Scams, Scams and More Darn Scams

Scams, Scams and More Darn Scams

Did you know that there are at least 48 different types of identity theft and the number of scams involved in each is growing daily? Romance scams, residence scams, utility scams, employment scams, telephone scams, email scams, charity scams, Apple care scams, AirBNB scams, PayPal scams, census scams, ticket scams, government scams, medical scams, insurance scams, real estate scams, investment scams, lottery and sweepstakes scams … there really isn’t one facet of our lives that isn’t ‘scam-able.’ As the weather turns colder, it kind of makes you want to curl up under an electric blanket and hibernate for a bit doesn’t it!

 

Although everyone with a social security number is at risk for identity theft, there are two groups that are targeted more often: children and seniors. The U.S. Department of Health & Human Services has studied why. They explain, “Children are targeted to establish a ‘clean slate.’ Seniors are targeted over the telephone and through phishing scams. Some studies suggest that people become more trusting as they age, which helps to explain why it’s more difficult for older adults to detect fraudsters.”

 

The next high-risk group that follows children and seniors are the military mostly due to deployment, which impacts their ability to respond to a threat in a timely manner. According to the Federal Trade Commission, military consumers are most affected by credit card and bank fraud. Another high-risk group is identity theft repeat victims. As reported in Consumer Affairs, “people who have previously been affected by identity theft are at a greater risk for future identity theft and fraud.” According to the Center for Victim Research, “7-10% of the U.S. population are victims of identity fraud each year and 21% of those experience multiple incidents of identity theft.”

 

Lastly, the deceased are targeted. Stealing a dead person’s identity, commonly known as “ghosting,” will often go unnoticed by surviving family for months or years. A report dating from 2012 stated that 2.5 million deceased American identities are stolen each year. Of those 2.5 million stolen identities, 800,000 were used to open lines of credit or get a mobile phone plan.

 

Fraudsters oftentimes repeat their favorite most lucrative scams, which are driven by major financial life moments, such as taxes and holiday shopping. Yes, it’s getting to be that time of year, and, guess what … the world’s largest online retailer, Amazon, is seeing a huge increase in fake Amazon.com order cancellation scams. If you receive an email about an order cancellation from Amazon, there’s a good chance it’s a scam. Click on links in the email and you could unintentionally download malware onto your device. Or you might be sent to a site that aims to collect your Amazon account information, like your username and password. If you receive such an email and recently placed an order, go to Amazon.com directly to check your order status.

 

Most of our blogs offer tips to help protect yourself and your family from identity theft. There is one tip in this blog: Remain aware of scams and that they can touch every facet of your life. By staying in-the-know, you can help every month be National Cybersecurity Awareness month … not just October.

 

If you suspect that you or a loved one has suffered identity theft, please reach out to us as soon as possible. Our Guard Well member services team is available around the clock, every day of the year. Email memberservices@guardwellid.com or call 888.966.GUARD (4827) for help.

Accidentally Clicked on a Phishing Link – Now What

Accidentally Clicked on a Phishing Link – Now What

You know that searing flush-faced feeling when you pretty much know you made a mistake with a slip of the finger? Sometimes it’s sending a text too soon or responding to an email without editing your response. Other times it’s when you click on something you likely shouldn’t have … and then the “uh oh” escapes … and then the big sigh.

 

When we multitask, whether it is at work or at home, we do tend to slip up at times and open something that we shouldn’t. Then enters adware, malware, ransonmare, spyware, and whatever-else-is-next-ware into our lives.

 

Oops! Now what?

 

There are some imperative steps to take to alleviate harm to you and/or the network you may be connected with:

– Try not to panic. This happens to everyone. Antivirus and anti-malware will come into play and you will need to have a full system scan. But first …

– End the session immediately by turning off Wi-Fi, unplugging from an ethernet cable or completely shutting down all of your devices.

– Initiate a back up of your files. Since you won’t be connected to the internet at this point, you won’t be able to accomplish this to the cloud. Having an external drive, DVD or thumb drive are always nice to have on hand during times like these.

– Change your login/password to email account(s) and enable two-factor authentication if this hasn’t already occurred.

