Holiday Scams: Don’t Let Them Steal Your Cheer

Holiday Scams: Don’t Let Them Steal Your Cheer

The holidays are a time for joy, but scammers are working overtime to turn your festive spirit into frustration. Here are three popular scams making the rounds this season with tips to keep your holiday merry and bright.

The Bourbon Scam

Here’s the scene: you’ve been hunting for a bottle of rare bourbon … something like Pappy Van Winkle … to impress the in-laws. Then, like a holiday miracle, you spot it online at a price that’s almost too good to be true. Here’s the gist: it is! Scammers lure bourbon lovers with fake websites or ads, promising rare bottles at bargain prices. The result? No bourbon, and a bank account that’s taken a hit.

How to Keep Your Bourbon Dreams From Going Up in Smoke:

– Only buy from reputable retailers or distilleries.

– If the price seems suspiciously low, it’s probably a scam. (No one is going to be selling Pappy for the cost of a gas station’s whiskey).

– Research websites before purchasing. Your wallet will thank you.

 

The Fake Gift Kit Scam

Who doesn’t love a good gift kit during the holidays? They’re simple, smart and scammers are hoping you don’t realize it’s a cover for them. They prey on unsuspecting shoppers with ads for “luxury skincare kits,” “gourmet gift baskets,” or other must-have bundles. You pay, and then what do you receive? Either nothing at all or a cheap knockoff that wouldn’t fool even your dog.

How to Avoid Getting Fooled:

– Shop from reputable sellers or well-known brands and verify the legitimacy of their website.

– Be skeptical of unsolicited ads offering steep discounts.

– Pay with a credit card so you can dispute fraudulent charges.

 

The Online Pet Adoption Scam

Few things warm the heart like the thought of bringing a new furry friend home for the holidays. I have tried very hard not to adopt a new kitty this holiday so I totally understand the desire. Scammers know we are weak for new fur babies and set up fake listings for puppies or kittens in need of a home. They’ll tug at your heartstrings, ask for payment upfront for adoption fees or transportation, and then vanish, leaving you with nothing but disappointment.

How to Protect Your Heart (and Wallet):

– Insist on meeting the pet in person before making any payments. At a minimum, ask to Facetime with them before meeting up.

– Research breeders (or rescue organizations) thoroughly. Ask for recommendations from neighbors, family and friends.

– Be cautious of unusually low adoption fees or emotional pleas.

– Use a secure payment method. Credit cards offer better fraud protection than wire transfers or gift cards.

 

Cheers to a scam-free holiday! Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. And remember, we are never closed on a holiday! Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Peter Zhang via unsplash.com.

Keeping Your Holidays Happy and Fraud-free

Keeping Your Holidays Happy and Fraud-free

Yes, it’s that wonderful time of year. The holidays are quickly approaching … and at lightning speed! Will you be traveling to see family in the next few weeks? Or, maybe you’ll be skipping off to a great vacation instead of decking the halls? Whatever your plans are, having time off of work, fun with friends and family, and hopefully a few days of laziness … are wonderful to look forward to. But, when we are caught up in the excitement about buying those last-minute gifts (or sunscreen and new flip-flops), we need to remember that there are some other ‘things to do’ on our checklist to help keep our family and identities safe during this special time of year.

In addition to stopping the mail, finding that special neighbor with a green thumb to water your plants, and arranging for pet care for your fur babies, there are some ‘before your trip’ actions you can take to help prevent identity theft from becoming a huge holiday memory. Just some small preventative measures, such as updating the operating system and antivirus software on your mobile devices, can go a long way toward fending off a few identity thieves. Below are some tips for what you can do before you leave home, as well as while you’re away and after your return.

Before you Leave Home:

– Password protect your devices and update operating systems. Add multi-factor authentication where available.

– Alert your bank(s) about your travel plans.

– Visit your post office and put your mail on a vacation hold.

– Keep the number of credit cards you travel with to a minimum and have copies of your driver’s license, medical id cards, passports and travel confirmation numbers at home in a safe place.

– Turn off auto-connect Wifi and Bluetooth connections.

– Consider adjusting your social media account settings so posts aren’t tagged with GPS data. Best practice is to avoid posting vacation pics while on vacation.

