• 888-966-4827
Menu

Category Archives:
Trending

Home / Blog / Trending
Your Face – The Truth About Biometric Data Theft

Your Face – The Truth About Biometric Data Theft

It all started with a smile. Byron’s new fitness app promised to tell him his new “biological age” but required a selfie to validate his account. So guess what he did? Snapped it for the app and went about his day. Although he didn’t quite agree with their age calculation later that night, he totally brushed it off and slathered on more skin care product.

A few weeks later, he saw a delivery app charge him for food several states away. Then his bank app asked him to confirm a new device. The kicker was when his pharmacy required him to update his new insurance card before picking up a prescription. He didn’t even have a prescription to pick up. “I better change my passwords,” he told his wife. That didn’t work. Stranger things kept happening. And she kept asking him about it. Annoying.

Even though he was proactive about updating his accounts, the problem was that he couldn’t change his face (well, technically he could have but extreme plastic surgery wasn’t in his five-year plan).

Hackers know you can’t just change the features that make you uniquely you. That data is one-of-a-kind and as permanent as it gets … which is why it is so powerful for authentication and totally devastating when compromised.

Remember that fun little fitness app that quietly stored his facial data? Well, their security wasn’t so great. They got hacked. Unlike that password you can’t quite remember, you can’t swap out your face or your fingerprints for new ones. So, what can you do?

– Make multi-factor authentication your new best friend. It might add an extra 15 seconds to your day, but your bank account’s balance is worth it in the long run.

– When your device tells you, “Software Update Available: Install Now?” don’t blink!

– Don’t automatically opt in. Get your readers out and check the fine print before handing over your face, fingerprints or your eyeballs to an app.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Smart Home, Dumb Security? The Truth About IoT Devices

Smart Home, Dumb Security? The Truth About IoT Devices

Somewhere between switching your coffee to half-caf and trying to figure out TikTok, you may have dipped a toe or entire foot into the smart home world. Think Ring doorbell, Nest thermostat, Google Home and your smart TV for a start. Apartment or house, size doesn’t really matter. Hackers don’t discriminate against your 850 sq ft new digs or 12,000 sq ft whopping investment money pit … they just want in!

Welcome to the future. Today we can tell your house to turn on the lights, lower the thermostat, play smooth jazz and spy on your pets all without lifting a finger. Yes, these wonderful Internet of Things (IoT) devices are super convenient, but IoTs aren’t always built with strong security in mind. If a device doesn’t have good protection, it can be hacked. Some guy halfway across the globe could use your Wi-Fi to check out your emails and get details on your bank accounts. They could peek in through your security camera, listen (and talk …creepy!) through your baby monitor or just keep it mildly annoying and slow down your internet with junk traffic or turn your home into a sauna.

Maybe your teen gave you an Alexa because they were tired of you yelling, “Hey Google, turn up the volume” at your bluetooth speaker. However you got to the land of smartness, your gadgets might be clever but your security settings may be stuck in 2005. So how do we prevent the midlife crisis your Wi-Fi didn’t ask for?

“Admin” is not a password … it’s an invitation. If your smart speaker, router or security cam is still set to the factory default, you’re officially easier to hack. Choose a password that you need to write down. And I’m not talking about ones that are easy to remember like “ILoveMyCat123.”

Educate yourself on all aspects of smart home technology. Your smart plug doesn’t need your location and microphone access.

– Different devices on a shared network all need different passwords. Huge tip: use your guest Wi-Fi for all of your smart devices.

Don’t buy off-brands with three reviews. Just because ElectroZing sounds like something fun out of The Jetsons, that new toaster oven can wreak havoc on your life.

– If your fridge has Wi-Fi, a touchscreen and your social security number, it might be time to re-evaluate. That almond milk that is getting low may cost you the depletion of your bank account. Just because your new condo comes with one that can connect to the internet doesn’t mean that it has to!

Keep your devices updated. They have trust issues, too.

– If you ever see a message like “Unknown device connected to your network” … immediately take action!

Yeah, smart tech is awesome but if it’s not protected, it can cause more problems than it solves. Be smart about your smart stuff! Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

SSA Long Con Scams on the Rise

SSA Long Con Scams on the Rise

In recent months, there has been an alarming increase in long con scams targeting Social Security Numbers (SSNs). These scams are designed to steal sensitive personal information and exploit individuals through highly orchestrated and deceitful tactics. According to the Social Security Administration Office of the Inspector General (SSA OIG), scammers are evolving their methods, and many of these cons are becoming harder to detect.

