SSA Long Con Scams on the Rise

SSA Long Con Scams on the Rise

In recent months, there has been an alarming increase in long con scams targeting Social Security Numbers (SSNs). These scams are designed to steal sensitive personal information and exploit individuals through highly orchestrated and deceitful tactics. According to the Social Security Administration Office of the Inspector General (SSA OIG), scammers are evolving their methods, and many of these cons are becoming harder to detect.

Last month the Inspector’s General Office released that scammers are compounding tactics by using fake Amazon or PayPal tech support emails and text messages who will try to convince you that your SSN or record is compromised. Considering the enormous size of nationalpublicdata.com’s breach this spring and summer (to the tune of 2.9 billion records), we understand that this topic can be very confusing to navigate. Learn More

Knowledge is power. Here’s what you need to know about the growing trend and how you can protect yourself.

What is a Long-Con Scam?

A long-con scam is a method of deception that unfolds over a long period of time. Unlike quick-hit frauds, where scammers make a direct attempt to steal your information or money in one go, long-con scams involve establishing a sense of trust with the victim. Scammers often impersonate official entities—like the SSA—over weeks or months to gradually build credibility, making their eventual fraudulent activities more convincing. Scams often end with an in-person meeting with an individual either who is part of the scheme or an unsuspecting participant, such as an Uber driver, during which the target turns over gold, cash, a crypto wallet or some other currency for “safe keeping” at the direction of the imposter SSA OIG federal agent.

How Are Scammers Exploiting SSNs?

SSNs are one of the most valuable pieces of personal information for identity theft. Once scammers have your SSN, they can open new credit lines, file false tax returns, and even gain access to your financial accounts. Here’s how these long-con scammers operate:

1. Impersonation of Government Officials: One common tactic is to pose as representatives from the Social Security Administration (SSA) or even the SSA OIG. Scammers contact victims via phone, email or mail, claiming that there is an issue with their SSN, such as fraudulent activity or that their benefits are being suspended.

2. Phony Documentation and Fake Websites: Scammers often direct victims to fake websites or send fabricated official documents that look legitimate. These documents might appear as “official” notifications, containing seals or logos of government agencies. Over time, the victim may be asked to “verify” their SSN or other personal information.

3. Threats and Intimidation: Scammers may claim that if the victim does not act immediately, their benefits will be suspended, or they will face legal consequences. The urgency creates pressure and confusion, making victims more likely to comply without questioning the legitimacy of the request.

4. Financial Manipulation: In some cases, the scammer will slowly gain access to the victim’s financial accounts by claiming they need to “safeguard” their funds or by having them pay fees to avoid legal trouble. Since this happens over time, it can be difficult for the victim to recognize they are being defrauded.

Red Flags to Watch Out For

While these scams can be highly sophisticated, there are several warning signs to be aware of:

1. Unexpected Calls or Emails from the SSA: The SSA typically communicates by mail and rarely makes unsolicited phone calls, especially about sensitive information like your SSN or benefits. Be suspicious if someone contacts you out of the blue claiming to be from the SSA or the SSA OIG.

2. Pressure to Act Immediately: Scammers often use scare tactics, telling you that you need to act fast to prevent legal action or benefit suspension. Government agencies do not operate this way; they give ample time for recipients to respond to any issues.

3. Requests for Personal Information: No government agency will ask you for your SSN or banking information over the phone or via email. If someone asks for this information, hang up or ignore the email.

4. Financial Requests: Be wary of anyone asking you to transfer money, pay a fine, or safeguard your assets through unusual means, such as wire transfers or gift cards. This is a hallmark of scam operations.

5. Unfamiliar Websites or Emails: Always double-check the URL and authenticity of websites claiming to be official. Scammers will create sites that look very similar to legitimate government sites, but subtle differences in the URL or design can give them away.

How to Protect Yourself

– Verify the Source: If you receive a suspicious call, letter, or email, do not respond immediately. Contact the SSA directly through their official channels to verify whether the communication is legitimate.

– Monitor Your Accounts: Regularly check your financial accounts and credit reports for any signs of unauthorized activity. If you spot something suspicious, report it immediately.