– If you are employed by a company or organization, reference your manual and let your network administrator know of the potential issue.

– After all is said and done, check your antivirus/anti-malware software and run a full scan.

 

Being informed of what steps you may need to take before a slip up happens can help ease the potential damage (and your stress level) if it does. As always, if you need help or have any concerns, we are available 24/7/365 for you.

Guarding Against Business Identity Theft

Guarding Against Business Identity Theft

Individuals aren’t the only targets for identity theft. Corporate, also known as commercial identity theft, saw a 46% increase last year according to the National Cybersecurity Society (NCSS). Although businesses of all sizes are at risk, small businesses are particularly vulnerable. “Small business identity theft—stealing a business’ identity to commit fraud—is big business for identity thieves,” remarks Mary Ellen Seale, CEO of NCSS.

 

She explains, “Unlike larger corporations, small businesses don’t always have the required security controls in place to detect and deter fraudulent activity, which can make them easier targets. There is also a general unawareness, among large and small businesses alike, of the magnitude of the threat and the devastating effects that business identity theft can have.”

 

Stealing an organization’s identity takes a lot less work than one might think. State laws require the public disclosure of proprietary business information in annual reports, names and addresses of key company personnel as well as the employee identification number (EIN). All of this information can be used by thieves to apply for a line of credit or loan as well as intercept business credit card information.

 

What can business owners do to help mitigate their risk?

– Educate your employees about phishing scams. Phishers aren’t just targeting your business … they are grabbing your customers, employees, partners and vendors. Make sure your employees know what red flags to look for when they receive an email that is asking for an action from them. Examples include bad grammar, mispelled words, links to unfamiliar websites and attachments.

– Don’t post sensitive company information on your website.

– Stay on top of computer security updates.

– Check your credit reports regularly.

– Follow the IRS new procedures to protect businesses. Visit https://www.irs.gov/individuals/identity-theft-guide-for-business-partnerships-and-estate-and-trusts for detailed information.

– File your company’s annual report on time and regularly check the secretary of state’s website. Keep in mind that if you operate your business in more than one state, each state may have their own due date.

 

Unfortunately, identity theft is here to stay. With the number of incidents growing each year, and financial losses piling up, it’s more important than ever for businesses to be vigilant. Do you have an anti-phishing plan for your business? Please contact us if you need assistance developing one or educating your employees about the topic.

New American Express Phishing Attack

New American Express Phishing Attack

A new form of phishing attack has recently targeted Amex cardholders and is more sophisticated than what experts have seen in the past. A phishing attack can arrive via email, text, social media message or even as a phone call and appears to be coming from someone you know (a person in your contact list or a company that you regularly interact with, such as your financial institution). According to the Identity Theft Resource Center, “the link embedded in the current American Express phishing attack comes via email and is two different parts. This way the hacker can insert malicious code into the link while also confusing the recipient’s antivirus software. Instead of warning about a harmful link, the software does not recognize it as malicious.”

 

How can you tell if an email is a phishing scam? The Amex email itself was very typical of a phishing attack – it was filled with grammatical errors including spelling and punctuation mistakes. Along with being on the lookout for language errors, here are some additional tips to keep in mind:

 

– Verify that the information is legitimate. If an email comes from your supervisor, call them and make sure. If an email comes from a company that you regularly do business with, ignore it and go directly to their website and check your account.

– Don’t click on a link or download an attachment from an email or message that you aren’t expecting.

– Double-check the sender’s address or the website address. For example, if it says, “AmazOn.com,” it is probably fake.

– Remember that caller ID is not trustworthy.

 

If you think you have received an American Express phishing email, don’t click on any of the links. The company suggests that you forward it to spoof@americanexpress.com so they can act to close down the phishing link. After the email is forwarded, delete it from your inbox.

 

Please call Guard Well Member Services at 888.966.4827 (GUARD) or email memberservices@guardwellid.com if you feel you have been a victim of identity theft. We are always available for you – 24/7/365.

