Posts

WARNING: You or Your Members Could be Targets of List Scams

There are scammers out there targeting conference exhibitors and attendee. What are they looking for? Credit card numbers, money wires and personal information that they can use to steal identities. One of the ways that scammers get this information is by using invitation or list scams. Basically, if you are registered for a conference, speaking at a conference, a conference vendor or just “in the business”, you might get an email…or several emails…that invite you to a conference or offer to sell you a list of attendees, and their contact information, which may be beneficial to you…but is it too good to be true? Definitely.

Robert Siciliano, CSP, SAFR.ME

These Lists are Lies

Along with conference invitation scams, many associations are targets of list scams. A quick search of “Attendee List Sales Scam” pulls up numerous associations whose members and anyone interested in marketing to these members are being targeted by criminals to purchase non-existent lists.

Though it might sound great to get a list of all attendees of a conference, including their contact information, you might be surprised to know that these lists are lies. On top of that, getting this information might not even be legal.

Think about it for a second. When you signed up for a conference, did you choose to opt-in to have your personal information shared with others? Probably not, and that also means that most of the other attendees did not do this either.

To find out if the list is possibly legit, take a look at the show’s policies. Do they give information to third parties? Do they rent or sell lists of attendees? Is the name of the company that contacted you on the list of their third-party vendors? If this checks out, the list could be legitimate. If not, it’s probably a lie.

If you think you are dealing with a liar, the first thing you should do is plug the company that contacted you into the Better Business Bureau’s website. If it is a scam, you should certainly see information proving that. If not, but you aren’t interested, just unsubscribe. If you think that you are dealing with a scammer, don’t reply or even unsubscribe. Instead, just delete the email and don’t take any action. Many of these scammers are simply looking for active email addresses.

More Conference Invitation Scams

Another scam involves telling attendees about exhibitors that don’t even exist. This can push you into wanting to sign up for the conference, but in reality, the conference, itself, might not even exist, and in this case, you could just be giving your hard-earned money to a scammer.

So, if you find yourself in this situation, the first thing you want to do is research. One step is to look up the person who contacted you online, such as on LinkedIn, and see if they are who they say they are. Another thing to do is to contact the conference venue and ask if the event is being held there. You can also check the contract for refund or cancellation information. You also should do some research about the reputation of the contactor company. Finally, always make sure that you pay for any conference with a credit card. This way, with zero liability policy’s, you can get your money back, and every legitimate conference company is happy to accept credit cards. 

But Wait…There’s More

Another scam associated with trade shows and conferences is to contact attendees about hotel reservations, but once you pay…it’s all a scam. Usually, these scammers will contact the attendees and say that they represent the hotel for the conference. They will tell you that rates are significantly rising or that it is sold out, so you must act immediately…however, they will say that they need the full amount up front.

When in doubt about this type of scam, you should always contact the trade show organizers yourself, and then ask who the booking rep is. You should also give them the name of the company that you believe is scamming you so they can advise others of the scam.

Know Your Options

  • It is very important when you are signed up to present or attend a conference that you only engage with the company that is running the conference
  • If in doubt, confirm with the company that the offers from third-party claims are correct.
  • You can also get an official exhibitor list of official vendors.
  • Keep in mind that these legitimate companies might have your personal information, but they would not release your personal contact information with third-parties.
  • Some exhibitors might get the mailing address of attendees, which you can opt out of. Most of this is harmless, of course, but that doesn’t mean that all of these lists are.

Wi-Fi Hacks

Finally, you want to watch out for wi-fi hacking. This is a common scam for conference goers. When you attend a conference or trade show, you probably just expect that you will get free wi-fi, right? This allows you to take care of business and ensure that your booth runs smoothly. Hackers know this, of course, so they set up nearby and create fake networks. Once you connect to these networks, they can come into your device, take your information, and even watch everything you are doing online.

Keep in mind that these fake networks look remarkably similar to the legitimate networks set up by the conference. So, always double check before connecting, and if you are ever in doubt, make sure to ask one of the conference or trade show organizers. They can confirm that you are on the right network. There are always going to be scammers out there, especially when you are attending a trade show or conference. There are just too many opportunities for scams, and they can’t say no. Fortunately, by following the advice above and by reporting any suspicious activity, you can not only make sure that you, yourself aren’t falling for these scams, but also help others to not fall for this type of nefarious scheme.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Very effective Social Engineering Scams

It’s amazing how ingenious cybercriminals are, but the victims also need to take some responsibility for falling for these ruses, especially when the victim is a business that has failed to train its employees in cybersecurity measures.

