Posts

Scams Are a Sport This Summer

Scammers tend to follow an editorial calendar much like journalists do. For example when the holiday season is coming journalists often write about bargains to be had while scammers use the season as an opportunity to try and entice users with deals that are “too good to be true.”

This same practice is also used for high-value news items such as a natural disasters, celebrities and high-profile sporting events. Many of us are not aware of the risks and threats associated with such high-profile sporting events and the impact this could have on you, your devices and your personal data. In fact, in a recent survey done by OnePoll for McAfee, only 13% of Brits are worried about a cyber threat spoiling their enjoyment of the summer’s sporting events.

As the world descends into a sporting frenzy this summer, it can be easy to become a little sloppy about keeping your mobile devices safe and secure. However, now is the time when we need to be more cautious.

McAfee has recently identified several scams related to sports which encourage consumers to share their personal details. These can take the form of text messages, social network spam or emails offering fake tickets or lottery wins.

In order to help you keep your mobile devices protected during this summer of sport, you should:

Heed the advice of too good to be true
Be wary of phony websites, emails, texts and pop-ads offering “too good to be true” deals on tickets to sporting events, autographed merchandise, and “winning” a trip to events.

Back-up your data
Before you leave on a vacation to a major sporting event, make sure you’ve made a replica of your data from your smartphone, tablet, laptop or any other devices you’re taking with you. That way in case your device is lost or stolen, you still have all our data. Also consider deleting any personal information on the device that isn’t absolutely necessary.

Disable location services
Before posting photos on sites like Facebook, turn off GPS to avoid having your location information falling into the wrong hands.

Don’t let your apps remember your user names and passwords: Also make sure you don’t store credit card information or passwords on websites. If your smartphone or laptop is lost criminals can easily access these accounts

Be careful when using Wi-Fi networks
Avoid using public or free Wi-Fi networks when trying to access information online. Your information could easily be stolen without your knowledge and you should log in to any financial or shopping sites.

Use “safe search” technology
Make sure that install software the alerts you to risky sites that you may receive via email, texts, IMs or social networking sites. This will prevent you from going to a site that could download malicious software on your mobile device that could steal your identity and financial information.

The world’s biggest sporting event is something to be enjoyed by all and by following these tips, you can stay safe and just enjoy the event!

Robert Siciliano is an Online Security Expert to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Dirty Dozen Tax Scams for 2012

The Internal Revenue Service today issued its annual “Dirty Dozen” ranking of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud. Here are 4:

Identity Theft

Topping this year’s list Dirty Dozen list is identity theft. In response to growing identity theft concerns, the IRS has embarked on a comprehensive strategy that is focused on preventing, detecting and resolving identity theft cases as soon as possible. In addition to the law-enforcement crackdown, the IRS has stepped up its internal reviews to spot false tax returns before tax refunds are issued as well as working to help victims of the identity theft refund schemes.

Phishing

Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information. Armed with this information, a criminal can commit identity theft or financial theft.

Return Preparer Fraud

About 60 percent of taxpayers will use tax professionals this year to prepare and file their tax returns. Most return preparers provide honest service to their clients. But as in any other business, there are also some who prey on unsuspecting taxpayers.

False Form 1099 Refund Claims

In this ongoing scam, the perpetrator files a fake information return, such as a Form 1099 Original Issue Discount (OID), to justify a false refund claim on a corresponding tax return. In some cases, individuals have made refund claims based on the bogus theory that the federal government maintains secret accounts for U.S. citizens and that taxpayers can gain access to the accounts by issuing 1099-OID forms to the IRS.

Protect yourself!

Protect your information. Secure all data from the moment it arrives in your mailbox. Secure means that your mailbox and file cabinet have locks, or even storing important documents in a fire-resistant safe.

Shred non-essential paperwork. Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.

Go paperless. Whenever possible, opt to receive electronic statements in your inbox. The less paper in your life, the better.

File early. The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund. Only file your tax return with the help of a local, trusted, professional accountant whom you know, like, and trust.

