Are you Scam Aware or a Sitting Duck?

/in /by

You might have heard about all of the scams out there, and think that you are pretty scam savvy. But, the truth is, most of us aren’t, and even a simple phone call could get you caught up in a big scam.

One such scam occurs when criminals call random phone numbers and ask questions, such as “Can you hear me?” When you say “yes,” they record it. They then bill you for a service or product, and when you try to fight it, they say…but you said ‘Yes.’ Not only does this happen with private numbers, it also happens with businesses. So, you have to ask…are you aware of the possibility of scams, or are you a sitting duck just waiting to be targeted? HOWEVER, this scam is unproven. Meaning I don’t think it’s a scam at all. And the scam is that this is not a scam!

Do You and Your Staff Know What To Avoid?

Do you think your staff, or even yourself, knows what to avoid when it comes to scams?

  • It’s always a good idea to have some type of awareness program in place to teach your staff what they should avoid to avoid becoming a statistic. Phishing training and social engineering information should be a part of this.
  • Do you think you or your staff would know if they fell for a scam? To teach them, make sure to give them a general, broad view of various scams and avoid being too specific. Instead, broaden the perception they have of various attacks.
  • If someone on your team was the victim of an attack, would they even know what to do in that instance? It is important to have a “scam response plan” in place.

Reporting Scam Attacks

It is essential that your team understands how to report a scam. Whether that scam is a physical security scam, such as someone wearing a fake badge and gaining access to the facility or a cybersecurity incident.

It’s also important for you to realize that some people might not even want to report these incidents. They might not feel as if it’s a legitimate concern, or they might even feel stupid that they fell for it, so they hold the information back. Others might feel as if they are being paranoid, or feel as if it’s not a valid concern. Make sure your team realizes that we all make mistakes and you want to hear about it, no matter what.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Beware of these 4Scams

/in , , /by

IRS

  • The e-mail (or phone call) says you owe money; if you don’t pay it immediately, you’ll be put in jail or fined.The scammer may know the last four digits of the victim’s Social Security number.
  • Caller ID will be spoofed to look like the call is from the IRS.9D
  • The e-mail will include an IRS logo and other nuances to make it look official.
  • The scammer may also have an accomplice call the victim pretending to be a police officer.
  • The victim is scared into sending the “owed” money—which goes to the thief. Or, the thief gets the victim to reveal credit card information.
  • Another version is that the IRS owes the victim. The victim is tricked into revealing bank account information to receive the refund.
  • Know that the IRS will never contact you via e-mail or phone; will never threaten jail time, a fine or other threats like a driver’s license revocation.
  • If you owe, the IRS will send you snail mail, certified.
  • The IRS will never threaten to have you arrested.
  • If the subject line of an e-mail appears to be from the IRS, delete it.
  • If a phone call appears to be from the IRS, hang up.

Bereavement

  • Scammers scan obituaries for prey.
  • They then contact someone related to the deceased and claim something against the estate or that they’ll reveal a family secret scandal unless they’re paid.
  • If one of these scams comes your way, request written documentation of the claim.
  • Tell the sender you’ll send this documentation to the executor.
  • If you’re blackmailed, contact a lawyer.
  • Never arrange to meet the sender.

Computer Hijack

  • This may come as a phone call: A person claiming to be a Microsoft rep informs you that your computer has been hacked and he’ll fix it—or you’ll lose everything.
  • He wants to convince you to let him have remote control or “sharing” of your computer…and from there he’ll try to get your credit card number…

Investment Scam

  • Someone halfway around the world has chosen YOU to handle a large amount of money, and you’ll be paid richly for this.
  • The sender often has a foreign sounding name, but even common names are used.
  • Often, there’s some smaltzy message in the e-mail subject line like “God bless you” or “Need your help.”
  • Delete e-mails with any subject lines relating to investments, inheritances, mentions of money, princes, barristers or other nonsense.
  • If you feel compelled to open one, don’t be surprised if there are typos or that it’s poorly written. Do NOT click any links!

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Tax Identity Theft jumps on Payroll Scams

/in , , /by

Do you work for a corporation, especially in the U.S.? You may be at risk for tax return fraud.

9DADP is a payroll provider. Hackers were able to acquire tax information of employees of U.S. Bank from ADP. Now, this doesn’t mean that ADP was directly hacked into. Instead, what happened, it seems, their authentication system was flawed and ADP failed to implement a protection strategy for the personal data to keep it safe from prying eyes.

The crooks registered ADP accounts by using the stolen data of the bank employees. These accounts allowed the crooks to get additional W-2 information—enough to commit tax return fraud. In other words, looks like a W-2 gateway was created to file fraudulent tax returns.

If it happened to U.S. Bank and ADP, it can happen many places else.

