8.4B Passwords & 25M Records Stolen

8.4B Passwords & 25M Records Stolen

Just recently our security team found two new breaches involving 25,000,000 stolen records and that 8.4 billion passwords have been stolen and sold on the dark web. We see these breaches all the time. The reality is that out of the 8.5 billion IP addresses worldwide, 3.5 billion of them are malware. That’s correct! Almost half of the worldwide web is created to commit fraud. That’s why we have proudly built a strong partnership with industry powerhouse Experian who jointly provides our member’s identity protection, support, and complete resolution service.

 

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. It has been a pleasure protecting America’s workforce for the last decade. We look forward to many years and much more growth to come!

 

Be vigilant. Be Strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

Photo courtesy of unsplash.com Bermix Studios

How to Avoid Disaster-related Scams

How to Avoid Disaster-related Scams

Dealing with the aftermath of a disaster is always difficult. Unfortunately, scammers will jump at the chance to take advantage of those who are trying to assess and recover from the tremendous damage that weather-related events, such as hurricanes, floods, wildfires, tornados, along with pandemic-related COVID-19 can cause.

 

The Federal Trade Commission (FTC) suggests a few ways to help avoid common post-disaster scams:

 

Be skeptical of anyone promising immediate clean-up and debris removal. Some fake vendors will quote sky-high prices and demand payment up-front.

 

Do a background check on them. Before you pay anything, ask for identification, licenses along with proof of insurance in writing.

 

Never pay in cryptocurrency, wire transfer, cash or via a gift card. Only make the final payment until the work is completed satisfactorily.

 

Always guard your personal identifying information (PII). “Only scammers will say they’re a government official and then demand money or your credit card, bank account or social security number.”

 

Understand that the Federal Emergency Management Agency (FEMA) will never ask for an application fee. FEMA has provided over $1 billion to more than 165,000 people to assist with COVID-19-related funeral costs for deaths occurring on or after January. “If someone wants money to help you qualify for FEMA funds, that’s probably a scam.”

 

Spot and report disaster-related charity scams. If you are fortunate enough to be able to help others, visit this link for advice on how to donate wisely and avoid charity scams.

 

For more information and other tips, visit https://www.consumer.ftc.gov/features/dealing-weather-emergencies

 

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.GUARD (4827).

 

Photo courtesy credit to Kelly Sikkema via unsplash.com.

University of California and StreetEasy: Dark Web Fraud Alert

University of California and StreetEasy: Dark Web Fraud Alert

Our teams have discovered extremely large sets of compromised data on the Dark Web. The latest two websites involved are University of California and StreetEasy.com.

 

The University of California (UC) is the world’s leading public research university system. Like several hundred other institutions throughout the country, including universities, government institutions and private companies, UC has been using a vendor service called Accellion File Transfer Appliance (FTA) to transfer information. Accellion was the target of an international cyberattack where the perpetrators exploited a vulnerability in Accellion’s program and attacked roughly 100 organizations. The attackers are now attempting to get money from organizations and individuals.

 

The breach origination date was March 31, 2021. Information stolen includes names, addresses, SSNs, as well as some email addresses and medical IDs.

 

StreetEasy.com is New York City’s leading local real estate marketplace on mobile and the Web, providing comprehensive listings and market data. The approximate breach size is 990,290 and originated in June of 2016. Data exposed includes passwords, first and last names, email addresses, and user IDs.

 

Be vigilant. Be strong. Stay in the know. If you have visited these websites in the past or have done business with them, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.GUARD (4827).

 

Photo credit by Erfan Parhizi via unsplash.com.

How to Spot a Hacker Going After Your Business

How to Spot a Hacker Going After Your Business

When you think of a “bad guy,” what comes to mind? Someone sitting alone hunched over a keyboard in a dark hoody in a dark basement with fast typing fingers and maybe sporting a three-day-old beard? And what do you picture this anti-social “bad guy” doing? Are they only going after huge corporations and corrupt politicians? Nope! But that is what pop society has been assuming cybercrime is and that the everyday individual or smaller organizations aren’t being targeted.

 

The reality is that many of the faces of modern cybercrime don’t look like what we have read in fictional books and seen on tv and in the movies. These cybercriminals are much harder to spot because “they look a lot like legitimate businesses than you might expect,” Hubspot reported. “The work they might do day-to-day to steal personal information and disrupt businesses is pretty boring.”

 

So why do they hack? Money! Cybercrime has cost the world just under a trillion dollars in 2020.

 

The fact is that your Personal Identifying Information (PPI) is just like a currency. When stolen and aggregated, PPI can be sold for a hefty profit and “it’s a lot easier to try to get into your business’s data than to try to gather their own to sell.” Many websites sell aggregated collections of email addresses and passwords that have been gathered from past data breaches. From there, all it takes is a bit of unsophisticated scripting to use these emails and passwords to try to log into different websites across the internet.

