• 888-966-4827
Menu

Category Archives:
Cybercrime

Home / Blog / Cybercrime
Your Face – The Truth About Biometric Data Theft

Your Face – The Truth About Biometric Data Theft

It all started with a smile. Byron’s new fitness app promised to tell him his new “biological age” but required a selfie to validate his account. So guess what he did? Snapped it for the app and went about his day. Although he didn’t quite agree with their age calculation later that night, he totally brushed it off and slathered on more skin care product.

A few weeks later, he saw a delivery app charge him for food several states away. Then his bank app asked him to confirm a new device. The kicker was when his pharmacy required him to update his new insurance card before picking up a prescription. He didn’t even have a prescription to pick up. “I better change my passwords,” he told his wife. That didn’t work. Stranger things kept happening. And she kept asking him about it. Annoying.

Even though he was proactive about updating his accounts, the problem was that he couldn’t change his face (well, technically he could have but extreme plastic surgery wasn’t in his five-year plan).

Hackers know you can’t just change the features that make you uniquely you. That data is one-of-a-kind and as permanent as it gets … which is why it is so powerful for authentication and totally devastating when compromised.

That fun little fitness app that quietly stored his facial data, their security wasn’t so great. They got hacked. Unlike that password you can’t quite remember, you can’t swap out your face or your fingerprints for new ones. So, what can you do?

– Make multi-factor authentication your new best friend. It might add an extra 15 seconds to your day, but your bank account’s balance is worth it in the long run.

– When your device tells you, “Software Update Available: Install Now?” don’t blink!

– Don’t automatically opt in. Get your readers out and check the fine print before handing over your face, fingerprints or your eyeballs to an app.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Smart Home, Dumb Security? The Truth About IoT Devices

Smart Home, Dumb Security? The Truth About IoT Devices

Somewhere between switching your coffee to half-caf and trying to figure out TikTok, you may have dipped a toe or entire foot into the smart home world. Think Ring doorbell, Nest thermostat, Google Home and your smart TV for a start. Apartment or house, size doesn’t really matter. Hackers don’t discriminate against your 850 sq ft new digs or 12,000 sq ft whopping investment money pit … they just want in!

Welcome to the future. Today we can tell your house to turn on the lights, lower the thermostat, play smooth jazz and spy on your pets all without lifting a finger. Yes, these wonderful Internet of Things (IoT) devices are super convenient, but IoTs aren’t always built with strong security in mind. If a device doesn’t have good protection, it can be hacked. Some guy halfway across the globe could use your Wi-Fi to check out your emails and get details on your bank accounts. They could peek in through your security camera, listen (and talk …creepy!) through your baby monitor or just keep it mildly annoying and slow down your internet with junk traffic or turn your home into a sauna.

Maybe your teen gave you an Alexa because they were tired of you yelling, “Hey Google, turn up the volume” at your bluetooth speaker. However you got to the land of smartness, your gadgets might be clever but your security settings may be stuck in 2005. So how do we prevent the midlife crisis your Wi-Fi didn’t ask for?

“Admin” is not a password … it’s an invitation. If your smart speaker, router or security cam is still set to the factory default, you’re officially easier to hack. Choose a password that you need to write down. And I’m not talking about ones that are easy to remember like “ILoveMyCat123.”

Educate yourself on all aspects of smart home technology. Your smart plug doesn’t need your location and microphone access.

– Different devices on a shared network all need different passwords. Huge tip: use your guest Wi-Fi for all of your smart devices.

Don’t buy off-brands with three reviews. Just because ElectroZing sounds like something fun out of The Jetsons, that new toaster oven can wreak havoc on your life.

– If your fridge has Wi-Fi, a touchscreen and your social security number, it might be time to re-evaluate. That almond milk that is getting low may cost you the depletion of your bank account. Just because your new condo comes with one that can connect to the internet doesn’t mean that it has to!

Keep your devices updated. They have trust issues, too.

– If you ever see a message like “Unknown device connected to your network” … immediately take action!

