• 888-966-4827
Menu

Blog

Home / Blog
Two-factor Authentication Phishing Scam

Two-factor Authentication Phishing Scam

Have you tried to log into an account of yours, such as your insurance or financial institution, and been told to confirm your identity in order to keep your credentials safe? You then receive a code either via text or email which is required for you to enter. Also known as 2FA, this SMS multi-step process has been the trusted security step to protect your accounts … until recently.

 

Unfortunately, there is an automated phishing attack on 2FA, which utilizes two tools: Muraena and NecroBrowser. Reported by Fortune, “The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber and NecroBrowser as the getaway driver.”

 

The attack was first demonstrated at the Hack in the Box Security Conference in Amsterdam last month. A video of the presentation was posted on YouTube on June 2nd bringing renewed attention to how hackers are getting better at penetrating extra layers of security, despite people using stronger tools, like 2FA.

 

So, what do you do? Do you still want to utilize SMS-based 2FA for your accounts? For the most part, the answer is yes.

 

Think of it like this. Say you want to put a lock on your front door to protect your home. Security professionals are arguing that the best type of lock available is way better than cheaper locks. Sure, makes sense. But if that more expensive lock isn’t available to you, isn’t having a cheaper lock still better than not having a lock at all?

 

As discussed on How-to-Geek’s website, there are some people who are more likely than others to be targeted by sophisticated hackers and should avoid using this SMS-based 2FA. For example, if you’re a politician, journalist, celebrity, or business leader, you could be targeted. Also, if you’re a person with access to sensitive corporate data, such as a system administrator, or just very wealthy, SMS may be too risky.

 

But, if you’re the average person with a Gmail or Facebook account and no one has a reason to spend a bunch of time getting access to your accounts, SMS authentication is fine and you should absolutely use it rather than using nothing at all.

 

If you suspect that your login credentials have been compromised, change your passwords as quickly as possible and report the website to the FTC and/or your identity theft resolution provider.

 

Sources:

https://conference.hitb.org/

https://Howtogeek.com/

 

 

Preventing a Mortgage Closing Scam

Preventing a Mortgage Closing Scam

Searching for a new home, can be as exciting as it is stressful, tedious and time-consuming. It will likely be one of your most memorable life moments, especially for first-time buyers. So when you do find that perfect home for you, your bid is accepted and the inspection comes back great, you and your family celebrate and start down the long check-list of things to do prior to your move.

 

As that closing date approaches, unfortunately, the risk of being a victim of a phishing scam does as well. The ultimate cost could be the loss of your entire life savings and there is usually not an insurance policy that will recover your money if this happens to you.

 

The FBI has reported that scammers are increasingly taking advantage of homebuyers with very complex, sophisticated schemes with reports of mortgage fraud rising over 1,100 percent each year. There was an estimated loss of nearly $1 billion in real estate transaction costs in 2017 alone.

 

How would mortgage fraud happen to you? Mortgage fraud, a sub-category of financial institution fraud (FIF), typically starts with a phishing email that appears to be coming from a trusted professional involved in your property purchase. The email claims to be notifying you of changes to your wiring instructions or that they had made a mistake and previously discussed the wrong wiring instructions with you. Wire fraud is so prevalent that many attorneys, lenders and realtors are starting to include a warning about it in their emails. “We do not accept or request wiring instructions or changes to wiring instructions via email. Always call to verify.” But, be wary that even phone conversations may be fraudulent.

 

What can you do to prevent mortgage fraud from happening to you? Consult the Consumer Financial Protection Bureau’s Mortgage Closing Checklist. Identity two trusted individuals involved in the closing process and have multiple ways for you to contact them. Real estate professionals suggest that you create a code phrase that is only known to the trusted parties involved in the transaction in case there is a need to confirm their identities in the future. Be mindful that email is never a secure way to send financial information or closing details.

 

What if mortgage fraud happens to you? Try to ask for a wire recall with your financial institution. Being swift in reporting the crime can greatly increase the likelihood of recovering your funds. Report the fraud to your identity theft resolution provider. Lastly, file a complaint with the FBI.

 

 

Sources:

https://www.fbi.gov/investigate/white-collar-crime/mortgage-fraud

https://consumerfinance.gov

 

Photo credit:

Tierra Mallorca via Unsplash

Sextortion: How to Protect Our Youth

Sextortion: How to Protect Our Youth

Unfortunately, our children are at risk from online predators in many different ways. Sextortion is a criminal act and horrible nightmare to victims and their families.  Learning what sextortion is and understanding how it could happen are the first steps in prevention.

