Scams, Scams and More Darn Scams

Scams, Scams and More Darn Scams

Did you know that there are at least 48 different types of identity theft and the number of scams involved in each is growing daily? Romance scams, residence scams, utility scams, employment scams, telephone scams, email scams, charity scams, Apple care scams, AirBNB scams, PayPal scams, census scams, ticket scams, government scams, medical scams, insurance scams, real estate scams, investment scams, lottery and sweepstakes scams … there really isn’t one facet of our lives that isn’t ‘scam-able.’ As the weather turns colder, it kind of makes you want to curl up under an electric blanket and hibernate for a bit doesn’t it!

 

Although everyone with a social security number is at risk for identity theft, there are two groups that are targeted more often: children and seniors. The U.S. Department of Health & Human Services has studied why. They explain, “Children are targeted to establish a ‘clean slate.’ Seniors are targeted over the telephone and through phishing scams. Some studies suggest that people become more trusting as they age, which helps to explain why it’s more difficult for older adults to detect fraudsters.”

 

The next high-risk group that follows children and seniors are the military mostly due to deployment, which impacts their ability to respond to a threat in a timely manner. According to the Federal Trade Commission, military consumers are most affected by credit card and bank fraud. Another high-risk group is identity theft repeat victims. As reported in Consumer Affairs, “people who have previously been affected by identity theft are at a greater risk for future identity theft and fraud.” According to the Center for Victim Research, “7-10% of the U.S. population are victims of identity fraud each year and 21% of those experience multiple incidents of identity theft.”

 

Lastly, the deceased are targeted. Stealing a dead person’s identity, commonly known as “ghosting,” will often go unnoticed by surviving family for months or years. A report dating from 2012 stated that 2.5 million deceased American identities are stolen each year. Of those 2.5 million stolen identities, 800,000 were used to open lines of credit or get a mobile phone plan.

 

Fraudsters oftentimes repeat their favorite most lucrative scams, which are driven by major financial life moments, such as taxes and holiday shopping. Yes, it’s getting to be that time of year, and, guess what … the world’s largest online retailer, Amazon, is seeing a huge increase in fake Amazon.com order cancellation scams. If you receive an email about an order cancellation from Amazon, there’s a good chance it’s a scam. Click on links in the email and you could unintentionally download malware onto your device. Or you might be sent to a site that aims to collect your Amazon account information, like your username and password. If you receive such an email and recently placed an order, go to Amazon.com directly to check your order status.

 

Most of our blogs offer tips to help protect yourself and your family from identity theft. There is one tip in this blog: Remain aware of scams and that they can touch every facet of your life. By staying in-the-know, you can help every month be National Cybersecurity Awareness month … not just October.

 

If you suspect that you or a loved one has suffered identity theft, please reach out to us as soon as possible. Our Guard Well member services team is available around the clock, every day of the year. Email memberservices@guardwellid.com or call 888.966.GUARD (4827) for help.

SIM Swap Attack – the New Hijack

SIM Swap Attack – the New Hijack

Imagine no texting, no service, and no data for a minute. Yikes! Halloween or not, the lack of being able to connect is a very scary thought and it can happen to any of us due to a tiny piece of plastic called a SIM card. There is a SIM (subscriber identity module) in every mobile device and it is what connects the user to a cellular network. Unfortunately, there is a wide-spread SIM swap hack that allows a thief to hijack your cell number.

 

Also known as a port out scam, simjacking, swim swapping, and SIM splitting … this latest scam can wreak havoc in all of your accounts associated with your mobile phone number. Everyone with a cell phone is at risk of this type of takeover. The PEW Research Center, a nonpartisan organization based in Washington D.C., reported this year that 96% of Americans have a cellular device and 92% of them go online daily. Considering that there are approximately 330 million Americans, that’s a pretty large target market from a hacking standpoint. No one is immune. A number of high profile attacks have occurred via Instagram and Twitter. The website wired.com reported that Twitter CEO Jack Dorsey’s own twitter account was hacked via this method this year.

 

What is a SIM Swap?

This type of scam is an account takeover fraud. It targets a weakness in two-factor authentication and two-step verification in which the second factor (step) is either a text message or a call placed to a mobile telephone. This is achieved by the fraudster impersonating the victim using personal details to appear authentic and claiming that they have lost their phone. The victim’s phone will then lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows them to intercept any one-time passwords sent via text or telephone calls sent to the victim, and thus to circumvent any security features of accounts (such as bank accounts, social media accounts, etc.) that rely on text messages or telephone calls.