10DRansomware

The stuff of science fiction is here: Who would have ever thought there’d ever be a such thing as criminals remotely stealing someone’s personal information (word processing files, any kind of image, etc.), scrambling it up via encryption, then demanding ransom in exchange for the remote “key” to “unlock” the encryption?

Payment is remotely by Bitcoin which can’t be traced. The payment is usually at least $500 and escalates the longer the victim waits.

The virus that poisons a computer to steal someone’s files is called ransomware, a type of malicious software (in this case, “Cryptolocker” and “CryptoDefense”). But how does this virus get into your computer in the first place?

It’s called social engineering: tricking users into allowing their computer to be infected, or duping them into revealing personal information.

Often, a phishing e-mail is used: It has an attention-getting subject line that entices the user to open it. The message contains a link. They click the link, and a virus is downloaded. Or, the link takes them to a site which then downloads the virus.

These e-mails, sometimes designed to look like they’re from the company the user works for, often go to workplace computers where employees get tricked. These kinds of attacks are lucrative to their instigators.

Funeral Fraud

If you wanted to notify a relative or friend that a mutually dear person has left this earth…would you send an e-mail or phone that person? Seems to me that heavy news like this would warrant a phone call and voice interaction.

So if you ever receive an e-mail from a funeral home indicating that a dear one to you has passed, and to click a link to the funeral home to learn details about the burial ceremony…consider this a scam.

Because if you click the funeral site link, you’ll either get redirected to the crook’s server because he’s already created an infected funeral looking site ahead of time. This is where a virus will be downloaded to your computer.

Vishing Credit Card Scam

You get a phone call. An automated voice identifies itself as your credit card company (they’ll say “credit card company” rather than the specific name). It then says something like, “We are investigating what appears to be a fraudulent charge on your card.”

They’ll ask if you made a particular purchase lately, then to hit 1 for yes and 2 for no. If you hit no, you’re told to enter your credit card number, three-digit security code and expiration date. You just fed a thief all he (or she) needs in order to go on an online or on-phone spending spree.

Ever order something via phone and all you had to give up was the credit card number, expiration date and security code? This trick is also aimed at employees. The calls come from an automated machine that generates thousands of these calls.

Healthcare Record Scam

You receive an e-mail that appears to be from your employer or healthcare provider that you get through work. This may come to you on your home computer or the one you use at work. The e-mail is an announcement of some enticing change in your healthcare plan.

The message may reference something personal about you such as marital status, income or number of dependents. When enough of these e-mails are pumped out with automated software, the personal situation of many recipients will square off with those identified in the e-mail, such as income and number of children. The user is then lured into clicking a link in the e-mail, and once that click is made…malware is released.

Facebook Company Group Scam

Scammers will scan Facebook and LinkedIn seeking out employees of a particular company and create a group. This groups purpose is for information gathering so scammers can penetrate a company’s facility or website. Once all the groups member join, the scammers will pose various innocuous questions and start palatable discussions that make everyone feel comfortable.

Over time scammers will direct these discussions to leak bits of data that allow criminals to enter a facility under a stolen identity or to contact specific employees who have advanced access to computer systems in an attempt to get usernames and passwords.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to build up or rebuild your Credit

After taking all the necessary steps to Fixing a Credit Report after being hacked, it is then tome to rebuild your credit. Bad credit is bad credit no matter how it happens. No matter how responsible you are with your money, you won’t get a loan if there’s no evidence of this. The evidence comes from having credit. You need to show lenders you can be trusted.12D

