Privacy – Guard Well Identity Theft Solutions

Breach Alert Impacts 1.2 Million: RentoMojo.com

25 May 2023
by: Catherine Lennon
in: Cybercrime,Dark Web,Data Breach,Fraud,Identity Theft,Identity Theft Protection,In The News,Online Safety,Online Shopping,Privacy,Website Safety
Tags: Data Breach, Online Shopping, personal identifying information, privacy, rentomojo
note: no comments

Our security teams have recently discovered that online furniture and electronics rental startup RentoMojo has confirmed a data breach. The hacking origin date is April 23, 2023 and impacts 1.2 million. Personal identifying information data exposed include email addresses, user id, phone number, nationality and passport numbers.

The company reported that the attackers were able to gain access by exploiting cloud misconfiguration. Malicious attackers are continuously hunting for misconfigured cloud assets. They are vulnerabilities waiting to happen.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Image courtesy credit: Erfan Parhizi via unsplash.com.

NortonLifeLock Password Manager Tool Hacked

27 April 2023
by: Catherine Lennon
in: Cybercrime,Dark Web,Data Breach,Fraud,Identity Theft,Identity Theft Protection,Online Safety,Password Management,Privacy,Uncategorized,Website Safety
Tags: breach, Identity Theft, nortonlifelock, Online Safety, password hygiene, password manager, privacy
note: no comments

NortonLifeLock has notified their customers that hackers have breached their Password Manager accounts. This latest breach dates back to December 2022 when thousands of customers were told that their accounts were compromised. Just recently, the parent company of NortonLifeLock, Gen Digital (formerly Symantec Corporation), reported that “the likely culprit was a credential stuffing attack.” This type of attack involves credentials that had previously been exposed or breached being used to break into accounts on different websites that share the same password.

By far, password protection is critical for online safety. Enabling multi-factor authentication (MFA) and having exceptional password hygiene habits are great practices to follow. For example, every account that requires a password should have their own unique, complex and random password. Try to avoid using combinations that utilize information that could be connected to your social media accounts, such as a loved one’s birthday or a pet’s name. Hackers are well-known to comb their intended victims’ social media accounts.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of https://unsplash.com/@flyd2069.

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

14 April 2023
by: Catherine Lennon
in: cryptocurrency,Cybercrime,Dark Web,Data Breach,Identity Theft,Identity Theft Protection,In The News,Online Safety,Phishing Scam,Privacy,Scams,Trending,Uncategorized,Website Safety
Tags: Checkmate, cryptocurrency, Data Breach, Gemini, phishing scam, privacy, public records, Truthfinder
note: no comments

Our security teams have recently discovered that over 25 million people have been impacted by data breaches involving TruthFinder, Instant Checkmate and Gemini.

Both TruthFinder and Instant Checkmate are subscription-based websites owned by PeopleConnect that allow users to do background checks on people by utilizing public records. The breaches for both companies occurred on April 12, 2019. While TruthFinder’s breach involves eight million account holders, Instant Checkmate’s is even larger impacting 12 million. Stolen account holder information includes users’ email addresses, phone numbers and passwords for both sites. Parent company PeopleConnect has confirmed that all customer accounts created between 2011 and 2019 have been impacted and that the published list originated inside their company. Learn More

Gemini (Gemini Trust Company, LLC) is a cryptocurrency exchange and custodian that allows customers to buy, sell and store digital assets. The American-owned company operates in the United States, Canada, the United Kingdom, South Korea, Hong Kong and Singapore. The breach size of 5.4 million originated December 13, 2022 as a result of a third-party incident. The company has declared that some customers have been the target of phishing campaigns from that third-party vendor exposing millions of email addresses and partial phone numbers. Learn More

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo by https://unsplash.com Erfan Parhizi

FBI’s Vetted Threat Sharing Network Hacked

03 January 2023
by: Catherine Lennon
in: Cybercrime,Dark Web,Data Breach,Federal Bureau of Investigations,Government,Identity Theft,Identity Theft Protection,In The News,Online Safety,Privacy,Scams,Website Safety
Tags: breach alert, cybercrimes, Dark Web, Data Breach, fbi, Hack, in the news, infragard, internet, privacy, who's who
note: no comments

Just recently, our security teams have discovered large data sets of compromised cyber elements on the Dark Web. The breached site is InfraGard.org, which is a partnership between the Federal Bureau of Investigations (FBI) and key members of the private sector for the protection of the United States critical infrastructure.