Yeah, smart tech is awesome but if it’s not protected, it can cause more problems than it solves. Be smart about your smart stuff! Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

QR Code Scam Alert: A New Twist on Brushing

QR Code Scam Alert: A New Twist on Brushing

A new scam is making its way into mailboxes, combining brushing scams with QR code fraud. A brushing scam is a deceptive scheme where online sellers send unsolicited packages to random people to boost their rankings and post fake reviews. These packages often contain cheap items such as socks or phone cases. The goal is to make it look like a real purchase was made and reviewed, tricking online marketplaces into improving the seller’s visibility.

Scammers prey on curiousity. If you receive a mysterious gift on your front porch, naturally you’re going to want to know who sent it, right? That gift may look like a free gift, but it oddly doesn’t include any details on who sent it. What it does have is a note inside instructing you to scan a QR code to “find out who sent this gift” or to “scan here to get return instructions.”

Scanning that QR code can lead to serious risks:

– Phishing websites that steal your login credentials, credit card details or other sensitive data.

– Malware downloads that infect your phone, allowing hackers access to your device.

– Identity theft if scammers collect enough of your personal information to do massive damage.

Cybercriminals are constantly finding new ways to exploit technology. If you receive an unsolicited package with a QR code, think before you scan! Avoid interacting with it, and always verify sources before providing any personal information.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Holiday Scams: Don’t Let Them Steal Your Cheer

Holiday Scams: Don’t Let Them Steal Your Cheer

The holidays are a time for joy, but scammers are working overtime to turn your festive spirit into frustration. Here are three popular scams making the rounds this season with tips to keep your holiday merry and bright.

The Bourbon Scam

Here’s the scene: you’ve been hunting for a bottle of rare bourbon … something like Pappy Van Winkle … to impress the in-laws. Then, like a holiday miracle, you spot it online at a price that’s almost too good to be true. Here’s the gist: it is! Scammers lure bourbon lovers with fake websites or ads, promising rare bottles at bargain prices. The result? No bourbon, and a bank account that’s taken a hit.

How to Keep Your Bourbon Dreams From Going Up in Smoke:

– Only buy from reputable retailers or distilleries.

– If the price seems suspiciously low, it’s probably a scam. (No one is going to be selling Pappy for the cost of a gas station’s whiskey).

– Research websites before purchasing. Your wallet will thank you.

 

The Fake Gift Kit Scam

Who doesn’t love a good gift kit during the holidays? They’re simple, smart and scammers are hoping you don’t realize it’s a cover for them. They prey on unsuspecting shoppers with ads for “luxury skincare kits,” “gourmet gift baskets,” or other must-have bundles. You pay, and then what do you receive? Either nothing at all or a cheap knockoff that wouldn’t fool even your dog.

How to Avoid Getting Fooled:

– Shop from reputable sellers or well-known brands and verify the legitimacy of their website.

– Be skeptical of unsolicited ads offering steep discounts.

– Pay with a credit card so you can dispute fraudulent charges.

 

The Online Pet Adoption Scam

Few things warm the heart like the thought of bringing a new furry friend home for the holidays. I have tried very hard not to adopt a new kitty this holiday so I totally understand the desire. Scammers know we are weak for new fur babies and set up fake listings for puppies or kittens in need of a home. They’ll tug at your heartstrings, ask for payment upfront for adoption fees or transportation, and then vanish, leaving you with nothing but disappointment.

How to Protect Your Heart (and Wallet):

– Insist on meeting the pet in person before making any payments. At a minimum, ask to Facetime with them before meeting up.

– Research breeders (or rescue organizations) thoroughly. Ask for recommendations from neighbors, family and friends.

– Be cautious of unusually low adoption fees or emotional pleas.

– Use a secure payment method. Credit cards offer better fraud protection than wire transfers or gift cards.

 

Cheers to a scam-free holiday! Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. And remember, we are never closed on a holiday! Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Peter Zhang via unsplash.com.

Rite Aid Breach Alert Impacts Millions

Rite Aid Breach Alert Impacts Millions

Our security teams have recently discovered large data set(s) of compromised cyber elements on the Dark Web from the Rite Aid ransomware attack. Rite Aid, a Pennsylvania-based pharmacy and online store, is the third-largest pharmacy chain in the United States. The company’s security incident notice reported that “in early June 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems.”