– Report Activity: If you suspect that you have been contacted by a scammer and fallen victim by accidentally clicking on a link or giving out personal identifying information (PII), contact us immediately so we can decide on what steps should be taken. In addition to placing an immediate fraud alert on your credit file, a credit freeze may be merited.

– Be Educated and Spread Awareness: Staying informed about these scams is key to protecting you. The more people who are aware of these tactics, the harder it becomes for scammers to operate. Share this information with your family and friends, especially those who may be more vulnerable to these kinds of attacks, like the elderly.

As long-con scams targeting SSNs continue to rise, it’s crucial to stay vigilant. Always be cautious of unsolicited communications, double-check the legitimacy of claims, and never share sensitive information without verifying the source. The SSA and its Office of the Inspector General are actively working to combat these scams, but your personal awareness is the first line of defense.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Unsplash.com FLY:D

NationalPublicData.com Breach Exposes 2.9 Billion SSNs: Protect Yourself

NationalPublicData.com Breach Exposes 2.9 Billion SSNs: Protect Yourself

We previously reported last month that NationalPublicData.com, a widely-used public data aggregation platform, had suffered a massive system breach, exposing 2.9 billion Social Security Numbers (SSNs). This incident marks one of the largest data breaches in history, leaving millions vulnerable to identity theft and fraud.

As details continue to unfold, it’s important to understand what happened, what this breach means for you, and how you can protect yourself in the aftermath.

What Happened?

This summer, NationalPublicData.com, which aggregates and provides access to public records, announced that its database had been compromised by an external party. NationalPublicData.com serves a range of industries and businesses, including financial institutions, insurance companies, and government agencies. The breach affected an enormous volume of personal data, including 2.9 billion SSNs, full names, addresses, and other sensitive information. Given the scale, this breach impacts a significant portion of the global population, as the platform collects data from various sources worldwide.

Initial reports suggest that the breach was a result of a vulnerability in the system’s database security, which hackers were able to exploit. NationalPublicData.com has since launched an investigation and is working with cybersecurity experts to understand the full scope of the breach. However, the exposed data is already circulating on dark web forums, increasing the urgency for those affected to take immediate action.

Why is This Breach So Concerning?

The exposure of 2.9 billion SSNs is particularly alarming because of how SSNs are used in the United States and other countries as a primary identifier. With access to an individual’s SSN, cybercriminals can:

– Open new credit accounts: Fraudsters can use your SSN to open credit cards, loans, or other financial accounts in your name, leading to financial chaos.
– File fraudulent tax returns: Identity thieves can use stolen SSNs to file fraudulent tax returns and claim refunds in your name.
– Gain access to medical records: With an SSN, criminals can access healthcare records or commit medical fraud.
– Commit employment fraud: Stolen SSNs can be used to obtain jobs under your identity, which can create problems with the IRS and impact your credit report.

Beyond these financial and personal risks, this breach could lead to widespread identity theft, damaging the reputations of both individuals and businesses.

What Should You Do If You’re Affected?

If you are one of the millions who have received a CyberAgent Dark Web monitoring alert from us, please read the alert in entirety as it will include a list of recommended actions to take. Remember that an alert is sent when our surveillance technology has discovered information on the internet that matches up to your monitored identity elements. Multiple alerts could mean multiple monitored identity elements were found on various sites. Personal information exposed on the dark web does not necessarily mean your information has been used fraudulently. The actions recommended are proactive steps to prevent any potential risk.

We suggest that you make a practice to do the following:

– Monitor Your Financial Accounts: Keep a close eye on your bank accounts, credit cards, and other financial records for any suspicious or unauthorized transactions. Consider setting up alerts to notify you of any unusual activity

– Change Your Passwords Regularly: While SSNs are the primary concern, it’s a good idea to update your passwords for any accounts linked to NationalPublicData.com or other platforms that store sensitive data. Use strong, unique passwords and consider enabling two-factor authentication (2FA) where possible.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo credit courtesy: Uriel SC via Unsplash.com