  • Every time you apply for a credit card, this puts a dent in your credit score. In other words, it can negatively affect your scores especially if there are lots of credit checks in a short period of time. So apply with a lot of discretion; do you really need that extra charge card? Or is it worth it to continually cancel accounts and open new accounts while playing the interest/points game?
  • Get a major credit card. A charge card is an opportunity to show that you will pay back, on time, money that you “borrowed.” A debit card for this purpose is meaningless because it withdraws money from your account on the spot.
  • An option is a type of credit card that requires a security deposit. Payment of your bills will not come from this security deposit. But it looks good to a potential lender, making you seem more trustworthy.
  • Charge things like gas, food and other items, and/or put a monthly bill on the card for automatic payments such as your cable bill, then pay the card on time every single time—ideally the entire balance. This will create a record of your trustworthiness.
  • Charge no more than 50 percent of the card’s limit in any given month, even if you CAN pay the whole thing off every month. Exceeding 50 percent, some say, can adversely affect your credit score.
  • A rule of thumb is to charge only what you’d be able to pay in cold cash every month. Just because your card has a $5,000 limit doesn’t mean you should rack up $4,500 worth of purchases in one billing cycle.
  • Use the card every month; don’t let it go dormant, as this is not impressive to a lender. If you’re having a tough time remembering to charge things like new shoes, food, drug store items, etc., then set it up for automatic draft of a monthly service.
  • Even ONE late payment will screw things up. Remember, charge only what you’d be able to pay for in cash each month. If you can’t, don’t charge it.
  • If YOU check your credit report any time; it won’t dent your credit score. When lots of creditors check your credit, that can affect your scores.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 Tips to avoid Scams when traveling

Vacationers and tourists provide a vast feeding ground for all sorts of crooks: from the simple pick-pocketing specialist to the hotel room burglar to the e-thief: credit card skimming and computer crimes. You can even have your identity stolen while sunning on that white beach.

9DAvoid Traveling Scams with These Tips

  • Don’t post your vacation or other travel plans on social media. Thieves peruse social media to see who will be out of town and when.
  • Protection begins before the trip. Put a vacation hold on your snail mail.
  • Beware of hotel room scams. A person posing as front desk staff will call random hotel rooms to sucker travelers into giving up their credit card number. Never give private information over the hotel phone.
  • When using public Wi-Fi, encrypt your activities so that hackers can’t pluck them out of the air.
  • Always know where your mobile phone is, and have it protected with a password.
  • Must you always pay with a credit or debit card? Cold cash can’t be hacked into. But I still prefer credit over debit cards (and even cash).
  • Don’t withdraw more cash than you need. Don’t take out wads of high bills because you “might” spend a lot of money. And use an ATM at a bank, not a public kiosk.
  • When you do use a card (credit, not debit!), do not let the server or sales clerk walk out of your sight with it. You just never know who might be an “inside” thief.
  • As soon as you can upon returning from traveling, check your credit card statements for suspicious activity.
  • Leave the expensive jewelry, handbags, etc. at home. A thief has a lot of interest in a well-dressed person who acts like a tourist. If you want everyone to see how exorbitantly styled you are, you’ll have to include muggers and other thieves in that group.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The Credit Card Fraud Mob Boss

There once was a guy named Albert Gonzalez who dressed like a woman—but not because he got off on this, but because he wanted to conceal his actual appearance while he used a ream of phony cards to steal money from an ATM in 2003. A cop noticed the activity and didn’t quite buy the disguise.

2CThe police officer nabbed the thin, disheveled Gonzalez, and it turned out he possessed a computer at his New Jersey home loaded with stolen card data. He was also a moderator for Shadowcrew.com, a site for cybercriminals on how to hone their skills.

Gonzalez wasn’t arrested, but instead, the 22-year-old, who was unfortunately a drug addict at the time, was so smart at his craft that he was hired by the Secret Service. They even paid his living expenses. Over time he got off drugs and looked healthier and became clean shaven.

With his help, the Secret Service caught over a dozen Shadowcrew members. Gonzalez then moved to his hometown of Miami, at the urging of his superiors, in the name of evading revengeful Shadowcrew members who might suspect him of being the leak to the government.

Gonzalez became a paid informant for the Secret Service in 2006. He spoke at conferences and seminars and was seemingly living the life.

But while he aided the Secret Service, he led a criminal team that cracked into 180 million payment-card accounts of major corporate databases, among them being Target, JCPenney, OfficeMax and TJ Maxx.

“The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled,” his chief prosecutor said. What a shame: A genius who used his talents to live a life of crime.