ADP says that the breach did not originate from their computer network, but where exactly it did come from is not clear at this point, as there are multiple possibilities including the hacking into of a third party service.

The hackers also used a unique company issued URL. This URL is needed to register an ADP account. It is not known at this point in time if the U.S. Bank URL required credentials to gain access to or not, but since this data breach, U.S. Bank has withdrawn plans to further post the URL online. U.S. Bank has also removed their publicly accessible W-2 form from cyberspace.

Despite the data breach, there were only minimal effects to employees and customers of ADP and U.S. Bank. But the minimal adverse outcome is no reason to let your guard down. Next time, the institutions may not be so lucky.

Solution: Fill out the IRS Identity Theft Affidavit ASAP. Here: http://robertsicilian.wpengine.com/wp-content/uploads/2016/06/f14039.pdf

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Google Alert Scams

/in , /by

If you want to know the latest on “any topic”, just sign up for Google Alerts. Google will e-mail you notifications of new information coming online. I have Google Alerts for “Home Invasion” “Identity Theft” “Burglary” “Computer Security” and many more.

So what could be so harmful about receiving alerts about topics or people who are famous for being famous or your favorite presidential candidate?

  • A scamster creates a website and inserts popular search terms such as “Kate Middleton” or “Donald Trump.”
  • If you signed up for Donald Trump, you’ll not only receive legitimate alerts from Google, but also links originating from the scammer’s site. You won’t know which is which.
  • These fraudsters have figured out a way to circumvent Google’s security.
  • Clicking on these links could download malware into your computer.

In another example Intel Security’s McAfee does the “Most Dangerous Celebrity” survey based on malicious search results. They then determine which searched celebrity sites produce the most malware.

What can you do?

  • A tell-tale clue of a scam is that when you hover over the link inside your e-mail, the URL doesn’t correlate to the alleged source of the news. If it doesn’t match up, skip it. A scammer’s URL isn’t going to have what appears to be a legitimate news outlet address.
  • Narrow your search down. So if you want the latest in Trump’s polls, type “Donald Trump polls” in the Google Alert field. Otherwise, just leaving it as “Donald Trump” will not only flood your in-box, but it will be much more likely that some of those “alerts” will be fraudulent.
  • Another way to narrow the parameters is to set the alerts for “news,” “blogs,” “best results” and “United States.”
  • Be very suspicious of URLs that do not end in a dot-com, net, org or other familiar suffix. Often, scammy URLs come from foreign countries where the suffix is different, such as “fr” for France or .ru for Russia or .cn for China.
  • If a link appears to be fraudulent, report it to Google.com/alerts.

If you’re signed up for Google Alerts for numerous topics, consider cancelling some of these, especially if it’s a hot topic that makes headlines nearly every day, such as the presidential race—which you’re bound to see anyway simply by visiting a reputable news site.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Beware of the Jury Duty Scam

/in /by

Imagine getting a call from someone identifying themselves as a federal court official or U.S. Marshal, informing you that your arrest is imminent unless you pay a cost—all because you failed to respond to a jury summons (which you don’t remember getting). I’d like to think that you’d immediately smell the rotten scam here and hang up, but unfortunately, many adults fall for this jury duty scam.

10DFirst off, let me get it off my chest: Who the devil ever heard of being arrested or fined for not responding to a jury summons? This farce isn’t even depicted in any of the slew of crime and law dramas that have been on TV for decades.

But the scammer relies on inducing enough fear in the targeted person to win them over. These scammers are sophisticated and even have call centers, says Melissa Muir, quoted in an article on uscourts.gov. She’s director of Administrative Services for the U.S. District Court of Western Washington. She points out that a federal court will never call someone and make threats or demand payments.

So if you hear what sounds like a bustling call center in the background of the call, assume this is staged to make the call sound official.

So what is the federal court’s response when someone ignores a jury summons?

  • The court clerk’s office will contact you.
  • You may be required to appear in court before a judge.
  • At the court, the judge may order that you pay a fine—but not before you’re given the chance to explain why you failed to appear for your jury summons.

If you get a fraudulent call, do not give out any information; hang up. Call your local court clerk’s office or the U.S. Marshal’s Service office for peace of mind: Check if you really did miss a jury summons, but chances are extremely high, and I mean higher than a kite, that the call was a scam.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How to prevent IRS scams

/in , /by

Once a thief knows your Social Security number…you’re at very high risk for having your identity stolen.

Computer crime concept

Computer crime concept

A report on bankrate.com says that the IRS is warning of a cyber attack on its electronic filing PIN application. Thieves infiltrated it with malware in an attempt to claim other people’s refunds as their own. Over 450,000 SSNs were involved, and over 100,000 of them enabled the hackers to access an E-file PIN.

