New American Express Phishing Attack

New American Express Phishing Attack

A new form of phishing attack has recently targeted Amex cardholders and is more sophisticated than what experts have seen in the past. A phishing attack can arrive via email, text, social media message or even as a phone call and appears to be coming from someone you know (a person in your contact list or a company that you regularly interact with, such as your financial institution). According to the Identity Theft Resource Center, “the link embedded in the current American Express phishing attack comes via email and is two different parts. This way the hacker can insert malicious code into the link while also confusing the recipient’s antivirus software. Instead of warning about a harmful link, the software does not recognize it as malicious.”

 

How can you tell if an email is a phishing scam? The Amex email itself was very typical of a phishing attack – it was filled with grammatical errors including spelling and punctuation mistakes. Along with being on the lookout for language errors, here are some additional tips to keep in mind:

 

– Verify that the information is legitimate. If an email comes from your supervisor, call them and make sure. If an email comes from a company that you regularly do business with, ignore it and go directly to their website and check your account.

 

– Don’t click on a link or download an attachment from an email or message that you aren’t expecting.

 

– Double-check the sender’s address or the website address. For example, if it says, “AmazOn.com,” it is probably fake.

 

– Remember that caller ID is not trustworthy.

 

If you think you have received an American Express phishing email, don’t click on any of the links. The company suggests that you forward it to [email protected] so they can act to close down the phishing link. After the email is forwarded, delete it from your inbox.

 

Please call Guard Well Member Services at 888.966.4827 (GUARD) or email [email protected] if you feel you have been a victim of identity theft. We are always available for you – 24/7/365.

 

 

Flying This Summer? How to Prevent Juice Jacking

Flying This Summer? How to Prevent Juice Jacking

Vacations are indeed wonderful. Traveling to a new destination or to a familiar favorite locale is a treasured experience with memories that can last a lifetime. On the other hand, traveling on business might not be as fun, but it is a must for many. Going from point A to point B can be stressful at times. Weather, flight delays, overbooked flights, long layovers or not having enough time between flights causing you to miss your next connection … you name it, it can happen. Next thing you know, your device battery is getting low. So, what do you do? Is it safe to recharge at a public charging station? Not always.

 

Juice jacking is a type of cyber attack and typically involves public USBs. Public charging stations, such as those found in airports, train stations, hotel lobbies, and even your rental car, can make your personal data very vulnerable and open your device up to malware.

 

As reported in Forbes, a growing number of nation-state hackers have been training their sights on travelers. New research from IBM, in the 2019 IBM X-Force Threat Intelligence Index, reveals that the transportation industry has become a priority target for cybercriminals as the second-most attacked industry — up from tenth in 2017. Since January 2018, 566 million records from the travel and transportation industry have been leaked or compromised in publicly reported breaches.”

 

What steps can you take to prevent juice jacking from happening to you?

– Don’t leave home without a fully charged battery.

– Carry a charging cord with you so you can use a wall socket instead of a public USB.

– Purchase an external battery pack.

– Turn off your phone to save your battery when feasible.

– Learn how to optimize your device’s battery settings.

 

 

 

Two-factor Authentication Phishing  Scam

Two-factor Authentication Phishing Scam

Have you tried to log into an account of yours, such as your insurance or financial institution, and been told to confirm your identity in order to keep your credentials safe? You then receive a code either via text or email which is required for you to enter. Also known as 2FA, this SMS multi-step process has been the trusted security step to protect your accounts … until recently.

 

Unfortunately, there is an automated phishing attack on 2FA, which utilizes two tools: Muraena and NecroBrowser. Reported by Fortune, “The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber and NecroBrowser as the getaway driver.”

 

The attack was first demonstrated at the Hack in the Box Security Conference in Amsterdam last month. A video of the presentation was posted on YouTube on June 2nd bringing renewed attention to how hackers are getting better at penetrating extra layers of security, despite people using stronger tools, like 2FA.

 

So, what do you do? Do you still want to utilize SMS-based 2FA for your accounts? For the most part, the answer is yes.

