Archives for category: Uncategorized

Equifax announced yesterday a breach of historic proportions — up to 143 million consumers whose most sensitive data has been breached. This includes SSNs, dates of birth, addresses and whatever other data Equifax — a credit reporting agency — has on millions and millions of individuals.

Everyone needs to go ASAP to the website they’ve created to see if they are among the millions whose information has been hacked. That website is: http://www.equifaxsecurity2017.com. The first step on that site is the “Check Potential Impact” tab where you enter your last name and the last 6 digits of your SSN. Doing so brings up a message of either “no impact” or “thanks” with a date on which to enroll in TrustedIDPremier — meaning that you’re among the millions whose information has been hacked.

The public will likely never know how this happened. Consumers have to be pro-active — go to the Equifax site; go to the Federal Trade Commission website (www.FTC.gov/idtheft) to learn about additional protective steps to take; and of course, keep a very close eye on credit card statements and bank accounts.

 

Phishing scams continue to proliferate. As Graham Cluley wrote in a recent article, one of the main reasons for this ongoing problem is that users keep clicking on links and/or attachments in emails and other documents. But Mr. Cluley also noted in that same blog that Google is taking a pro-active step to help Gmail users avoid links and attachments meant to capture and/or infect the users’ iPhones and other devices (grahamcluley.com; “Gmail now warns iOS users about suspicious links in fight against phishing threats”; August 14).

As Mr. Cluley wrote, Google just announced this new anti-phishing security check for Gmail. Now when a Gmail user clicks on a link that’s been detected to be suspicious on an iPhone or iPad, an alert reading “Suspicious link” will pop up on the screen. The user will be advised to confirm whether the link or attachment is valid. The very useful steps Gmail users should take when seeing such an alert are outlined in both Mr Cluley’s blog and the Google announcement (gsuiteupdates.googleblog.com).

Gmail users should read Mr. Cluley’s blog and the Google announcement to familiarize themselves with these steps ahead of time. That way, they’ll be ready in case they ever see the “Suspicious link” alert.

The FBI’s Internet Crime Complaint Center (IC3) issued an alert about a music application gift card scam (ONLINE SCAMMERS REQUIRE PAYMENT VIA MUSIC APPLICATION GIFT CARDS; http://www.ic3.gov;August 1, 2017). IC3 has been receiving consumer complaints about this scam which is part of multiple fraud schemes.

This is such a complex web of scams that I am including the following description from the IC3 alert:

“[t]hese schemes include auction frauds, employment/opportunity scams, grandparent scams, loan frauds, romance scams, ransomware, tax frauds, and various other online schemes. In this scam involving music application gift cards, the perpetrator directs the victim to a specific retailer to obtain music application gift cards of varying amounts. Once the victim has purchased the gift cards, the perpetrator directs the victim to reveal the numbers on the back of the cards and provide them to the perpetrator via telephone, email, text, or a designated website. Once the perpetrator obtains the music application gift card data, the perpetrator either continues to request additional funds through more gift card purchases or ceases all communication with the victim. The financial impact to victims can range from hundreds to thousands of dollars. IC3 victim complaint data from January through June 2017 involving music application gift cards indicate that these scams have impacted hundreds of victims with reported losses exceeding $6 million. This scam is also associated with other fraud scams involving victims having won a prize, needing to pay a tax debt, having qualified for a loan, or that a friend or relative is in trouble and needs a payment via music application or other prepaid gift card to assist.”

I encourage everyone to read the complete IC3 alert. It includes steps to try and avoid becoming a victim of an online scams and/or to take if a consumer believes she is or might be, a scam victim. Consumers can file a complaint about online scam at http://www.ic3.gov. As IC3 notes in all of its online scam alerts, there is no dollar requirement for filing such a complaint; the IC3 does request that the filer provide as much information about the scam as possible.

Scammers are using LinkedIn to get consumers’ money and/or personal information. The Better Business Bureau (BBB) has published an alert about this latest scam (www.bbb.org/scamtips; “Scammers Use Bogus Connection Requests on LinkedIn”).

How does this work? Per the BBB blog, there are several variations with all of them coming via a LinkedIn message that looks and sounds as if it’s from a legitimate recruiter. The scammer might have even created a legitimate looking LinkedIn profile. In one version, the scam message asks the recipient to fill out an online job application that could even ask for an uploaded resume or other personal information (e.g., SSN, address). Another version asks the recipient to respond with an instantaneous “you’re hired” message popping up and asking the recipient to pay first for training and/or other expenses before the “official” job offer is sent.

These types of overtures are appealing, particularly in a tough job market. But don’t fall for it or the only result could be lost money and potential identity theft.

I just spoke on the European Union’s General Data Protection Regulation (GDPR) at the end of June on a panel at the Drug Information Association’s Annual Meeting. The GDPR goes into effect on May 25, 2018 and has significant implications for many U.S. based businesses.

The impetus for the GDPR stems, in part, from the recognition that current and emerging technology means more globalization of individual information and data — and more consequences for consumers from that.

That globalization of data has been long recognized by the Federal Trade Commission (FTC). The FTC and other consumer protection agencies from 60 other countries recognize that scammers have the means and will to target consumers world-wide. So the FTC and these other agencies have created the International Consumer Protection and Enforcement Network (ICPEN). Consumers who think that they are, or may have been, a victim of an international scam can go to the ICPEN website (www.econsumer.gov) and file a complaint.

The FTC has posted a very informative article about the ICPEN website and these international efforts (www.ftc.gov; “FTC and Other Consumer Protection Agencies Unveil Updated Website for International Consumer Protection and Enforcement Network”; June 30, 2017).