Last month the Inspector’s General Office released that scammers are compounding tactics by using fake Amazon or PayPal tech support emails and text messages who will try to convince you that your SSN or record is compromised. Considering the enormous size of nationalpublicdata.com’s breach this spring and summer (to the tune of 2.9 billion records), we understand that this topic can be very confusing to navigate. Learn More

Knowledge is power. Here’s what you need to know about the growing trend and how you can protect yourself.

What is a Long-Con Scam?

A long-con scam is a method of deception that unfolds over a long period of time. Unlike quick-hit frauds, where scammers make a direct attempt to steal your information or money in one go, long-con scams involve establishing a sense of trust with the victim. Scammers often impersonate official entities—like the SSA—over weeks or months to gradually build credibility, making their eventual fraudulent activities more convincing. Scams often end with an in-person meeting with an individual either who is part of the scheme or an unsuspecting participant, such as an Uber driver, during which the target turns over gold, cash, a crypto wallet or some other currency for “safe keeping” at the direction of the imposter SSA OIG federal agent.

How Are Scammers Exploiting SSNs?

SSNs are one of the most valuable pieces of personal information for identity theft. Once scammers have your SSN, they can open new credit lines, file false tax returns, and even gain access to your financial accounts. Here’s how these long-con scammers operate:

1. Impersonation of Government Officials: One common tactic is to pose as representatives from the Social Security Administration (SSA) or even the SSA OIG. Scammers contact victims via phone, email or mail, claiming that there is an issue with their SSN, such as fraudulent activity or that their benefits are being suspended.

2. Phony Documentation and Fake Websites: Scammers often direct victims to fake websites or send fabricated official documents that look legitimate. These documents might appear as “official” notifications, containing seals or logos of government agencies. Over time, the victim may be asked to “verify” their SSN or other personal information.

3. Threats and Intimidation: Scammers may claim that if the victim does not act immediately, their benefits will be suspended, or they will face legal consequences. The urgency creates pressure and confusion, making victims more likely to comply without questioning the legitimacy of the request.

4. Financial Manipulation: In some cases, the scammer will slowly gain access to the victim’s financial accounts by claiming they need to “safeguard” their funds or by having them pay fees to avoid legal trouble. Since this happens over time, it can be difficult for the victim to recognize they are being defrauded.

Red Flags to Watch Out For

While these scams can be highly sophisticated, there are several warning signs to be aware of:

1. Unexpected Calls or Emails from the SSA: The SSA typically communicates by mail and rarely makes unsolicited phone calls, especially about sensitive information like your SSN or benefits. Be suspicious if someone contacts you out of the blue claiming to be from the SSA or the SSA OIG.

2. Pressure to Act Immediately: Scammers often use scare tactics, telling you that you need to act fast to prevent legal action or benefit suspension. Government agencies do not operate this way; they give ample time for recipients to respond to any issues.

3. Requests for Personal Information: No government agency will ask you for your SSN or banking information over the phone or via email. If someone asks for this information, hang up or ignore the email.

4. Financial Requests: Be wary of anyone asking you to transfer money, pay a fine, or safeguard your assets through unusual means, such as wire transfers or gift cards. This is a hallmark of scam operations.

5. Unfamiliar Websites or Emails: Always double-check the URL and authenticity of websites claiming to be official. Scammers will create sites that look very similar to legitimate government sites, but subtle differences in the URL or design can give them away.

How to Protect Yourself

– Verify the Source: If you receive a suspicious call, letter, or email, do not respond immediately. Contact the SSA directly through their official channels to verify whether the communication is legitimate.

– Monitor Your Accounts: Regularly check your financial accounts and credit reports for any signs of unauthorized activity. If you spot something suspicious, report it immediately.

– Report Activity: If you suspect that you have been contacted by a scammer and fallen victim by accidentally clicking on a link or giving out personal identifying information (PII), contact us immediately so we can decide on what steps should be taken. In addition to placing an immediate fraud alert on your credit file, a credit freeze may be merited.

– Be Educated and Spread Awareness: Staying informed about these scams is key to protecting you. The more people who are aware of these tactics, the harder it becomes for scammers to operate. Share this information with your family and friends, especially those who may be more vulnerable to these kinds of attacks, like the elderly.

