I received a very authentic looking email that purported to be from AT&T. The message was that I had until September 30, 2018 to let AT&T know whether I wanted to stop getting my paper mobile phone bill and go paperless. I was suspicious so spent time the other evening on the phone with various AT&T customer service representatives trying to find out if this was really a legitimate AT&T message.

This was an especially sophisticated spam message. Everything about the email made it appear to be legitimately from AT&T — the logo; the typeface; all the information about AT&T that’s usually contained in its messages (paper and electronic).

So what made me suspicious? The link that was included that would allow me to indicate that I wanted to keep getting paper bills. The link contained the word “Septmeber”. That single error made me very concerned as I knew/hoped AT&T wouldn’t be sending out emails with that kind of error.

I was right and this was a spam attempt to gain access to my personal information. The AT&T staff with whom I spoke checked my account and saw that no such email had been sent to me. One representative also said that this kind of bill payment decision would have to be generated by me, the customer, and that it would not be a forced decision by AT&T.

So beware and be suspicious if you get this, or similar, email that purports to be from AT&T — with or without a typo.  Call and confirm if it’s legitimate and do NOT click on any links until you’ve done so.

The phishing scams aimed at Apple users keep increasing and keep getting slicker.

The latest is a phishing scam that pops up as an “Apple Care” alert.  Delete it ASAP! Don’t open the email and absolutely DO NOT OPEN any links in the email.

Go to the Apple website if you want to check the authenticity of any Apple alerts or Apple emails that pop up on any or all of your mobile devices.

Just another time when “verify and confirm” is the best and safest approach.

 

The Washington Post included a blurb from Bloomberg News on June 16th about changes being made by Google. Google is going to provide consumers with more controls allowing them to opt out of certain banner ads as well as to a larger set of ads.

Consumers will be able to use Google’s expanded “mute” feature to do so. That feature, per the Bloomberg News blurb, will be accessed through a new Google online portal called Ad Settings.

I tried doing so and found the Google instructions somewhat confusing. Having said that, anything that helps consumers limit the ads targeted to them is a benefit and worth trying to implement.

 

Michelle Singletary published a column on May 30th titled “You can soon freeze credit at no cost, a potent tool in identity-theft fight”. Ms. Singletary has done consumers a terrific service by highlighting a provision in a recently passed law — a provision that will make it easier for consumers to put credit freezes in place.

As she reports, the free credit freezes will take effect by September 21st. Why is this such a significant change? Because up to now, consumers have had to separately pay each credit reporting agency (i.e., Experian, Equifax, TransUnion) a fee to place — and then lift — a credit freeze with each of them. These credit freezes have gained increased importance given the cascading number of major data breaches that have occurred over the last few years.

A credit freeze means that the credit reporting agency can’t release any information about a consumer without her express permission. So — in the identity theft context — this helps prevent identity thieves from opening new lines of credit using personal identifying information stolen from a consumer.

Ms. Singletary’s column contains all the key details about the upcoming changes. I urge consumers to read it and get ready to place these credit freezes if they haven’t already done so.

I’ve written about the about the European Union’s (EU) General Data Protection Regulation (GDPR) several times over the last few years. It makes sweeping changes in the way global companies have to protect consumers’ personal, financial and medical information. It goes into effect today so U.S. companies are scrambling to comply.

Why? Because one of the most significant changes is that the GDPR applies to U.S. based companied that meet the various outlined criteria. Why is this so important? Because these U.S. companies are now updating their privacy policies to try and meet the GDPR’s requirements — so the privacy updates will also apply to individuals in the U.S.

The good news is that this potentially means stronger protections for individuals in the U.S. who engage with these companies and/or their websites. The slightly bad news? It makes it even more essential that individuals read the new privacy policies that they are receiving via email or even hard copy.

I won’t even begin to list all of the latest hacks of major systems (e.g., Lord & Taylor; PanaraBread’s online ordering system; Delta Airlines).  It seems as if these major breaches are being reported on a daily basis and often months or years after the hacks have been discovered — but corporate responsibility (or irresponsibility) is a topic for another day.