The attackers are linked to RansomHub, a ransomware group that has made plenty of news in the past. Rite Aid detected the cybersecurity event within 12 hours and sent a notice of the data breach to its customers stating that any purchases made from June 6, 2017 to July 30, 2018 could be compromised.

The breach size is over 12 million. Data exposed includes names, addresses, dates of birth, driver’s license numbers or other government-issued IDs and Rite Aid rewards numbers. The company reported confirmed that no social security numbers, financial information or patient information was impacted by the incident. READ MORE

Guard Well Identity Theft Solutions exists to protect you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Erfan Parhizi via unsplash.com

SSA Long Con Scams on the Rise

SSA Long Con Scams on the Rise

In recent months, there has been an alarming increase in long con scams targeting Social Security Numbers (SSNs). These scams are designed to steal sensitive personal information and exploit individuals through highly orchestrated and deceitful tactics. According to the Social Security Administration Office of the Inspector General (SSA OIG), scammers are evolving their methods, and many of these cons are becoming harder to detect.

Last month the Inspector’s General Office released that scammers are compounding tactics by using fake Amazon or PayPal tech support emails and text messages who will try to convince you that your SSN or record is compromised. Considering the enormous size of nationalpublicdata.com’s breach this spring and summer (to the tune of 2.9 billion records), we understand that this topic can be very confusing to navigate. Learn More

Knowledge is power. Here’s what you need to know about the growing trend and how you can protect yourself.

What is a Long-Con Scam?

A long-con scam is a method of deception that unfolds over a long period of time. Unlike quick-hit frauds, where scammers make a direct attempt to steal your information or money in one go, long-con scams involve establishing a sense of trust with the victim. Scammers often impersonate official entities—like the SSA—over weeks or months to gradually build credibility, making their eventual fraudulent activities more convincing. Scams often end with an in-person meeting with an individual either who is part of the scheme or an unsuspecting participant, such as an Uber driver, during which the target turns over gold, cash, a crypto wallet or some other currency for “safe keeping” at the direction of the imposter SSA OIG federal agent.

How Are Scammers Exploiting SSNs?

SSNs are one of the most valuable pieces of personal information for identity theft. Once scammers have your SSN, they can open new credit lines, file false tax returns, and even gain access to your financial accounts. Here’s how these long-con scammers operate:

1. Impersonation of Government Officials: One common tactic is to pose as representatives from the Social Security Administration (SSA) or even the SSA OIG. Scammers contact victims via phone, email or mail, claiming that there is an issue with their SSN, such as fraudulent activity or that their benefits are being suspended.

2. Phony Documentation and Fake Websites: Scammers often direct victims to fake websites or send fabricated official documents that look legitimate. These documents might appear as “official” notifications, containing seals or logos of government agencies. Over time, the victim may be asked to “verify” their SSN or other personal information.

3. Threats and Intimidation: Scammers may claim that if the victim does not act immediately, their benefits will be suspended, or they will face legal consequences. The urgency creates pressure and confusion, making victims more likely to comply without questioning the legitimacy of the request.

4. Financial Manipulation: In some cases, the scammer will slowly gain access to the victim’s financial accounts by claiming they need to “safeguard” their funds or by having them pay fees to avoid legal trouble. Since this happens over time, it can be difficult for the victim to recognize they are being defrauded.

Red Flags to Watch Out For

While these scams can be highly sophisticated, there are several warning signs to be aware of:

1. Unexpected Calls or Emails from the SSA: The SSA typically communicates by mail and rarely makes unsolicited phone calls, especially about sensitive information like your SSN or benefits. Be suspicious if someone contacts you out of the blue claiming to be from the SSA or the SSA OIG.

2. Pressure to Act Immediately: Scammers often use scare tactics, telling you that you need to act fast to prevent legal action or benefit suspension. Government agencies do not operate this way; they give ample time for recipients to respond to any issues.

3. Requests for Personal Information: No government agency will ask you for your SSN or banking information over the phone or via email. If someone asks for this information, hang up or ignore the email.

4. Financial Requests: Be wary of anyone asking you to transfer money, pay a fine, or safeguard your assets through unusual means, such as wire transfers or gift cards. This is a hallmark of scam operations.

