Scams, Scams and More Darn Scams

Scams, Scams and More Darn Scams

Did you know that there are at least 48 different types of identity theft and the number of scams involved in each is growing daily? Romance scams, residence scams, utility scams, employment scams, telephone scams, email scams, charity scams, Apple care scams, AirBNB scams, PayPal scams, census scams, ticket scams, government scams, medical scams, insurance scams, real estate scams, investment scams, lottery and sweepstakes scams … there really isn’t one facet of our lives that isn’t ‘scam-able.’ As the weather turns colder, it kind of makes you want to curl up under an electric blanket and hibernate for a bit doesn’t it!

 

Although everyone with a social security number is at risk for identity theft, there are two groups that are targeted more often: children and seniors. The U.S. Department of Health & Human Services has studied why. They explain, “Children are targeted to establish a ‘clean slate.’ Seniors are targeted over the telephone and through phishing scams. Some studies suggest that people become more trusting as they age, which helps to explain why it’s more difficult for older adults to detect fraudsters.”

 

The next high-risk group that follows children and seniors are the military mostly due to deployment, which impacts their ability to respond to a threat in a timely manner. According to the Federal Trade Commission, military consumers are most affected by credit card and bank fraud. Another high-risk group is identity theft repeat victims. As reported in Consumer Affairs, “people who have previously been affected by identity theft are at a greater risk for future identity theft and fraud.” According to the Center for Victim Research, “7-10% of the U.S. population are victims of identity fraud each year and 21% of those experience multiple incidents of identity theft.”

 

Lastly, the deceased are targeted. Stealing a dead person’s identity, commonly known as “ghosting,” will often go unnoticed by surviving family for months or years. A report dating from 2012 stated that 2.5 million deceased American identities are stolen each year. Of those 2.5 million stolen identities, 800,000 were used to open lines of credit or get a mobile phone plan.

 

Fraudsters oftentimes repeat their favorite most lucrative scams, which are driven by major financial life moments, such as taxes and holiday shopping. Yes, it’s getting to be that time of year, and, guess what … the world’s largest online retailer, Amazon, is seeing a huge increase in fake Amazon.com order cancellation scams. If you receive an email about an order cancellation from Amazon, there’s a good chance it’s a scam. Click on links in the email and you could unintentionally download malware onto your device. Or you might be sent to a site that aims to collect your Amazon account information, like your username and password. If you receive such an email and recently placed an order, go to Amazon.com directly to check your order status.

 

Most of our blogs offer tips to help protect yourself and your family from identity theft. There is one tip in this blog: Remain aware of scams and that they can touch every facet of your life. By staying in-the-know, you can help every month be National Cybersecurity Awareness month … not just October.

 

If you suspect that you or a loved one has suffered identity theft, please reach out to us as soon as possible. Our Guard Well member services team is available around the clock, every day of the year. Email memberservices@guardwellid.com or call 888.966.GUARD (4827) for help.

SIM Swap Attack – the New Hijack

SIM Swap Attack – the New Hijack

Imagine no texting, no service, and no data for a minute. Yikes! Halloween or not, the lack of being able to connect is a very scary thought and it can happen to any of us due to a tiny piece of plastic called a SIM card. There is a SIM (subscriber identity module) in every mobile device and it is what connects the user to a cellular network. Unfortunately, there is a wide-spread SIM swap hack that allows a thief to hijack your cell number.

 

Also known as a port out scam, simjacking, swim swapping, and SIM splitting … this latest scam can wreak havoc in all of your accounts associated with your mobile phone number. Everyone with a cell phone is at risk of this type of takeover. The PEW Research Center, a nonpartisan organization based in Washington D.C., reported this year that 96% of Americans have a cellular device and 92% of them go online daily. Considering that there are approximately 330 million Americans, that’s a pretty large target market from a hacking standpoint. No one is immune. A number of high profile attacks have occurred via Instagram and Twitter. The website wired.com reported that Twitter CEO Jack Dorsey’s own twitter account was hacked via this method this year.

