Archives for category: Uncategorized

Most consumers have gotten calls from people claiming to be from a tech support company. The callers tell the consumer that his computer has been infected with some kind of malware and that the consumer must immediately work with the caller to eliminate the malware — of course, at a cost.

What consumers find out is that this just a scam — there’s no infected computer and the consumer has spent unnecessary money and given scammers access to his computer.

There is a variation on these scam calls which the Federal Trade Commission (FTC) and its Federal, State and international law enforcement partners are combating. In a May 12th announcement, the FTC outlined the results already achieved through”Operation Tech Trap”. In the last year, there have been 29 law enforcement actions brought by Tech Trap partners against operators of tech support scams (www.ftc.gov).

How do these scams work? The general approach is the same: scammers cause ads to pop up on consumers’ computers; the ads look very much like the security alerts consumers might get from, for example, Apple or Microsoft or similar companies. The fake alert says the computer’s been infected and that the consumer should call a toll-free number. If they call, the consumer is connected to a telemarketer who claims to be affiliated with one of these well-known companies.  After giving the telemarketer access to his computer, the consumer’s told by the telemarketer that a serious problem exists. A problem which can, of course, be corrected by having one of their alleged certified technicians take over.

The phony technical expert then “corrects” the non-existent problem for which the consumer pays. The phony technical expert will also try to sell the consumer any number of unneeded services or anti-virus software.

Don’t fall for these scams. If a consumer gets one of these calls, he should contact one of the technology companies to see if a legitimate security alert’s been issued. Consumers should also notify the FTC about these scams; the FTC website has information on how to do so.

The Federal Trade Commission (FTC) works year round on consumer privacy issues. Each year, there is one week dedicated to privacy awareness — and this year, that’s this week (May 8 to 12).

This year, the FTC has picked the theme of “Share with Care” and has listed numerous resources on its website (www.ftc.gov). Consumers should take advantage of the concrete, very useful information posted by the FTC as it includes ways to safeguard online personal and financial information.

Consumers also need to be aware year around to protect their personal information. Having one week a year that is specifically focused on key and emerging privacy issues is a helpful reminder for consumers.

 

It used to be that it might only be dogs that could hear high-pitched frequencies that human beings couldn’t. Now it appears that our iPhones might be gaining that capacity.

Zack Whittaker for Zero Day has just written about emerging technology that allows applications to use ad-tracking audio signals that can be picked up by phones but not by their owners (“Hundreds of privacy-invading apps are using ultrasonic sounds to track you”;http://www.zdnet.com/article/hundreds-of-apps-are-using-ultrasonic-sounds-to-track-your-ad-habits/?loc=newsletter_large_thumb_featured&ftag=TRE17cfd61&bhid=24712762005371291890829436782174).

How is this possible? As Mr. Whittaker writes, the ultrasonic cross-device tracking can be done via high-frequency tones in ads, billboards, web pages and even from brick-and-mortar stores as well as sports arenas.

While this technology is still evolving, it’s gaining in popularity. What’s the potential danger? Again, Mr. Whittaker notes that using the phone’s microphone, information about where the owner’s been, what she’s seen and maybe even the websites she’s visited can be collected to create a profile.

What can  be done to prevent this? While the technology’s still new, Mr. Whittaker provides an important, very useful tip: if an application asks for the phone’s microphone, and if the microphone’s not needed to use the application then don’t permit this! Instead, just turn off the microphone.

His article contains more details about this latest privacy threat. I urge people to read it to gain more understanding about this latest privacy threat.

More bad news for taxpayers. There have been multiple media reports previously about scammers trying to gain access to the Free Application for Federal Student Aid (FAFSA) online tool. Back in March, the IRS and the Department of Education disabled FAFSA when this suspicious activity was detected. Scammers were likely trying to hack in and gain access to the tax-return information so they could file fraudulent returns — and perhaps use the data for other identity theft scams.

On April 6th, IRS Commissioner John Koskinen testified about the breach before the Senate Finance Committee. In his testimony, Commissioner Koskinen said that personal information of up to 100,000 taxpayers might have been stolen.

The IRS will be notifying all of these taxpayers about the breach even though some of the flagged FAFSA applications are legitimate ones.  There’s an ongoing criminal investigation into the breach.

Just a reminder that scammers might try to use this breach for their advantage. The IRS never asks for personal and financial information in emails. Anyone getting such an email should contact the IRS ASAP using one of the contact numbers on their website to report scams and suspicious activities (irs.gov).

