SSA Long Con Scams on the Rise

SSA Long Con Scams on the Rise

In recent months, there has been an alarming increase in long con scams targeting Social Security Numbers (SSNs). These scams are designed to steal sensitive personal information and exploit individuals through highly orchestrated and deceitful tactics. According to the Social Security Administration Office of the Inspector General (SSA OIG), scammers are evolving their methods, and many of these cons are becoming harder to detect.

Last month the Inspector’s General Office released that scammers are compounding tactics by using fake Amazon or PayPal tech support emails and text messages who will try to convince you that your SSN or record is compromised. Considering the enormous size of nationalpublicdata.com’s breach this spring and summer (to the tune of 2.9 billion records), we understand that this topic can be very confusing to navigate. Learn More

Knowledge is power. Here’s what you need to know about the growing trend and how you can protect yourself.

What is a Long-Con Scam?

A long-con scam is a method of deception that unfolds over a long period of time. Unlike quick-hit frauds, where scammers make a direct attempt to steal your information or money in one go, long-con scams involve establishing a sense of trust with the victim. Scammers often impersonate official entities—like the SSA—over weeks or months to gradually build credibility, making their eventual fraudulent activities more convincing. Scams often end with an in-person meeting with an individual either who is part of the scheme or an unsuspecting participant, such as an Uber driver, during which the target turns over gold, cash, a crypto wallet or some other currency for “safe keeping” at the direction of the imposter SSA OIG federal agent.

How Are Scammers Exploiting SSNs?

SSNs are one of the most valuable pieces of personal information for identity theft. Once scammers have your SSN, they can open new credit lines, file false tax returns, and even gain access to your financial accounts. Here’s how these long-con scammers operate:

1. Impersonation of Government Officials: One common tactic is to pose as representatives from the Social Security Administration (SSA) or even the SSA OIG. Scammers contact victims via phone, email or mail, claiming that there is an issue with their SSN, such as fraudulent activity or that their benefits are being suspended.

2. Phony Documentation and Fake Websites: Scammers often direct victims to fake websites or send fabricated official documents that look legitimate. These documents might appear as “official” notifications, containing seals or logos of government agencies. Over time, the victim may be asked to “verify” their SSN or other personal information.

3. Threats and Intimidation: Scammers may claim that if the victim does not act immediately, their benefits will be suspended, or they will face legal consequences. The urgency creates pressure and confusion, making victims more likely to comply without questioning the legitimacy of the request.

4. Financial Manipulation: In some cases, the scammer will slowly gain access to the victim’s financial accounts by claiming they need to “safeguard” their funds or by having them pay fees to avoid legal trouble. Since this happens over time, it can be difficult for the victim to recognize they are being defrauded.

Red Flags to Watch Out For

While these scams can be highly sophisticated, there are several warning signs to be aware of:

1. Unexpected Calls or Emails from the SSA: The SSA typically communicates by mail and rarely makes unsolicited phone calls, especially about sensitive information like your SSN or benefits. Be suspicious if someone contacts you out of the blue claiming to be from the SSA or the SSA OIG.

2. Pressure to Act Immediately: Scammers often use scare tactics, telling you that you need to act fast to prevent legal action or benefit suspension. Government agencies do not operate this way; they give ample time for recipients to respond to any issues.

3. Requests for Personal Information: No government agency will ask you for your SSN or banking information over the phone or via email. If someone asks for this information, hang up or ignore the email.

4. Financial Requests: Be wary of anyone asking you to transfer money, pay a fine, or safeguard your assets through unusual means, such as wire transfers or gift cards. This is a hallmark of scam operations.

5. Unfamiliar Websites or Emails: Always double-check the URL and authenticity of websites claiming to be official. Scammers will create sites that look very similar to legitimate government sites, but subtle differences in the URL or design can give them away.

How to Protect Yourself

– Verify the Source: If you receive a suspicious call, letter, or email, do not respond immediately. Contact the SSA directly through their official channels to verify whether the communication is legitimate.

– Monitor Your Accounts: Regularly check your financial accounts and credit reports for any signs of unauthorized activity. If you spot something suspicious, report it immediately.

– Report Activity: If you suspect that you have been contacted by a scammer and fallen victim by accidentally clicking on a link or giving out personal identifying information (PII), contact us immediately so we can decide on what steps should be taken. In addition to placing an immediate fraud alert on your credit file, a credit freeze may be merited.

– Be Educated and Spread Awareness: Staying informed about these scams is key to protecting you. The more people who are aware of these tactics, the harder it becomes for scammers to operate. Share this information with your family and friends, especially those who may be more vulnerable to these kinds of attacks, like the elderly.