Endless scams are directed towards SSNs, like the classic phishing attack. A phishing attack basically goes as follows:

  • An e-mail arrives with an alluring or threatening subject line, which may actually be a warning to protect your SSN.
  • The e-mail looks legitimate, complete with logos and privacy information at the bottom.
  • The hacker’s goal is to get you to fill out a form that includes typing in your SSN.
  • The FTC warns of a “Get Protected” subject line for the latest scam. This scam e-mail mentions the “S.A.F.E. Act 2015” that protects against fraudulent use of SSNs.
  • Like many phishing e-mails, the “Get Protected” one contains fake information.
  • These e-mails include a link that, when clicked, will release a virus, or take you to a website that will download a virus or lure you into revealing sensitive information.

Three Ways to Get Scammed

Most people make important decisions based on emotion. Cyber thieves know this, and they prey on fear, greed and generosity.

  • People aren’t thinking straight when emotions are ruling. Logic gets swept under the rug. There’s pressure to act quickly, such as helping the scammer (who pretends to be a grandchild of the victim) who was in an accident: wire money asap. Natural disaster scams prey on the desire to give. The emotion of greed is manipulated in “You’ve Won!” and inheritance scams.
  • Of course, before the fraudster plays with emotions like a cat playing with a mouse, he first gains your trust, pretending to like the same things you do, whatever it takes so that you don’t question him.
  • Scammers are adept at appearing credible, such as tricking your caller ID into showing “IRS” or the name of your bank in the ID field. They may have a snazzy website up, a “badge number,” noise in the background to simulate a call center, even a fake accent.
  • Remember, scammers are pros. It’s going to seem legitimate.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to protect your network from malicious insiders

/in , /by

You may be putting your company at risk simply by hiring a new employee. Why? Because that person could have a hidden, malicious agenda.

11DThis is known as an inside threat, and it means that someone within your organization is planning or conducting activities meant to harm the company.

There is a pattern that most insider threats use: The first step is to gain access to the company’s system. Once they have access to the network, they will investigate it and seek out any vulnerable areas. The malicious insider then sets up a workstation to control the scheme and spread the destruction.

What type of destruction can you expect? The hacker could introduce malware or they could steal or delete critical information, all of which can be damaging to your business. Fortunately, there are ways to protect business from these types of hacks.

Most companies protect their IT systems with firewalls, anti-virus programs, data backup software and even spyware-scanning technology. The problem is that these technologies only work when hackers are trying to get information from the outside.

One way to protect against insider threats is to ensure that employees can only access the data necessary to do their jobs. You should look at the flow of data throughout the organization to determine how information is shared and where it becomes vulnerable to theft or other security breaches. Then work with each department to implement the proper security controls.

The process of preventing data loss begins with discovering the data, classifying it, and then deciding how much risk your company may face if the data gets out. Some of the tools and procedures you may want to consider for protection include:

  • System-wide encryption
  • Password management
  • Device recognition
  • Access controls
  • Data disposal

It’s important to create security policies and procedures that are easy for employees to understand. The more transparent these policies are, the more effective your departments will be when communicating what they want and need.

How can you mitigate insider threats? Tune into the Carbonite webinar that I’ll be hosting live on Wednesday, March 15th at 11 am ET, to learn how. Register here: http://go.carbonite.com/security-threat/blog

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

Beware of ALL these Scams

/in /by

Scams targeting older people are probably very under-reported, as seniors don’t want to appear senile. The most vulnerable group is educated men over 55, because, quite frankly, they think they know everything.

9DSweepstakes/Lottery

  • This scam comes in many forms, but the common denominator is that you’re requested to pay a fee or taxes.
  • A legit sweepstakes or prize event never requires payment.

Kids/Grandkids Need Money

  • The scammer relies on the odds that the randomly-called senior has trouble hearing.
  • The scammer says, “This is your favorite grandson!” Invariably, the victim announces the grandson’s name. The scammer takes it from there, convincing the victim to send money.

Home Repair

  • A man in a worker’s uniform, complete with company logo, appears at your door, offering to do some service. They may actually perform it, but will overcharge and/or not complete it.
  • Others are there only to case your home for a future robbery.
  • A legitimate company does not go door to door.

Cyber Help

  • A call from someone claiming to be from Microsoft or some other tech giant, claiming your computer has a virus, is a scam.
  • The scam includes background noise that sounds like a busy call center.
  • This scam is also conducted via e-mail.

Dating

  • Never give money to someone you met through an online dating service.
  • If they sound and look too good to be true, they probably are. A sudden sob story in which they desperately need money is a cue for you to run for the hills.

Uncle Sam

  • Through a phone call or e-mail, you’re notified you owe back taxes or that a refund is owed to you (and you must pay a fee to get it). SCAM!
  • The crook can make the caller ID look like the IRS.
  • The caller may threaten to have you arrested or pose as a sheriff.
  • If you owe or are owed, the IRS will always snail mail you.