Gonzalez was sentenced to two consecutive 20-year terms, the longest for any U.S. cybercriminal.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

8 Tips to Credit Card Security

Despite the fact that tens of millions of consumers were hit by the numerous big breaches, and tens of millions more by less sensationalized breaches, you can still take the reins and yield some protection for your credit cards.2C

  1. Make online payments with single-use or prepaid cards. What a great idea!
  2. If you have multiple recurring payments for ongoing services, use only one credit card for those.
  3. For shopping, use a one-time or prepaid card. Though the single-use credit card number is linked to your real card number, it will prevent the real number from becoming exposed should the site get hacked. Discover, Citibank and Bank of America offer single-use (disposable) card numbers.
  4. A prepaid card is different, in that it’s independent of your real card number. If the prepaid card gets stolen, you can replace it without this affecting your primary credit card account.
  5. If you have a debit card…don’t shop with it. Use it only to take funds out of a bank ATM. If a crook gets ahold of your debit card…the money will instantly be stolen from your bank account. If a thief gets your credit card, however, and makes unauthorized purchases, there’s a time lapse between when the purchases are made and when the money is actually withdrawn—enough time for you to file a dispute (if you regularly monitor your statements).
  6. Though you’ll get reimbursed for fraud that occurs with a debit card, this will happen after your bank account has been sucked dry. So avoid using a debit card at gas stations, casino machines and other such places where it’s easy for a crook to tamper with the card reader.
  7. Better yet, just limit its use to the bank ATM. Think of your debit card as an ATM card. This doesn’t mean that an ATM can’t be tampered with; be on the lookout for signs of tampering such as tiny cameras to capture PINs, or something odd about the card reader.
  8. Set up email or text notifications via your bank or credit card companies website to alert you to all charges. This way, whenever a charge comes in, you’ll know about it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Credit Card Fraud booming

Online credit card fraud is flourishing, according to the U.S. Retail Fraud Survey 2014. One of the reasons is because online sales are ever on the increase, currently accounting for 6 percent of total sales, says the report, the most extensive of its kind. The projection is that within three years, retailers will be getting 15 percent of their sales online.

2CThe survey was carried out between April and May of 2014, and dealt with primary research into the processes, systems and strategies that were used by 100 of the U.S.’s leading retailers, representing 126,000 stores in the U.S.

The loss prevention manager or director for each retailer went through a detailed interview. Also interviewed was the e-commerce manager or director (if the loss prevention leader wasn’t available) regarding their prevention tactics for online fraud.

The survey has a few changes this year. Only the retailers who participated can see the detailed results. Plus, the report has an anonymous portion to help with quality and availability of the most critical data. These tweaks will assist retailers with their war against fraud.

Online fraud is higher on everyone’s radar due to so many high profile hacks. In fact, the study indicates that spending on online fraud prevention has gone up by 50 percent. Though this is good news, it hardly crushes the reality that credit card fraud continues to demonize retailers, requiring detection, prevention and management.

Protect your data:

  • Maintaining updated operating systems, including critical security patches
  • Installing and running antivirus, antispyware and antiphising software and a firewall
  • Keeping browsers updated with the latest version
  • Updating all system software, including Java and Adobe
  • Locking down wireless Internet with encryption
  • Setting up administrative rights and restricting software, such as peer-to-peer file sharing, from being installed without rights
  • Utilizing filtering that controls who has access to what kind of data
  • Utilizing Internet filters to block access to restricted sites that may allow employees or hackers to upload data to Cloud-based storage
  • Possible disabling or removing USB ports to prevent the downloading of malicious data
  • Incorporating strict password policies
  • Encrypting files, folders and entire drives

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Prepaid Cards risk of Fraud

Somewhere out there is a dictionary that when you look up the term wire money, the definition says scam! Even though legitimate money-transfer businesses exist like Western Union, a request to wire money for that new car or vacation package is most probably a rip-off.

2CAnd the crooks behind these rackets are figuring out ways to overcome the increased awareness of consumers to the money-wiring scams. They’ve come up with yet another way to steal your money. Thieves are requesting reloadable prepaid cards.

Would you hand a well-fed-looking masked man on the street your wallet? (Let’s pretend for a moment he’s not pointing a gun at you and is simply asking for your money). Of course you wouldn’t give it to him.

But this is what people essentially do when wiring money or sending in the prepaid cards.

Here’s how it works: The thief makes a request to load your cash onto your card (to pay for whatever), and then send over the card number and PIN. This way, the crook can put your money onto their own cards. They then can go to an ATM and take out cash or spend your money at a store. Meanwhile you never receive the item you thought you were purchasing, like that adorable pedigree puppy you saw online.