 

What is sextortion? The Federal Bureau of Investigations (FBI) explains that sextortion occurs when an adult, through threat or manipulation, coerces a minor into producing a sexually explicit image and send it over the Internet.

 

How would this happen? The perpetrators utilize social media, games, chat and dating apps to capture their victims. The criminals will tell children that they will make them famous or pay them an exorbitant amount of game credits, crypto-currency, cash, or gift cards if they will participate.

 

Why would my child engage in this act? Sextortion is happening when minors feel most comfortable … when they are on their device, using an app, or playing an online game that is part of their daily routine. The adults that do this crime know that your children might not yet be mature enough to consider the consequences of an action and make decisions like an adult would. Any child with Internet access is at risk. The FBI has interviewed victims as young as 8 and reports that the crime affects all children regardless of gender, ethnicity, and socioeconomic groups. The victims have been honor-roll students, children of teachers, and student athletes. The only common trait is that they are all online.

 

Why don’t victims ask for help? Once the criminal has your child’s single photo or video, they will threaten them with exposure; essentially, coercing your son or daughter to provide them with additional photos or videos and in even more compromising, explicit situations. The criminal knows that fear drives action. … fear of being in trouble by their guardians, of having their device taken away, of being persecuted for pornography, and of feeling massive embarrassment and shame.

 

What can we do to prevent sextortion? Discuss this topic openly with your children. Let them know that they can tell you anything and you are always there to help them. Communicate that you do not want them to chat with anyone they don’t already know online. Educate them that any photo or video they may take is already public information and not just on their device. Limit their device use. Make sure their social media accounts are kept private. Make them aware that some profiles are not real and that there are adults purposely pretending to be someone else to get them to chat and hurt them. Most importantly, trust your instincts. If something feels not quite right, it probably isn’t.

 

For more information, visit https://fbi.gov. 

Ten Signs You Have Been a Victim of Identity Theft

Ten Signs You Have Been a Victim of Identity Theft

Identity theft is rampant. One in three data breach victims will experience fraud according to a 2018 study by Javelin Strategy & Research. The number of identity fraud victims in the United States alone is at 16.7 million with over $16.8 billion stolen. Read More

 

Do you know the latest signs of identity theft? Here are the top ten red flags that trouble is brewing:

– You receive a notice, either in the mail or via email, that you have been a part of a data breach.

– Your credit score quickly drops without explanation.

– Withdrawals from your bank account start to occur … and they are withdrawals that you haven’t scheduled or already made.

– Although you haven’t filed any insurance claims, your rates rapidly rise.

– Your Social Security statements aren’t matching your records.

– There are suspicious charges on your credit card.

– You are turned down for a loan or credit card unexpectedly.

– Your credit report shows accounts that you have not opened.

– Either federal, your state or local taxing authority alerts you to their receipt of multiple filings in your name.

– You receive a bill for an item or service that you have not purchased … and from a company that you have never done business with.

 

Have you experienced any of the above? If yes, contact a fraud resolution specialist immediately.

Quick Steps for Lost Wallet

Quick Steps for Lost Wallet

You know that flustered feeling when you can’t find your cell phone? Imagine if you had your driver’s license, ATM debit card and your AMEX in a pocket inside your phone. Not only would you have a lost wallet, but you would have a lost cell phone as well. Talk about panic.

There are many reasons why you should not carry every ID you have on you at any given point in time. Your Social Security card … should be in a safe. Your passport should be in there as well. If you own more than one credit card, don’t carry all of them in your wallet at the same time. Your health insurance card? Now, that’s a toss-up.

Before a lost wallet scenario could happen to you:

• Make a detailed list and/or keep photocopies of the contents in your wallet in a safe place (ideally in a home safe or bank lock box). Make sure phone numbers are included for your providers as well so you can swiftly contact your creditors if the moment arises.

What to do if you have a lost or stolen phone, wallet or both:

• Call your bank(s) immediately to report your debit and/or any credit cards as stolen. This is different from canceling or closing your credit cards, which can cause problems with your credit reports. “You’re only responsible for up to $50 in unauthorized purchases if you report a debit card as missing within two business days of the loss. But, if you wait more than two days (but less than 60), you could be on the hook for up to $500 in unauthorized purchases.
• Call your cell phone carrier if your lost wallet also included your phone. Service providers have tracking that can help trace the footsteps of your burglar as well as the ability to shut off any apps, suspend social media accounts and email for the time being.
• File a police report.
• Initiate a fraud alert on your credit report.
• Replace your driver’s license as soon as possible. Every state has different requirements for replacing a license. Some may ask you for a police report number if your ID has been stolen.

