Posts

Scammers are Targeting Your Venmo and P2P Accounts

Do you use Venmo or other P2P accounts? If so, you definitely could be a target of scammers. Across the county, people are losing their cash, and it often happens so quickly that they don’t even know what’s happening.

You might think that you couldn’t be a victim, but scammers are often smarter and trickier, and they won’t hesitate to take advantage of you.

Here’s how they are doing it:

A stranger approaches you to use your phone. They have a sob story to make this scam more credible. You hand your phone over, they make it look like they are dialing, but instead, they are doing something else: swiping and searching your phone for “Venmo” and easily getting into your Venmo account and transferring money to themselves. People are losing thousands of dollars simply for being kind to a stranger.

Tips to Keep Yourself Safe

When using a P2P payment system, you should know that they all require access to your financial info. So, when you use them, make sure that your account settings are set in a way to ensure all of the security measures that you can set. In order to keep yourself safe from scams like this, there are some tips that can keep you safe.

  • Two step authentication. Access the menu, turn it on. This might include using PIN, a biometric log in, like a fingerprint.
  • Get the money out of your account. In most P2P apps, when you get a payment, the money is generally added to the balance held in the app. It doesn’t appear in your bank account until you transfer it or use it in another way. If you want to transfer money to your bank account, you should definitely make sure that the deposit went through. Just keep in mind that it could take a couple of days to transfer.
  • Pay only those you know well. Scammers know a lot of tricks, and they will find methods to trick you into paying them in ways you would never expect. So, if you are sending money from one of these apps or sites, make sure that you know the person you are sending money to. If you are using the app or site to get money from someone else, transfer the payment into your bank account and make sure it transfers before you send any goods.
  • Disconnect from Social Media: Finally, keep in mind that there are apps or sites might share your transaction information on social media. Check your social media settings because some of these settings might be set to share this info. Just make sure you are comfortable with what is going out on social media.

Beware of Hot and Cold Reading Scams

Many so-called psychics are frauds. But so are some auto mechanics, lenders and roofers. There’s fraud in just about all lines of work.

1SWhat we do know is this: There’s not enough evidence to refute paranormal phenomena. Nor enough to prove it beyond a doubt.

And we also know this: There exist scams involving hot and cold readings.

I could give a scam reading to a flamboyant, colorfully-dressed woman (whom I’ve known for only a minute) with big hair, lots of costume jewelry and a supersonic laugh.

I could tell her she’s attracted to quiet, analytical, detail-oriented, very serious men whose eyes well up during sappy movies. She’ll pay me $100 for my “reading” and think I’m a psychic. What she doesn’t know is that I know that people with “sanguine” temperaments are attracted to the “melancholy” temperament.

I didn’t “read” her based on psychic abilities. I “read” her based on a book about temperaments I read years ago. Some people get really good at cold readings and make money off of this.

Hot Readings

You have an appointment with a woman. You find her Facebook page (because you got enough preliminary information to achieve this). You learn all about her. You look her up on LinkedIn too.

Come appointment (reading) time, you start telling her things about herself, flooring her. Scammers can cunningly extract information via other routes as well, but the bottom line is that the crook gets information ahead of time and pretends it’s only just coming up during the reading.

Cold Readings

The information is gleaned right on the spot—via skilled observational powers. Typically the cold-reader begins broadly, such as, “You’re very sad these days,” watching the customer’s body language and facial reactions, and then making deductions based on those.

The reading is very carefully worded to cover the possibility that the deductions are wrong. The scammer might say, “A person very dear to you is no longer around,” instead of the specific, “A person very dear to you has recently died.”  All possible reasons for the “loss” are covered with the ambiguous statement.

Cold readings to a large group are a joke, because the scammer will announce something that, by the law of averages, will apply to several people in the group. He then narrows it down from there.

There may be many honest, true psychics out there (some police departments use them for missing-persons cases believing if there wasn’t some fire to this smoke).

But beware of the scammers. Don’t pay someone to tell you something about your life that’s already on Facebook or evident in your clothing and mannerisms.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Student Financial Aid Fraud is a big Problem

Educational institutions are giving out student loans and grants, and the recipients aren’t even attending school. Instead they’re spending the money any which way, while the schools have no idea they’re being ripped off.

9DWith a database, the Education Department flags applicants who’ve applied for federal Pell grants—applicants with an “unusual enrollment history,” such as having received financial aid for at least three schools in only 12 months.