5. Unfamiliar Websites or Emails: Always double-check the URL and authenticity of websites claiming to be official. Scammers will create sites that look very similar to legitimate government sites, but subtle differences in the URL or design can give them away.

How to Protect Yourself

– Verify the Source: If you receive a suspicious call, letter, or email, do not respond immediately. Contact the SSA directly through their official channels to verify whether the communication is legitimate.

– Monitor Your Accounts: Regularly check your financial accounts and credit reports for any signs of unauthorized activity. If you spot something suspicious, report it immediately.

– Report Activity: If you suspect that you have been contacted by a scammer and fallen victim by accidentally clicking on a link or giving out personal identifying information (PII), contact us immediately so we can decide on what steps should be taken. In addition to placing an immediate fraud alert on your credit file, a credit freeze may be merited.

– Be Educated and Spread Awareness: Staying informed about these scams is key to protecting you. The more people who are aware of these tactics, the harder it becomes for scammers to operate. Share this information with your family and friends, especially those who may be more vulnerable to these kinds of attacks, like the elderly.

As long-con scams targeting SSNs continue to rise, it’s crucial to stay vigilant. Always be cautious of unsolicited communications, double-check the legitimacy of claims, and never share sensitive information without verifying the source. The SSA and its Office of the Inspector General are actively working to combat these scams, but your personal awareness is the first line of defense.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Unsplash.com FLY:D

NationalPublicData.com Breach Exposes 2.9 Billion SSNs: Protect Yourself

NationalPublicData.com Breach Exposes 2.9 Billion SSNs: Protect Yourself

We previously reported last month that NationalPublicData.com, a widely-used public data aggregation platform, had suffered a massive system breach, exposing 2.9 billion Social Security Numbers (SSNs). This incident marks one of the largest data breaches in history, leaving millions vulnerable to identity theft and fraud.

As details continue to unfold, it’s important to understand what happened, what this breach means for you, and how you can protect yourself in the aftermath.

What Happened?

This summer, NationalPublicData.com, which aggregates and provides access to public records, announced that its database had been compromised by an external party. NationalPublicData.com serves a range of industries and businesses, including financial institutions, insurance companies, and government agencies. The breach affected an enormous volume of personal data, including 2.9 billion SSNs, full names, addresses, and other sensitive information. Given the scale, this breach impacts a significant portion of the global population, as the platform collects data from various sources worldwide.

Initial reports suggest that the breach was a result of a vulnerability in the system’s database security, which hackers were able to exploit. NationalPublicData.com has since launched an investigation and is working with cybersecurity experts to understand the full scope of the breach. However, the exposed data is already circulating on dark web forums, increasing the urgency for those affected to take immediate action.

Why is This Breach So Concerning?

The exposure of 2.9 billion SSNs is particularly alarming because of how SSNs are used in the United States and other countries as a primary identifier. With access to an individual’s SSN, cybercriminals can:

– Open new credit accounts: Fraudsters can use your SSN to open credit cards, loans, or other financial accounts in your name, leading to financial chaos.
– File fraudulent tax returns: Identity thieves can use stolen SSNs to file fraudulent tax returns and claim refunds in your name.
– Gain access to medical records: With an SSN, criminals can access healthcare records or commit medical fraud.
– Commit employment fraud: Stolen SSNs can be used to obtain jobs under your identity, which can create problems with the IRS and impact your credit report.

Beyond these financial and personal risks, this breach could lead to widespread identity theft, damaging the reputations of both individuals and businesses.

What Should You Do If You’re Affected?

If you are one of the millions who have received a CyberAgent Dark Web monitoring alert from us, please read the alert in entirety as it will include a list of recommended actions to take. Remember that an alert is sent when our surveillance technology has discovered information on the internet that matches up to your monitored identity elements. Multiple alerts could mean multiple monitored identity elements were found on various sites. Personal information exposed on the dark web does not necessarily mean your information has been used fraudulently. The actions recommended are proactive steps to prevent any potential risk.