• IF your Social Security card was in your wallet (not recommended), contact the Social Security Administration immediately. They can send you a new card but they won’t give you a new number.

• Download a credit report. If you see anything you don’t recognize, call the IRS Identity Protection Unit 800.908.4490.

What types of cards and documents can be replaced?

It can be overwhelming when we think of everything that could be in our wallet. Your driver’s license, debit card, passport, military ID, health insurance card, Medicare/Medicaid, auto insurance card, US Visa or residency card, even retail store cards and any specialized license or driver’s permit all can be replaced, but it takes time.

It’s best to minimize what you carry with you. Our Lost Wallet service assists our Members in quickly and effectively terminating and re-ordering wallet contents. Our services include:

• Identifying missing documents.
• Contacting document issuers while Member is on call (if required by issuer).
• Cancelling of all lost cards and report documents missing.
• Completing the required forms and delivering to subscriber for completion.
• Initiating fraud affidavit and police reports for stolen wallets.
• Additional resolution calls based on the severity of issue, as needed

The Rise in Health Care Fraud

The Rise in Health Care Fraud

Health care data is increasingly becoming a top target for scammers and hackers. A reason why fraudsters may be going after health care data more is because of its longer shelf life and rich potential for identity theft. Financial data has a finite lifespan and loses its worth as soon as the consumer notices the frauds and cancels their accounts or cards. However, health care data contains information that can’t be cancelled or changed as easily as a credit card.

Every year, with the exception of 2015, the number of healthcare data breaches has increased 70%, rising from 199 breaches in 2010 to 344 in 2017.[1] According to a study published by the Journal of American Medical Association, “those breaches have resulted in the loss, theft, exposure, or impermissible disclosure of 176.4 million healthcare records. 75% of those records were exposed or stolen as a result of hacking or IT incidents.” Medical identity theft not only affects the patient (consumer), but has potentially disastrous ramifications on insurance providers as well as the healthcare providers.

What is medical identity theft?

Medical identity theft occurs when a fraudster illegally obtains and uses a patient’s Personally Identifiable Information (PII), such as name, Social Security number, and/or medical insurance identity number, to fraudulently obtain or bill for medical goods or services. This kind of fraud also includes the unauthorized personal gain of insurance benefits, prescription drugs, employment, government benefits, or other financial gain acquired through the theft of another individual’s PII. Hackers have also been known to sell stolen health care records on the black market.[2]

The ten largest data breaches of patient data in 2018 involved email, targeted phishing attacks, and database misconfigurations. The largest health data breach during this same time was caused by a hack on a billing vendor, AccuDoc Solutions. 2.65 million Atrium Health patients were involved in the breach.

Who is at risk?

Everyone is at risk for medical identity theft but seniors are increasingly targeted. Navigating the Medicare system isn’t easy to begin with. When confusion enters the picture, scammers view it as an especially ripe time to take advantage of the ever-growing aging population. Always keep in mind that Medicare will never call to ask for sensitive personal financial information.[3]

How can you help protect yourself?[4]

  • Review the Explanations of Benefits (EOB) statement or Medicare Summary Notice that your health plan sends after treatment. Immediately report any mistakes or unfamiliar charges, such as a doctor’s visit you did not make or prescriptions that you did not fill.
  • Check in with your doctor(s) to ensure your medical records are accurate. Make sure the records contain your procedures, treatments, prescriptions, and other medical activities. If you notice inaccurate health details such as the wrong blood type, pre-existing conditions, or allergies, it may be a sign that an identity thief has accessed your records.
  • Get a copy of your medical records periodically and keep them in a safe.
  • Do not share your medical or insurance information with other individuals.Especially do not provide your medical information over the phone or via email unless you initiated the contact and have verified the entity you are contacting.
  • Treat your medical identity with the same care and caution you do any of your other sensitive information, such as your financial credentials. Shred health documents you no longer need. Peel the labels off of your prescription bottle and shred them as well.
  • Read the Privacy Policy on a website before you provide your Personally Identifiable Information. Find out why your Social Security number or insurance account numbers may be needed and how the website will keep it safe, or if it will be shared, and if so, with whom. (Websites with “https” in their URL are secure.)