 

Think of it like this. Say you want to put a lock on your front door to protect your home. Security professionals are arguing that the best type of lock available is way better than cheaper locks. Sure, makes sense. But if that more expensive lock isn’t available to you, isn’t having a cheaper lock still better than not having a lock at all?

 

As discussed on How-to-Geek’s website, there are some people who are more likely than others to be targeted by sophisticated hackers and should avoid using this SMS-based 2FA. For example, if you’re a politician, journalist, celebrity, or business leader, you could be targeted. Also, if you’re a person with access to sensitive corporate data, such as a system administrator, or just very wealthy, SMS may be too risky.

 

But, if you’re the average person with a Gmail or Facebook account and no one has a reason to spend a bunch of time getting access to your accounts, SMS authentication is fine and you should absolutely use it rather than using nothing at all.

 

If you suspect that your login credentials have been compromised, change your passwords as quickly as possible and report the website to the FTC and/or your identity theft resolution provider.

 

Sources:

https://conference.hitb.org/

https://Howtogeek.com/

 

 

Preventing a Mortgage Closing Scam

Preventing a Mortgage Closing Scam

Searching for a new home, can be as exciting as it is stressful, tedious and time-consuming. It will likely be one of your most memorable life moments, especially for first-time buyers. So when you do find that perfect home for you, your bid is accepted and the inspection comes back great, you and your family celebrate and start down the long check-list of things to do prior to your move.

 

As that closing date approaches, unfortunately, the risk of being a victim of a phishing scam does as well. The ultimate cost could be the loss of your entire life savings and there is usually not an insurance policy that will recover your money if this happens to you.

 

The FBI has reported that scammers are increasingly taking advantage of homebuyers with very complex, sophisticated schemes with reports of mortgage fraud rising over 1,100 percent each year. There was an estimated loss of nearly $1 billion in real estate transaction costs in 2017 alone.

 

How would mortgage fraud happen to you? Mortgage fraud, a sub-category of financial institution fraud (FIF), typically starts with a phishing email that appears to be coming from a trusted professional involved in your property purchase. The email claims to be notifying you of changes to your wiring instructions or that they had made a mistake and previously discussed the wrong wiring instructions with you. Wire fraud is so prevalent that many attorneys, lenders and realtors are starting to include a warning about it in their emails. “We do not accept or request wiring instructions or changes to wiring instructions via email. Always call to verify.” But, be wary that even phone conversations may be fraudulent.

 

What can you do to prevent mortgage fraud from happening to you? Consult the Consumer Financial Protection Bureau’s Mortgage Closing Checklist. Identity two trusted individuals involved in the closing process and have multiple ways for you to contact them. Real estate professionals suggest that you create a code phrase that is only known to the trusted parties involved in the transaction in case there is a need to confirm their identities in the future. Be mindful that email is never a secure way to send financial information or closing details.

 

What if mortgage fraud happens to you? Try to ask for a wire recall with your financial institution. Being swift in reporting the crime can greatly increase the likelihood of recovering your funds. Report the fraud to your identity theft resolution provider. Lastly, file a complaint with the FBI.

 

 

Sources:

https://www.fbi.gov/investigate/white-collar-crime/mortgage-fraud

https://consumerfinance.gov

 

Photo credit:

Tierra Mallorca via Unsplash

Ten Signs You Have Been a Victim of Identity Theft

Ten Signs You Have Been a Victim of Identity Theft

Identity theft is rampant. One in three data breach victims will experience fraud according to a 2018 study by Javelin Strategy & Research. The number of identity fraud victims in the United States alone is at 16.7 million with over $16.8 billion stolen. Read More

 

Do you know the latest signs of identity theft? Here are the top ten red flags that trouble is brewing:

– You receive a notice, either in the mail or via email, that you have been a part of a data breach.

– Your credit score quickly drops without explanation.

– Withdrawals from your bank account start to occur … and they are withdrawals that you haven’t scheduled or already made.

– Although you haven’t filed any insurance claims, your rates rapidly rise.