Protect your PC. A computer’s operating system should always be updated with the latest critical security patches and you should use comprehensive security software that provides antivirus, anti-spyware, anti-phishing, anti-spam and a 2-way firewall.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.Disclosures.

Be Aware of Tax Time Scams

The Internal Revenue Service has issued its annual “Dirty Dozen” ranking of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud.

An IRS notice informing a taxpayer that more than one return was filed in the taxpayer’s name or that the taxpayer received wages from an unknown employer may be the first tip off the individual receives that he or she has been victimized.  While identity theft complaints increased last year and complaints pertaining to stolen tax returns have increased significantly—from 11,010 complaints in 2005 to 33,774 in 2009, according to an analysis of more than 1.4 million identity theft records from the U.S. Federal Trade Commission. That’s nearly 300%.

Be aware of these scams this tax season:

Phishing scams. If you receive an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), report it by sending it to phishing@irs.gov. Never respond or click on links within unsolicited emails requesting that you enter personal data or visit a website to update account information, especially from the IRS as they do not send emails out to consumer.

IRS scams. Beware of scammers posing as IRS agents. They contact targets via phone or email, and are often prepared with a few personal details, which they use to convince targets of their IRS affiliation. This data may actually have been gleaned from public records or even your trash. This type of scammer may offer you a tax refund, and will generally pressure you to comply with their request.

Rogue tax preparers. Questionable return preparers have been known to skim off their clients’ refunds, charge inflated fees for return preparation services and attract new clients by promising guaranteed or inflated refunds.  Anyone can hang out a shingle and claim to be a credible accountant. That shouldn’t be enough to persuade you to disclose all your financial records.

Signals to watch for when you are dealing with an unscrupulous return preparer would include that they:

Do not sign the return or place a Preparer Tax identification Number on it.

Do not give you a copy of your tax return.

Promise larger than normal tax refunds.

Charge a percentage of the refund amount as preparation fee.

Require you to split the refund to pay the preparation fee.

Add forms to the return you have never filed before.

Encourage you to place false information on your return, such as false income, expenses and/or credits.

Here are some suggestions to protect yourself and make sure that you get your return:

Protect your data. This means that all sensitive documents, including anything that includes tax or investment records, credit, debit, or bank account numbers, or a Social Security number, must be secured from the moment they arrive in your mailbox. Secure means that your mailbox and file cabinet have locks, or even storing important documents in a fire-resistant safe.

Shred non-essential paperwork. Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.

Go paperless. Whenever possible, opt to receive electronic statements in your inbox. The less paper in your life, the better.

File early. The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund. Only file your tax return with the help of a local, trusted, professional accountant whom you know, like, and trust. If you file online, you should use a secure PC and a secure Internet connection. If you submit your taxes through the mail, you should bring them directly to your local post office.

Protect your PC. A computer’s operating system should always be updated with the latest critical security patches and you should use comprehensive security software that provides antivirus, anti-spyware, anti-phishing, anti-spam and a 2-way firewall.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Shipping Scams Go After Small Business

A colleague with a small business was cleaning out his warehouse of tools and supplies and decided to list many items on Craigslist. I have lots of experience in this process and I can tell you “It’s always something”.

An application called “CraigsPro” allows you to go through your items snapping pictures and creates a simple Craigslist advertisement within a minute.

One item he was selling was a portable generator. He got the following email and sent it to me:

“Thanks for the prompt response,i will like to proceed with the transaction asap and my mode of payment will be via Bank certified check. However, to ease the pick up the item will be picked-up from you by my shipper once you receive and cash the check,i am willing to wait for your bank to verify and clear the check before the shipper pickup the item therefore I’ll need this detail below to mail out the check.

* The Full name on check
* Mailing address (Deliverable Address)
* Phone Number

Proceed to delete the advert of this item if my mode of payment is accepted and get back to me asap with your details to mail out the certified check to you.

Thanks

Keith Lourdeaufewlongsx@XXXX.com”

My friend responded with his address for the “buyer” to send a check. Within 3 days via Federal Express an actual check came in the mail for hundreds of dollars more than the item was listed for. The additional dollars were supposed to pay for the shipping costs.