 

Damage from a SIM swap can have a snowball effect. Since the scammer would be armed with your login credentials, not only can they steal your money, take over your email and social media accounts, but they can lock you out of them all and open up a new cellular account in your name … or buy that new phone you’ve been eyeing for months but won’t have the joy of using yourself.

 

Is a SIM swap preventable?

No. It’s impossible to completely prevent someone from gaining access to your phone number through a SIM swap due to the fact that the scam requires no misstep on your part (such as clicking on a bogus link). All the scammer needs to do is convince your carrier that they are you and to transfer your phone number to their SIM. As described by Michael Grothaus with Fast Company, “There’s nothing inherently shady with doing a SIM card swap. If you lose your phone or your SIM card is damaged, for instance, you might go to a mobile carrier store or even call up customer service to have your number transferred to a new SIM.”

 

Even though you can’t prevent a swap from happening to you, there are ways to make it more difficult for a scammer. Grothaus suggests to use an authenticator app such as Authenticator by Google, Microsoft AuthenticatorLastPass Authenticator, and 1Password. A single authenticator app can handle all your authentication codes no matter how many different accounts you use.

 

Other courses of action you can do to help prevent a swap include:

– Limit the personal information you share online. Identity thieves will find information to answer the security questions you may have set up to verify your identity. For example, if one of your security questions is, “What is my high school mascot?” and you list your high school name on your Facebook account and that information is not on a private setting, it’s not difficult for a good sleuth to figure out your mascot’s name.

– Set up a PIN for your cellular account and do not share it with anyone.

– Do not reply to calls, emails and SMS messages that could be a phishing attempt to request your personal data. Make sure to read our blog “Accidentally Clicked on a Phishing Link – Now What” to get up-to-speed on phishing scams.

 

The Federal Trade Commission offers a few tips on what to do if you suspect that you’ve been swapped:

– First, contact your cellular service provider immediately to take control of your phone number. After you re-gain access to your phone number, change your account passwords.

– Check your banking, credit card and insurance statements for unauthorized charges or changes to your profile.

– Call your identity theft resolution provider. A Guard Well Member Services team professional is always on hand for you 24 hours a day, seven days a week and every day of the year … yes, even Halloween. There are enough tricks flying around. Here’s to receiving a treat this year!

 

 

Capital One Breach Alert – 100 Million Impacted

Capital One Breach Alert – 100 Million Impacted

The Wall Street Journal reports that this latest massive consumer data breach stands to be one of the worst for U.S. consumers because of the type of financial information that was accessed. The hacker accessed personal information of Capital One credit card customers and applicants in the U.S and 6 million in Canada. “This valuable consumer financial information can be used to figure out the identities of the most creditworthy or affluent consumers and open a card or loans in their name.” READ MORE

 

Take Action
Though Capital One says login information wasn’t compromised in this hack, reusing old passwords is a major security vulnerability. We suggest that you immediately:

– Change your passwords

– Set up two-factor authentication

– Closely monitor your credit card activity and credit reports

We Are Here to Help!
Please contact our 24/7/365 Member Services team at 888.966.GUARD (4827) if you think you may have been a victim. You can also visit our website and click on Let’s Talk, where you can:

 – Schedule an in-person meeting or call

– Make a payment

– Send us a file

– Leave us your comments

– Access your account

– Click-to-call Member Services immediately

Guard Well Founder and CEO Panelist in HR Forum Discussion

Guard Well Founder and CEO Panelist in HR Forum Discussion

On Thursday, June 13, 2019 the Cincinnati Business Courier hosted a live panel discussion with industry experts concerning the ongoing changes and critical issues impacting Human Resources. The panel covered a a variety of topics including workforce issues around employee engagement, retention strategies, organizational development, compensation, benefits and educating tomorrow’s business leaders. Our Founder and CEO, E. Allan Hilsinger, was among three of the panelists. Other industry experts included Deirdre Bird, Director of HR Consulting, VonLehman CPA & Advisory Firm and Brian Dershaw, Partner, Taft, Stettinius & Hollister LLP.

 

You can read the entire discussion HERE.

Top 10 Identity and Access Management Solution Providers – 2019

Top 10 Identity and Access Management Solution Providers – 2019

An Intelligent Way to Protect Your Employees

Guard Well Identity Theft Solutions was listed as one of the “Top 10 Identity and Access Management (IAM) Solutions Providers – 2019” in Enterprise Security Magazine. “What has intrigued us the most is that Guard Well always takes the driver’s seat in addressing the identity theft and restoration challenges through its full resolution solutions, cutting edge advanced monitoring tools and proprietary API technology. The company has been on the pinnacle in combining their 24/7 availability and an intense focus on customer service to provide the best IAM solutions today,” remarked Michael Brown, Managing Editor.