– Your Social Security statements aren’t matching your records.

– There are suspicious charges on your credit card.

– You are turned down for a loan or credit card unexpectedly.

– Your credit report shows accounts that you have not opened.

– Either federal, your state or local taxing authority alerts you to their receipt of multiple filings in your name.

– You receive a bill for an item or service that you have not purchased … and from a company that you have never done business with.

 

Have you experienced any of the above? If yes, contact a fraud resolution specialist immediately.

Quick Steps for Lost Wallet

Quick Steps for Lost Wallet

You know that flustered feeling when you can’t find your cell phone? Imagine if you had your driver’s license, ATM debit card and your AMEX in a pocket inside your phone. Not only would you have a lost wallet, but you would have a lost cell phone as well. Talk about panic.

There are many reasons why you should not carry every ID you have on you at any given point in time. Your Social Security card … should be in a safe. Your passport should be in there as well. If you own more than one credit card, don’t carry all of them in your wallet at the same time. Your health insurance card? Now, that’s a toss-up.

Before a lost wallet scenario could happen to you:

• Make a detailed list and/or keep photocopies of the contents in your wallet in a safe place (ideally in a home safe or bank lock box). Make sure phone numbers are included for your providers as well so you can swiftly contact your creditors if the moment arises.

What to do if you have a lost or stolen phone, wallet or both:

• Call your bank(s) immediately to report your debit and/or any credit cards as stolen. This is different from canceling or closing your credit cards, which can cause problems with your credit reports. “You’re only responsible for up to $50 in unauthorized purchases if you report a debit card as missing within two business days of the loss. But, if you wait more than two days (but less than 60), you could be on the hook for up to $500 in unauthorized purchases.
• Call your cell phone carrier if your lost wallet also included your phone. Service providers have tracking that can help trace the footsteps of your burglar as well as the ability to shut off any apps, suspend social media accounts and email for the time being.
• File a police report.
• Initiate a fraud alert on your credit report.
• Replace your driver’s license as soon as possible. Every state has different requirements for replacing a license. Some may ask you for a police report number if your ID has been stolen.

• IF your Social Security card was in your wallet (not recommended), contact the Social Security Administration immediately. They can send you a new card but they won’t give you a new number.

• Download a credit report. If you see anything you don’t recognize, call the IRS Identity Protection Unit 800.908.4490.

What types of cards and documents can be replaced?

It can be overwhelming when we think of everything that could be in our wallet. Your driver’s license, debit card, passport, military ID, health insurance card, Medicare/Medicaid, auto insurance card, US Visa or residency card, even retail store cards and any specialized license or driver’s permit all can be replaced, but it takes time.

It’s best to minimize what you carry with you. Our Lost Wallet service assists our Members in quickly and effectively terminating and re-ordering wallet contents. Our services include:

• Identifying missing documents.
• Contacting document issuers while Member is on call (if required by issuer).
• Cancelling of all lost cards and report documents missing.
• Completing the required forms and delivering to subscriber for completion.
• Initiating fraud affidavit and police reports for stolen wallets.
• Additional resolution calls based on the severity of issue, as needed

Don’t Let Identity Theft Become a Vacation Memory

Don’t Let Identity Theft Become a Vacation Memory

We all look forward to vacations … time off of work, fun with the family, a few days of laziness… but, when we are excited about buying sunscreen and new flip-flops, we need to remember that there are some other ‘things to do’ on our checklist to help keep our family and identities safe.

 

In addition to finding pet care, remembering your passport and making sure your lighting is on schedule, there are some pre-, during and post-trip items that you can do to help prevent identity theft from becoming a huge vacation memory. Just some small preventative measures like updating the operating system and antivirus software on your mobile devices can go a long way toward fending off a few identity thieves.

