Beware of the Social Security Administration Employee Scam

There is a new Social Security scam in the news, and you should definitely know about it. The Acting Inspector General of Social Security, released a statement that warns people of this new scheme. Basically, scammers are impersonating Social Security Administration employees.

The scam started out fairly small and localized, but now, people from across the country are reporting that they are getting calls from people stating that they are from the Social Security Administration. The caller attempts to get personal information from the person they call including address and banking information.

Here’s How the Scam Works

Almost all of these calls are coming from a 323 area code, but don’t think for a second they won’t change this up. The caller says that they are an SSA employee, and sometimes tells the victim that they are getting a cost of living adjustment, so their benefits will be higher. Many callers believe this, of course, so when the scammer asks them to verify things such as their name, their birthday, their Social Security number, and even the name of their parents, they gladly do it to get an increase in their benefits. Once the scammer gets the information, they then contact the SSA and change the victim’s account information so that the benefits now go into a different account. Then, they can collect the cash.

Currently, the Social Security administration does contact people by phone in certain cases. However, the person usually knows that they should be expecting a call. It is also possible that an SSA employee might ask a person to verify information. So, none of this really seems unusual to anyone who has dealt with the SSA.

What to Do if You Get a Call

Hang up. Plain and simple. If you get a call from the Social Security Administration, you should report it immediately to 1-800-269-0271. You can also report it online.

It is also very important to be cautious, and you should avoid giving any information, such as your bank account number or Social Security number, to anyone who calls you. To check if it is a legitimate call from the SSA, tell the person calling that you are worried about scams, and ask if you can call them back. A legitimate SSA employee should be perfectly fine with this. Then, look up the number yourself. Don’t call a number that they give, no matter what. Finally, you can also contact the Social Security Administration at 1-800-772-1213 if you have any question about any text, letter, email, or call that you get.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

2017 Was the Worst Year for Identity Theft EVER!

Javelin Strategy & Research recently released its Identity Fraud Study, and it revealed that the number of identity theft victims rose by 8% in 2017 when compared to 2016. That’s almost 17 million people, which is a record high. Despite more information and industry efforts to make people aware of these practices, $16.8 billion was stolen due to ID theft in 2016.

The study also showed a shift in how ID theft fraud was being done. Credit card accounts were the most common targets for new account fraud, we also see that there is a big uptick in other accounts being targeted, including PayPal accounts and e-commerce merchant accounts. We can also see that more than 30% of consumers in the US were notified that their information was part of a data breach, which is 12% higher than the year before. Social Security numbers also seem to be a favorite of ID thieves, as are credit card numbers. We also see that due to these breaches, consumers are becoming less trusting when it comes to companies and financial institutions that are storing personal data.

The Trends

There were four noteworthy trends that were also found in this study:

  • There was a Record High Rate of Identity Fraud – The study shows that almost 7% of all consumers were victims of ID fraud. This was almost a million people from 2016. This was mostly due to more account takeovers and more instances of fraud.
  • Account Takeover Has Grown – One of the most shocking things found in this study is that account takeover has tripled when compared to 2016 and has reached a four-year high. This is a 120% increase. It was also noted that the average victim had to pay an average of $290 out of pocket to solve these issues, and consumers spent more than 62 million hours trying to work these issues out.
  • Scammers Target Online Shoppers – The study also shows that people who shop online are most at risk of becoming a victim of fraud.
  • Scammers are More Sophisticated – Finally, the study showed that fraudsters are more sophisticated than ever before, and they use more complex methods than ever before.

Finally, the Identity Fraud Study did something new this year, too. It looked at the way news of data breaches has affected consumers. About 63% of people who responded say that they were “very” or “extremely” concerned about becoming a victim of a data breach.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Background Checks Don’t Tell the Whole Story

When it comes to background checks, the National Crime Information Center is the gold standard. It is only available to law enforcement agencies and is the most accurate and complete database tracking convictions and arrests in the US. That sounds pretty great, right? Unfortunately, it’s not all as it seems.

The Department of Justice

The Department of Justice recently released a report based on a two-year study of convictions and arrests from 2016. The report shows that a very low percentage of convictions and arrests actually make it to the National Crime Information Center. What does this mean? It means that even if a commercial background check company is using the best information, it’s only able to get information on about 13% of all crimes. On top of that, there is a pretty standard 30% error rate on background checks based on factors such as typos, misspellings, and data entry errors. Yikes.

The Reliance of Background Checks

It doesn’t matter if you are an employer, a landlord, or even a private citizen hiring a babysitter or contractor, odds are good that you think a criminal background check is a good idea. But, the fact that we not only rely on these checks, but also believe that they are fool-proof, is quite problematic.