The Department forwards these suspect names to educational institutions; the schools then request that applicants provide documents including prior transcripts. What the school then gets from the applicant determines if a loan or grant is denied.

This flagging procedure has caught 126,000 applicants who sought aid for the 2013-2014 school year.

It’s so easy to scam schools because most federal aid does not require a credit check, and how the money is spent is not tightly restricted.

A school receives the money from the government and spends some on tuition. The remainder is sent as a check to the recipients to spend on books and even living expenses while (supposedly) the recipient attends classes.

Community colleges are especially vulnerable due to their open enrollment and low tuition. The lower the tuition, the more money that’s left over to be sent to the con artist.

The proliferation of this scam can be attributed to the Internet because online applications can result in receiving aid—without the applicant ever being within a mile of the campus.

Application Red Flags

The American Association of Community Colleges (AACC) names the following alerts that financial aid offices can check applications for.

  • Large financial aid refunds or disbursements
  • Attendance at several other colleges
  • A large student loan balance but no degree

Unfortunately, these red flags won’t flutter much if the applicant is a first-time scammer.

Data Red Flags (according to the AACC)

  • Several registrations coming from similar locations out of state
  • Several uses of the same PO box, physical address or IP address
  • Multiple uses of the same computer and/or bank account
  • The emergency contact is the same person for multiple registrants.
  • Certain courses getting a fast increase in number of enrollees
  • Frequent communication from similar individuals or locations

Every applicant should be identity-proofed, which is easier said than done. Verification is one element of identity proofing.

To combat this fraud, Finaid.org notes:

  1. Families must sign a waiver allowing the financial aid office to obtain tax returns straight from the IRS. Some people have submitted fraudulent tax return copies during verification. Getting them directly from the IRS prevents falsification. Another route is to require families to provide copies of their 1099 and W-2 forms, especially when income figures seem suspect.
  2. Request copies of the applicant’s four most recent bank statements; inspect them for unusual transfers and unreported income.
  3. Conduct 100 percent verification.
  4. For parents claiming to be enrolled in college, require a proof of registration plus copy of the paid tuition bill. Confirm registration with the school. And if a parent with a PhD or master’s degree is returning to school for an associate’s degree, be highly suspect.
  5. In cases of divorce or separation, ask for the divorce decree or proof of legal separation, plus street address for each parent.
  6. Compare to each other two consecutive income tax returns to detect any movement of assets to hide them.

There’s more that can be done for identity proofing: biometric software. Biometric Signature ID (BSI) has designed a “Missing Link” patented software-only biometric.

This is the most potent form of ID verification on today’s market, and additional hardware is not required. It measures:

  • Unique way someone moves the mouse, finger or stylus upon logging in
  • Length, direction angle, speed, stroke height, of the

The password is created with BioSig-ID™. Measurement of the above can positively identify the user, regardless of what device they log into. This technology makes it impossible for a fraudster to impersonate the user.

With these unique patterns, BSI software can distinguish the user from everyone else. If the person who registered for the account is NOT the same person who is attempting access, they are stopped – avoiding any potential cheating or financial aid fraud.

Robert Siciliano, personal security and identity theft expert and BioSig-ID advisory board member. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Oversharing on Social Media Common Amongst 50+

Thanks to social media, societal norms have undergone a seismic shift in the past five years. What was once considered private or even taboo is not only fair game, it’s expected. But this can have serious consequences from the ending of friendships to exposure to physical harm.

I’ve talked about the concept of TMI or too much information and how social networking and mobile devices have made sharing so much easier and faster than ever before. But we all need to seriously think about some hard consequences of sharing too much personal information. Thinks about it…is that friend really a friend if you haven’t seen them in 25 years?

McAfee’s Fifty Plus Booms Online study found despite the fact that social networks have a reputation among the younger generation as a hub for drama among friends, this is also the case among other demographics—even in the 50-and-over age group. According to respondents, 16% of those who are active on social networks have had a negative experience, with almost 20% of those resulting in ending a friendship.

Further, the study finds that even though 88% consider themselves tech-savvy, they are still engaging in dangerous online behavior, such as sharing personal information with people they have never met in person. Even though 75% of them believe that social networks can expose them to risks such as fraud and identity theft, 52% have shared their email address, 27% their mobile phone number and 26% their home address. All things that open them up to possible exploitation and even physical harm.