 

Before you leave home:

– Password protect your devices and update operating systems

– Alert your bank(s) about your travel plans

– Visit your post office and put your mail on a vacation hold

– Keep the number of credit cards you travel with to a minimum and have copies of your driver’s license, medical id cards, passports and travel confirmation numbers at home in a safe place

– Turn off auto-connect Wifi and Bluetooth connections

– Consider adjusting your social media account settings so posts aren’t tagged with GPS data

 

While out of town:

– Avoid using public Wifi and even your hotel’s if at all possible

– Do not use public computers

– Keep your travel documents in a hotel safe

– Log out of websites on your smart phone and any websites if you bring a laptop or other device with you on your trip

 

Upon your return home:

– Consider changing passwords for your major accounts

– Thoroughly go through your account statements for any irregularities

– Check your credit report to make sure no new accounts were opened in your name while you were away

 

We hope you have a wonderful vacation. Stay safe! If you are concerned that identity theft has happened to you, reach out to us immediately day or night at 888.966.GUARD (4827) or email us at [email protected].

Can You Spot When You’re Being Phished?

Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Phishing attacks “cost organizations $4.5 billion every year and over half of internet users get at least one phishing email per day,” according to Dell EMC.[1]

Tips to Identify Phishing:

  • Even if you recognize the display name (for example, the email is from your bank) and there is a generic salutation like “Dear Trusted Customer” instead of “Dear [your first name],” request that your institution verify the email was indeed from them.
  • Poor grammar in the body of any email is a red flag as are spelling mistakes.
  • Hover your mouse over any hotlinks in the email. If the link address has any type of spelling mistakes, highly likely the email is phishing.
  • Understand that the financial and insurance institutions you do business with will never ask for your credentials.
  • Don’t click on attachments. Take the extra minute or two to verify the information in the attachments.

What You Can Do:

  • If there is an opportunity for you to activate two-factor authorization, do so. Two-factor, also known as 2FA, is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.[2] If this feature is enabled, that is your best bet against phishing. Even if someone steals your password they won’t be able to access your account.
  • Check out Jigsaw, a Google offshoot, owned by Alphabet. Jigsaw is trying to teach the public on how to be more cautious. They recently released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. The quiz was created based on security training from journalists, activists and political leaders around the world. You can take the quiz by clicking

Phishing is a cybercrime. If you have been targeted, contact your identity theft resolution provider as soon as possible. Your personally identifiable information (PII) should be yours and yours alone.

[1] https://www.dellemc.com/en-us/index.htm

[2] https://en.wikipedia.org/wiki/Multi-factor_authentication

How A Data Breach Can Impact You

How A Data Breach Can Impact You

Many of us are familiar with the term ‘data breach.’ However, not all of us are too familiar with how impacting a data breach can be, both for you personally, and for your business.

What does it involve?
A data breach involves the release of secure or confidential information. This information is then shared in an often unknown and always untrusted environment. In most cases, if your company finds that a data breach has occurred, it will have involved your private data being stolen and shared via an unauthorized source. Additionally, some data breaches are caused due to intrusive or harmful software. This malware can further disrupt your IT and computer processes, and may even delete, hold to random or steal valuable business data.

What data can be stolen?
The information acquired could include:

  • Your personal information, such as Social Security number and contact information
  • Your financial information including bank account details
  • Health information of individuals
  • Intellectual property such as material your business has developed
  • Legal information
  • IT security data.

What could this mean for my business?
A data breach can leave you at risk with various results. Identity theft is common, for example, if the hackers decide to act upon the information they find. Below outlines a few other ways that a data breach can impact a company and why it can be so damaging to your business.

  • Revenue loss

Your business could suffer a significant revenue loss as a result of a security breach. A non-functional website could contribute to this, as customers will potentially look elsewhere if it appears your company isn’t up and running as standard. Work patterns are often disrupted with a data breach too, which can also have an effect on your overall output and revenue. In general, the primary damage of data breaches and cyber-attacks is the loss of money for a company or individual. It has been forecast, for example, that by 2021, cybercrime damages will cost the world $6 billion.