InfraGard members are in roles involved in both cyber and physical security at companies that manage most of the nation’s critical infrastructures, including drinking water, power utilities, communication and financial services firms, transportation and manufacturing companies, healthcare providers and nuclear energy firms.

The breach origin date is December 2022 and data exposed includes their members’ contact information, such as name, email and phone numbers. The FBI stated that “this is an ongoing situation” and that they are “not able to provide any additional information at this time.” Approximately 80,000 InfraGard members are impacted. Learn more HERE.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. It has been a pleasure protecting America’s workforce for the last decade. We look forward to many years and much more growth to come.

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of Markus Spiske on Unsplash.com.

Twitter Data Breach Alert

06 December 2022
by: Catherine Lennon
in: Dark Web,Data Breach,Fraud,Identity Theft,Identity Theft Protection,In The News,Online Safety,Privacy,Scams,Twitter
Tags: Data Breach, Identity Theft, Online Safety, privacy, Twitter, two-factor authentication
note: no comments

Just recently our security teams have found that Twitter, a popular social media service, has been breached. At least 5.4 million accounts have been compromised. The breach origin date is July, 2022 and data exposed includes name, phone number, email address and account holder user IDs.

Twitter acknowledged publicly that they received a report through their bug bounty program of a vulnerability in Twitter’s systems in January 2022. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email address or phone number was associated with, if any. Twitter then explained that the bug resulted from an update to their code in June 2021. When Twitter learned about this, they immediately investigated and fixed it. Twitter announced that at that time, they had no evidence to suggest someone had taken advantage of the vulnerability. Twitter has said that it would directly notify every account owner it could confirm was affected by the exposure. In the meantime, it is highly suggested to add two-factor authentication.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. It has been a pleasure protecting America’s workforce for the last decade. We look forward to many years and much more growth to come.

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of Bermix Studios via unsplash.com.

Keeping Your Holidays Happy and Fraud-free

28 November 2022
by: Catherine Lennon
in: Family Protection,Identity Theft,In The News,Privacy,Vacation Travel
Tags: Fraud Prevention, Holiday Planning, Identity Theft, Protection, travel, Vacation
note: no comments

Yes, it’s that wonderful time of year. The holidays are quickly approaching … and at lightning speed! Will you be traveling to see family in the next few weeks? Or, maybe you’ll be skipping off to a great vacation instead of decking the halls? Whatever your plans are, having time off of work, fun with friends and family, and hopefully a few days of laziness … are wonderful to look forward to. But, when we are caught up in the excitement about buying those last-minute gifts (or sunscreen and new flip-flops), we need to remember that there are some other ‘things to do’ on our checklist to help keep our family and identities safe during this special time of year.

In addition to stopping the mail, finding that special neighbor with a green thumb to water your plants, and arranging for pet care for your fur babies, there are some ‘before your trip’ actions you can take to help prevent identity theft from becoming a huge holiday memory. Just some small preventative measures, such as updating the operating system and antivirus software on your mobile devices, can go a long way toward fending off a few identity thieves. Below are some tips for what you can do before you leave home, as well as while you’re away and after your return.