While Out of Town:

– Avoid using public Wifi and even your hotel’s Wifi if at all possible.

– Do not use public computers

– Keep your travel documents in the hotel room safe.

– Log out of websites on your smart phone and any websites if you bring a laptop or other device with you on your trip.

Upon Your Return Home:

– Consider changing passwords for your major accounts.

– Thoroughly go through your account statements for any irregularities.

– Check your credit report to make sure no new accounts were opened in your name while you were away.

 

We hope you have a wonderful holiday season! If you suspect identity theft or fraud, please contact us immediately at 888.966.GUARD (4827) or email [email protected]. Day or night, we’ve got your back and will always be open for you.

Rite Aid Breach Alert Impacts Millions

Rite Aid Breach Alert Impacts Millions

Our security teams have recently discovered large data set(s) of compromised cyber elements on the Dark Web from the Rite Aid ransomware attack. Rite Aid, a Pennsylvania-based pharmacy and online store, is the third-largest pharmacy chain in the United States. The company’s security incident notice reported that “in early June 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems.”

The attackers are linked to RansomHub, a ransomware group that has made plenty of news in the past. Rite Aid detected the cybersecurity event within 12 hours and sent a notice of the data breach to its customers stating that any purchases made from June 6, 2017 to July 30, 2018 could be compromised.

The breach size is over 12 million. Data exposed includes names, addresses, dates of birth, driver’s license numbers or other government-issued IDs and Rite Aid rewards numbers. The company reported confirmed that no social security numbers, financial information or patient information was impacted by the incident. READ MORE

Guard Well Identity Theft Solutions exists to protect you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Erfan Parhizi via unsplash.com

Phone Call Scam Alert: Never Answer to these Four Words

Phone Call Scam Alert: Never Answer to these Four Words

Phone scams are becoming increasingly sophisticated, but one of the simplest traps involves a scammer asking you these four innocent words: “Can you hear me?” Answering “yes” could unknowingly put you at risk.

Here’s how it works: Scammers record your voice and use your verbal consent to authorize fraudulent charges on your credit card, utility bills or other accounts. By capturing your “yes,” they can confirm a login and claim you agreed to purchases or services you never requested.

Along with being cautious with every call (and thinking before you speak):

– Avoid answering unfamiliar calls. If you don’t recognize the number, let it go to voicemail.

– Understand that there are chatbots and artificial intelligence (AI). With AI technology, a person’s voice can be mimicked where it becomes very hard to tell the difference between a real person and a machine. There is a newer version of the phone scam that starts with a line like “I’m sorry, I’m having issues with my headset..” just so you think that a real live person is on the other end. Don’t fall for it.

– Never say “yes” or give out personal information. If someone asks, “Can you hear me?” or other questions, hang up immediately.

– Sign up for the National Do Not Call Registry and consider using a call-blocking app.

– Report the call to the Federal Trade Commission (FTC). By sharing the scammer’s phone number, the FTC can track and block illegal callers.

Contact us immediately if you do accidentally fall for a phone call scam. We also suggest that you change your passwords and enable two-factor authentication when available. Although they might be easier to remember, try to resist the urge to use the same password across multiple accounts.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo credit: John Tuesday via unsplash.com.

 

Protect Yourself from Hurricane and Flooding Scams

Protect Yourself from Hurricane and Flooding Scams

In the aftermath of hurricanes and floods, it’s crucial to stay vigilant – not just about physical recovery, but also about potential scams. Fraudsters target disaster victims when they’re most vulnerable, using various methods to steal money or personal information. Likewise, opportunistic scammers often take advantage of those not directly impacted by the storm, but who want to help those in peril.

Scam activity spikes significantly after major storms hit. In 2022, the aftermath of Hurricane Ian saw a sharp rise in fraud with the Federal Trade Commission (FTC) warning about fake contractors, Federal Emergency Management Agency (FEMA) impersonators and donation scams costing Americans billions. Similar trends in scams were also seen after Tropical Storm Hillary in 2023. And now we have the aftermaths of Hurricanes Helene and Milton. North Carolina’s Gov. Roy Cooper’s administration noted that there are at least “a record $53 billion in damages and recovery needs in western North Carolina alone.”