But the scams don’t stop at buying puppies, vacation packages, cars or other common items. They can also come in the form of a notice that you won a prize, and that you need to send in a prepaid card to pay a processing fee. Sometimes the scam comes in the form of a utility company payment or even government payment.

Bottom line: Don’t send anyone prepaid cards!

In that same dictionary after the term prepaid cards is scam!

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Beware of 5 Summertime Scams

The Better Business Bureau says beware of big summertime scams: five in particular.

9D“Wow, it’s a steal!” No, that’s not necessarily from the customer; it’s from the crook who entices the consumer with an irresistible deal involving airfare and room and board. If you see a deal that seems too good to be true, do an online search of the associated phone number and address, whatever it takes to confirm legitimacy.

Seasonal jobs. Con artists like to target high school and college students especially. Be careful about job ads stating that no experience is needed, though these can be legit. However, be extra cautious if the company requires you to pay for training or to pay for a background check.

Concert tickets. Con artists will attempt to resell the same ticket over and over, as the ticket can be printed out when a concert venue sells it directly from their website. Be suspicious of someone giving you a sob story for why they must sell their ticket. Be leery of those who will take only a cash payment.

Movers. Planning on moving this summer? Beware of whom you hire, and take a second look at a price that seems like an outrageously good deal. A cost that’s quoted online or over the phone isn’t always carved out in stone. Don’t just hire without first checking them out, even if they were recommended by friends or a service person you recently hired and were pleased with.

Door to door sales. Don’t be swayed by someone at your door. Get everything in writing before you hire someone, be it for landscaping or a security system. Never sign a contract that lacks a start and finish date.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 simple Ways Identity Thieves steal your Credit Card

There are 10 basic ways a crook can easily rob your identity by getting at your credit card or open a new credit card in your name, but there are also ways you can prevent this from occurring.

2CSimple Thievery

Leave a window open and a thief can slide through, then steal your stuff. He can even slide an arm through your car’s open window while you’re filling the tank at a gas station. To prevent this, keep house windows closed as much as sensibly possible; keep important documents locked up; keep car windows rolled up and doors locked when you’re out; and keep your wallet/purse hidden.

Employee Records

Your employer has your private information and in some cases a credit card number, which an identity thief could get access to. To prevent this crime, ask your employer how your personal information is stored. Be on the lookout for things you’d never expect.

Change of Address

An identity thief may file a change of address form in your name. He’ll get all your credit card related mail or your Social Security number. To prevent this, watch for change-of-address notices in your mailbox. If you stop receiving credit card statements, call the company.

Social Media

Your online profile may have all the information a thief needs to steal your identity. Prevent this by deleting personal information. Give answers to the security questions of financial accounts that don’t appear on your social media pages.

Mailbox Theft

A crook can easily abscond with mail (incoming and outgoing) relating to your credit cards and bank account. To prevent, get a locking mailbox and don’t delay retrieving new mail. When mailing letters, use an official Post Office mailbox or go to the post office.
Dumpster Digging

If you see someone foraging through the trash, they’re not necessarily looking for food or cans or metal. They can be searching for paper: a credit card statement, credit card offer or anything with your important numbers on it. To prevent, use a shredder, and go to electronic statements when possible.

Shoulder Snooping

The thief will peer over your shoulder to see your transaction (credit card number, password, whatever data is there). To prevent, cover your card number at a cash register and mask your PIN as you enter it in a keypad or ATM. When using your laptop for ecommerce, sit against a wall. If this isn’t possible, keep the screen at an angle that only you can view or get a 3M Privacy Filter. Google it.

Phony Call

The thief calls you, claiming to be a rep from your credit card company, asking you to confirm personal information. The thief then contacts your credit card company and poses as you…Please just HANG UP!! Call back the credit card company using the number on the back of your card to confirm any potential issues. Never give personal information over the phone if that person has called you.

Pickpocketing

These snakes slither in and out of crowds, often without being noticed, non-violent but very efficient. Prevent being their target by keeping your wallet hidden and not easily accessed.

Cloned Cards

Once all the damage is done and your card number is stolen, criminals can create exact duplicates of your card using foils and laminators burnt onto blank cards that can be purchased online.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.