Online Banking – Convenient Boon Often Ignored by Boomers


Photo Credit: iStock/serpeblu

More than 80 percent of American adults now use computers or smartphones to do their banking – nearly one-third more than just two years ago. But many seniors continue to sit out of this growing trend.

True, a slight majority of those 65 and older don’t have home internet service. But millions who do still choose to remain old-school over online when it comes to banking, and only one in five retirement-aged smartphone users ever do mobile banking.

Why? Studies find that many older Americans typically cite two reasons for remaining holdouts: First and foremost, they enjoy the status-quo – preferring face-to-face banking at a local branch, getting monthly paper statements, and otherwise citing their “banking needs are met” without using a computer or smartphone. But nearly as many – nearly half of those surveyed – cite concerns about security. What to know:

 

  • Yes, banks and other financial institutions are vulnerable to data breaches. But they don’t occur as often as you may think. So far this year, only 69 of nearly 1,100 breaches have occurred at any type of financial institution, and fewer than 2 percent of customer records were stolen – lower than any industry segment. Banks typically spend much more on online security than other corporations, and more are now transitioning their online services to .bank (versus .com) domain addresses, which must meet robust security technologies and are harder for cybercrooks to hack or mimic.

 

  • Granted, receiving monthly account statements has advantages. Many seniors find it more convenient to open mail when it arrives than regularly have to access an online account to check. Mailed statements may also better help spot unauthorized charges, and serve as a permanent record in this era of bank mergers. While most banks prefer their customers “go paperless” to cut printing and mailing costs, many still provide mailed statements for the asking (albeit sometimes at a price of about $5 per month.) The disadvantages of mailed bank statements: They are ripe for identity thieves who steal incoming mail and outgoing trash. Prevent this with a lockable mailbox starting at around $40 and shredding any paperwork with account numbers and other personally identifiable information (PII) before discarding.

 

  • Indeed, online banking can save (and get) you more money. In addition to gas costs driving to a bank, once there some charge a fee for using an in-branch teller to process some transactions. Meanwhile, because of reduced costs in real estate, utilities and personnel, online-only banks such as Ally, EverBank, Barclay’s and even internet-based divisions of traditional brick-and-mortar facilities typically pay higher interest on savings accounts.

 

If you choose to bank with a computer or smartphone (or already are), here’s how to do with more confidence and security:

 

  1. Be a “regular.” Even with mailed monthly statements, set aside a few minutes each day (or several times per week) to monitor your checking and savings accounts. This helps to spot potentially fraudulent transactions while activity is “fresh in mind.” And because bank-issued debit cards have weaker protections, you could be responsible for up to $500 unless you report fraudulent activity within two days. And if you don’t spot the fraud for more than 60 days, you could be responsible for the total amount fraudulently charged.

 

  1. Use your best password practices. Online banking is no place for weak passwords, so practice what is preached: Passwords should be a memorable pass phrase or sentence at least eight characters and up to 64 characters long (longer is stronger, as password length is the best contributor to its strength). Online “Password Checkers” help gauge strength, but a password manager is your best bet.

 

  1. Ensure two-factor authentication. Offered (if not required) by most banks, this often entails a unique image or key code after you sign in but before you enter your password. Some banks now offer a security token code with ever-changing codes after you register your smartphone.

 

  1. Use official bank apps, so information is encrypted and more secure than text messaging or email. You can usually download apps directly from your bank’s website; if not, ask your bank where you can get its branded or sanctioned app (most likely from a trusted app store).

 

  1. Never do online banking from a public Wi-Fi hot spot. Most don’t have encryption. Also, set your laptop, tablet or smartphone so that you have to manually select the Wi-Fi network.

 

  1. Employ smartphone smarts. Use a screen-locking PIN to protect access to online accounts if your phone is lost or stolen. (Avoid your birth date or birth year, as well as these most-hackables: 1234, 0000, 2580 1111, 5555, 5683, 0852, 2222, 1212 or 1998.) If not already activated, check with your wireless provider about features that let you remotely erase content or turn off access to your device and bank accounts if your phone is lost or stolen.

 

  1. Recognize the cons in correspondence. Legitimate phone calls, emails and text messages from your bank should address you by name, and include a portion of your account. Those addressed “Dear Customer” that allege account problems, or requests to verify or provide account information, are scams. No matter how convincing they may appear, never provide sensitive information until you contact your bank directly, looking up the phone number yourself.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 

 

 



Source link

Expect More Scams This Medicare Open Enrollment


Photo Credit; iStock/JimVallee

Beginning on Oct. 15 and running through Dec. 7, Open Enrollment for Medicare Part D and Medicare Advantage plans has always been prime time for fraudsters to steal money and identity theft-worthy information from beneficiaries.