Before you leave home:

– Password protect your devices and update operating systems

– Alert your bank(s) about your travel plans

– Visit your post office and put your mail on a vacation hold

– Keep the number of credit cards you travel with to a minimum and have copies of your driver’s license, medical id cards, passports and travel confirmation numbers at home in a safe place

– Turn off auto-connect Wifi and Bluetooth connections

– Consider adjusting your social media account settings so posts aren’t tagged with GPS data

While out of town:

– Avoid using public Wifi and even your hotel’s Wifi if at all possible

– Do not use public computers

– Keep your travel documents in the hotel room safe

– Log out of websites on your smart phone and any websites if you bring a laptop or other device with you on your trip

Upon your return home:

– Consider changing passwords for your major accounts

– Thoroughly go through your account statements for any irregularities

– Check your credit report to make sure no new accounts were opened in your name while you were away

We hope you have a wonderful holiday vacation. If you suspect identity theft or fraud, please contact us immediately at 888.966.GUARD (4827) or email memberservices@guardwellid.com. Day or night, we’ve got your back and will always be open for you.

How to Avoid Disaster-Related Scams

08 September 2022
by: Catherine Lennon
in: Coronavirus Scams,Disaster Relief Scam,Family Protection,Fraud,Identity Theft,Identity Theft Protection,Privacy,Scams
Tags: COVID-19, Disaster-relief scams, FEMA, Scammers, weather disasters, weather emergencies
note: no comments

Dealing with the aftermath of a disaster is always difficult. Unfortunately, scammers will jump at the chance to take advantage of those who are trying to assess and recover from the tremendous damage that weather-related events, such as hurricanes, floods, wildfires, tornados, along with pandemic-related COVID-19 can cause.

The Federal Trade Commission (FTC) suggests a few ways to help avoid common post-disaster scams:

– Be skeptical of anyone promising immediate clean-up and debris removal. Some fake vendors will quote sky-high prices and demand payment up-front.

– Do a background check on them. Before you pay anything, ask for identification, licenses along with proof of insurance in writing.

– Never pay in cryptocurrency, wire transfer, cash or via a gift card. Only make the final payment until the work is completed satisfactorily.

– Always guard your personal identifying information (PII). “Only scammers will say they’re a government official and then demand money or your credit card, bank account or social security number.”

– Understand that the Federal Emergency Management Agency (FEMA) will never ask for an application fee. FEMA has provided over $1 billion to more than 165,000 people to assist with COVID-19-related funeral costs for deaths occurring on or after January. “If someone wants money to help you qualify for FEMA funds, that’s probably a scam.”

– Spot and report disaster-related charity scams. If you are fortunate enough to be able to help others, visit this link for advice on how to donate wisely and avoid charity scams.

For more information and other tips, visit https://www.consumer.ftc.gov/features/dealing-weather-emergencies

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.GUARD (4827).

Photo courtesy credit to Kelly Sikkema via unsplash.com.

8.4B Passwords & 25M Records Stolen

04 October 2021
by: Catherine Lennon
in: Cybercrime,Dark Web,Data Breach,Fraud,Identity Theft,Identity Theft Protection,Online Safety,Privacy,Website Safety
Tags: Dark Web, identity theft resolution, passwords
note: no comments

Just recently our security team found two new breaches involving 25,000,000 stolen records and that 8.4 billion passwords have been stolen and sold on the dark web. We see these breaches all the time. The reality is that out of the 8.5 billion IP addresses worldwide, 3.5 billion of them are malware. That’s correct! Almost half of the worldwide web is created to commit fraud. That’s why we have proudly built a strong partnership with industry powerhouse Experian who jointly provides our member’s identity protection, support, and complete resolution service.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. It has been a pleasure protecting America’s workforce for the last decade. We look forward to many years and much more growth to come!

Be vigilant. Be Strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of unsplash.com Bermix Studios

University of California and StreetEasy: Dark Web Fraud Alert

03 August 2021
by: Catherine Lennon
in: Cybercrime,Dark Web,Data Breach,Identity Theft,Identity Theft Protection,In The News,Online Safety,Privacy,Ransomware,Trending,Website Safety
Tags: breach alert, cybercrime, Dark Web, StreetEasy.com, University of California
note: no comments

Our teams have discovered extremely large sets of compromised data on the Dark Web. The latest two websites involved are University of California and StreetEasy.com.