 

“These folks aren’t looking to hit the biggest, most valuable businesses. It’s a case of quantity over quality.” These villains take a few thousand emails and passwords and see how many of them work out against high value services (such as email providers or CRMs) to see what data can be pulled out of those accounts to sell or how they can use those accounts for phishing emails or ransomware.

 

Look at the statement released by Darkside, the group whose ransomware attack brought down the Colonial Oil Pipeline and caused gas prices to spike in May this year. They released: “We are apolitical, we do not participate in geopolitics, do not need to tie use with a defined government and look for other motives. Our goal is to make money and not creating problems for society.” They want cash flow not world domination.

 

Hubspot reported in a blog last month written by Ryan DiPetta, “A lot of hackers look and behave like legitimate businesses, even if they do illegitimate things. Maybe they work a regular nine to five schedule. Maybe they take vacations with their kids. They’re trying to build a business just like you, too … but their business is built on theft and exploitation of your business and the data and trust of your customers.”

 

Are you and your employees protected? For more information on how to protect your company’s bottom line and employees by providing this must-have voluntary benefit, please click HERE.

 

Our team at Guard Well Identity Theft Solutions is available 24/7/365. Contact us at 888.966.GUARD (4827) or email memberservices@guardwellid.com if you suspect fraud or have any concerns. We are here to help!

 

Photo credit: Markus Spiske via Unsplash.com

The Steps We Take to Protect Your Identity

The Steps We Take to Protect Your Identity

Identity theft is inevitable. If it hasn’t already, it will victimize you, a family member, or an employee’s life in the near future. ‘Data Harvesting’ has become a major threat to identity protection. Browsing history, online shopping, and messaging data is being used against you.

 

The statistics are overwhelming. Cyber attacks, malware, and phishing scams have increased over 1000% since Covid-19 began. There are 3.5M Google searches every minute and 4.4B Facebook messages each day … all of that information is collected, stored, and sold. Essentially, your data is being stolen then sold back to you.

 

As a leader in the identity protection space, we are advocating for laws to protect the American consumer from Data Harvesting. Additionally, of the 8.5 billion IP addresses worldwide, 3.5 billion of them are malware. It is our hope that stronger IT security efforts are implemented in America (and worldwide) to block the thieves from stealing your information.

 

Protecting identity includes five main steps:

 

1. Implementing proactive safeguards with Guard Well fraud specialists.

2. Protecting personal identifying information (PII), such as social security number, date of birth, driver’s license ID number, financial institution account numbers, passport number, IP addresses, passwords, etc. Remember that even the smallest amount of stolen PII can be used against you.

3. Browsing in incognito or private mode, deleting unused email accounts, using two-factor authentication whenever possible, changing your passwords every 60 days, and removing your information from ‘people finder’ sites.

4. Monitoring credit and identity to quickly detect theft/fraud when it occurs.

5. Resolving all theft/fraud issues completely and continuously monitoring for recurrence.

 

Finally … we always strongly recommend that you DO NOT CLICK on any online link that you are not 100% certain is safe, secure and legit.

 

For more information on how to protect your employees by providing this must-have voluntary benefit, please click on the flyer: GW_Flyer_070821_OnePageMktgPiece

 

Our team at Guard Well Identity Theft Solutions is available 24/7/365. Contact us at 888.966.GUARD (4827) or email memberservices@guardwellid.com if you suspect fraud or have any concerns.

The Biggest Ransomware Attack Ever

The Biggest Ransomware Attack Ever

On Friday, July 2nd, an affiliate of the REvil gang (Russian-linked) infected millions of victims in at least 17 countries via the US IT software company Kayesa. Our cybersecurity team has learned that the company’s software was used to slip into victims’ systems, which they’re now holding hostage.

 

The hackers have demanded $70 million in cryptocurrency to end what is now the biggest ransomware attack on record. The attack was specifically timed for the 4th of July holiday weekend when most office workers would be out of office. As reported in The Washington Post, most of the 1,500 victimized organizations were public agencies and small businesses.

 

The ransomware attack “has temporarily shutdown hundreds of Sweden’s Coop grocery stores because the cash registers locked up. The full scope of the attack probably won’t be known for quite some time.” The Associated Press noted that “due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually.”

 

Unfortunately this is not REvil’s first attack. Last month, timed with the Memorial Day weekend, the group extorted $11 million from meat supplier JBS after forcing it to shut down all of its manufacturing facilities.

 

Please contact us 24/7/365 at 888.966.4827 (GUARD) if you have any concerns or suspect identity theft. Additionally, you can email memberservices@guardwellid.com. Day or night, we’ve got your back and will always be open for you.

 

Photo by Bermix Studio on Unsplash

ClientTether.com Breach Alert

ClientTether.com Breach Alert

Our security teams have recently discovered several large sets of compromised data on the Dark Web. The website, ClientTether.com has been affected.