The world is becoming smaller all the time. So consumers need to know about the ICPEN resource.

Graham Cluley (www.grahamcluley.com) published an important alert for any consumer who uses the iOS app store. There are scammers who are using the app store website for various — and unfortunately, clever and successful — scams. In his “Hot for Security” blog article, Mr. Cluley cites the discoveries found by a security researcher (“Watch out! Scammers are making a fortune in the iOS App Store”, June 13th). I’m sharing the discovery so consumers will be ever more vigilant before buying something on that website.

Mr. Cluley included examples of several iOS app store scams but I’m just mentioning one in particular since it has such a safe sounding name. It’s an app called “Mobile protection: Clear & Security UPN.” As described in his blog, this app asks that consumers provide personal information such as contacts — an odd request certainly and one that should raise red flags. However, that concern might be allayed by the “free trial” opportunity to use this security app.

This is another entry in the scam category of  “if it sounds too good to be true, it is”. As the researcher dug into the app, he learned that it actually costs $99.99 for a 7-day trial and that it automatically renews. So any consumer who signs up for it could build up more and more charges before realizing what’s happening.

I urge everyone to read Mr. Cluley’s blog on these scams — don’t help the scammers get even richer.

Most consumers have gotten calls from people claiming to be from a tech support company. The callers tell the consumer that his computer has been infected with some kind of malware and that the consumer must immediately work with the caller to eliminate the malware — of course, at a cost.

What consumers find out is that this just a scam — there’s no infected computer and the consumer has spent unnecessary money and given scammers access to his computer.

There is a variation on these scam calls which the Federal Trade Commission (FTC) and its Federal, State and international law enforcement partners are combating. In a May 12th announcement, the FTC outlined the results already achieved through”Operation Tech Trap”. In the last year, there have been 29 law enforcement actions brought by Tech Trap partners against operators of tech support scams (www.ftc.gov).

How do these scams work? The general approach is the same: scammers cause ads to pop up on consumers’ computers; the ads look very much like the security alerts consumers might get from, for example, Apple or Microsoft or similar companies. The fake alert says the computer’s been infected and that the consumer should call a toll-free number. If they call, the consumer is connected to a telemarketer who claims to be affiliated with one of these well-known companies.  After giving the telemarketer access to his computer, the consumer’s told by the telemarketer that a serious problem exists. A problem which can, of course, be corrected by having one of their alleged certified technicians take over.

The phony technical expert then “corrects” the non-existent problem for which the consumer pays. The phony technical expert will also try to sell the consumer any number of unneeded services or anti-virus software.

Don’t fall for these scams. If a consumer gets one of these calls, he should contact one of the technology companies to see if a legitimate security alert’s been issued. Consumers should also notify the FTC about these scams; the FTC website has information on how to do so.

The Federal Trade Commission (FTC) works year round on consumer privacy issues. Each year, there is one week dedicated to privacy awareness — and this year, that’s this week (May 8 to 12).

This year, the FTC has picked the theme of “Share with Care” and has listed numerous resources on its website (www.ftc.gov). Consumers should take advantage of the concrete, very useful information posted by the FTC as it includes ways to safeguard online personal and financial information.

Consumers also need to be aware year around to protect their personal information. Having one week a year that is specifically focused on key and emerging privacy issues is a helpful reminder for consumers.

 

It used to be that it might only be dogs that could hear high-pitched frequencies that human beings couldn’t. Now it appears that our iPhones might be gaining that capacity.

Zack Whittaker for Zero Day has just written about emerging technology that allows applications to use ad-tracking audio signals that can be picked up by phones but not by their owners (“Hundreds of privacy-invading apps are using ultrasonic sounds to track you”;http://www.zdnet.com/article/hundreds-of-apps-are-using-ultrasonic-sounds-to-track-your-ad-habits/?loc=newsletter_large_thumb_featured&ftag=TRE17cfd61&bhid=24712762005371291890829436782174).

How is this possible? As Mr. Whittaker writes, the ultrasonic cross-device tracking can be done via high-frequency tones in ads, billboards, web pages and even from brick-and-mortar stores as well as sports arenas.

While this technology is still evolving, it’s gaining in popularity. What’s the potential danger? Again, Mr. Whittaker notes that using the phone’s microphone, information about where the owner’s been, what she’s seen and maybe even the websites she’s visited can be collected to create a profile.

What can  be done to prevent this? While the technology’s still new, Mr. Whittaker provides an important, very useful tip: if an application asks for the phone’s microphone, and if the microphone’s not needed to use the application then don’t permit this! Instead, just turn off the microphone.

His article contains more details about this latest privacy threat. I urge people to read it to gain more understanding about this latest privacy threat.

More bad news for taxpayers. There have been multiple media reports previously about scammers trying to gain access to the Free Application for Federal Student Aid (FAFSA) online tool. Back in March, the IRS and the Department of Education disabled FAFSA when this suspicious activity was detected. Scammers were likely trying to hack in and gain access to the tax-return information so they could file fraudulent returns — and perhaps use the data for other identity theft scams.

On April 6th, IRS Commissioner John Koskinen testified about the breach before the Senate Finance Committee. In his testimony, Commissioner Koskinen said that personal information of up to 100,000 taxpayers might have been stolen.

The IRS will be notifying all of these taxpayers about the breach even though some of the flagged FAFSA applications are legitimate ones.  There’s an ongoing criminal investigation into the breach.

Just a reminder that scammers might try to use this breach for their advantage. The IRS never asks for personal and financial information in emails. Anyone getting such an email should contact the IRS ASAP using one of the contact numbers on their website to report scams and suspicious activities (irs.gov).