The University of California (UC) is the world’s leading public research university system. Like several hundred other institutions throughout the country, including universities, government institutions and private companies, UC has been using a vendor service called Accellion File Transfer Appliance (FTA) to transfer information. Accellion was the target of an international cyberattack where the perpetrators exploited a vulnerability in Accellion’s program and attacked roughly 100 organizations. The attackers are now attempting to get money from organizations and individuals.

The breach origination date was March 31, 2021. Information stolen includes names, addresses, SSNs, as well as some email addresses and medical IDs.

StreetEasy.com is New York City’s leading local real estate marketplace on mobile and the Web, providing comprehensive listings and market data. The approximate breach size is 990,290 and originated in June of 2016. Data exposed includes passwords, first and last names, email addresses, and user IDs.

Be vigilant. Be strong. Stay in the know. If you have visited these websites in the past or have done business with them, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.GUARD (4827).

Photo credit by Erfan Parhizi via unsplash.com.

How to Spot a Hacker Going After Your Business

01 August 2021
by: Catherine Lennon
in: Cybercrime,Dark Web,Data Breach,Email Scams,Identity Theft,Identity Theft Protection,Phishing Scam,Privacy,Ransomware,Scams,Website Safety
note: no comments

When you think of a “bad guy,” what comes to mind? Someone sitting alone hunched over a keyboard in a dark hoody in a dark basement with fast typing fingers and maybe sporting a three-day-old beard? And what do you picture this anti-social “bad guy” doing? Are they only going after huge corporations and corrupt politicians? Nope! But that is what pop society has been assuming cybercrime is and that the everyday individual or smaller organizations aren’t being targeted.

The reality is that many of the faces of modern cybercrime don’t look like what we have read in fictional books and seen on tv and in the movies. These cybercriminals are much harder to spot because “they look a lot like legitimate businesses than you might expect,” Hubspot reported. “The work they might do day-to-day to steal personal information and disrupt businesses is pretty boring.”

So why do they hack? Money! Cybercrime has cost the world just under a trillion dollars in 2020.

The fact is that your Personal Identifying Information (PPI) is just like a currency. When stolen and aggregated, PPI can be sold for a hefty profit and “it’s a lot easier to try to get into your business’s data than to try to gather their own to sell.” Many websites sell aggregated collections of email addresses and passwords that have been gathered from past data breaches. From there, all it takes is a bit of unsophisticated scripting to use these emails and passwords to try to log into different websites across the internet.

“These folks aren’t looking to hit the biggest, most valuable businesses. It’s a case of quantity over quality.” These villains take a few thousand emails and passwords and see how many of them work out against high value services (such as email providers or CRMs) to see what data can be pulled out of those accounts to sell or how they can use those accounts for phishing emails or ransomware.

Look at the statement released by Darkside, the group whose ransomware attack brought down the Colonial Oil Pipeline and caused gas prices to spike in May this year. They released: “We are apolitical, we do not participate in geopolitics, do not need to tie use with a defined government and look for other motives. Our goal is to make money and not creating problems for society.” They want cash flow not world domination.

Hubspot reported in a blog last month written by Ryan DiPetta, “A lot of hackers look and behave like legitimate businesses, even if they do illegitimate things. Maybe they work a regular nine to five schedule. Maybe they take vacations with their kids. They’re trying to build a business just like you, too … but their business is built on theft and exploitation of your business and the data and trust of your customers.”

Are you and your employees protected? For more information on how to protect your company’s bottom line and employees by providing this must-have voluntary benefit, please click HERE.

Our team at Guard Well Identity Theft Solutions is available 24/7/365. Contact us at 888.966.GUARD (4827) or email memberservices@guardwellid.com if you suspect fraud or have any concerns. We are here to help!

Photo credit: Markus Spiske via Unsplash.com

Category Archives: Privacy

Category Archives:
Privacy