If you are unsure about sharing your personal information with someone who says they are from your health plan—DON’T. Directly contact the Member Services number on your ID card so you can be sure the person is a verified health representative.

Don’t Let Identity Theft Become a Vacation Memory

Don’t Let Identity Theft Become a Vacation Memory

We all look forward to vacations … time off of work, fun with the family, a few days of laziness… but, when we are excited about buying sunscreen and new flip-flops, we need to remember that there are some other ‘things to do’ on our checklist to help keep our family and identities safe.

 

In addition to finding pet care, remembering your passport and making sure your lighting is on schedule, there are some pre-, during and post-trip items that you can do to help prevent identity theft from becoming a huge vacation memory. Just some small preventative measures like updating the operating system and antivirus software on your mobile devices can go a long way toward fending off a few identity thieves.

 

Before you leave home:

– Password protect your devices and update operating systems

– Alert your bank(s) about your travel plans

– Visit your post office and put your mail on a vacation hold

– Keep the number of credit cards you travel with to a minimum and have copies of your driver’s license, medical id cards, passports and travel confirmation numbers at home in a safe place

– Turn off auto-connect Wifi and Bluetooth connections

– Consider adjusting your social media account settings so posts aren’t tagged with GPS data

 

While out of town:

– Avoid using public Wifi and even your hotel’s if at all possible

– Do not use public computers

– Keep your travel documents in a hotel safe

– Log out of websites on your smart phone and any websites if you bring a laptop or other device with you on your trip

 

Upon your return home:

– Consider changing passwords for your major accounts

– Thoroughly go through your account statements for any irregularities

– Check your credit report to make sure no new accounts were opened in your name while you were away

 

We hope you have a wonderful vacation. Stay safe! If you are concerned that identity theft has happened to you, reach out to us immediately day or night at 888.966.GUARD (4827) or email us at [email protected].

Taking the Mystery out of Shopping Scams

Taking the Mystery out of Shopping Scams

It’s no secret that being a mystery shopper for a reputable company is a legitimate way for an individual to earn some income. Mystery shopping, also known as secret shopping, is estimated to be a $1.5 – 2 billion dollar industry with over 8.1 million mystery shops conducted a year. This profitable enterprise has been around for decades.

Contrary to what many believe, mystery shoppers don’t get paid to shop. They are independent contractors who pose as shoppers in order to gather data about the customer experience in a specific environment. Mystery shoppers complete reports, often using an online form, after leaving the establishment they observe. They get paid for their work and do not front any money first in order to work.

Fake check fraud is an exploding epidemic and scams involving the mystery shopping industry have made a big comeback … unfortunately, our tech-savvy teenagers are the targets of late.

Anyone with a bank account and the desire to make some extra cash on the side can be a victim. High school and university students across the nation are increasingly being pursued. Why students? Students are easy targets for scammers due to their need for money to help fund their education.

Thousands are being contacted and thousands of dollars are being lost. The latest mystery shopping scam reported in the media last month disclosed that University students in Fargo, North Dakota had been targeted. One devastated student ended up losing $3,850.75. Being educated on how this type of scam operates will help prevent this from happening to you and your child.

How Does a Mystery Shopping Scam Work?

  • Scammer reaches out to victim with an offer in the mail to be a secret shopper and a check is included. Often times the amount on the check is for over a thousand dollars. The victim is told to deposit the check and understands that they will eventually keep several hundred dollars as payment for their upcoming shopping services.
  • Victim deposits the check and waits the expected day or two for the funds to clear. Note that even if the bank says the funds are available in a couple of days, the process of uncovering a fake check can take financial institutions weeks.
  • Victim is asked to buy something. Typically, the first shopping task is to test the in-store money transfer service like Western Union or MoneyGram by sending some of the money that was deposited back to the company.
  • Victim is then asked to buy a product, “often from a Walmart,” according to the Federal Trade Commission. Common items purchased are reloadable gift cards, such as iTunes. Part of this task requires the victim to send pictures of the purchased cards or to give the numbers on the cards to the company.
  • Two to three weeks later, the victim receives a notification from their bank that the deposited check was a fake. The realization that they have been scammed sets in. Victim is responsible for paying back the amount to their bank. Another unfortunate bonus is that the reloadable gift cards that the victim had purchased are suddenly empty of funds.

 

What Can You Do?