As long-con scams targeting SSNs continue to rise, it’s crucial to stay vigilant. Always be cautious of unsolicited communications, double-check the legitimacy of claims, and never share sensitive information without verifying the source. The SSA and its Office of the Inspector General are actively working to combat these scams, but your personal awareness is the first line of defense.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Unsplash.com FLY:D

Millions Potentially Exposed by Neiman Marcus Breach

Dallas-based Neiman Marcus Group (NMG), a luxury department store chain that includes Bergdorf Goodman, recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party named Snowflake. The company notified Maine’s Attorney General’s Office that the breach has impacted more than 64,000 customers. The company started mailing notification letters on June 24th. This is not the first cybersecurity incident for Neiman Marcus. Previous breaches are known to have occurred in 2013, 2015 and 2020 for the high-end retailer.

NMG disclosed the incident just as a hacker announced the sale of the database. According to SecurityWeek, although a ransom was demanded, the retailer refused to pay. SecurityWeek also reported that the database sold for $150,000 and allegedly includes information on 180 million users which is far more than the 64,000+ NMG reported. The hacker is now advertising 70 million transactions, 50 million customer email addresses, 12 million gift card numbers and six billion rows of customer shopping records, employee data and store information.

Campaigns have targeted at least 165 organizations associated with Snowflake cloud storage systems, such as Advance Auto Parts, Allstate, Anheuser-Busch, Mitsubishi, Progressive, State Farm and Ticketmaster. We expect to see a heightened volume of cybersecurity incidents surrounding Snowflake and will notify you as soon as we hear any further news. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Gamers Hit with Social Engineering Attack

Gamers Hit with Social Engineering Attack

Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.

The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employees. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More

If the term ‘social engineering attack’ is new to you … you are not alone.

Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.

Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:

– Phishing: fraud, impersonation and old-fashioned blackmail.

– Baiting: fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”

– Pretexting: this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.

– Spear Phishing: this is a very targeted email attack on specific employees (or sometimes organizations as a whole).

Tips:

– Only click on URLs that begin with https.

– Enable multi-factor authentication when available.

– Use a spam filter.

– Use a pop-up blocker.

– Do your research and check if a website or contact is legit.

– Never insert a USB into your device unless you know and trust exactly who it is from.

– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.

Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com

Nationwide Cyberattack Paralyzes Auto Dealerships

If you have been trying to buy a car this summer, you might have hit a snag or two. Dealerships have had to go back to good old fashioned pen and paper to complete deals after their operations suddenly came to a complete halt. What happened? Hackers targeted CDK Global, a software company that 15,000 car dealerships nationwide rely on. The back-to-back ransomware attacks occurred in mid-June but car dealerships are still recovering from having their operations paralyzed for about ten days. The good news is that dealerships do not think that customer private information has been stolen but that has not been confirmed. We will notify you if our teams find any data sets related to this attack on the dark web.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Update – Ticketmaster/Live Nation Breach Alert: 560 Million Fans Impacted

Update – Ticketmaster/Live Nation Breach Alert: 560 Million Fans Impacted

Ticketmaster Entertainment, LLC is an American ticket sales and distribution company based in Beverly Hills, California with operations in many countries around the world. In 2010, it merged with Live Nation under the name Live Nation Entertainment. Ticketing giant Live Nation confirmed this summer that it has been the victim of a cyber attack. We have just learned that the breach origin date is May 20, 2024. Personal data from over half a billion users have been exposed. Data stolen can include full names, addresses, email addresses, birth dates, credit card type, the last four digits and credit card expiration dates used for ticket sales. Learn More

We suggest that you protect yourself by doing the following if you have a Ticketmaster account:

– Change your password immediately and frequently. Although it might be easier to remember, try to resist the urge to use the same password across multiple accounts.

– Utilize two-factor authentication when it is available.

– If solicited online, never share any personal identifying information or financial account numbers. Only give out information to an individual you know or a company that you are 100% certain about.

This is definitely not the first time Ticketmaster has made the news. If you have a Swiftie in the household, you likely already know the debacle surrounding Ticketmaster and Taylor Swift’s Eras tour that started in 2022. If you are interested in the timeline of the chaos, check out People’s article of events. Learn More

Now is not the time to let your guard down. Knowledge is power. Being informed of what steps you may need to take can help ease the potential damage (and your stress level) if your identity has been compromised. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: Erfan Parhizi via unsplash.com

UPDATE from Ticketmaster – July 3, 2024: Ticketmaster has contacted those who may be affected. They state via email that they “take the protection of personal information very seriously.” They explain that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider. Based on their investigation, they determined that the unauthorized activity occurred on May 27, 2024. They note that they are working to mitigate risk to their users and the company, and have notified and are cooperating with law enforcement and regulatory authorities.