Today I want to share the latest reporting means that the Federal Trade Commission (FTC) and the IRS have developed for consumers. This new online method is important during tax season as well as year round —stolen personal and financial information happens year round and can create tax-related problems beyond tax season.

Tax-related identity theft happens when the thief uses the stolen SSN to file a fraudulent tax return  and get any refund that might be due to the individual.

Report any stolen personal and financial to the IRS using the IdentityTheft.gov site.

Anyone who booked travel in 2016 and 2017 using Expedia-owned Orbitz needs to be concerned. The company has announced that hundreds of thousands of people who used their credit cards to book travel using the Orbitz site might have had their credit card information hacked.

And it’s not just people who booked directly through Orbitz —the company said that people who used companies Orbitz services could also be included. Those companies include anyone who used American Express (Amextravel.com)to book travel.

What might have been stolen from consumers? Hackers might have stolen consumers’ names, their phone numbers, addresses and dates of birth — any and all of which can be used by thieves for an array of illegal scams.

What can consumers do? Keep vigilant about all of their financial information —that means credit card statements, bank statements and any other kind of financial information.

Brian Krebs has written an important and timely article reminding anyone — and everyone — impacted by the Equifax breach to check their credit report ASAP. In his article, Mr. Krebs cites a recently done consumer survey that found that many Americans haven’t yet done so although their personal and financial information was among that hacked by the Equifax breach.

Here’s the summary blurb from, and the link to, Mr. Krebs article:

A recent consumer survey suggests that half of all Americans still haven’t
checked their credit report since the Equifax breach last year exposed the
Social Security numbers, dates of birth, addresses and other personal
information on nearly 150 million people. If you’re in that fifty percent,
please make an effort to remedy that soon.

Credit reports from the three major bureaus — Equifax, Experian and Trans
Union — can be obtained online for free at annualcreditreport.com — the only
Web site mandated by Congress to serve each American a free credit report
every year.

https://krebsonsecurity.com/2018/03/checked-your-credit-since-the-equifax-hack/

Please follow his great guidance and check your credit reports to see what, if any, malicious and illegal financial schemes might have been done using your personal and financial information.

The Equifax breach just got worse for consumers. Yes, worse if that’s even possible. When it first announced the breach, Equifax said that the hacker or hackers had gotten “only” (Equifax’s word, not mine) gotten consumers’ names, SSN, birth dates, addresses and the numbers of driver’s licenses and credit cards for some, but not all, of the consumers.

So what’s gotten worse? First, rather than alert the public, the new details about the broader scope of the breach was contained in a document Equifax gave to the Senate Banking Committee. In that document, Equifax revealed that its forensic investigation uncovered the hackers got even more information — including consumers’ tax identification numbers, email addresses, phone numbers, credit card expiration dates and the States that issued the driver’s licenses.

While claiming they didn’t mislead consumers, the reality is that Equifax did just that. And that’s just added to their cavalier handling of the magnitude of consumers’ most sensitive information.

Peter Holley has an important article in the January 16th Washington Post. He’s written about the clauses in many car lease agreements and/or service agreements that authorize the car maker to collect customer data from the car itself (peter.holley@washpost.com; “Cars collect reams of information on owners”; Page A1).

As Mr. Holley highlights, customers may be unaware of the magnitude of personal information that can be collected by agreeing to this “tracking provision”.  It’s information not just about the way in which the customer uses her car (e.g., the speed at which the car’s driven) but even more detailed information about such personal preferences as where the customer shops, what the customer likes to eat and even down to such details about where the customer parks her car.

It’s hard to read the lengthy service and/or lease agreements but customers should make the effort to do so when buying a new car. While the car manufacturers might claim they only collect customer information with their explicit permission, they can assume such permission when a customer doesn’t read and object to this kind of “tracking” provision that’s buried in small print in a multi-page document.