They are also using their mobile devices to share information. Nearly one in four (24%) mobile users have used their device to send personal or intimate text messages, emails or photos to someone and yet over 30% do not have basic password protection on their mobile devices and almost half do not have any security software on their mobile devices.

financial-fraud

And because these boomers (and all of us) are spending more time online─with 97% of them going online daily and spending an average of 5 hours a day online─ we all must be aware of the concerns that exist with the increased use of mobile devices for everyday tasks and social networking and what information we may be sharing.

Here’s some tips to help us stay protected:

  • Remember the Internet is forever—Even if you have the highest privacy settings, it’s good practice to consider anything you do on the Internet as public knowledge, so be careful what you share online or via your mobile device.
  • Don’t reveal personal information—Seriously consider why it’s needed before you post your address, phone number, Social Security number, or other personal information online.
  • Put a PIN on it—Make sure you have your smartphone and tablet set to auto-lock after a certain time of unused and make sure it requires a PIN or passcode to unlock it. This is especially helpful to protect any information you do not want seen should your device be lost or stolen.
  • Manage your privacy settings—At most, only friends you know in real life should be able to see details of your profile.
  • Change your passwords frequently—In addition to choosing passwords that are difficult to guess (try to make them at least eight characters long and a combination of letters, numbers, and symbols), remember to regularly change your passwords.
  • Turn off the GPS (Global Positioning Service) function on your smartphone camera—If you are going to be sharing your images online, you don’t want people to know the exact location of where you are.
  • Use comprehensive security on all your device Enjoy a safe online experience no matter what you do or where you are. McAfee LiveSafe™ service protects all your PCs, Macs, smartphones and tablets and can help you secure your data and keep your identity private with its many different features, including a secure data vault, password manager, and protection from phishing scams and malware.

So…really, please, come on now, can we all just tone it down a notch? And one more thing: Please protect your devices—I mean ALL your devices.

Follow @McAfeeConsumer for live online safety updates and tips and use hashtag #BabyBoomers to join the discussion on Twitter or like McAfee on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Credit Card Numbers $3.00 Each

WE DO NOT SELL DUMPS.

DO NOT EMAIL OR CALL

WE DO NOT SELL DUMPS

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

Buying credit card numbers with high credit limits must be so much easier than going through the hassle of having good credit, applying for credit cards, getting approved, buying stuff, going to work all day/week/month/year/lifetime and making the money necessary to pay the bills. I would think that kind of lifestyle would allow someone to travel the world, eat great food, buy lots of cool art and sip Champagne all day and have a great tan.

Hackers break into the computer networks of U.S. companies almost daily.  They sell credit-card numbers, the account holders’ names and addresses, and the security code that comes with each card. And they often market though comments sections on news posts.

Below is from the comments section of a blog I wrote on credit card fraud:

Comment by hacksXXX:

contactme
ICQ : 634911XXX
Email: hacksharp@XXX
YH: hacksXXX
MSN: nickymoney@XXX

I sell fresh dumps, track, login bank, paypal acc, bank transfer, cc plastic, wu bug ccv, cvv full info and more. No test. My only pay is wu, moneygram and LR

I sell fresh
Ccv US is $ 3 per ccv (Visa)
Ccv US is $ 3 per ccv (master)
Ccv US is $ 3 per ccv (Amex + Discover)
Ccv UK is $ 6 per ccv (Visa + Master)
Ccv UK is $ 7 per ccv (Amex + swith)
Ccv Ca is $ 8 per ccv (Visa+ Master)
Ccv Ca is $ 9 per ccv (Visa Business + Visa Gold)
Ccv EU is $ 12 per ccv (Visa + Master)
Ccv EU is $ 13 per ccv (Amex + Discover)
Ccv Au is $ 13 per ccv
Ccv Italy is 17 $ per cc
seden 16$
spain 15$
france 17$
Ccv Germany is 18$ Per Ccv
Ccv DOB with US is 35 $ per ccv
Ccv DOB with UK is 39 $ per ccv
Ccv DOB + BIN with UK 45$ per ccv
Ccv US full info is 35 $ per ccv
Ccv UK full info is 45 $ per ccv
1 Uk check bins= 22.5$/1cvv
1 Sock live = 1$/1sock live > 5day
I sell dumps with pin
Track 1: Bxxxx001140057948^FAZAKERLEY/ANDREW.MR ^xxxx2013570000000000
Track 2: xxxxxx1140057948=xxxxxx13570000000001
Track 3: ;?
PIN: 57xx
YH: ema_hacking:………………..7K To 10K ========300$
– Balance In Wachovia:………….24K To 80K==========180$
– Balance In Boa………………….5K To 45K==========400$
– Balance In Credit Union:………Any Amount:=========420$
– Balance In Hallifax…………..ANY AMOUNT=========720$
– Balance In Compass………….ANY AMOUNT=========700$
– Balance In Wellsfargo……….ANY AMOUNT=========800$
– Balance In Barclays………………8K To 10K=========550$
– Balance In Abbey:…………………………82K ===========650$
– Balance in Hsbc:…………………..50K========650$ and more