Nationwide Cyberattack Paralyzes Auto Dealerships

If you have been trying to buy a car this summer, you might have hit a snag or two. Dealerships have had to go back to good old fashioned pen and paper to complete deals after their operations suddenly came to a complete halt. What happened? Hackers targeted CDK Global, a software company that 15,000 car dealerships nationwide rely on. The back-to-back ransomware attacks occurred in mid-June but car dealerships are still recovering from having their operations paralyzed for about ten days. The good news is that dealerships do not think that customer private information has been stolen but that has not been confirmed. We will notify you if our teams find any data sets related to this attack on the dark web.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Update – Ticketmaster/Live Nation Breach Alert: 560 Million Fans Impacted

Update – Ticketmaster/Live Nation Breach Alert: 560 Million Fans Impacted

Ticketmaster Entertainment, LLC is an American ticket sales and distribution company based in Beverly Hills, California with operations in many countries around the world. In 2010, it merged with Live Nation under the name Live Nation Entertainment. Ticketing giant Live Nation confirmed this summer that it has been the victim of a cyber attack. We have just learned that the breach origin date is May 20, 2024. Personal data from over half a billion users have been exposed. Data stolen can include full names, addresses, email addresses, birth dates, credit card type, the last four digits and credit card expiration dates used for ticket sales. Learn More

We suggest that you protect yourself by doing the following if you have a Ticketmaster account:

– Change your password immediately and frequently. Although it might be easier to remember, try to resist the urge to use the same password across multiple accounts.

– Utilize two-factor authentication when it is available.

– If solicited online, never share any personal identifying information or financial account numbers. Only give out information to an individual you know or a company that you are 100% certain about.

This is definitely not the first time Ticketmaster has made the news. If you have a Swiftie in the household, you likely already know the debacle surrounding Ticketmaster and Taylor Swift’s Eras tour that started in 2022. If you are interested in the timeline of the chaos, check out People’s article of events. Learn More

Now is not the time to let your guard down. Knowledge is power. Being informed of what steps you may need to take can help ease the potential damage (and your stress level) if your identity has been compromised. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: Erfan Parhizi via unsplash.com

UPDATE from Ticketmaster – July 3, 2024: Ticketmaster has contacted those who may be affected. They state via email that they “take the protection of personal information very seriously.” They explain that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider. Based on their investigation, they determined that the unauthorized activity occurred on May 27, 2024. They note that they are working to mitigate risk to their users and the company, and have notified and are cooperating with law enforcement and regulatory authorities.

ALERT: Toll Smishing Text Scam – Do Not Click!

ALERT: Toll Smishing Text Scam – Do Not Click!

The Ohio Turnpike and Infrastructure Commission, the FBI and SunPass are warning drivers of a text message smishing scam that requests payment for unpaid tolls. The FBI is recommending that if you receive a message like the one shown below, to take the following actions:

– Do not click the link in the text.

– Contact the FBI’s Internet Crime Complaint Center, also known as IC3, at www.ic3.gov, and include the phone number the text came from and the website listed within the text.

– If you have an EZ-Pass or SunPass account, check it via their legitimate website and let them know about the text.

– Delete the smishing text you received.

– If for any reason you accidentally clicked the link in the text and made a payment, contact your financial institution immediately to help secure your personal information and financial accounts. Contact our Member Services team at 1.888.966.4827 (GUARD) or email [email protected].

Screenshot image of a sample scam on an iphone

Being informed of what steps you may need to take before a slip up happens can help ease the potential damage (and your stress level) if it does occur. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 1.888.966.4827 (GUARD) and [email protected].

AT&T Breach Alert: 73 Million Impacted

AT&T Breach Alert: 73 Million Impacted

Our security teams have recently discovered that AT&T, one of the main US telecommunications companies, has suffered an enormous data breach. Data from 73 million current and former customers has been leaked on the dark web. In August, 2021, the company originally said that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. Although the hacking date remains unclear, one in five Americans have now been impacted. Data exposed include name, address, date of birth, phone number and social security numbers.

The company stated that it is not yet known whether the data originated from AT&T or one of its vendors. The company added that “currently AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.” The company said that it is reaching out to customers to reset their account pass codes and is also urging customers to remain alert about changes to their accounts or credit reports. LEARN MORE

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Image courtesy credit: Marcus Spiske via unsplash.com

How to Spot a Scam with Children’s Health Insurance

How to Spot a Scam with Children’s Health Insurance

The cost of health care has skyrocketed in the United States. The very topic is as stressful as it is expensive. Did you know that the United States is the highest spending country on healthcare worldwide? In 2021, total health expenditure exceeded four trillion dollars with per capita health expenditure at $12,555.30. Statista Research recently reported that expenditure as a percentage of Gross Domestic Product (GDP) is projected to increase to approximately 20% by 2030.