If my friend was to deposit thebogus check the funds would have shown in his account within a few days, thereby prompting him to mail out a business check to thecraigslist scammers. But once the check was determined a fake by the issuing back the funds would have been removed from his small business account.

To prevent overpayment scams never fall for advanced fee shipping scams. They are so obvious.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Woman Scammed of 400K

Police are warning elderly and those who have elderly parents that not all scams are done online. Some are executed using good ole’ snail mail and the telephone.

An “80-year-old woman received a letter in the mail claiming she had been awarded a large amount of money, but was required to pay fees and complete paperwork before the money would be released. According to police, the woman, without the knowledge of her children, started sending money. She started receiving notices indicating she would be awarded more money, and the scam went on for about a year. She sent about $400,000, police said.”

Scams like these are extremely easy and very lucrative for criminals. Elderly or those in your life that may be considered naïve are often the target because of their gullible nature. But other times it’s the time and culture they were raised in. There are numerous ways in which criminals pull at the heart strings of their victims to get them to open their bank accounts. Often it’s the same people who are targeted over and over again.

The most effective way to prevent these crimes from happening to all those concerned is to get better control over the release of funds from any of their financial accounts. Meaning if they have a big bank account set it up so two signatures are required for a check to be written. If the person is concerned they don’t want to be inconvenienced with every check they write then set up two accounts. One with a little money and one account with more funds effectively locked down.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

Ghosting Identity Theft Scams

There are generally 2 types of financial identity theft. New account fraud and account takeover.

New account fraud Identity theft can occur when someone opens a new credit card in your name, maxes it out, and doesn’t pay the bill.

Account takeover Identity theft can also occur when a bad guy gets your information, uses it to take over your existing credit or bank accounts, and drains your funds.

But then there is “ghosting”. ID fraud happens when new accounts are opened under names and identities that have been entirely fabricated when thieves easily create fake Social Security numbers.

Here’s how it works. Our system of credit requires a Social Security number as the first and foremost identifier. Lenders issue credit based entirely or almost entirely on the history associated with an applicant’s Social Security number.

When a creditor issues credit based on these invented numbers and reports that information to the credit bureaus, the Social Security numbers become active identifiers that other creditors will recognize in the future. The thieves, now equipped with functional Social Security numbers, can use them to open numerous new accounts.

That first creditor who issued credit to a ghost identity with a newly created Social Security number may have had someone on the inside of the credit issuing organization submitting fraudulent payment or loan information in order to legitimize the fake number.

Businesses who issue credit may unknowingly facilitate these scams if they have employees on the inside who manipulate the system. Never leave employees unsupervised without some form of redundant checks and balances system in place. At least run Social Security numbers through the Social Security Administrations Verification Service to prevent Identity theft. Business scams like these eat at the foundation of credit and cost companies and consumers billions a year.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Protect From Holiday Phishing Shipping Scams

A common holiday shipping phishing scam is a phony notice from UPS, saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer. Often the email asks to download a label and the risk there may be downloading a virus.

Scammers are sending emails that look like they are coming from the United States Postal Office, Fed Ex, UPS, DHL, you name it. The email may state in the subject line there is a problem with delivery and reference a code.

In these emails the scammers are trying various ruses to get you to either download a virus or cough up names, addresses, credit card, bank info and even usernames and passwords.

The scams work because at this time of the year millions of people are getting stuff in the mail and expecting it. Scammers know there is a better chance that you will open an email, click a link, or even make a phone call in response to an official looking communication from a phish email.

It’s pretty simple not to get scammed here. Realize right now that none of these organizations will send you an email requesting more information from you or for you to download something.  And if you are currently engaged in shipping or receiving packages, go through the normal channels you usually do to make contact. Log into your accounts or go to the existing emails you may have to communicate.

Ultimately just hit delete.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

How to Prevent Gift Card Scams

Sleazy Grinchy scammy conmen are also in the process of providing holiday gifts for their families. But the way they do it is by taking hard earned money from good people.

Scammers know that almost 100 billion dollars is spent annually on gift cards and studies show that almost 2/3rds of consumers prefer to receive gift cards. The math of all this equals opportunity for criminals.