Being a black hat hacker is so dark to me. It requires lots of lying, having to scheme and scam all the time. You’d have to get embossing equipment to clone the credit cards, fake IDs, anonymize your IP address and on and on.  You’d really have to constantly have to watch your back. Seems like a lot of work. Doesn’t seem like much of a fantasy life style after all.

Robert Siciliano, personal security and identity theft expert is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video.

EMV Will Help Retailers Prevent Credit Card Fraud

EMV, which stands for Europay, MasterCard, and Visa, refers to the chip and PIN credit card technology commonly used in Europe and elsewhere around the world. Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are all too easy to skim at ATMs and point of sale terminals.

Major banks and retailers are now pushing very hard to make EMV the new standard in the United States. Implementation should occur in 2015, Visa announced plans to expand their Technology Innovation Program to the U.S., which will encourage retailers to support cards with microchips by “[eliminating] the requirement for eligible merchants to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75% of the merchant’s Visa transactions originate from chip-enabled terminals.” This will go into effect October 1, 2012 for merchants whose point-of-sale terminals accept both contact and contactless chips.

PCMag reported MasterCard followed Visa’s lead stating that it too intends to move U.S. consumers onto so-called chip-and-PIN technology. MasterCard, like Visa, also said that it is preparing for a world where consumers will pay in stores, online, and via mobile devices.

Another method of credit card fraud prevention is device reputation technology. It works to prevent all types of fraud and abuse on the Internet, including account takeovers, which occurs when your existing bank or credit card accounts are infiltrated and money is siphoned out. Iovation the leader in device reputation helps prevent new account fraud, which refers to financial identity theft in which the victim’s personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Banks Sues Client Over Wire Fraud

Banks usually have relatively secure systems to maintain and protect online banking activities. They’ve spent billions to ensure that criminal hackers don’t liquidate all of our accounts. But criminals spend all their time seeking vulnerabilities and often find some way to make a fraudulent withdrawal.

Over the past decade as we have all (mostly) banked and bought stuff online, criminals have formed organized web mobs to sniff out transactions and take over existing accounts and in some cases open up new accounts.

American Banker reports an example of what can still go wrong: “the $2 billion-asset bank is suing Wallace & Pittman, a Crosstown law firm, to recover funds the firm relayed electronically to Russia after an email that purported to be from an industry group lured someone at the firm to surrender their user name and network password, the Charlotte Observer reported.”

The fraudsters used the access to install software on at least one of the firm’s computers that allowed them to hijack its account.

“Masquerading as Wallace & Pittman, the thieves instructed Park Sterling to transfer roughly $336,600 through JPMorgan Chase to a recipient in Moscow. The law firm asked Park Sterling to stop the transfer after receiving confirmation of it, but the request allegedly came too late.”

To defend against all of these hacks the Federal Financial Institutions Examination Council (FFIEC) recommends to financial institutions what’s called a “layered approach” of anti-fraud tools and techniques to combat this type of crime. Meaning it’s not simply a matter of applying a firewall and having anti-virus to protect the network, but going much deeper in protecting many interaction points within the banking site (not just login) and using a variety of proven fraud prevention solutions.

That includes sophisticated methods of identifying devices and knowing their reputation (past and current behavior and other devices they are associated with) the moment they touch the banking website. The FFIEC has recognized complex device identification strategies as a viable solution that’s already proven strong at very large financial institutions. ReputationManager360 by iovation leads the charge with device reputation encompassing identification and builds on device recognition with real-time risk assessment, uniquely leveraging both the attributes and the behavior of the device.

Consumers still need to apply antivirus, antispyware and a firewall and must never respond to emails requesting usernames and passwords and avoid clicking links in emails.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Portland Company Keeps Ringing the Bell Of Success

iovation, protects businesses from Internet fraud by identifying good online customers with its device reputation technology, recently announced that its ReputationManager 360 solution won gold in the security services category for Network Products Guide’s 8th Annual 2013 Best Products and Services Award. The award honors and recognizes the achievements and positive contributions of organizations and IT professionals worldwide.