During the pandemic, each state’s Medicaid Children’s Health Insurance Program (CHIP) helped millions of families with the cost of healthcare. With the end of the pandemic, states are reaching out to update Medicaid enrollments and scammers are already taking advantage of the situation. CHIP won’t ask you to pay to renew … but scammers will.

Here is what you need to know:

– CHIP won’t charge you to renew or enroll. They may reach out to you via email, phone or text but they will NOT ask you to pay, for any of your personal financial information and especially your credit card number or bank account information.

– Do NOT click! Even if it looks like a message is from your state’s Medicaid agency, if there is anything clickable in a message, assume it is scam and visit medicaid.gov to get contact information for your state’s Medicaid agency.

– Utilize healthcare.gov to complete insurance plans, find coverage and see if you are eligible. The website will ask you for your monthly income and age to give you a quote.

– Understand that medical discount plans are NOT insurance plans. Scammers will pitch discount plans to entice you and make you think they are the same as insurance.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Source: Federal Trade Commission

Photo Credit: Courtesy of Charles Deluvio via unsplash.com

Breach Alert Impacts 1.2 Million: RentoMojo.com

Breach Alert Impacts 1.2 Million: RentoMojo.com

Our security teams have recently discovered that online furniture and electronics rental startup RentoMojo has confirmed a data breach. The hacking origin date is April 23, 2023 and impacts 1.2 million. Personal identifying information data exposed include email addresses, user id, phone number, nationality and passport numbers.

The company reported that the attackers were able to gain access by exploiting cloud misconfiguration. Malicious attackers are continuously hunting for misconfigured cloud assets. They are vulnerabilities waiting to happen.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Image courtesy credit: Erfan Parhizi via unsplash.com.

NortonLifeLock Password Manager Tool Hacked

NortonLifeLock Password Manager Tool Hacked

NortonLifeLock has notified their customers that hackers have breached their Password Manager accounts. This latest breach dates back to December 2022 when thousands of customers were told that their accounts were compromised. Just recently, the parent company of NortonLifeLock, Gen Digital (formerly Symantec Corporation), reported that “the likely culprit was a credential stuffing attack.” This type of attack involves credentials that had previously been exposed or breached being used to break into accounts on different websites that share the same password.

By far, password protection is critical for online safety. Enabling multi-factor authentication (MFA) and having exceptional password hygiene habits are great practices to follow. For example, every account that requires a password should have their own unique, complex and random password. Try to avoid using combinations that utilize information that could be connected to your social media accounts, such as a loved one’s birthday or a pet’s name. Hackers are well-known to comb their intended victims’ social media accounts.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of https://unsplash.com/@flyd2069.

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

Our security teams have recently discovered that over 25 million people have been impacted by data breaches involving TruthFinder, Instant Checkmate and Gemini.

Both TruthFinder and Instant Checkmate are subscription-based websites owned by PeopleConnect that allow users to do background checks on people by utilizing public records. The breaches for both companies occurred on April 12, 2019. While TruthFinder’s breach involves eight million account holders, Instant Checkmate’s is even larger impacting 12 million. Stolen account holder information includes users’ email addresses, phone numbers and passwords for both sites. Parent company PeopleConnect has confirmed that all customer accounts created between 2011 and 2019 have been impacted and that the published list originated inside their company. Learn More

Gemini (Gemini Trust Company, LLC) is a cryptocurrency exchange and custodian that allows customers to buy, sell and store digital assets. The American-owned company operates in the United States, Canada, the United Kingdom, South Korea, Hong Kong and Singapore. The breach size of 5.4 million originated December 13, 2022 as a result of a third-party incident. The company has declared that some customers have been the target of phishing campaigns from that third-party vendor exposing millions of email addresses and partial phone numbers. Learn More

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo by https://unsplash.com Erfan Parhizi