Here are some things you can do to help protect yourself from disaster scams:

Verify contractor licenses and avoid upfront payments. Scammers are good actors who impersonate contractors. It is critical to check credentials and references before hiring an individual or company to repair property. Don’t fall for a seemingly quick fix and/or low rates.

Avoid FEMA scams. Criminals apply to FEMA for assistance using names, addresses and social security numbers they have stolen. If someone claiming to be from FEMA knocks on your door, remember that real officials carry photo identification badges and they do not charge for any services including filling out an application. Likewise, FEMA officials are not authorized to gather any personal financial information. If someone promises a disaster grant in return for full payment, that’s a scam and you should contact your state’s attorney general office or police.

Watch out for donation scams. It is suggested to only donate money to trusted organizations like the Red Cross https://www.redcross.org/. If you are solicited and unsure of an organization, check the ratings with the Better Business Bureau, search the word “scam” with the organization’s name and read online reviews. To verify that a website is legitimate, make sure the URL begins with “https://” which communicates that any information you provide is encrypted and transmitted securely. If you do donate, use a credit card. Also remember that no legitimate agency will pressure you to donate. Read More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available to you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo credit: NASA under license via unsplash.com.

SSA Long Con Scams on the Rise

SSA Long Con Scams on the Rise

In recent months, there has been an alarming increase in long con scams targeting Social Security Numbers (SSNs). These scams are designed to steal sensitive personal information and exploit individuals through highly orchestrated and deceitful tactics. According to the Social Security Administration Office of the Inspector General (SSA OIG), scammers are evolving their methods, and many of these cons are becoming harder to detect.

Last month the Inspector’s General Office released that scammers are compounding tactics by using fake Amazon or PayPal tech support emails and text messages who will try to convince you that your SSN or record is compromised. Considering the enormous size of nationalpublicdata.com’s breach this spring and summer (to the tune of 2.9 billion records), we understand that this topic can be very confusing to navigate. Learn More

Knowledge is power. Here’s what you need to know about the growing trend and how you can protect yourself.

What is a Long-Con Scam?

A long-con scam is a method of deception that unfolds over a long period of time. Unlike quick-hit frauds, where scammers make a direct attempt to steal your information or money in one go, long-con scams involve establishing a sense of trust with the victim. Scammers often impersonate official entities—like the SSA—over weeks or months to gradually build credibility, making their eventual fraudulent activities more convincing. Scams often end with an in-person meeting with an individual either who is part of the scheme or an unsuspecting participant, such as an Uber driver, during which the target turns over gold, cash, a crypto wallet or some other currency for “safe keeping” at the direction of the imposter SSA OIG federal agent.

How Are Scammers Exploiting SSNs?

SSNs are one of the most valuable pieces of personal information for identity theft. Once scammers have your SSN, they can open new credit lines, file false tax returns, and even gain access to your financial accounts. Here’s how these long-con scammers operate:

1. Impersonation of Government Officials: One common tactic is to pose as representatives from the Social Security Administration (SSA) or even the SSA OIG. Scammers contact victims via phone, email or mail, claiming that there is an issue with their SSN, such as fraudulent activity or that their benefits are being suspended.

2. Phony Documentation and Fake Websites: Scammers often direct victims to fake websites or send fabricated official documents that look legitimate. These documents might appear as “official” notifications, containing seals or logos of government agencies. Over time, the victim may be asked to “verify” their SSN or other personal information.

3. Threats and Intimidation: Scammers may claim that if the victim does not act immediately, their benefits will be suspended, or they will face legal consequences. The urgency creates pressure and confusion, making victims more likely to comply without questioning the legitimacy of the request.

4. Financial Manipulation: In some cases, the scammer will slowly gain access to the victim’s financial accounts by claiming they need to “safeguard” their funds or by having them pay fees to avoid legal trouble. Since this happens over time, it can be difficult for the victim to recognize they are being defrauded.