Additionally, iovation announced that its Chief Financial Officer, Doug Shafer, has been named CFO of the year by the Portland Business Journal. Shafer was recognized for iovation’s company performance as well as community involvement over the past year. The award is given each year to professionals in Oregon and Southwest Washington who have excelled in their roles as financial executives.

This is the second time in four years that iovation has been awarded a gold by Network Products Guide and this year the company joins other best products and services winners like Cisco Systems, Inc., Yahoo, Inc., Samsung, and NETGEAR.

With its ReputationManager 360 solution, iovation tracks the online behavior of more than 1.3 billion devices from around the world; everything from desktops to laptops, mobile phones to tablets, and gaming consoles to smart TVs by utilizing iovation’s device reputation intelligence.

Device reputation spots online evildoers by examining the computer, smartphone, or tablet they are using to connect to any website. If a device is recognized as having previously committed some type of unwanted behavior, the website has the opportunity to reject the transaction, preventing damage before it occurs.

In the physical world, as the saying goes, “You are only as good as your word.” And when somebody says one thing and does another, we no longer trust them.

Online, people say and do things they never would in the real world. Internet anonymity fuels bad behavior. Websites’ comments sections are filled with vitriol that you’d never hear real people utter. Scammers create accounts in order to con people and businesses into forking over money. And identity thieves use your personal information to fill out online applications for credit.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Florida Retirees Frequent Identity Theft Targets

A lot of Floridians are retirees who spend their days around the pool or at the beach. The warmer weather attacks both golden agers and unfortunately identity thieves. Criminals know that retirees have money in the bank, retirement accounts and credit cards with high limits.

TechNewsDaily reports, “On a per capita basis, 361 Floridians out of every 100,000 were the victims of identity fraud in 2012, according to the Federal Trade Commission’s latest figures. Georgia ranked second, with 194 reports per 100,000, and California ranked No. 3 at 123 per 100,000—a third the rate of victims in Florida.”

Two types of identity theft often affect retirees: new account fraud and account takeover.

New account fraud refers to financial identity theft in which the victim’s personal identifying information, often a Social Security number and good credit standing, is used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Since the thief typically submits a different mailing address when applying for new accounts, the victim never receives the bills and may remain unaware of their existence until creditors come seeking payment for debts the thief has accumulated in the victim’s name.

Account takeover is discovered when victims notice suspicious charges on a credit card statement, or the credit card company may notice charges that seem unusual in the context of the victim’s established spending habits. Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks.

Protecting yourself from new account fraud requires more effort than account takeover. You can attempt to protect your own identity by getting yourself a credit freeze or setting up your own fraud alerts. There are pros and cons to each.

One cool company that’s watching your back is iovation. iovation spots cyber criminals by analyzing the device reputation of the computers they use to connect to a website. They investigate for suspicious history and check for characteristics consistent with fraudulent users. And the best part is that iovation can prevent a criminal from using stolen data to open a new account in the first place—saving your nest egg for your golden years.

 

BillGuard: Grey Charges Equal Legal Fraud

Grey charge: When you buy something with your credit card and you get charged for something you didn’t want. Often a merchant will tack on additional products and services to a legitimate purchase you make, and you “sorta” know about the charge…but not really.

For example, you might be in the process of purchasing something and a pop-up windowreading “Get 25 percent off your order NOW! CLICK HERE!” comes up. And in the fine print below “CLICK HERE!” it says, “By getting 25 percent off, you are agreeing to get a free month of a one-year membership to our discount clubfor which you will be charged$19.95 per month after the first month. You may cancel at any time, but you are required to give us 30 days’ notice in writing.”

Or something stupid like that.

Then, a couple of months go by and you get your credit card statement and see this charge for $19.95 and wonder what it’s for. You call the number on the statement and someone answers and puts you on hold for an hour. By the time you are done yelling and pulling all your hair out of your head, you will probably end up gettingcharged for two or three months for something you never wanted.

And that’s IF you even pay attention you your credit card statements, because nine out of 10 people don’t check their bills, or merely skim them quickly for large purchases. This is what the scammy merchant bets on when initiating a grey charge.

Is it legal? Well, it’s not illegal…but it IS sneaky and deceptive.

According to BillGuard’s internal research, one in four users has incurred some type of erroneous or deceptive charge in the last 12 months. And among those users who have been affected, the average of these charges is about $350 a year.

So pay attention to your statements and refute unauthorized or grey charges ASAP. And don’t forget: Read the fine print—and remember that any offer that sounds too good to be true is.

Robert Siciliano is a personal security expert & adviser to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.