 

 

Two-factor Authentication Phishing  Scam

Two-factor Authentication Phishing Scam

Have you tried to log into an account of yours, such as your insurance or financial institution, and been told to confirm your identity in order to keep your credentials safe? You then receive a code either via text or email which is required for you to enter. Also known as 2FA, this SMS multi-step process has been the trusted security step to protect your accounts … until recently.

 

Unfortunately, there is an automated phishing attack on 2FA, which utilizes two tools: Muraena and NecroBrowser. Reported by Fortune, “The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber and NecroBrowser as the getaway driver.”

 

The attack was first demonstrated at the Hack in the Box Security Conference in Amsterdam last month. A video of the presentation was posted on YouTube on June 2nd bringing renewed attention to how hackers are getting better at penetrating extra layers of security, despite people using stronger tools, like 2FA.

 

So, what do you do? Do you still want to utilize SMS-based 2FA for your accounts? For the most part, the answer is yes.

 

Think of it like this. Say you want to put a lock on your front door to protect your home. Security professionals are arguing that the best type of lock available is way better than cheaper locks. Sure, makes sense. But if that more expensive lock isn’t available to you, isn’t having a cheaper lock still better than not having a lock at all?

 

As discussed on How-to-Geek’s website, there are some people who are more likely than others to be targeted by sophisticated hackers and should avoid using this SMS-based 2FA. For example, if you’re a politician, journalist, celebrity, or business leader, you could be targeted. Also, if you’re a person with access to sensitive corporate data, such as a system administrator, or just very wealthy, SMS may be too risky.

 

But, if you’re the average person with a Gmail or Facebook account and no one has a reason to spend a bunch of time getting access to your accounts, SMS authentication is fine and you should absolutely use it rather than using nothing at all.

 

If you suspect that your login credentials have been compromised, change your passwords as quickly as possible and report the website to the FTC and/or your identity theft resolution provider.

 

Sources:

https://conference.hitb.org/

https://Howtogeek.com/

 

 

Preventing a Mortgage Closing Scam

Preventing a Mortgage Closing Scam

Searching for a new home, can be as exciting as it is stressful, tedious and time-consuming. It will likely be one of your most memorable life moments, especially for first-time buyers. So when you do find that perfect home for you, your bid is accepted and the inspection comes back great, you and your family celebrate and start down the long check-list of things to do prior to your move.

 

As that closing date approaches, unfortunately, the risk of being a victim of a phishing scam does as well. The ultimate cost could be the loss of your entire life savings and there is usually not an insurance policy that will recover your money if this happens to you.

 

The FBI has reported that scammers are increasingly taking advantage of homebuyers with very complex, sophisticated schemes with reports of mortgage fraud rising over 1,100 percent each year. There was an estimated loss of nearly $1 billion in real estate transaction costs in 2017 alone.

 

How would mortgage fraud happen to you? Mortgage fraud, a sub-category of financial institution fraud (FIF), typically starts with a phishing email that appears to be coming from a trusted professional involved in your property purchase. The email claims to be notifying you of changes to your wiring instructions or that they had made a mistake and previously discussed the wrong wiring instructions with you. Wire fraud is so prevalent that many attorneys, lenders and realtors are starting to include a warning about it in their emails. “We do not accept or request wiring instructions or changes to wiring instructions via email. Always call to verify.” But, be wary that even phone conversations may be fraudulent.

 

What can you do to prevent mortgage fraud from happening to you? Consult the Consumer Financial Protection Bureau’s Mortgage Closing Checklist. Identity two trusted individuals involved in the closing process and have multiple ways for you to contact them. Real estate professionals suggest that you create a code phrase that is only known to the trusted parties involved in the transaction in case there is a need to confirm their identities in the future. Be mindful that email is never a secure way to send financial information or closing details.

 

What if mortgage fraud happens to you? Try to ask for a wire recall with your financial institution. Being swift in reporting the crime can greatly increase the likelihood of recovering your funds. Report the fraud to your identity theft resolution provider. Lastly, file a complaint with the FBI.

 

 

Sources:

https://www.fbi.gov/investigate/white-collar-crime/mortgage-fraud

https://consumerfinance.gov

 

Photo credit:

Tierra Mallorca via Unsplash