Red Flags to Watch Out For

While these scams can be highly sophisticated, there are several warning signs to be aware of:

1. Unexpected Calls or Emails from the SSA: The SSA typically communicates by mail and rarely makes unsolicited phone calls, especially about sensitive information like your SSN or benefits. Be suspicious if someone contacts you out of the blue claiming to be from the SSA or the SSA OIG.

2. Pressure to Act Immediately: Scammers often use scare tactics, telling you that you need to act fast to prevent legal action or benefit suspension. Government agencies do not operate this way; they give ample time for recipients to respond to any issues.

3. Requests for Personal Information: No government agency will ask you for your SSN or banking information over the phone or via email. If someone asks for this information, hang up or ignore the email.

4. Financial Requests: Be wary of anyone asking you to transfer money, pay a fine, or safeguard your assets through unusual means, such as wire transfers or gift cards. This is a hallmark of scam operations.

5. Unfamiliar Websites or Emails: Always double-check the URL and authenticity of websites claiming to be official. Scammers will create sites that look very similar to legitimate government sites, but subtle differences in the URL or design can give them away.

How to Protect Yourself

– Verify the Source: If you receive a suspicious call, letter, or email, do not respond immediately. Contact the SSA directly through their official channels to verify whether the communication is legitimate.

– Monitor Your Accounts: Regularly check your financial accounts and credit reports for any signs of unauthorized activity. If you spot something suspicious, report it immediately.

– Report Activity: If you suspect that you have been contacted by a scammer and fallen victim by accidentally clicking on a link or giving out personal identifying information (PII), contact us immediately so we can decide on what steps should be taken. In addition to placing an immediate fraud alert on your credit file, a credit freeze may be merited.

– Be Educated and Spread Awareness: Staying informed about these scams is key to protecting you. The more people who are aware of these tactics, the harder it becomes for scammers to operate. Share this information with your family and friends, especially those who may be more vulnerable to these kinds of attacks, like the elderly.

As long-con scams targeting SSNs continue to rise, it’s crucial to stay vigilant. Always be cautious of unsolicited communications, double-check the legitimacy of claims, and never share sensitive information without verifying the source. The SSA and its Office of the Inspector General are actively working to combat these scams, but your personal awareness is the first line of defense.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Unsplash.com FLY:D

NationalPublicData.com Breach Exposes 2.9 Billion SSNs: Protect Yourself

NationalPublicData.com Breach Exposes 2.9 Billion SSNs: Protect Yourself

We previously reported last month that NationalPublicData.com, a widely-used public data aggregation platform, had suffered a massive system breach, exposing 2.9 billion Social Security Numbers (SSNs). This incident marks one of the largest data breaches in history, leaving millions vulnerable to identity theft and fraud.

As details continue to unfold, it’s important to understand what happened, what this breach means for you, and how you can protect yourself in the aftermath.

What Happened?

This summer, NationalPublicData.com, which aggregates and provides access to public records, announced that its database had been compromised by an external party. NationalPublicData.com serves a range of industries and businesses, including financial institutions, insurance companies, and government agencies. The breach affected an enormous volume of personal data, including 2.9 billion SSNs, full names, addresses, and other sensitive information. Given the scale, this breach impacts a significant portion of the global population, as the platform collects data from various sources worldwide.

Initial reports suggest that the breach was a result of a vulnerability in the system’s database security, which hackers were able to exploit. NationalPublicData.com has since launched an investigation and is working with cybersecurity experts to understand the full scope of the breach. However, the exposed data is already circulating on dark web forums, increasing the urgency for those affected to take immediate action.

Why is This Breach So Concerning?

The exposure of 2.9 billion SSNs is particularly alarming because of how SSNs are used in the United States and other countries as a primary identifier. With access to an individual’s SSN, cybercriminals can:

– Open new credit accounts: Fraudsters can use your SSN to open credit cards, loans, or other financial accounts in your name, leading to financial chaos.
– File fraudulent tax returns: Identity thieves can use stolen SSNs to file fraudulent tax returns and claim refunds in your name.
– Gain access to medical records: With an SSN, criminals can access healthcare records or commit medical fraud.
– Commit employment fraud: Stolen SSNs can be used to obtain jobs under your identity, which can create problems with the IRS and impact your credit report.