 

What is a SIM Swap?

This type of scam is an account takeover fraud. It targets a weakness in two-factor authentication and two-step verification in which the second factor (step) is either a text message or a call placed to a mobile telephone. This is achieved by the fraudster impersonating the victim using personal details to appear authentic and claiming that they have lost their phone. The victim’s phone will then lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows them to intercept any one-time passwords sent via text or telephone calls sent to the victim, and thus to circumvent any security features of accounts (such as bank accounts, social media accounts, etc.) that rely on text messages or telephone calls.

 

Damage from a SIM swap can have a snowball effect. Since the scammer would be armed with your login credentials, not only can they steal your money, take over your email and social media accounts, but they can lock you out of them all and open up a new cellular account in your name … or buy that new phone you’ve been eyeing for months but won’t have the joy of using yourself.

 

Is a SIM swap preventable?

No. It’s impossible to completely prevent someone from gaining access to your phone number through a SIM swap due to the fact that the scam requires no misstep on your part (such as clicking on a bogus link). All the scammer needs to do is convince your carrier that they are you and to transfer your phone number to their SIM. As described by Michael Grothaus with Fast Company, “There’s nothing inherently shady with doing a SIM card swap. If you lose your phone or your SIM card is damaged, for instance, you might go to a mobile carrier store or even call up customer service to have your number transferred to a new SIM.”

 

Even though you can’t prevent a swap from happening to you, there are ways to make it more difficult for a scammer. Grothaus suggests to use an authenticator app such as Authenticator by Google, Microsoft AuthenticatorLastPass Authenticator, and 1Password. A single authenticator app can handle all your authentication codes no matter how many different accounts you use.

 

Other courses of action you can do to help prevent a swap include:

– Limit the personal information you share online. Identity thieves will find information to answer the security questions you may have set up to verify your identity. For example, if one of your security questions is, “What is my high school mascot?” and you list your high school name on your Facebook account and that information is not on a private setting, it’s not difficult for a good sleuth to figure out your mascot’s name.

– Set up a PIN for your cellular account and do not share it with anyone.

– Do not reply to calls, emails and SMS messages that could be a phishing attempt to request your personal data. Make sure to read our blog “Accidentally Clicked on a Phishing Link – Now What” to get up-to-speed on phishing scams.

 

The Federal Trade Commission offers a few tips on what to do if you suspect that you’ve been swapped:

– First, contact your cellular service provider immediately to take control of your phone number. After you re-gain access to your phone number, change your account passwords.

– Check your banking, credit card and insurance statements for unauthorized charges or changes to your profile.

– Call your identity theft resolution provider. A Guard Well Member Services team professional is always on hand for you 24 hours a day, seven days a week and every day of the year … yes, even Halloween. There are enough tricks flying around. Here’s to receiving a treat this year!

 

 

BBB’s Torch Awards for Marketplace Ethics

BBB’s Torch Awards for Marketplace Ethics

Join us in celebrating businesses and charities that go above and beyond to exemplify ethical behavior and create a trusted marketplace. We are a proud sponsor of the Better Business Bureau’s Torch Awards event, which will take place Friday, October 18th at the Sharonville Convention Center 11:30am – 1:30pm.

 

2019 Torch Award Winners include:

– Camp Joy

– The Basement Doctor of Cincinnati

– Ace Exterminating Co.

– Deviant Designs Tattoo Studio

– Impact 100, Inc.

 

We look forward to honoring these exceptional organizations. For more information and to reserve your seat, visit torchtickets.org or click HERE.

DoorDash Data Breach: How to Tell if You’ve Been Hacked

DoorDash Data Breach: How to Tell if You’ve Been Hacked

Remember when home-cooked meals happened six nights a week instead of just during the holidays? I don’t really do either. Delivery is indeed a major convenience though. From groceries and prescriptions to corporate lunches, family dinners and late night snacks, if you can order it on an app, such as Uber Eats, it can be on your doorstep in about an hour. Yes, delivery is a major convenience but, just like with everything in life, there are risks and your data can be compromised. Just ask the almost $5 million DoorDash users, merchants and workers who were recently hacked. Hits a little too close to home.