We suggest that you make a practice to do the following:

– Monitor Your Financial Accounts: Keep a close eye on your bank accounts, credit cards, and other financial records for any suspicious or unauthorized transactions. Consider setting up alerts to notify you of any unusual activity

– Change Your Passwords Regularly: While SSNs are the primary concern, it’s a good idea to update your passwords for any accounts linked to NationalPublicData.com or other platforms that store sensitive data. Use strong, unique passwords and consider enabling two-factor authentication (2FA) where possible.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo credit courtesy: Uriel SC via Unsplash.com

2.9 Billion SSN Records on Dark Web

2.9 Billion SSN Records on Dark Web

A background check service known as National Public Data (NPD) just confirmed that their system has been breached. The company stated that “the breached data may include names, email addresses, phone numbers, social security numbers (SSNs) and mailing addresses.”

Ten days ago a large portion of the database was leaked with an enormous amount of sensitive information, including 2.9 billion social security numbers. Bleeping Computer reported that “the leaks started after a threat actor in April using the alias USDoD offered to sell for $3.5 million 2.9 billion records allegedly stolen from NPD.” The records include citizens from the United States, Canada and the United Kingdom. A hacker known as “Felice” leaked the most complete version of the data for free. Learn More

Because contact information and sensitive background information related to family members, even those who are deceased, are a part of what was leaked, there is a high probability of individuals being victims of phishing attempts. There is also a reputation aspect of the breach that could potentially cause harm to individuals, leading to embarrassment, humiliation and/or emotional distress.

What You Can Do:

– If you have received a Cyber Agent notification from us, contact us immediately at 888.966.4827 (GUARD) so we can help place proactive measures for you.

– Update your passwords for your email and financial institution accounts.

– Enable multi-factor authentication on all of your accounts that offer the service.

– Be on the look-out for phishing attempts. Do not respond to anyone calling, texting or emailing to update your banking credentials. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Erfan Parhizi via unsplash.com

110 Million AT&T Call & Text Logs Stolen

110 Million AT&T Call & Text Logs Stolen

Last Friday, July 12th, Telecom giant AT&T revealed that they experienced a data breach impacting nearly all of their wireless customers. The company announced on April 19th, that “hackers exfiltrated records of customer call and text interactions from May 1, 2022 to October 31, 2022” and also on January 2, 2023.

AT&T is in process of notifying nearly 110 million account holders of the cyber crime. Compromised records identify other phone numbers their customers interacted with including call duration, text counts and numbers texted. Although the hacker reportedly demanded $1,000,000 ransom, SecurityWeek reported that approximately $370,000 in bitcoin was wired in May to prevent the data from getting leaked.

The U.S. telecommunications company said that the FBI is investigating and at least one person has been arrested after data was copied from its workspace on a third-party cloud platform, Snowflake. Snowflake is a company with 9,800+ global customers, including Adobe, Honeywell, Mastercard and Pfizer and has been in the news frequently of late. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: markus-spiske-FXFz-sW0uwo-unsplash

Millions Potentially Exposed by Neiman Marcus Breach

Dallas-based Neiman Marcus Group (NMG), a luxury department store chain that includes Bergdorf Goodman, recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party named Snowflake. The company notified Maine’s Attorney General’s Office that the breach has impacted more than 64,000 customers. The company started mailing notification letters on June 24th. This is not the first cybersecurity incident for Neiman Marcus. Previous breaches are known to have occurred in 2013, 2015 and 2020 for the high-end retailer.

NMG disclosed the incident just as a hacker announced the sale of the database. According to SecurityWeek, although a ransom was demanded, the retailer refused to pay. SecurityWeek also reported that the database sold for $150,000 and allegedly includes information on 180 million users which is far more than the 64,000+ NMG reported. The hacker is now advertising 70 million transactions, 50 million customer email addresses, 12 million gift card numbers and six billion rows of customer shopping records, employee data and store information.

Campaigns have targeted at least 165 organizations associated with Snowflake cloud storage systems, such as Advance Auto Parts, Allstate, Anheuser-Busch, Mitsubishi, Progressive, State Farm and Ticketmaster. We expect to see a heightened volume of cybersecurity incidents surrounding Snowflake and will notify you as soon as we hear any further news. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].