Beyond these financial and personal risks, this breach could lead to widespread identity theft, damaging the reputations of both individuals and businesses.

What Should You Do If You’re Affected?

If you are one of the millions who have received a CyberAgent Dark Web monitoring alert from us, please read the alert in entirety as it will include a list of recommended actions to take. Remember that an alert is sent when our surveillance technology has discovered information on the internet that matches up to your monitored identity elements. Multiple alerts could mean multiple monitored identity elements were found on various sites. Personal information exposed on the dark web does not necessarily mean your information has been used fraudulently. The actions recommended are proactive steps to prevent any potential risk.

We suggest that you make a practice to do the following:

– Monitor Your Financial Accounts: Keep a close eye on your bank accounts, credit cards, and other financial records for any suspicious or unauthorized transactions. Consider setting up alerts to notify you of any unusual activity

– Change Your Passwords Regularly: While SSNs are the primary concern, it’s a good idea to update your passwords for any accounts linked to NationalPublicData.com or other platforms that store sensitive data. Use strong, unique passwords and consider enabling two-factor authentication (2FA) where possible.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo credit courtesy: Uriel SC via Unsplash.com

110 Million AT&T Call & Text Logs Stolen

110 Million AT&T Call & Text Logs Stolen

Last Friday, July 12th, Telecom giant AT&T revealed that they experienced a data breach impacting nearly all of their wireless customers. The company announced on April 19th, that “hackers exfiltrated records of customer call and text interactions from May 1, 2022 to October 31, 2022” and also on January 2, 2023.

AT&T is in process of notifying nearly 110 million account holders of the cyber crime. Compromised records identify other phone numbers their customers interacted with including call duration, text counts and numbers texted. Although the hacker reportedly demanded $1,000,000 ransom, SecurityWeek reported that approximately $370,000 in bitcoin was wired in May to prevent the data from getting leaked.

The U.S. telecommunications company said that the FBI is investigating and at least one person has been arrested after data was copied from its workspace on a third-party cloud platform, Snowflake. Snowflake is a company with 9,800+ global customers, including Adobe, Honeywell, Mastercard and Pfizer and has been in the news frequently of late. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: markus-spiske-FXFz-sW0uwo-unsplash

Millions Potentially Exposed by Neiman Marcus Breach

Dallas-based Neiman Marcus Group (NMG), a luxury department store chain that includes Bergdorf Goodman, recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party named Snowflake. The company notified Maine’s Attorney General’s Office that the breach has impacted more than 64,000 customers. The company started mailing notification letters on June 24th. This is not the first cybersecurity incident for Neiman Marcus. Previous breaches are known to have occurred in 2013, 2015 and 2020 for the high-end retailer.

NMG disclosed the incident just as a hacker announced the sale of the database. According to SecurityWeek, although a ransom was demanded, the retailer refused to pay. SecurityWeek also reported that the database sold for $150,000 and allegedly includes information on 180 million users which is far more than the 64,000+ NMG reported. The hacker is now advertising 70 million transactions, 50 million customer email addresses, 12 million gift card numbers and six billion rows of customer shopping records, employee data and store information.

Campaigns have targeted at least 165 organizations associated with Snowflake cloud storage systems, such as Advance Auto Parts, Allstate, Anheuser-Busch, Mitsubishi, Progressive, State Farm and Ticketmaster. We expect to see a heightened volume of cybersecurity incidents surrounding Snowflake and will notify you as soon as we hear any further news. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Gamers Hit with Social Engineering Attack

Gamers Hit with Social Engineering Attack

Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.

The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employee. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More

If the term ‘social engineering attack’ is new to you … you are not alone.

Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.

Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:

– Phishing – fraud, impersonation and old-fashioned blackmail.

– Baiting – fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”

– Pretexting – this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.

– Spear Phishing – this is a very targeted email attack on specific employees (or sometimes organizations as a whole).

Tips:

– Only click on URLs that begin with https.

– Enable multi-factor authentication when available.

– Use a spam filter.

– Use a pop-up blocker.

– Do your research and check if a website or contact is legit.

– Never insert a USB into your device unless you know and trust exactly who it is from.

– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.

Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com