 

Consumer behavior, along with the concept of dinnertime itself, have both evolved in the past few years, making food delivery one of the the newest up and coming fads. The industry, referred to as third party logistics, is experiencing “unprecedented growth to the tune of $43 billion in deliveries (2018) and is forecasted to rise to $76 billion by 2022.” As reported in Barron’s, GrubHub this past spring was losing the food-delivery war with DoorDash stealing the show. “For the industry, DoorDash’s pace of share gain is the dominant trend,” reported KeyBanc analyst Andy Hargreaves, March, 2019. DoorDash just recently surpassed Uber Eats as the second-largest food-delivery service in the U.S. after GrubHub. We regularly use all three providers, but with a preference for DoorDash only because of the availability of restaurant choices.

 

What actually was hacked?

The latest report according to Business Insider, detailed that the breach occurred in May and affects some users who started using the DoorDash app before April 5, 2018…. “DoorDash said an unauthorized third party was able to access some users’ profile information, including names, email addresses, delivery addresses, order history and phone numbers.” The article continued to report that the last four digits of some consumers’ credit cards were also accessed, but not full card numbers or CVVs. “For some delivery workers and restaurants, the unauthorized third party accessed the last four digits of bank-account numbers.” DoorDash did announce that the “credit card and banking information is not sufficient to make fraudulent charges or withdrawals.” That gives us a little peace of mind. Maybe.

 

How do you know if you were hacked?

DoorDash reported to Business Insider that it had begun contacting people affected by the data breach and will continue to do so as they become known. The company did recommend that even those who hadn’t been contacted by DoorDash regarding the breach should still change their password immediately to be safe.

 

– If you signed up for DoorDash after April 5, 2018, your data is likely safe. If you can’t recall when you signed up, contact them to find out.

– Check your bank account(s) which are tied to your DoorDash account for fraudulent activity. Hackers count on people not reviewing every item on their credit card and bank statements.

– Contact your identity theft solutions provider immediately and especially if you notice anything “off” in your statement(s).

– Do you use the same password for multiple accounts? We recommend that your passwords are updated on a routine basis and that the same one isn’t used across multiple accounts.

 

Hackers will continue to hack. That is a definite certainty in this day and age. When we set up any type of home delivery, it is unnerving to not be able to trust that they will keep us safe as well as our food. Maybe we all should go back to those home-cooked meals … now, how do you turn the oven on again?

 

Need help? Our Member Services team is here for you 24/7/365. Call us at 888.966.GUARD (4827) or email memberservices@guardwellid.com.

 

References:

Fortune. Morris, Chris. “DoorDash Data Breach: What to Do If Your Account Was Compromised.” September 27, 2019.

Business Insider. Holmes, Aaron. “DoorDash Hack: How to Tell If You’re Affected.” September 26, 2019.

Accidentally Clicked on a Phishing Link – Now What

Accidentally Clicked on a Phishing Link – Now What

You know that searing flush-faced feeling when you pretty much know you made a mistake with a slip of the finger? Sometimes it’s sending a text too soon or responding to an email without editing your response. Other times it’s when you click on something you likely shouldn’t have … and then the “uh oh” escapes … and then the big sigh.

 

When we multitask, whether it is at work or at home, we do tend to slip up at times and open something that we shouldn’t. Then enters adware, malware, ransonmare, spyware, and whatever-else-is-next-ware into our lives.

 

Oops! Now what?

 

There are some imperative steps to take to alleviate harm to you and/or the network you may be connected with:

– Try not to panic. This happens to everyone. Antivirus and anti-malware will come into play and you will need to have a full system scan. But first …

– End the session immediately by turning off Wi-Fi, unplugging from an ethernet cable or completely shutting down all of your devices.