 

ClientTether is an automated CRM and lead engagement sales automation platform. Users can send personalized text messages, receive a phone call, and send an email within seconds. Entrepreneur Magazine has recognized this popular website as a Top Franchise Supplier for 2020. Over 750,000 users have been impacted since the November 2020 breach origination date. The type of data exposed includes email, phone, name, address and gender.

 

If you have visited ClientTether.com or have engaged in business activity with this company, please call us at 888.966.GUARD (4827) to speak with a fraud resolution specialist. Likewise, if you have questions or concerns feel free to call anytime. We are available for you 24/7/365.

Dark Web Alert: Large Sets of Compromised Data

Dark Web Alert: Large Sets of Compromised Data

Our security teams have discovered additional large sets of compromised data on the Dark Web. More than 50 million records have been breached. The websites below (when known) have been affected. If you have visited these websites or have engaged in business activity with any of these companies, please call us at 888.966.GUARD (4827) to speak with a fraud resolution specialist. Likewise, if you have questions or concerns feel free to call anytime. We are available for you 24/7/365.

 

– City of Knoxville, TN Government Servers. Breach date: July, 2020. Data exposed: emails and bank accounts.

 

– Unknown. Breach date: unknown. Breach size: 50 million. Data exposed: names, emails, addresses, phone and gender. More information to come.

 

– UniversalLogistics.com. Breach date: June 11, 2020. Data exposed: corporate operational data reports, emails, invoices and personal data (names, DOB, SSN, driver’s license, credit cards).

 

 

Websites with Compromised Data on the Dark Web

Websites with Compromised Data on the Dark Web

Our security teams have recently discovered several large sets of compromised data on the Dark Web. The websites listed below have been affected. If you have visited these websites or have engaged in business activity with any of these companies, please call us at 888.966.GUARD (4827) to speak with a fraud resolution specialist. Likewise, if you have questions or concerns feel free to call anytime. We are available for you 24/7/365.

 

– apollo.io

– appen.com (formerly crowdflower.com)

– scentbird.com

– swvl.com

– promo.com (previously slide.ly)

– mathway.com

– truefire.com

– ggumim.co.kr

– dave.com

– chatbooks.com

– hurb.com

– liveauctioneers.com

– kreditplus.com

– execupharm.com

– dunzo.com

– verifications.io

– catho.com.br

– bhinneka.com

– wattpad.com

– gigasize.com

– netsential.com

 

 

COVID-19 Unemployment Identity Theft Cases on the Rise

COVID-19 Unemployment Identity Theft Cases on the Rise

The COVID-19 pandemic has changed the entire employment image in America. Have you or a loved one needed to reach out to your state unemployment office due to being out of work (or experiencing a massive reduction in work hours)? As if that process wasn’t difficult enough! Unfortunately, many have experienced the shock and dismay when their unemployment claim is turned down for benefits due to a duplicate application. It is happening … and way too often. Hackers live for mankind’s vulnerability, especially during trying times like this.

 

We understand that it’s hard to know what you need to know especially during immense stress. The following are the five most common unemployment scams that we would like for you to be aware of:

 

Phishing email scams. Be wary of a sender you don’t know even if there are familiar logos visible in the email. Just because the email says it’s coming from your former employer’s CEO, doesn’t mean that it is legit. Verify the sender via phone before you trust the information that they are providing. If no one is available to verify it via a call … it’s a scam.

 

Debit and direct deposit card scams. Hackers know that states may use debit cards or payments via direct deposit to deliver benefits to you. If you are asked to provide personal identifying information (PII), such as date of birth, social security number, and/or bank account information before you actually apply for a card … it’s a scam. We have seen unemployment debit card scams that end up charging the victim for inactivity.

 

Fake phone call scams. The Department of Labor suggests to only use official government websites and phone numbers to file a claim for unemployment benefits. If someone calls you before you reach out for help … it’s a scam.

 

Jobseeker scams. If anyone is interested in hiring you immediately because you are the “perfect” candidate for a position you haven’t sought out … it’s a scam.

 

Fake job board website scams. If a website asks you to pre-register and give them your bank account information for your first paycheck … it’s a scam.

 

Here are some tips to help avoid unemployment benefit scams:

 

– Do not respond to unsolicited emails and texts. A state will not try to reach you and certainly won’t via text message.

 

– Do not click any type of website link even if it looks like it’s from one of your financial institutions. Scammers are really sneaky. Read our blog Do Not Click! for more information.

 

– Monitor your accounts closely. If an identity thief has enough information to apply (and receive) your benefits, it’s a pretty solid bet that they have information on your other accounts. Update your passwords, which is a step to take even not during a pandemic.

 

– Help keep your PII safe by making sure you’re dealing with a legitimate government representative.

 

 

Interested in learning how to file unemployment benefits in your state? Check this map, select the state where you worked, and you will be directed to the appropriate contact information. Be smart. Be vigilant. Be strong. Please don’t hesitate to reach out if you need help. We are available 24/7/365 for you and your family members at 1.888.966.GUARD (4827) and memberservices@guardwellid.com.