Other Implications of Background Checks

The inaccuracy of background checks is only one of the issues associated with them. Another issue is that there is a big possibility that these commercial background checks could violate the Fair Housing Act because it might be seen as intentional discrimination. Additionally, though people with criminal records are not protected under the Fair Housing Act, statistically, this creates a disproportionate impact on minorities. According to the Fair Housing Act, minorities are protected.

Though it seems like a great idea to run a criminal background check, as you can see, it’s not always a black and white result. Criminal history databases are not complete, there are high rates of errors, and these background checks might be violations of the Fair Housing Act. At the very least, someone could have a good case against it if you use a criminal background check as a basis for a housing decision. When thinking about if a background check is worth it or not, it probably is, but you also have to be aware of the possibility that you are not going to get the entire story.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

A “Credit Profile Number” is a fake SSN, and it Works

Cyber criminals are constantly trying to stay one step ahead of the good guys, and there is now another scam out there that you should know about: synthetic identity theft. Basically, the criminals take information from someone, and then make up the rest. They also often use fake Social Security numbers, called CPNs, or “credit profile numbers,” or names.

This type of identity theft shows us that our credit system is more vulnerable than we might think. Basically, it is easy to create a credit file on these identities, and once they have that, they can get a credit card or loan.

Of course, using a CPN like this on an application for credit card or loan is illegal, but lenders currently don’t have a conclusive way of distinguishing a real Social Security number from one of these fake ones. The Social Security Administration generates SSNs randomly. This makes it difficult for a lender to notice a fake one. Technically, a lender can contact the SSA and cross-check, but most of them don’t. Why? Because the SSA requires a handwritten signature from the person who has that SSN, and this is a pain in the neck for lenders.

So, of course, the best thing to do is to create a way for lenders to instantly check to see if a Social Security number is valid or not, and as of now, they do not have the capacity to do this. Lenders do, however, use their own fraud-detection tools, but these requests for credit still fall through the cracks.

This practice also has created more open windows for fraudsters, because they know that the system is vulnerable. It’s true that many lenders won’t accept a credit application from someone with no history of borrowing, which is the case with a CPN, but some still do, and the more activity the file sees, the more likely it is that credit will be given. Once credit is approved, a full credit report is created. Though it likely won’t be a high amount of credit, many lenders take a chance on new borrowers, and at a minimum, extend a couple of hundred dollars. Some people will even get a card that has, say a $300 limit, and use the card for a time. Once they establish a good payment history, they can get a credit increase, and that’s where the fun really begins.

This is just one more scam that you should be aware of, and one more reason to keep your private and personal information safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

2017 Was the Worst year for Data Breaches EVER!

It seems like 2017 broke records for all the wrong reasons…one of them being the worst year for data breaches in history.

According to reports, hacking was the most common way to collect this data, but almost 70% of exposures occurred due to accidental leaks or human error. This came down to more than 5 billion records. There were several well-known public leaks, too, including the Amazon Web Services misconfiguration. More than half of the businesses using this service were affected, including companies like Verizon, Accenture, and Booz Allen Hamilton. The scariest part of this, however, is the fact that the number of breaches and the number of exposed records were both more than 24% higher than in 2016.

Big Breaches of Big Data

Another interesting thing to note is that eight of the big breaches that occurred in 2017 were in the Top 20 list of the largest breaches of all time. The top five biggest breaches in 2017 exposed almost 6 billion records.

Part of the reason for the big numbers is because huge amounts of data were exposed from huge companies, like Equifax. There was also a huge breach at Sabre, a travel systems provider, and the full extent of the breach isn’t even known at this point. All we do know is that it was big.

When looking at all of the known 2017 data breaches, almost 40% of the breaches involved businesses. About 8% involved medical companies, 7.2% involved government entities, and just over 5% were educational entities. In the US, there were more than 2,300 breaches. The UK had only 184, while Canada had only 116. However, until now, companies in Europe were not forced to report breaches, so things could change now that reporting is mandatory.

What were the biggest breaches of all time?  Here they are, in order:

  • Yahoo (US company) – 3 billion records
  • DU Caller Group (Chinese company) – 2 billion records
  • River City Media (US company) – 1.3 billion records
  • NetEase (Chinese company) – 1.2 billion records
  • Undisclosed Dutch company – 711 million records

Though none of this is great news, there is a silver lining here: none of the breaches of 2017 were more severe than any other breach in history, and overall, the occurrence of breaches dropped in the fourth quarter.

Because of so many breaches occurring due to human error, it’s very important that businesses of all sizes enact security awareness training, including helping staff understand what makes a business a target and what type of info the hackers want.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.