The Better Business Bureau (BBB) issued an alert on February 21st about a reoccurring scam. As BBB notes in its alert, this type of customer survey scam comes back often, with slight variations each time. And each time, the scammers count on consumers being too busy to stop and realize the only “reward” is the personal and financial information the scammers will get.
This scam comes via an email announcing either “Your Reward Points are Expiring. Claim Now!” or”Your eBalance Points are Expiring Soon!” (firstname.lastname@example.org; “It’s Back! Survey Scam Strikes Again”). As BBB explains, consumers will be tricked into believing this is a legitimate email as the scammers use the name of a well-known store; the BBB alert notes that stores as well-known as Macy’s, Walgreens and others have been used in these types of scams.
The consumer getting this email may, in fact, shop at the store named by the scammers. There’s a link in the email asking the consumer to take the attached survey and tell the store about his recent shopping experience there. The reward for doing so? A promise of $100.00 or more in “bonus-points” for just completing the survey.
Don’t open the link because doing so can result in many outcomes but none are good. While the survey might be real, the consumer gets ads for products once the survey is done. Or else, the survey is really a phishing scam that asks the consumer for banking and credit card information. Or once opened, the survey link downloads malware to the consumer’s computer.
The BBB alert contains 4 tips for spotting a survey scam:
- Email has consumer’s personal information: while the scam email looks as if it’s personalized, the consumer has never signed up for emails from this particular company;
- Act ASAP: the scam email tells the consumer to act immediately or else something terrible will happen;
- Bad grammar, typos: the BBB alert contains a warning I’ve previously noted –that being, that scammers are getting better all the time at copying a company’s logo, name and email format. But incorrect wording, bad grammar, typos and awkward phrasing are among the tip-offs that the email is a scam; and
- Hover over the URLs: As BBB notes, while the hyperlinked text will say one thing, the link itself will point the consumer somewhere else. A consumer who hovers over the links can see if they lead to the business or company’s official website or some variation of the domain name.
The best tip? When in doubt, don’t open the link!
Car manufacturers are creating more sophisticated electronic systems for their models every year. Consumers benefit from advances such as GPS. Yet these advances are also raising new concerns about whether some of the systems could be hacked or create privacy risks. Jeffrey Roman wrote an excellent article about these emerging issues, the potential risks and the steps by the industry to address these risks; he notes that the auto industry has established a center “… to collect and share information about cyber-related threats and vulnerabilities in motor vehicle electronics ….” (www.databreachtoday.com; “Ramping Up Automobile Cybersecurity”; February 17).
What would be a possible privacy and security risk? Mr. Roman reports on research results from Chris Valasek, the Director of vehicle security research at IOActive, a computer security services firm. Mr. Valasek found, for example, that it might be possible for a criminal to access a car’s systems and get the consumer’s GPS coordinates or even the consumer’s username and password for the in-car applications.
Mr. Roman notes that Senator Edward Markey and Senator Richard Blumenthal are going to be introducing legislation requiring the Federal Highway Traffic Safety Administration and the Federal Trade Commission to develop federal standards that would to improve the security of cars as well as protecting drivers’ privacy. Their legislative goal is making drivers’ information safe in this rapidly emerging technology.
Consumers will benefit from having pro-active industry and legislative attention focused on these types of potential issues — to help get ahead of the risks becoming actual problems.
On January 20th, I wrote about the efforts by Julia Angwin and Mike Tigas at ProPublica to publicize the hidden tracking cookie that Turn was using thanks to Verizon. In their article, Ms. Angwin and Mr. Tigas reported that AT&T had already announced it would stop inserting this hidden undeletable number in its user’s web traffic. At that time, Verizon didn’t say that it would follow suit.
Ms. Angwin now reports that 2 days after their article, Verizon reversed its practice and will soon be allowing its customers a way to opt-out of this hidden tracking code (www.propublica.org; “Verizon Will Now Let Users Kill Previously Indestructible Tracking Code”; January 30th). The opt-out will give Verizon customers a way to stop having their smartphone and tablet browsing tracked via this hidden code. Per Ms. Angwin, Verizon has revised its FAQs on its website about this code.
I confirmed that by going to the Verizon website (www.verizonwireless.com). The FAQ about “privacy” has been revised. Verizon customers should read these FAQs; the hidden code is called the UIDH for “Unique Identifier Header.”
Is this change of policy by Verizon good? Sure but it would be so much better for customers if Verizon gave them the option of opting in for this as part of Verizon’s mobile ad-targeting program rather than having to opt out.
There have been several news reports over the last 10 days about HealthCare.gov. It was reported that the website was releasing consumer personal data to 3rd-party commercial sites. In her January 26th article, Marianne Kolbasuk McGee reports on the changes that have been made following the outcry from privacy advocates about this situation (www.healthcareinfosecurity.com; “HealthCare.gov Makes Privacy Fixes”).
A spokesman for the Department of Health and Human Services (HHS) announced that HHS was adding a layer of encryption to HealthCare.gov in order to reduce the amount of personal information that was being made available to the 3rd-party commercial sites. It was reported that this personal information was being released to at least 14 3rd-party commercial sites. And this was happening even for consumers who had enabled “Do Not Track” on their computers.
Consumers using HealthCare.gov should be aware that some of their personal information might already have been released. They should be on the alert for unwanted ads, solicitations and even scams.
On January 15th, I wrote about the tax identity theft week that the Federal Trade Commission (FTC) is hosting with the Veteran’s Administration, the Treasury Inspector General for Tax Administration and others. That joint program starts today and continues through the 30th.