  • Brand Reputation

Your long-term reputation could be severely impacted by a data breach. A breach involving emails, for example, can set back your company due to the ongoing issues this could cause. Taking it one step further, the information about your customers is vital to keep safe, too. Breaches may often involve customer payment information. Many will take their business elsewhere, or be hesitant in the first place to trust your company with their information if they hear a data breach has recently occurred. Some data breaches can potentially shut the doors of your business and be hard to come back from.

  • Loss of intellectual property

As well as private information, a data hack can be taken one step further and may involve hackers targeting strategies, blueprints, and designs that are your company’s by right. Many small businesses think that they will not be affected by this; however, small businesses are often targeted more, quite simply because they are easier to hack. A loss of intellectual property can impact your business’ competitive edge, and take you back to square one if specific software is accessed, for example.  

What now?
If you are concerned about where your company stands with its online protection, then talk to us, as we can recommend solutions and protection for you and your employees, meaning you can rest assured knowing your company is in good hands.

The Lasting Impact of Fraud

The Lasting Impact of Fraud

Unfortunately, fraud and identity theft are crimes which do not appear to be slowing down, with an incredible 44% increase in the number of data breaches last year. It is a prevalent issue throughout the US, with the crimes affecting all areas of society from stay-at-home parents to multibillionaire corporations with an outstanding 16.7 million of American’s impacted in 2017 alone.

The majority of Americans know what fraud and identity theft is. After all, it’s something we are taught in school, and the steps to take to protect yourself are widely discussed. We know the importance of keeping private data exactly that – private. What is less commonly known, however, is the lasting impact this terrible crime has for those who feel its effects. Often, the waves caused by identity theft and fraud can be lifelong, which can be categorized into two main pillars.

Financially

Perhaps one of the more well-known issues which arise due to identity theft is our financial wellbeing and stability. The damage this crime can do to your financial future can impact every area of your life, from your mortgage and rent payments, your retirement fund, even your child’s educational future. If a criminal accesses the pot of money you’ve saved to send your little one to college, the chances of recovering the amount is extremely slim.

Identity theft will also affect an individual’s credit rating, which then impacts on their financial future indefinitely. A low credit score can prevent you from being accepted for a mortgage, receiving investment for a new business, allowing you to take out finance for a new car, being rejected for a rental agreement, and so on. One way to protect your credit rating, however, is to ensure you regularly check it. This way, any anomalies you discover can be addressed sooner rather than later, minimizing the potentially damaging impact.

Similarly, if an identity thief gets their hands on your Social Security number, there’s no stopping them from committing Tax Refund Identity Theft, which means that sum of money you were looking forward to receiving is lost. The numbers for Social Security number data breaches is astounding: 158 million numbers were exposed in 2017. When a thief has hold of your Social Security number, it’s not something you can ignore or forget about; this number can then be sold on the dark web, potentially even years after the data breach has occurred. To recover from this specific identity theft, you will need to work closely with experts, and even the government.

Emotionally

There’s no denying that identity theft is an incredibly challenging and stressful situation to be in. The impact it has on your emotional well-being can be felt throughout the whole family. The most common emotional responses to fraud and identity theft include:

  • Anger
  • Shock
  • Guilt
  • Stress
  • Anxiety
  • Helplessness
  • Panic
  • Loss of confidence and self-worth

As this particular crime is one which there’s no way to predict, and often, it goes unnoticed for a period of time, the shock alone can trigger a horrible emotional response, one which doesn’t simply go away after a set amount of time. The emotional toll can play on a victim’s mind for many years. Anger is especially prevalent, but it is not always directed solely at the thief. It is common for victims of identity theft to blame themselves, and sometimes even blame family members. This blame then creates a domino effect, with a victim’s self-worth and confidence taking a knock, becoming especially anxious whether this crime could affect them again.

To Conclude

Unfortunately, identity theft and fraud appear to be growing in numbers, rather than decreasing. While this is a worrying statistic, there are ways to protect yourself against the unscrupulous individuals who seek to steal your data. By working with privacy experts, such as our team of specialists, you can resolve any worries and fears, recover any identity thefts, and work tirelessly to ensure it doesn’t happen again.