Ugly Baby

  • You’re approached by a woman while you push a stroller. She says your baby/grandchild is ugly.
  • While you react to this, her accomplice pick-pockets your purse.
  • Distraction scams can come in many forms.

Investments

  • A call out of the blue from an “investment advisor” is very likely a scam.
  • Seek financial counseling only from a reputable service.

Identity Theft

  • Never give personal information over the phone unless you called that company (and say, want to purchase something).

POA

Never give power of attorney to someone you know only casually or without a lawyer to review the document.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Protect from Personal Loan Scam

/in , /by

Are you thinking of getting a personal loan? Hopefully you have a high credit score, as this will give you a better chance of getting the loan through a legitimate company. But even if your credit is excellent, you need to be aware of the personal loan scams out there.

2DNot Respecting Your Limit

  • You don’t want to do business with a lender that pressures you into borrowing more than you can handle

Upfront Payment

  • You should never have to pay any fees for the application process. If you’re requested to do this, move on.

Pumped up Interest Rate

  • Know what the going interest rate is. A good lender will quote you near this average rate.
  • A bad lender will recognize the desperation of the applicant with bad credit and try to sock them with an abnormally high interest rate.

Us and Only Us

  • Be suspicious of lenders that don’t like the idea of you shopping around for better rates.
  • This is a red flag that they have questionable loan practices.

Location, Location

  • An honest, legitimate lender or bank has a verifiable physical address. Get this confirmed with Google maps.
  • If you can’t, move on. But know that even a predatory lender may have a very solid physical address.

Solicitations

  • As in ones you didn’t request. Watch out for banks that send you unsolicited invitations for a personal loan application.

 

Don’t Be Intimidated

  • Because a seedy outfit may want to scare you into closing on their loan. But they can’t do anything to you, even if they use the term “legal action.”
  • If you want to reject their loan offer, then do so.

SSN

  • Does the lender want your Social Security number? This is fine if they’re wanting to do a credit check.
  • If they’re not doing a credit check but want your SSN, move on.

Signing Empty Documents

  • Do not sign anything that does not have the interest rate, terms, loan amount, monthly payment and other crucial information.
  • Before signing anything, make sure there are no blank areas that can be filled in later.
  • Run if the lender wants you to sign something that’s missing information.

Guaranteed!

  • Is a bank guaranteeing your personal loan? Sounds great, right?
  • Not so fast. They cannot do this if they have not verified your financial history or credit history.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How to recycle Old Devices

/in , , , , , , , /by

When it comes to tossing into the rubbish your old computer device, out of sight means out of mind, right? Well yeah, maybe to the user. But let’s tack something onto that well-known mantra: Out of site, out of mind, into criminal’s hands.

7WYour discarded smartphone, laptop or what-have-you contains a goldmine for thieves—because the device’s memory card and hard drive contain valuable information about you.

Maybe your Social Security number is in there somewhere, along with credit card information, checking account numbers, passwords…the whole kit and caboodle. And thieves know how to extract this sensitive data.

Even if you sell your device, don’t assume that the information stored on it will get wiped. The buyer may use it for fraudulent purposes, or, he may resell to a fraudster.

Only 25 states have e-waste recycling laws. And only some e-waste recyclers protect customer data. And this gets cut down further when you consider that the device goes to a recycling plant at all vs. a trash can. Thieves pan for gold in dumpsters, seeking out that discarded device.

Few people, including those who are very aware of phishing scams and other online tricks by hackers, actually realize the gravity of discarding or reselling devices without wiping them of their data. The delete key and in some cases the “factory reset” setting is worthless.

To verify this widespread lack of insight, I collected 30 used devices like smartphones, laptops and desktops, getting them off of Craigslist and eBay. They came with assurance they were cleared of the previous user’s data.

I then gave them to a friend who’s skilled in data forensics, and he uncovered a boatload of personal data from the previous users of 17 of these devices. It was enough data to create identity theft. I’m talking Social Security numbers, passwords, usernames, home addresses, the works. People don’t know what “clear data” really means.

The delete button makes a file disappear and go into the recycle bin, where you can delete it again. Out of sight, out of mind…but not out of existence.

What to Do

  • If you want to resell, then wipe the data off the hard drive—and make sure you know how to do this right. There are a few ways of accomplishing this:

Search the name of your device and terms such as “factory reset”, “completely wipe data”, reinstall operating system” etc and look for various device specific tutorials and in some cases 3rd party software to accomplish this.

  • If you want to junk it, then you must physically destroy it. Remove the drive, thate are numerous online tutorials here too. Get some safety glasses, put a hammer to it or find an industrial shredder.
  • Or send it to a reputable recycling service for purging.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention