New Fraud Watch Network Campaign Informs Americans About Social Media Scams

New Fraud Watch Network Campaign Informs Americans About Social Media Scams


Today, we unveiled a new Fraud Watch Network campaign to inform Americans about social media hazards and provide information about how consumers can protect themselves and their loved ones. While roughly 70 percent of Americans regularly use social media, according to the Pew Research Center, many aren’t aware of these new types of scams.

We understand that scammers have been using email and telephone calls to target unsuspecting victims for years. But con artists are just as likely to use Twitter, Facebook and other social media platforms to execute their insidious scams to steal people’s money and identities.

That is why we created this educational campaign that includes online videos and a new website; and warns Americans about specific social media scams, such as the coupon scam and the genealogy scam:

  • Fraudsters execute the coupon scam by distributing advertisements featuring too-good-to-be-true deals on hot items. The real goal is to charge consumers’ credit cards for phony goods or products that will never arrive, or to collect personal information for identity theft.

 

  • The genealogy scam capitalizes on the current popularity of ancestry research. Scammers set up a legitimate-looking website and social media account – often mimicking the name of an authentic genealogy site by altering a character or two of the name. Victims are duped into providing their credit card information, Social Security numbers and other personal information to the identity thieves.

 

In addition to the new online resources, AARP Fraud Watch Network Ambassador Frank Abagnale participated in several broadcast interviews to discuss tips on how to recognize various types of social media scams and how to remain safe while using social media sites.

Abagnale provided these 4 tips to avoid identity theft via social media:

  • Never post personal information, including a Social Security number – not even the last four digits — birthday, place of birth, home address, phone numbers, or personal account information.

 

  • Avoid posting a front-facing picture on social media sites. A con artist can copy the image and use it to create a photo ID that can be used to steal a person’s identity.

 

  • Set the privacy options for each social media account to restrict personal information, so it can only be viewed by a select group of people. Check the privacy settings regularly.

 

  • Don’t log in to social media accounts via a public wireless network, where scammers can lurk. A 2016 survey by the AARP Fraud Watch Network found that more than 70 percent of the respondents have accessed their email, Facebook and other social media accounts via free public Wi-Fi.

 

For more resources and tips on social media scams, visit http://www.aarp.org/SocialScams.



Source link

“Smishing” Self-Defense: How to Prevent Trouble that Comes in Text Messages


Photo credit: iStock/Natali_Mis

Each day, about 20 billion text messages are sent to two billion smartphone users worldwide. Most of these texts are opened within three minutes, and many within a few seconds.

The massive number of text messages and their rapid-fire response rate – by comparison, only one in four email messages are opened within 10 minutes of arrival – amounts to unbridled opportunity for fraudsters exploiting the du jour device for deception: the pocket-held computer that also happens to make phone calls which many of us carry or have nearby 24/7.

Called “smishing” (named after Short Messaging Service technology that sends text messages), it’s an attempt to trick you into revealing private information via SMS or text message. Angling for credit and debit card numbers, PINs, usernames and passwords, even Social Security numbers, smishing texts often purport to be from a government agency, your bank or other respected companies. Typical ploys allege a problem with your account; promise free gift cards; offer low-cost merchandise, mortgages and credit cards; and click-bait like customer satisfaction surveys that lure you to open imbedded links or attachments that can also harbor malware. Today, nearly half of clicks on malicious URLs are made from mobile devices – more than doubling the long-running rate of 20 percent, notes cyber security firm Proofpoint.

Although smishing has been around since last decade, it’s on the rise – and increasingly even more dangerous. Studies show that the rate of text spam specifically designed to defraud is seven times higher that of spam arriving by email. And with small screens and the inability to hover a mouse to preview a link, it’s harder to spot text-sent trouble. Your smishing self-defense:

  • Don’t reply to text messages from senders you don’t recognize. Even sending a “remove,” “stop” or “opt-out” response tells SMS senders that your mobile number is active, and ripe for more messages. Be especially wary of texts from a “5000” or other shortened number (versus a complete 10-digit phone number) indicating the message is actually an email sent to a phone.
  • Never reply to text messages asking you to “confirm” or provide personal or financial information. Legitimate companies don’t text requests for account numbers, log-in details, and other sensitive data. Government agencies don’t correspond by text (and are unlikely to even have your mobile phone number).
  • Slow down. Most people instinctively deal with text messages ASAP – and smishing scams work best when creating a false sense of urgency. Rather than calling back numbers provided in text messages (doing so is another tipoff of your working cell number), take a few minutes to verify the actual contact numbers of legitimate business that may need to contact you.
  • Forward suspicious text messages to short code 7726 (which spells “SPAM” on your keypad), which allows cell phone carriers to identify and block smishing messages.
  • Be stingy with your cell phone number. Don’t post it online, on social media, or provide it for contests, surveys, touted “deals” or “free trial”
  • If you haven’t already, install anti-malware software on your Android phone; some products also can block smishing texts. (Apple’s iPhones have built-in protection.) When you receive a bona fide notification of an upgrade to your phone’s software, install it immediately.
  • Keep tabs of your phone bill, looking for suspicious charges – even if you don’t respond to unknown texts.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

In general, you don’t want to reply to text messages from people you don’t know. That’s the best way to remain safe. This is especially true when the SMS comes from a phone number that doesn’t look like a phone number, such as a “5000” phone number. This is a sign that the text message is actually just an email sent to a phone.

You should also exercise basic precautions when using your phone. Don’t click on links you get on your phone unless you know the person sending them. Even if you get a text message with a link from a friend, consider verifying they meant to send the link before clicking on it. A full-service Internet security suite isn’t just for laptops and desktops. It also makes sense for your mobile phone. A VPN such as Norton WiFi Privacy is an advisable option for your mobile devices. This will secure and encrypt any communication taking place between your mobile device and the Internet on the other end. Never install apps from text messages. Any apps you install on your device should come straight from the official app store. These programs have vigorous testing procedures to go through before they’re allowed in the marketplace. Err on the side of caution. If you have any doubt about the safety of a text message, don’t even open it.



Source link

2 New Twists in IRS Impostor Scams

2 New Twists in IRS Impostor Scams


Photo credit: iStock/max-kegfire

Despite crackdowns that busted several crime rings and resulted in scores of arrests in what reigned as the top scam for three consecutive years, IRS impostors are still going strong, launching two new twists in their long-running schemes that have already bilked U.S. taxpayers of at least $55 million since 2013.

In one ploy scammers posing as IRS agents are phoning citizens about a supposed tax debt, but are now claiming that the agency has already mailed them two certified letters about overdue taxes and that those letters were returned as “undeliverable.” In these phone calls, fraudsters threaten immediate arrest unless immediate payment is made — with a prepaid debt card only.

Swindlers falsely claim that prepaid debit cards are required to be linked to the government’s Electronic Federal Tax Payment System (EFTPS), an automated system for paying federal taxes electronically using the internet or by phone using the EFTPS voice response system. EFTPS is offered free by the U.S. Treasury Department and does not require the purchase of a prepaid debit card. And because this system is automated, taxpayers won’t receive a call from the IRS, the agency notes.

The other new ploy, revealed last week, targets tax preparers with bogus emails “seeking extensive amounts of sensitive preparer data” that the IRS warns could enable scammers to steal client data and to file fraudulent tax returns. These bogus emails, purportedly from a major tax software education provider in the U.S. (which the IRS did not identify), claim that problems with its database require accountants and other tax preparers to provide an extensive amount of sensitive information.

In addition to professional identifiers such as the preparer’s electronic filing information number and preparer tax identification number, these fake emails, which may originate in the U.S., seek preparers’ log-in credentials, answers to secret security questions, birth dates, Social Security numbers, even mothers’ maiden names. “The email is unusual for the amount of sensitive preparer data that it seeks. The IRS reminds all tax professionals that legitimate businesses and organizations never ask for usernames, passwords or sensitive data via email. Nor should a preparer ever provide such sensitive information via email if asked.”

As IRS impostor scams continue, your defense plan stays the same. No matter what new ruse follows — or what threats or claims are made — avoid being a victim by keeping in mind these telltale indicators of what scammers do but the IRS will not.

  1. Telephone or email to demand immediate payment, or call about taxes owed without first having mailed you a bill. Although the IRS now uses private debt collectors, those four companies (CBE Group, ConServe, Performant and Pioneer Credit Recovery) chase only extremely delinquent taxpayers after several past-due notices have been mailed. And unlike scammers, those collectors will not identify themselves as IRS agents.
  2. Demand a specific payment method such as prepaid debit card, gift card or wire transfer. The IRS does not use these methods for tax payments.
  3. Request that tax payments be made to a third party. All federal tax payments should be made payable only to the U.S. Treasury.
  4. Ask for credit or debit card numbers over the telephone.
  5. Threaten to immediately bring in local police or other law enforcement groups to have the taxpayer arrested for not paying.

 

When in doubt about claims you owe taxes, contact the IRS at 1-800-829-1040. If you know you don’t owe taxes or have no reason to believe that you do, report requests for payment (and scam calls and emails) to the Treasury Inspector General for Tax Administration at 1-800-366-4484 or at www.tigta.gov.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.



Source link

New Trends in Cyber Scams

New Trends in Cyber Scams


Photo credit: iStock/BrianAJackson

According to the cyber security company, Symantec – known for their Norton and LifeLock products – cyber criminals reached “new levels of ambition” last year.

Below are some key highlights of their 2017 Internet Security Threat Report.

Email
Deemed “the weapon of choice,” one in 131 emails sent in 2016 contained a malware-laden link or attachment – the highest rate in five years. Malicious email is “a proven attack channel,” reports Symantec. “It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.” Burgeoning trends in what awaits in your inbox:

  • Spear-phishing attacks aimed to defraud specific people rather than more widely distributed generic messages. Often disguised as routine correspondence such as invoices or delivery notifications, one spear-phishing campaign – spoofed emails instructing targets to reset Gmail account passwords – provided access to Hillary Clinton’s campaign chairman John Podesta’s account and resulted in hacked emails revealed by WikiLeaks during the 2016 presidential election.
  • Business email compromise (BEC) scams, which rely on carefully composed spear-phishing emails that target more than 400 companies each day, scamming more than $3 billion over the last three years.
  • A growing proportion of spam – roughly 53 percent of all emails sent – now contains malware.

Ransomware
Often initiated by email, ransomware attacks increased 36 percent worldwide in 2016 to seize control of personal computers and institution-wide networks, encrypting hostage files to make them inaccessible until a ransom is paid for their release. Termed by Symantec as “the most dangerous cyber crime threat facing consumers and businesses in 2016,” the company identified 101 new “ransomware families” last year – tripling previous numbers.

Another three-fold increase: The demanded ransom amount – an average of $1,077 per victim compared to just $294 in 2015. The U.S. is the most targeted and lucrative market, says Symantec, with 64 percent of American victims willing to pay a ransom to regain their files, compared to 34 percent globally.

Data Breaches
Although the total number of data breaches decreased last year – 1,209 compared to 1,211 in 2015 and 1,523 in 2014 – they now have a bigger impact. Symantec says that last year, some 1.1 billion identities were exposed, an average of 927,000 per attack; that’s twice the 2015 rates on both counts. In 2016, there were 15 individual breaches in which more than 10 million identities were exposed, up from 13 in 2015.

“Smart Home” Devices
With weak factory-issued default passwords that are rarely changed (or can’t be), smartphone app-controlled household devices including thermostats, security cameras, door locks, sprinkler systems and even coffee makers are a worrisome new frontier in computer crimes. Such Internet of Things (IoT) gizmos are already in millions of Americans homes, with predictions that some 50 billion devices will be employed by decade’s end.

Already, millions IoT devices have been hacked, typically enlisted as soldiers in a botnet army that, last October, temporarily knocked offline top websites including Amazon, PayPal, Netflix and Twitter. Some experts suspect this was a test attack to gauge (and prove) their vulnerabilities.

Most often hacked are IoT devices with these passwords, so if you can change them, do so ASAP: “Admin” and “root” lead the list in attempts to log in to the Symantec honeypot (a security technique used to attract swindlers and learn their practices), followed by “123456,” “12345,” “password,” “1234,” “admin123,” “test,” and “abc123.” The default password for the Ubiquiti brand of routers – “ubnt” – was also in the top 10, reinforcing the wisdom of having a unique (and strong) password for your home router as well as each smart home device.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 

 



Source link

What to Know About the Top Summer Scams

What to Know About the Top Summer Scams


As temperatures rise, so do certain scams. Here’s how to avoid getting burned in summer’s most common cons:

Home Repairs
Conning contractors typically come to your home unexpectedly, offering steep discounts on driveway resurfacing, roof work, tree trimming or other “necessary” repairs they happen to see while driving by or soliciting business door-to-door. Most seek an upfront payment to “go buy materials” and then disappear. Others do fast and faulty repairs (like spreading used motor oil to coat driveways) or may stop mid-job to extort more money … or find subsequent chores to continue the wallet-draining. What to know:

  • Good contractors are usually too busy to make unsolicited house calls; out-of-state license plates suggest fly-by-day “gypsy travelers” who spend summers going state to state to con elderly homeowners.
  • Despite scare tactics urging immediate repairs, most home repairs can wait until you get several bids from contractors. Get recommendations (and check results) from neighbors, building officials and lumberyards/plumbing/electrical supply shops where pros shop.
  • Don’t pay until the job is complete. Reputable contractors have credit lines to buy materials, although a deposit may be required for major projects like replacing a roof, windows, etc.

 

Vacation Rentals
Angling for upfront payment (usually by wire transfer or prepaid debit card), scammers steal photos and descriptions of properties from Realtor, hotel or vacation rental websites, and then clone the ads, offering supposed hot-spot “rentals” at discounted prices. What to know:

  • Before answering ads, Google the address, as well as names, emails and phone numbers of the supposed landlord or agent. Also cut and paste into a search engine large chunks of the descriptive text. Red flags include the property is actively up for sale (not for rent), a nonexistent address, an address listed for a business or other nonresidential property, and/or postings by people who fell victim to this particular scammer.
  • Don’t rely solely on email correspondence. Many rental scams are carried out by Nigeria-based scammers (so beware of poorly written ads). You’ll want to talk by phone; beware of foreign accents and area codes that don’t correspond with that of the property’s location.
  • Travel reservations and deposits should be made with a credit card or PayPal — never with a wire transfer or prepaid debit card.

 

Door-to-Door Sales
Summer and fall are prime time for all types of salesmen to come knocking — literally. Some may be legit but others are not. Magazine sales, often touted as a fundraiser, are especially popular bait preying on older Americans; other popular pitches are for bogus charities, home security systems, even overpriced household devices such as vacuum cleaners. What to know:

  • Just say no to strangers. Prices of magazine subscriptions sold door to door, for instance, are often marked up about 300 percent. Legitimate salespeople and fundraisers will have “leave-behind” material to review before opening your wallet.
  • If you do make a purchase and have regrets, act quickly. The FTC’s “Cooling-Off Rule” dictates a three-day cancellation allowance for a full refund on purchases over $25. Legitimate salesmen must reveal this rule during their pitch; if they don’t, assume it’s a scam.
  • Don’t allow sales reps into your home. Asking for a drink of water or to use your bathroom is a popular way to steal medications, purses and other grab-and-go items.

 

Moving
Two of three moves occur in the summer, and thousands each year end this way: After a moving company quotes a reasonable (if not lowball) offer, after the truck is loaded, the quoted price jumps sky-high, and belongings may be held hostage until customers pay the extra money. What to know:

  • Stick with known companies. Most rip-off rogues are movers who advertise on Craigslist or crude roadside signs. Visit protectyourmove.gov and verify a company’s licenses and complaint history.
  • Pass on any mover who won’t do an on-site inspection of your goods (instead giving a sight-unseen estimate), won’t provide a written estimate or says workers will determine the price after loading, demands a large deposit before the move, or asks you to sign blank or incomplete documents. Those red flags indicate a scammer.
  • Moving boosts your risk of identity theft. Know how to protect yourself before, during and after a move.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 



Source link

‘Found’ Money for a Fee? Beware of New Surge in Unclaimed Property Scams

‘Found’ Money for a Fee? Beware of New Surge in Unclaimed Property Scams



A longtime scam is back with a vengeance: Claims that state officials are holding money or property that belongs to you, and all you need to do is pay a fee to claim it.

Actually, the first part could be true. You could be entitled to a slice of some $43 billion in “unclaimed property” that sits in state treasuries – money from forgotten bank accounts, insurance policies, stock dividends, utility security deposits, even contents from abandoned safe deposit boxes.

But you don‘t have to pay anyone to get it. The only cost is spending a few minutes at www.MissingMoney.com, www.Unclaimed.org, or websites of the treasurer’s office in each state where you lived.

Ignore “pay-for-payment” requests that come via mailed letter, email or telephone calls because they are from scammers, and reports about the come-on cons have increased ten-fold this year compared to 2016…and in recent weeks, have exploded in many parts of the U.S.

There are several variations in unclaimed property scams, each angling for personal information (that could be used for later identity theft) and upfront payment to secure missing money that, if actually awaits you, can always be claimed for free:

  • Fraudsters lie about being an employee or affiliate of a State Treasurer’s office where you currently live, or a state where you previously resided.
  • Fake correspondence comes on letterhead from the National Association of Unclaimed Property Administrators (NAUPA), a legitimate organization that represents state unclaimed property programs but does not directly contact citizens.
  • Self-described “finders” or “locators” who say they have already located your missing money or will do the legwork on your behalf. Some are legal but unnecessary middlemen who charge commissions up to 40 percent (although some states cap allowed fees at 10 percent); others are crooks who do nothing more than collect your payment and personal information – including Social Security number – to direct you to publically available websites…if they do anything at all.

Most targets in unclaimed property scams are chosen randomly. Fraudsters buy mailing lists to reach hundreds or thousands of citizens with the same bogus claim. (Last year, it was a letter claiming to be from NAUPA or the “Office of the State Treasurer” that falsely stated that recipients had unclaimed sweepstakes winnings whose allocation would require a $2,250 service fee.)

But for a more convincing con, some would-be victims are contacted after fraudsters search MissingMoney.com or Unclaimed.org to unearth specific details such past addresses or actual entitlements.

In addition to those two websites, DIY (and no-cost) due diligence for other missing money can be done for:

 

All of these websites will require your Social Security number and other sensitive information. But unlike scammers, you will not be asked for bank or credit card information. Don’t reveal personal information unless you initiate contact with these agencies or use their websites.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Also of Interest

 

Photo Credit: iStock/Pogonici

See the AARP home page for deals, savings tips, trivia and more.



Source link

Pin It on Pinterest