Scamming gift cards is surprisingly easy. It works like this: gift cards have identifying numbers just like a credit card those numbers may be displayed on the card or embedded in the magnetic strip.  Thieves will go into a retailer that has gift card displays and take a picture of the card itself or skim the card to get the data off it.

Most gift cards can be tracked at an associated website or telephone number that has the remaining card balance. Scammers will continually track that number waiting for it to be activated. Once activated they clone the card and use its full balance at a retailer. Sometimes store clerks will take a newly activated card and pass off a blank one.

Protect yourself:

Rack displays of gift cards are shaky. If the store has them behind a counter get them there. Like in a mall kiosk. Otherwise the card could have been skimmed.

Beware of cards that have been messed with. If the packaging has been removed or the numbers have been exposed that could spell trouble. Look for activation stickers that look like they’ve been peeled off and put back on.

Don’t buy gift-cards from auction sites. There are just too many risks associated with auctioning money.

Cash it in. Whenever receiving a gift card, spend it ASAP.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Beware of Robo-Call Scams

While out for an evening with friends talking about everything under the sun, including security, which I’m obsessed with – and people often quiz me anyways, my mobile rang from an “unknown” number. The caller, a computer, stated “Hello, this is a call from Eastern Bank. Your MasterCard account has been locked. Please press 1 now to unlock.” Eastern Bank is local to me.

This is hilarious because I don’t have an Eastern Bank account and I’m in the middle of a conversation with someone about identity theft. So I immediately put my phone on speaker and played the message for everyone who proceeds to look at me and then ask “whats wrong with your Mastercard?” While I’m laughing at the call, they are concerned about my card, not initially realizing this is a scam. No longer funny, this saddens me because these are intelligent people who could easily get bit by this crime.

So I had to explain that this is a “Robo-call scam” where scammers simply use free technology to call thousands of random people by telling a computer to call 555-1212 then 555-1213 in sequential order. Eventually someone is going to press 1 and enter all their credit card information and end up being compromised

I did a little research and Eastern Bank posted this warning that anyone from any bank should heed:

Notice of Fraudulent Phone Calls
Eastern Bank has been made aware that customers, as well as non-customers, are receiving automated calls on their cell phones with the following message:

“This is a call from Eastern Bank. Your MasterCard account has been locked. Please press 1 now to unlock.”

The recording then instructs the individual to enter their debit card number. There may also be a variation of this phone call that references other banks or asks the customer to enter their debit card number in order to activate it.

Please hang up and do not press 1.

Please be advised that these calls are a scam and are not being made by Eastern Bank.  This is a phishing attempt by criminals to obtain your personal account information.  Never provide your debit card number or any other private information in response to an unsolicited phone call or email.

REMEMBER: Eastern Bank will NEVER ask you for any private information (such as account numbers, passwords, Social Security numbers) through an unsolicited email or phone call.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures

Fake Cop Scam Common Internationally

When traveling, people are generally nice, kind and generally trustworthy. However there are ALWAYS predators waiting in the wings to pounce when you totally let your guard down.

The best defense is a good offense. So keep your head up, pay attention and if it’s too good to be true it is.

Fake Cops: I was in Mexico years ago when I was having some fun in Tijuana with a bunch of friends. The explorer in me that had one too many margaritas decided to take a walk in the local neighborhood. Then 2 “cops” followed me and grabbed my arm and told me I was under arrest. But when I took a hard look at them, their uniforms weren’t really matching and their badges looked like they were from K-mart. So as I was speaking to them (or as they were interrogating me) I broke free and ran to the border. I never looked back and haven’t gone back since. I’m pretty sure they are still looking for me.

These scams are most prevalent in Mexico, India and Spain. But they happen everywhere including the good ole USA.

Get to know what the police uniforms and vehicles look like in the cities, states, country’s you visit. While you must show a degree of respect for authority, don’t automatically trust. If necessary make a scene if you believe you are being bamboozled by fake cops.

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense and rape prevention on NBC Boston. Disclosures.