Consumers need to try and attend one of the FTC webinars or, at the least, go to the FTC and IRS websites to learn what to do to try and prevent being an identity theft victim.
What’s the latest scam? Scammers calling consumers, telling them they’re IRS agents, that the consumers owe back taxes to the IRS and that they could be arrested and/or jailed if they don’t pay. The scammers, of course, have an easy way for the consumer to repay these taxes by either wiring it or loading the alleged amount onto a pre-paid debit card —with either payment form going to an address scammers provide.
The FTC just issued an alert about this scam which is very deceptive in so many ways.
- One: the IRS does not call consumers about taxes they might owe and will not threaten them with arrest or jail.
- Two: the calls may appear to be coming from Washington, D.C. or even the Treasury Department.
- Three: the scammers might even know all or part of the consumer’s Social Security Number.
Points two and three make the call look legitimate so consumers need to be even more vigilant. The FTC’s alert has an excellent diagram depiction of the scam. (www.ftc.gov; “Tax ID Theft Tops FTC Complaints in 2014: IRS Imposter Complaints Up More Than 2,300 Percent;” January 26th). The FTC urges consumers who get one of these calls to contact the FTC either online or by phone at 1-877-FTC-HELP as well as the IRS at 1-800-908-4490.
I’ve written several blogs over the years about scams involving fraudulent tax returns. One of the most common happens when a thieve steals someone’s Social Security Number (SSN), files a fraudulent tax return using the stolen SSN and gets a refund electronically. The taxpayer whose SSN was stolen learns of her victimization when she files her return in her name and hears back from the IRS that someone has already filed a return with the same SSN.
The Federal Trade Commission (FTC) is hosting a week of activities from January 26th through the 30th devoted to educating consumers about the threat posed by tax identity theft. They are partnering with several other organizations including AARP and the Treasury Inspector General for Tax Administration (TIGTA).
There will be three webinars offered with the first on January 27th from 2 to 3:30 p.m.. The AARP and TIGTA will be participating in this webinar titled “Tax Identity Theft and IRS Imposter Scams.”
Information about the week of events and the webinars can be found at: http://www.consumer.ftc.gov. That site provides details for accessing the January 27th webinar as well as providing links to background and informational materials. FTC tax identity theft materials can also be found at: ftc.gov/taxidtheft.
The FTC’s week of events is very timely as it comes at the start of the tax season. It’s worth consumers time to take a few minutes to look at the site and see which webinar, and what materials, interest them.
What is ransomware and why is it a growing concern for consumers? Consumers need to read the recent column by Alina Simone to learn more about this scary trend. Her column described what happened when the latest ransomware virus invaded her Mother’s computer (www.nytimes; “How My Mom Got Hacked”; January 2nd online; January 4th page 1 in Sunday Review). A virus can corrupt a computer when the user clicks on what seems to be a legitimate attachment or there’s an existing malware on the computer’s hard drive.
I will only summarize Ms. Simone’s lengthy column since people should read it. Suffice it to say, that she and her Mother experienced a scary and complicated situation.
As Ms. Simone explained, the ransomware virus locked all of the files on her Mother’s computer. Her Mother learned this when a message came up on the screen telling her that she had to pay $500.00 in order to have the files unlocked. The ransom would keep going up and up the longer her Mother failed to pay. Her Mother’s computer files were held captive by the CryptoWall 2.0 virus.
In her article, Ms. Simone provides details about the steps her Mother tried to do, with her assistance, in order to get the files unlocked. What made the situation even more difficult? The CryptoWall thieves wanted to be paid only in Bitcoins.
Her Mother ultimately paid the fine although that was a decision made only after trying other avenues. Her files were unlocked but only after Ms. Simone went through the complicated process of finding, buying and then sending the ransom in Bitcoins.
Finally, it was discouraging to read Ms. Simone and her Mother learned — that being, that there doesn’t appear to be a technologically possible way for a consumer to decrypt his or her computer files once the CryptoWall 2.0 virus has encrypted the files.
Just another powerful reminder not to open attachments from unknown sources and to take the time to implement updated security measures.
As 2014 comes to an end, it’s a good time for consumers to be thinking about how to be even safer online in 2015. Zack Whittaker, for Zero Day, has published his list of the best privacy tools for trying to do so (www.zdnet.com; “10 best privacy tools for staying secure online”; December 29, 2014).
His list covers an array of services with one common characteristic — they’re all open-source software. Some of the services are free while others charge fees. His list includes services about which I’ve previously written, e.g., DuckDuckGo (search engine) and LastPass (password manager). Others are for encrypted voice messages (Silent Circle which charges a fee).
It’s worth taking time to read his post and it’s easy to navigate. Just click on each screen shot and then read the short, well written narrative description of each tool.
Best wishes for a happy, healthy and privacy-enhanced 2015!
My “scam filter” is picking up more and more scam emails which is sadly typical for this time of year. As I’ve written about before, the scammers know consumers are rushed during the holidays and they count on consumers not having the time to check out the validity of the rush of incoming emails.
So this is just a reminder to try and be extra alert during this holiday season. The Better Business Bureau (BBB) has an article that nicely summarizes the steps consumers can take to protect themselves. They range from “watch your packages” to “check out a new company or merchant” with whom a consumer might be dealing for the first time. As for the latter, the BBB article lists the link to their reviews so that consumers can see if a company or merchant is legitimate.
The BBB article is titled “Santa Knows Who’s Naughty and Nice, and So Does BBB”. It can be found at: bbb.org and is a handy guide — it’s succinct enough to be read quickly yet provides just the kind of “reminders” so that consumers can try and avoid being scammed throughout the year but especially during the holidays.