– Initiate a back up of your files. Since you won’t be connected to the internet at this point, you won’t be able to accomplish this to the cloud. Having an external drive, DVD or thumb drive are always nice to have on hand during times like these.

– Change your login/password to email account(s) and enable two-factor authentication if this hasn’t already occurred.

– If you are employed by a company or organization, reference your manual and let your network administrator know of the potential issue.

– After all is said and done, check your antivirus/anti-malware software and run a full scan.

 

Being informed of what steps you may need to take before a slip up happens can help ease the potential damage (and your stress level) if it does. As always, if you need help or have any concerns, we are available 24/7/365 for you.

DNA – Genetic Testing Hacks

DNA – Genetic Testing Hacks

Yes, we all would love to know more about our pasts … some from a medical necessity and others just from plain curiosity. Unfortunately, genetic testing is one of the newer “gotcha” identity theft hacks. The U.S. Department of Health and Human Services of Inspector General has just alerted the public about this new fraud scheme.

 

What is Genetic Testing?

According to the U.S. National Library of Medicine, genetic testing is a voluntary medical test “that identifies changes in chromosomes, genes, or proteins. The results of a genetic test can confirm or rule out a suspected genetic condition or help determine a person’s chance of developing or passing on a genetic disorder.” With more than 1,000 genetic tests currently in use, genetic testing labs are sprouting up all over the country, and in some circumstances, health insurers now pay for the testing. For example, the Centers for Medicare and Medicaid Services pays for next-generation sequencing for people with advanced cancer or a family history if the test is medically necessary and ordered by a treating physician. These tests may cost $10,000 or more.

 

How Does Genetic Testing Fraud Happen?

Genetic testing fraud occurs when, in this case, Medicare is billed for a test or screening that was not medically necessary and/or was not ordered by a treating physician. For example, Mr. Smith, a retiree, attended a county fair and stopped by a booth offering “free genetic testing.” Not realizing that a treating physician’s orders would be needed for Medicare to cover the cost of the test and being naturally curious about his family’s risk of cancer, Mr. Smith provided his Medicare personal identifying information to the booth worker prior to getting his cheek swabbed. In some cases, sample kits are mailed to the victim. He was then told to expect test results in about three weeks. Medicare was billed for the test and denied the claim. Mr. Smith was then charged the full amount of the test and likely never received his results. Basically, Mr. Smith’s scammer found a laboratory willing to split the profit from the testing once the DNA samples were in hand.

 

How Can I Prevent This?

– If a genetic test is mailed to you unsolicited, do not accept it. Just write ‘return to sender’ on the envelope and send it back.

– Understand that there are schemes that say genetic testing is free. Although it may falsely appear as a no cost test, realize that there are no free genetic tests. Someone always has to pay.

– Only a physician that you know (and trust) should be discussing genetic testing with you or ordering it.

– If someone you do not know asks for your health insurance or Medicare information, do not provide it. Only provide this type of information in person at your physician’s office.

– Be aware that anytime your personal information is compromised, it may be used in other fraud schemes. Closely monitor your credit report and make sure your identity theft resolution services coverage is current.

 

If you suspect genetic testing fraud, please contact the HHS OIG (U.S. Department of Health and Human Services – Office of Inspector General) hotline at 1.800.HHS.TIPS or email spoof@oig.hhs.gov immediately. Not sure what to do or have concerns about this topic? Contact us day or night. We are always open for you.

 

 

Guarding Against Business Identity Theft

Guarding Against Business Identity Theft

Individuals aren’t the only targets for identity theft. Corporate, also known as commercial identity theft, saw a 46% increase last year according to the National Cybersecurity Society (NCSS). Although businesses of all sizes are at risk, small businesses are particularly vulnerable. “Small business identity theft—stealing a business’ identity to commit fraud—is big business for identity thieves,” remarks Mary Ellen Seale, CEO of NCSS.