As long-con scams targeting SSNs continue to rise, it’s crucial to stay vigilant. Always be cautious of unsolicited communications, double-check the legitimacy of claims, and never share sensitive information without verifying the source. The SSA and its Office of the Inspector General are actively working to combat these scams, but your personal awareness is the first line of defense.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Unsplash.com FLY:D

NationalPublicData.com Breach Exposes 2.9 Billion SSNs: Protect Yourself

NationalPublicData.com Breach Exposes 2.9 Billion SSNs: Protect Yourself

We previously reported last month that NationalPublicData.com, a widely-used public data aggregation platform, had suffered a massive system breach, exposing 2.9 billion Social Security Numbers (SSNs). This incident marks one of the largest data breaches in history, leaving millions vulnerable to identity theft and fraud.

As details continue to unfold, it’s important to understand what happened, what this breach means for you, and how you can protect yourself in the aftermath.

What Happened?

This summer, NationalPublicData.com, which aggregates and provides access to public records, announced that its database had been compromised by an external party. NationalPublicData.com serves a range of industries and businesses, including financial institutions, insurance companies, and government agencies. The breach affected an enormous volume of personal data, including 2.9 billion SSNs, full names, addresses, and other sensitive information. Given the scale, this breach impacts a significant portion of the global population, as the platform collects data from various sources worldwide.

Initial reports suggest that the breach was a result of a vulnerability in the system’s database security, which hackers were able to exploit. NationalPublicData.com has since launched an investigation and is working with cybersecurity experts to understand the full scope of the breach. However, the exposed data is already circulating on dark web forums, increasing the urgency for those affected to take immediate action.

Why is This Breach So Concerning?

The exposure of 2.9 billion SSNs is particularly alarming because of how SSNs are used in the United States and other countries as a primary identifier. With access to an individual’s SSN, cybercriminals can:

– Open new credit accounts: Fraudsters can use your SSN to open credit cards, loans, or other financial accounts in your name, leading to financial chaos.
– File fraudulent tax returns: Identity thieves can use stolen SSNs to file fraudulent tax returns and claim refunds in your name.
– Gain access to medical records: With an SSN, criminals can access healthcare records or commit medical fraud.
– Commit employment fraud: Stolen SSNs can be used to obtain jobs under your identity, which can create problems with the IRS and impact your credit report.

Beyond these financial and personal risks, this breach could lead to widespread identity theft, damaging the reputations of both individuals and businesses.

What Should You Do If You’re Affected?

If you are one of the millions who have received a CyberAgent Dark Web monitoring alert from us, please read the alert in entirety as it will include a list of recommended actions to take. Remember that an alert is sent when our surveillance technology has discovered information on the internet that matches up to your monitored identity elements. Multiple alerts could mean multiple monitored identity elements were found on various sites. Personal information exposed on the dark web does not necessarily mean your information has been used fraudulently. The actions recommended are proactive steps to prevent any potential risk.

We suggest that you make a practice to do the following:

– Monitor Your Financial Accounts: Keep a close eye on your bank accounts, credit cards, and other financial records for any suspicious or unauthorized transactions. Consider setting up alerts to notify you of any unusual activity

– Change Your Passwords Regularly: While SSNs are the primary concern, it’s a good idea to update your passwords for any accounts linked to NationalPublicData.com or other platforms that store sensitive data. Use strong, unique passwords and consider enabling two-factor authentication (2FA) where possible.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo credit courtesy: Uriel SC via Unsplash.com

Gamers Hit with Social Engineering Attack

Gamers Hit with Social Engineering Attack

Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.

The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employee. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More

If the term ‘social engineering attack’ is new to you … you are not alone.

Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.

Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:

– Phishing – fraud, impersonation and old-fashioned blackmail.

– Baiting – fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”

– Pretexting – this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.

– Spear Phishing – this is a very targeted email attack on specific employees (or sometimes organizations as a whole).

Tips:

– Only click on URLs that begin with https.

– Enable multi-factor authentication when available.

– Use a spam filter.

– Use a pop-up blocker.

– Do your research and check if a website or contact is legit.

– Never insert a USB into your device unless you know and trust exactly who it is from.

– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.

Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com

Nationwide Cyberattack Paralyzes Auto Dealerships

If you have been trying to buy a car this summer, you might have hit a snag or two. Dealerships have had to go back to good old fashioned pen and paper to complete deals after their operations suddenly came to a complete halt. What happened? Hackers targeted CDK Global, a software company that 15,000 car dealerships nationwide rely on. The back-to-back ransomware attacks occurred in mid-June but car dealerships are still recovering from having their operations paralyzed for about ten days. The good news is that dealerships do not think that customer private information has been stolen but that has not been confirmed. We will notify you if our teams find any data sets related to this attack on the dark web.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Update – Ticketmaster/Live Nation Breach Alert: 560 Million Fans Impacted

Update – Ticketmaster/Live Nation Breach Alert: 560 Million Fans Impacted

Ticketmaster Entertainment, LLC is an American ticket sales and distribution company based in Beverly Hills, California with operations in many countries around the world. In 2010, it merged with Live Nation under the name Live Nation Entertainment. Ticketing giant Live Nation confirmed this summer that it has been the victim of a cyber attack. We have just learned that the breach origin date is May 20, 2024. Personal data from over half a billion users have been exposed. Data stolen can include full names, addresses, email addresses, birth dates, credit card type, the last four digits and credit card expiration dates used for ticket sales. Learn More

We suggest that you protect yourself by doing the following if you have a Ticketmaster account:

– Change your password immediately and frequently. Although it might be easier to remember, try to resist the urge to use the same password across multiple accounts.

– Utilize two-factor authentication when it is available.

– If solicited online, never share any personal identifying information or financial account numbers. Only give out information to an individual you know or a company that you are 100% certain about.

This is definitely not the first time Ticketmaster has made the news. If you have a Swiftie in the household, you likely already know the debacle surrounding Ticketmaster and Taylor Swift’s Eras tour that started in 2022. If you are interested in the timeline of the chaos, check out People’s article of events. Learn More

Now is not the time to let your guard down. Knowledge is power. Being informed of what steps you may need to take can help ease the potential damage (and your stress level) if your identity has been compromised. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: Erfan Parhizi via unsplash.com

UPDATE from Ticketmaster – July 3, 2024: Ticketmaster has contacted those who may be affected. They state via email that they “take the protection of personal information very seriously.” They explain that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider. Based on their investigation, they determined that the unauthorized activity occurred on May 27, 2024. They note that they are working to mitigate risk to their users and the company, and have notified and are cooperating with law enforcement and regulatory authorities.

Memorial Day Hacks and Hamburgers

Memorial Day Hacks and Hamburgers

Memorial Day is a special time of year to honor the men and women who have died while serving in the U. S. military. Originally known as Decoration Day, Memorial Day originated in the years following the Civil War and became an official federal holiday in 1971. Visit History.com for more information.

Always the last Monday in May, this holiday also marks the unofficial beginning of summer fun … pool season, popsicles, and plenty of barbeques. Americans have traditionally observed Memorial Day by visiting cemeteries or memorials, holding family gatherings, and participating in parades. This year the weekend activities may still look a bit different if social distancing, but we will continue to reflect on the sacrifices our soldiers made for us while lighting up our grills. Speaking of, take a visit to Chowhound.com for some amazing tips for the most perfect hamburger ever (80/20 lean to fat ratio ground chuck always!) and clever grilling hacks. Did you know you can use a spare cooler as an insulated warmer to keep food hot and juicy right off the grill? One tip you won’t see there is a favorite of mine … folding a dollop of mayo into each burger patty for optimal juiciness before they even go on the grill. Try it. You’ll love it!

Unfortunately during this time of year crooks might pop up who feed on our gratitude. Watch out for Memorial Day scams where hackers use a patriotic or military approach when contacting service members for money. The Better Business Bureau (BBB) suggests to be on the lookout for five specific scams during this time of remembrance:

Fake military charities. Scammers will send out emails, phone calls, direct mailers and send texts using the same outreach practices as well-known legitimate nonprofits. Be wary of messages that contain words like “disabled,” “heroes,” and “warriors” and always double-check the exact name and spelling of the charity.

Fake rental properties. Scammers take out classified ads and will use photos from legitimate rental properties that promise military discounts or other incentives.

High-priced military loans. No legitimate lender will guarantee a loan as being instantly approved. Watch for ads that may also say no credit check is required. If this is the case, the loan will likely come with hidden fees as well as outrageously high interest rates.

Veteran benefit buyout plans. These plans offer an attractive cash payment in exchange for a disabled veteran’s future benefits or pension payments. The cash payment is typically only 30-40% of what the veteran is entitled to receive.

Misleading car sales. Some websites post ads that contain false discounts for those in the military. There is also an increase of ads that claim to be from soldiers who need to sell their autos quickly due to deployment.

Stay safe this weekend and please reach out to us if needed. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. We are available for you 24/7/365 at 888.966.GUARD (4827) and [email protected].

Photo courtesy Justin Casey via unsplash.com

 

Financial Tips for 2024 Grads

Financial Tips for 2024 Grads

It’s that exciting time of year! Cap and gowns are coming in and Pomp and Circumstance is running through your head as you prepare for the big event. If you’re a parent of a soon-to-be high school graduate, dollar signs may be running through your head as well, along with advice … and lots of it!