Help stop these scammers from making money. Educate your children about the issue. Explain what check fraud is. Let them know that they should never pay to become a mystery shopper. The fact that these scammers are targeting our children is another great reason to make sure that your identity theft protection covers every member of your immediate family.

Can You Spot When You’re Being Phished?

Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Phishing attacks “cost organizations $4.5 billion every year and over half of internet users get at least one phishing email per day,” according to Dell EMC.[1]

Tips to Identify Phishing:

  • Even if you recognize the display name (for example, the email is from your bank) and there is a generic salutation like “Dear Trusted Customer” instead of “Dear [your first name],” request that your institution verify the email was indeed from them.
  • Poor grammar in the body of any email is a red flag as are spelling mistakes.
  • Hover your mouse over any hotlinks in the email. If the link address has any type of spelling mistakes, highly likely the email is phishing.
  • Understand that the financial and insurance institutions you do business with will never ask for your credentials.
  • Don’t click on attachments. Take the extra minute or two to verify the information in the attachments.

What You Can Do:

  • If there is an opportunity for you to activate two-factor authorization, do so. Two-factor, also known as 2FA, is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.[2] If this feature is enabled, that is your best bet against phishing. Even if someone steals your password they won’t be able to access your account.
  • Check out Jigsaw, a Google offshoot, owned by Alphabet. Jigsaw is trying to teach the public on how to be more cautious. They recently released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. The quiz was created based on security training from journalists, activists and political leaders around the world. You can take the quiz by clicking

Phishing is a cybercrime. If you have been targeted, contact your identity theft resolution provider as soon as possible. Your personally identifiable information (PII) should be yours and yours alone.

[1] https://www.dellemc.com/en-us/index.htm

[2] https://en.wikipedia.org/wiki/Multi-factor_authentication

How to Protect Yourself During the U.S. Government Shutdown

Tax season and scams usually go hand in hand. With the longest government shutdown in history occurring during the same timeframe (January through April), there are added concerns.

Today marks the 32nd day that over 800,000 federal workers are not receiving pay, with 380,000 of them having to still report to work. Additionally, millions of government contractors are impacted, such as IT, research and project management professionals, as well as lower-wage janitors, security guards and cafeteria servers. While some federal employees may receive back pay when the government gets back up and running, contractors will not be reimbursed for this time off. Many are already receiving notices that their health insurance coverage has expired or will in the next few weeks[1]. With lapses in health insurance, medical identity theft will undoubtedly be on the rise.

Government shutdown or not, scammers are always hard at work trying to get your identity and money. During this time period it is going to be even easier for them to do so especially with nine out of 15 critical federal agencies and departments being closed.

The Federal Trade Commisson (FTC) is the government agency where you would file a report if your identity is compromised. The website that you would use to file said complaint with the FTC is identitytheft.gov. If you visit the website today, you will see that it has temporarily disappeared. Instead, a notice appears saying that operations will resume when the government is funded. If you can’t contact the FTC, where do you go for help if you suspect identity fraud has occurred?

What You Can Do

There are some immediate steps to take if you think your identity has been compromised:

  • File your taxes early. The best way to avoid a tax scam is to file your taxes as early as possible. The Internal Revenue Service (IRS) will still be reviewing tax returns. Unfortunately, if you are due a refund, that money will not provided until the government is funded.
  • Partnering with a reputable identity resolution provider is critical. Make sure that the identity theft coverage includes monitoring and full resolution services. Advanced monitoring uses powerful technology to scour billions of identity records and non-credit sources to detect fraud in credit, non-credit and public records. Full resolution involves many steps required to replace government documents, such as your driver’s license and passport, as well as protect your credit score.
  • File a police report and request a copy of it. You will need to give copies of the report to creditors as well as the credit bureaus.
  • Contact your bank(s) and/or insurance institutions and dispute fraudulent activity on the accounts.
  • Consider a credit freeze or fraud alert. A credit freeze locks down your credit while a fraud alert allows creditors to receive a copy of your credit report. Fraud alerts can prevent someone from opening an account in your name but they will not stop your existing accounts from being compromised. For victims of identity theft, an extended fraud alert can protect your credit for seven years.

During this uncertain time when we as individuals have no control over the government shutdown, taking some proactive steps to help keep our family safe and identities secure is more important than ever.

[1] Nova, Annie. CNBC. https://www.cnbc.com/2019/01/23/health-insurance-becomes-collateral-damage-for-workers-in-shutdown.html. January 23, 2019