 

She explains, “Unlike larger corporations, small businesses don’t always have the required security controls in place to detect and deter fraudulent activity, which can make them easier targets. There is also a general unawareness, among large and small businesses alike, of the magnitude of the threat and the devastating effects that business identity theft can have.”

 

Stealing an organization’s identity takes a lot less work than one might think. State laws require the public disclosure of proprietary business information in annual reports, names and addresses of key company personnel as well as the employee identification number (EIN). All of this information can be used by thieves to apply for a line of credit or loan as well as intercept business credit card information.

 

What can business owners do to help mitigate their risk?

– Educate your employees about phishing scams. Phishers aren’t just targeting your business … they are grabbing your customers, employees, partners and vendors. Make sure your employees know what red flags to look for when they receive an email that is asking for an action from them. Examples include bad grammar, mispelled words, links to unfamiliar websites and attachments.

– Don’t post sensitive company information on your website.

– Stay on top of computer security updates.

– Check your credit reports regularly.

– Follow the IRS new procedures to protect businesses. Visit https://www.irs.gov/individuals/identity-theft-guide-for-business-partnerships-and-estate-and-trusts for detailed information.

– File your company’s annual report on time and regularly check the secretary of state’s website. Keep in mind that if you operate your business in more than one state, each state may have their own due date.

 

Unfortunately, identity theft is here to stay. With the number of incidents growing each year, and financial losses piling up, it’s more important than ever for businesses to be vigilant. Do you have an anti-phishing plan for your business? Please contact us if you need assistance developing one or educating your employees about the topic.

Zoofari 2019

Zoofari 2019

Join us! We are a proud sponsor of Cincinnati Zoo & Botanical Garden’s Zoofari event, which will take place Friday, September 13, 2019 from 6:30 pm to midnight. This year’s theme is A Masquerade Ball.

 

Zoofari attracts over 2,600 guests and raises integral support for the Zoo’s initiatives, including the care and sustenance of more than 500 animal and 3,000 plant species, ground-breaking conservation efforts and educational outreach programs that reach more than 330,000 students annually.

 

The event is usually sold out so get your tickets fast. We hope to see you there!

 

Follow #Zoofari2019

Capital One Breach Alert – 100 Million Impacted

Capital One Breach Alert – 100 Million Impacted

The Wall Street Journal reports that this latest massive consumer data breach stands to be one of the worst for U.S. consumers because of the type of financial information that was accessed. The hacker accessed personal information of Capital One credit card customers and applicants in the U.S and 6 million in Canada. “This valuable consumer financial information can be used to figure out the identities of the most creditworthy or affluent consumers and open a card or loans in their name.” READ MORE

 

Take Action
Though Capital One says login information wasn’t compromised in this hack, reusing old passwords is a major security vulnerability. We suggest that you immediately:

– Change your passwords

– Set up two-factor authentication

– Closely monitor your credit card activity and credit reports

We Are Here to Help!
Please contact our 24/7/365 Member Services team at 888.966.GUARD (4827) if you think you may have been a victim. You can also visit our website and click on Let’s Talk, where you can:

 – Schedule an in-person meeting or call

– Make a payment

– Send us a file

– Leave us your comments

– Access your account

– Click-to-call Member Services immediately

Guard Well Founder and CEO Panelist in HR Forum Discussion

Guard Well Founder and CEO Panelist in HR Forum Discussion

On Thursday, June 13, 2019 the Cincinnati Business Courier hosted a live panel discussion with industry experts concerning the ongoing changes and critical issues impacting Human Resources. The panel covered a a variety of topics including workforce issues around employee engagement, retention strategies, organizational development, compensation, benefits and educating tomorrow’s business leaders. Our Founder and CEO, E. Allan Hilsinger, was among three of the panelists. Other industry experts included Deirdre Bird, Director of HR Consulting, VonLehman CPA & Advisory Firm and Brian Dershaw, Partner, Taft, Stettinius & Hollister LLP.

 

You can read the entire discussion HERE.