If you’re a grad, get ready to hear life experience stories from your graduation speaker and many others. The Federal Trade Commission (FTC) has some advice for you as well. Learn how to recognize financial scams. Younger people report losing money to fraud more often than older generations. According to Colleen Tressler, Consumer Education Specialist, FTC, 43% of those who reported fraud were in their 20s, while only 15% were in their 70s. During the first six months of 2023, social media was the point of contact in 38% of fraud losses for people in their 20s. For those 18-19 years old, the figure was 47%.

What can you do to help avoid financial fraud?

Never give out money or any personal identifying information (PII) in response to an unexpected request. Be wary of texts, phone calls and emails. Scammers commonly pretend to be someone you trust.

Do your research. Be smart with your online searches and use terms like “complaint,” “scam” or “alert” along with the company name when you search.

Understand that there’s no such thing as truthful caller ID anymore.

Don’t wire money. Government and legitimate companies will not require you to pay for products or services with a re-loadable gift card. Even using cards like iTunes and Google Play are risky.

Recognize that robocalls are illegal and should be reported to the FTC. If you mistakenly answer one of these calls, hang up immediately.

Looking for a job after graduation can be quite stressful especially if you’re supporting yourself for the first time.

Check out job placement firms closely. These companies should not be charging high fees in advance for any type of service without a guarantee of placement.

Keep in mind that the promise of a job isn’t the same thing as job. If you have to pay for that promise, it’s likely a scam. Read More

Realize that there are many fake jobs listed on social media. Google the company name and visit their website along with the search term “career.” If jobs are not listed on their website and nothing comes up on Google, those are red flags.

Don’t give out any credit or bank account information over the phone to a company unless they have hired you and have agreed to pay you something.

Get job details in writing and take time to go over the small print. A legitimate company won’t pressure you into making an on-the-spot decision regarding your career.

CNN recently reported some smart money moves for graduates, such as aiming to live within your means and knowing what your means actually are. Check out their tips HERE.

Congratulations and make sure you enjoy your special day. We wish you the best of luck in your future endeavors!

For more information, visit https://www.consumer.ftc.gov.

Photo courtesy Jonathon Daniels via unsplash.com.

ALERT: Toll Smishing Text Scam – Do Not Click!

ALERT: Toll Smishing Text Scam – Do Not Click!

The Ohio Turnpike and Infrastructure Commission, the FBI and SunPass are warning drivers of a text message smishing scam that requests payment for unpaid tolls. The FBI is recommending that if you receive a message like the one shown below, to take the following actions:

– Do not click the link in the text.

– Contact the FBI’s Internet Crime Complaint Center, also known as IC3, at www.ic3.gov, and include the phone number the text came from and the website listed within the text.

– If you have an EZ-Pass or SunPass account, check it via their legitimate website and let them know about the text.

– Delete the smishing text you received.

– If for any reason you accidentally clicked the link in the text and made a payment, contact your financial institution immediately to help secure your personal information and financial accounts. Contact our Member Services team at 1.888.966.4827 (GUARD) or email [email protected].

Screenshot image of a sample scam on an iphone

Being informed of what steps you may need to take before a slip up happens can help ease the potential damage (and your stress level) if it does occur. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 1.888.966.4827 (GUARD) and [email protected].

AT&T Breach Alert: 73 Million Impacted

AT&T Breach Alert: 73 Million Impacted

Our security teams have recently discovered that AT&T, one of the main US telecommunications companies, has suffered an enormous data breach. Data from 73 million current and former customers has been leaked on the dark web. In August, 2021, the company originally said that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. Although the hacking date remains unclear, one in five Americans have now been impacted. Data exposed include name, address, date of birth, phone number and social security numbers.

The company stated that it is not yet known whether the data originated from AT&T or one of its vendors. The company added that “currently AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.” The company said that it is reaching out to customers to reset their account pass codes and is also urging customers to remain alert about changes to their accounts or credit reports. LEARN MORE

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Image courtesy credit: Marcus Spiske via unsplash.com

Consumer Fraud Losses Top $10 Billion

The Federal Trade Commission (FTC) recently released data showing that consumers reported losing more than $10 billion to fraud in 2023. This marks a 14% increase over reported losses in 2022. Fraud data came from 2.6 million consumers last year, nearly the same as 2022. Consumers reported to the FTC that they lost more money to investment scams – more than $4.6 billion – than any other category in 2023. The second highest loss category was imposter scams with losses of nearly $2.7 billion.

The following is a breakdown of the top frauds reported:

– Imposter scams (in business and government impersonators)

– Online shopping scams

– Prizes, sweepstakes and lottery scams

– Investment scams

– Business and job opportunity scams

The method scammers reportedly used to reach consumers most commonly was via email, which has displaced text messages. Phone calls are now the second most reported contact method. LEARN MORE

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).