Investment Opportunity or Not? Keeping Eyes on Your 💰

Investment Opportunity or Not? Keeping Eyes on Your 💰

One of the top scams of the century involving investments is making a comeback in 2024. A fixed deposit, otherwise known as a term deposit, has traditionally been an investment plan that allows you to earn a safe guaranteed rate of interest for a lump sum over a fixed period of time. Funds can be withdrawn during the fixed term but there are fees to do so. Unfortunately, anyone with access to your personal identifying information and banking credentials can withdraw the money from these accounts.

Scammers desiring to cash in on anyone’s deal are offering fake investments that the masses are falling for. Here is how to get on the band wagon of what you need to know about fake fixed term deposit investment scams so you don’t fall victim:

– Understand that there is no such thing as easy money and it definitely doesn’t grow on trees.

– Every investment has some degree of risk. There is also risk in not investing at all so working with a reputable company registered with the Financial Industry Regulation Authority (FINRA), the Securities and Exchange Commission (SEC) or your state securities regulator is imperative.

– Get it in writing. If there isn’t any documentation that can mean that the investment may not be registered with the SEC and is not legit.

– An unsolicited phone call, text or email promising guaranteed profits is a really good reason to block the number or sender. With artificial intelligence (AI) having entered the pictured the last couple of years, it is understandably confusing as to who is real and who isn’t.

– If you are rushed to make any type of investment decision so you ‘don’t lose out’ and your gut tells you this investment is smelling fishy, then it’s probably ‘phishy,’ a scam technique that isn’t going away anytime soon. To learn more about phishing scams, check out the Federal Trade Commission’s article on the subject HERE.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy credit: Micheile Henderson on Unsplash.com

Major Eyewear Company: Over 70 Million Hacked

Major Eyewear Company: Over 70 Million Hacked

Our security teams have recently discovered large data sets of compromised cyber elements on the Dark Web. On May 19th, the world’s largest eyewear company, Luxottica, confirmed reports of a 2021 data breach from a vendor’s computer network that leaked private information.

Luxottica, based in Milan, Italy, designs and manufactures sunglass and prescription frames. Brands include Burberry, Chanel, Dolce and Gabbana, Georgio Armani, Michael Kors, Oakley and Ray-Ban. The company also owns several retailers selling products such as LensCrafters and Sunglass Hut.

The hacking origin date is November, 2022 with retail customer data exposed being name, email address, physical address and phone number.

The company’s public acknowledgement stated that they discovered through their “proactive monitoring procedures that certain retail customer data, allegedly obtained through a third-party vendor related to Luxottica retail customers, was published in an online post.” The company reported the incident to the FBI and the Italian Police. The owner of the website where the data was exposed has since been arrested by the FBI. The website that leaked the information has also been shut down and the investigation is still ongoing. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Image courtesy credit: uriel-sc-11KDtiUWRq4-unsplash.jpg unsplash.com

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

Our security teams have recently discovered that over 25 million people have been impacted by data breaches involving TruthFinder, Instant Checkmate and Gemini.

Both TruthFinder and Instant Checkmate are subscription-based websites owned by PeopleConnect that allow users to do background checks on people by utilizing public records. The breaches for both companies occurred on April 12, 2019. While TruthFinder’s breach involves eight million account holders, Instant Checkmate’s is even larger impacting 12 million. Stolen account holder information includes users’ email addresses, phone numbers and passwords for both sites. Parent company PeopleConnect has confirmed that all customer accounts created between 2011 and 2019 have been impacted and that the published list originated inside their company. Learn More

Gemini (Gemini Trust Company, LLC) is a cryptocurrency exchange and custodian that allows customers to buy, sell and store digital assets. The American-owned company operates in the United States, Canada, the United Kingdom, South Korea, Hong Kong and Singapore. The breach size of 5.4 million originated December 13, 2022 as a result of a third-party incident. The company has declared that some customers have been the target of phishing campaigns from that third-party vendor exposing millions of email addresses and partial phone numbers. Learn More

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo by https://unsplash.com Erfan Parhizi