 

You can read the entire article HERE.

Two-factor Authentication Phishing  Scam

Two-factor Authentication Phishing Scam

Have you tried to log into an account of yours, such as your insurance or financial institution, and been told to confirm your identity in order to keep your credentials safe? You then receive a code either via text or email which is required for you to enter. Also known as 2FA, this SMS multi-step process has been the trusted security step to protect your accounts … until recently.

 

Unfortunately, there is an automated phishing attack on 2FA, which utilizes two tools: Muraena and NecroBrowser. Reported by Fortune, “The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber and NecroBrowser as the getaway driver.”

 

The attack was first demonstrated at the Hack in the Box Security Conference in Amsterdam last month. A video of the presentation was posted on YouTube on June 2nd bringing renewed attention to how hackers are getting better at penetrating extra layers of security, despite people using stronger tools, like 2FA.

 

So, what do you do? Do you still want to utilize SMS-based 2FA for your accounts? For the most part, the answer is yes.

 

Think of it like this. Say you want to put a lock on your front door to protect your home. Security professionals are arguing that the best type of lock available is way better than cheaper locks. Sure, makes sense. But if that more expensive lock isn’t available to you, isn’t having a cheaper lock still better than not having a lock at all?

 

As discussed on How-to-Geek’s website, there are some people who are more likely than others to be targeted by sophisticated hackers and should avoid using this SMS-based 2FA. For example, if you’re a politician, journalist, celebrity, or business leader, you could be targeted. Also, if you’re a person with access to sensitive corporate data, such as a system administrator, or just very wealthy, SMS may be too risky.

 

But, if you’re the average person with a Gmail or Facebook account and no one has a reason to spend a bunch of time getting access to your accounts, SMS authentication is fine and you should absolutely use it rather than using nothing at all.

 

If you suspect that your login credentials have been compromised, change your passwords as quickly as possible and report the website to the FTC and/or your identity theft resolution provider.

 

Sources:

https://conference.hitb.org/

https://Howtogeek.com/

 

 

Quick Steps for Lost Wallet

Quick Steps for Lost Wallet

You know that flustered feeling when you can’t find your cell phone? Imagine if you had your driver’s license, ATM debit card and your AMEX in a pocket inside your phone. Not only would you have a lost wallet, but you would have a lost cell phone as well. Talk about panic.

There are many reasons why you should not carry every ID you have on you at any given point in time. Your Social Security card … should be in a safe. Your passport should be in there as well. If you own more than one credit card, don’t carry all of them in your wallet at the same time. Your health insurance card? Now, that’s a toss-up.

Before a lost wallet scenario could happen to you:

• Make a detailed list and/or keep photocopies of the contents in your wallet in a safe place (ideally in a home safe or bank lock box). Make sure phone numbers are included for your providers as well so you can swiftly contact your creditors if the moment arises.

What to do if you have a lost or stolen phone, wallet or both:

• Call your bank(s) immediately to report your debit and/or any credit cards as stolen. This is different from canceling or closing your credit cards, which can cause problems with your credit reports. “You’re only responsible for up to $50 in unauthorized purchases if you report a debit card as missing within two business days of the loss. But, if you wait more than two days (but less than 60), you could be on the hook for up to $500 in unauthorized purchases.
• Call your cell phone carrier if your lost wallet also included your phone. Service providers have tracking that can help trace the footsteps of your burglar as well as the ability to shut off any apps, suspend social media accounts and email for the time being.
• File a police report.
• Initiate a fraud alert on your credit report.
• Replace your driver’s license as soon as possible. Every state has different requirements for replacing a license. Some may ask you for a police report number if your ID has been stolen.

• IF your Social Security card was in your wallet (not recommended), contact the Social Security Administration immediately. They can send you a new card but they won’t give you a new number.

• Download a credit report. If you see anything you don’t recognize, call the IRS Identity Protection Unit 800.908.4490.

What types of cards and documents can be replaced?

It can be overwhelming when we think of everything that could be in our wallet. Your driver’s license, debit card, passport, military ID, health insurance card, Medicare/Medicaid, auto insurance card, US Visa or residency card, even retail store cards and any specialized license or driver’s permit all can be replaced, but it takes time.

It’s best to minimize what you carry with you. Our Lost Wallet service assists our Members in quickly and effectively terminating and re-ordering wallet contents. Our services include:

• Identifying missing documents.
• Contacting document issuers while Member is on call (if required by issuer).
• Cancelling of all lost cards and report documents missing.
• Completing the required forms and delivering to subscriber for completion.
• Initiating fraud affidavit and police reports for stolen wallets.
• Additional resolution calls based on the severity of issue, as needed