Although the election season is over, that hasn’t stopped scammers from trying to steal personal and financial information using political angles. In my case, it’s been calls that start with what appears to be a message from former President Barak Obama. Suspecting a scam, I simply hang up.
My instinct has been validated by a recent alert from the Better Business Bureaus (BBB) about this very scam. In their alert, BBB warns consumers that these calls start either with a recorded message that sounds as if it’s from former President Obama or former Secretary of State Hillary Clinton (bbb.org; “Just Hang up on Phony Fundraising Calls”).
Since I always hang up, I didn’t know the other useful information in the BBB alert. They warn that consumers who press the button to speak with a donation agent are likely going to be asked for credit card and other personal information that will be used in future scams. Once they get this information, the scammers can use it for fraudulent charges and, even more serious, for identity theft purposes.
Consumers should just hang up on these calls. Anyone wanting to make a donation of any sort should contact the organization directly. That way, a good deed will go to the intended organization and not help scammers.

The April 18th tax filing deadline is just over a month away. So it seemed liked a very good time to remind consumers that this is another time of year when there’s a spike in the number and variety of scams trying to get personal and financial information.

I’ve posted articles over the years about the various types of tax and tax return phishing scams. This year, I want to make sure consumers know about the newest helpful information that can be found on the IRS website (irs.gov). Consumers should check this site to get the latest updates on IRS and tax-related scams.

There are several links with specific information that consumers will find very helpful. The “Tax Time Guide” provides an array of tax return guidance.  Under the “Scams” link, consumers will find timely updates under the “Tax Scams/Consumer Alert” heading.

Consumers will benefit from reviewing these IRS guides and updates. It only takes a few minutes and can help consumers take pro-active steps to help avoid ID theft and other tax-time related scams.

 

It is very frustrating to realize that data aggregators collect more personal information about all of us than we know. What’s equally frustrating is trying to figure out what, if anything, can be done to minimize the exposure individuals have since data aggregators are not transparent about the ways in which these troves of personal information are used and to whom they are sold or with whom they are shared.

That situation makes Fahmida Y. Rashid’s recent article on this very issue so valuable. Ms. Rashid is a Senior Writer for InfoWorld and she’s written an article outlining the time-consuming steps that consumers will have to take to try and reduce, if not totally eliminate, their data held by data aggregators (“How to scrub your private data from ‘people finder’ sites; February 23; http://www.csoonline.com/article/3173231/security/how-to-scrub-your-private-data-from-people-finder-sites.htm).

As Ms. Rahshid explains, data aggregators will say that they are collecting this information for such neutral or positive purposes as background checks. However, as she notes, these volumes of personal data present rich opportunities for identity theft, stalking and other negative purposes. She then provides a great service of laying out the steps that are entailed and the kinds of personal information and documents that someone will need to have assembled prior to beginning the opt-out process.

As Ms. Rahshid writes, these processes require patience and advance planning because they are multi-stepped. Consumers who might be interested in starting the opt-out process should read her article to gain a full understanding of what doing so will entail. Suffice it to say, the data aggregators don’t make it easy.

Due to a technical error, this update was published yesterday without the body of the blog.

——————————

I previously shared Brian Krebs’ story about a major data breach at numerous hotels under the InterContinental Hotels Group (IHG). Mr. Krebs reported that on Friday, February 3rd, IHG confirmed that the breach had happened at 12 hotels around the United States. As he reported, IHG said the data that was stolen is from credit cards used at the restaurants and bars at these hotels but not from credit cards used at the front desks of the hotels.

Mr. Krebs has included a list of the 12 hotels in his article which I urge everyone to read since the IHG parent company includes Holiday Inns among many other brands (https://krebsonsecurity.com/2017/02/intercontinental-confirms-breach-at-12-hotels).

Anyone who has stayed at one of the listed hotels needs to be extra diligent in checking credit card statements for any suspicious activities.

Due to a technical error, this update was published yesterday without the body of the blog.

——————————

I previously shared Brian Krebs’ story about a major data breach at numerous hotels under the InterContinental Hotels Group (IHG). Mr. Krebs reported that on Friday, February 3rd, IHG confirmed that the breach had happened at 12 hotels around the United States. As he reported, IHG said the data that was stolen is from credit cards used at the restaurants and bars at these hotels but not from credit cards used at the front desks of the hotels.

Mr. Krebs has included a list of the 12 hotels in his article which I urge everyone to read since the IHG parent company includes Holiday Inns among many other brands (https://krebsonsecurity.com/2017/02/intercontinental-confirms-breach-at-12-hotels).

Anyone who has stayed at one of the listed hotels needs to be extra diligent in checking credit card statements for any suspicious activities.