimate, make sure the URL begins with “https://” which communicates that any information you provide is encrypted and transmitted securely. If you do donate, use a credit card. Also remember that no legitimate agency will pressure you to donate. Read More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available to you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo credit: NASA under license via unsplash.com.