But this year, scammers with a nose for news may sniff out even more unscrupulous opportunities than usual. Reasons:

  • The Centers for Medicare & Medicaid Services (CMS) recently announced it will begin mailing out new cards in April 2018 to replace those with the recipient’s Social Security numbers. Designed to help curb identity theft, these new cards will have a unique, randomly assigned 11-character Medicare Beneficiary Identifier (MBI) comprised of numbers and uppercase letters – and not your SSN. Along with that Sept. 12 announcement getting plenty of media attention, television ads have begun publicizing the new cards with the tagline “Guard Your Card.”
  • Headlines-making hurricanes Harvey and Irma could play a role. In the past, following natural disasters scammers posing as Medicare and Medicaid employees have been known to call those living in impacted areas to falsely claim that new, weather-resistant “plastic covered” cards can (or must) be reissued.
  • As efforts continue to repeal and replace Obamacare, so does confusion over the future of health insurance and Medicaid. (Confusion can be a fraudster’s best weapon.) And with growing talk of moving control of Medicaid funds to states, scammers may add another role to their imposter repertoire – that of self-described state health officials or middlemen navigating new insurance plans and initiatives.

Each scenario paves the way, even more than usual, for scammers to capitalize on the most common con: Phone calls, emails and front-door visits from self-described CMS employees who solicit sensitive information – including Social Security numbers – under the guise it’s needed to “verify our records” for a new card or not lose benefits. With the hurricane scams, fraudsters have also angled for $50 or so for the supposed plastic-encased replacement, requested via automatic withdrawal to gain access to recipients’ bank or credit card accounts.

Other scams already in the works, according to the Better Business Bureau, adding to the timeless trickery of classic Open Enrollment schemes:

  • Bogus claims that Medicare and other health plans are issuing new cards – but they cost about $300.
  • Phone calls that you’re entitled to a refund from last year’s premiums, coverage or drug costs – but the phony payback must be a direct-deposit, another way scammers can siphon bank and credit card accounts.
  • Offers for “new,” “replacement” or “supplemental” coverage that may be fake or substandard – but require upfront payment.

What to know:

  1. You don’t need to do anything to get new Medicare MBI cards, issued beginning this Spring and continuing through April 2019.

 

  1. Official correspondence regarding Medicare, Medicaid, or private insurance is always mailed. Unless you initiate a phone call or write an email asking for a response, don’t expect to be contacted those ways – or with a front-door visit.

 

  1. Never provide personal information – including your birthdate, MBI or other insurance account information and especially SSN – unless you initiate contact. Unless coming by mailed letter you can authenticate, don’t fall for any request seeking it, including those supposedly from the Social Security Administration, Internal Revenue Service or other government agencies.
  2. Although new Medicare MBI cards won’t have SSNs, they still should be guarded to prevent medical identity theft. So only share your MBI with trusted healthcare providers and rather than routinely carrying that new card in your wallet, consider making a photocopy with some characters blackened out. This way, if your wallet is lost or stolen, your MBI is less likely to be used to medical care and prescriptions in your name.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 

 

 



Source link

4 Surging Facebook Scams You Need to Know

4 Surging Facebook Scams You Need to Know


Photo Credit: iStock/Blackzheep

These days, it may be wiser to use a phone-book than Facebook to communicate with your friends. That’s because of a fast-growing scam on Facebook Messenger that uses your friends to hack your account…and devices.

Here’s how it works: You get a Facebook Messenger chat that appears to be from someone you know. In the most common campaign, the message will include your name, word “video” and an emoji followed by a link – typically a “bit.ly” or “t.cn” short-link.  (Other versions – also specifically addressed to you, appearing to be from those you know, and with a link – claim you qualify for government grants, promise an inside investment opportunity, or other easy money con.) “In some cases, scammers have hacked into your friend’s Facebook account. In other versions, the scammer creates a separate look-alike account by stealing your friend’s photos,” reports the Better Business Bureau. “Either way, scammers are banking that you will trust a message that appears to come from someone you know.”

Click the link, say cybersleuths, and malware redirects users to different pages depending on their operating system and location. Some land on a fake Flash Player installer; others go to a bogus YouTube page. There, additional malware may be installed – including keystroke loggers that record what you type to collect passwords, credit card numbers and other sensitive information. To further salt the wound, this malicious software also spreads to your Facebook Messenger contacts.

Other Facebook scams currently in the works that should curb the urge for a quick click on offered links:

“Free” airline tickets. This longtime scam – claiming one or two no-cost tickets as part of some promotion or for simply a page “Like” – is again taking flight, with recent spoofing of British Airways, Singapore Airlines and British-based EasyJet joining a list of at least a dozen other previous targets – including American, Delta, JetBlue, Southwest, United and U.S. Airways. There are no free airline tickets offered on Facebook but there is malware in those “get details” links – and you’ll be required to provide personal information that, at the very least, will result in more conning come-ons.

Coupon cons. Another oldie on the increase, especially with the upcoming holiday shopping season: Bogus coupons that appear to be from trusted businesses including Amazon, Lowe’s, Home Depot, Costco, Sears, and even regionally-based supermarkets. The offers and names change frequently, but the constant: First, you’re typically required to pass the fake coupon on to your Facebook friends, to expand the pool of potential victims of what comes next. Next, you and your now-hooked Facebook friends are directed to complete a survey, which usually requests sensitive personal information; in addition to getting more unwanted spam and robocall rip-offs, you might get hit with hard-to-cancel programs that charge monthly fees for additional fake offers. Plus there’s the likelihood of malware.

Hurricane hoaxes. Harvey, Irma and Maria have given Facebook fraudsters ample ammunition for their usual post-disaster tricks: pleas for donations to bogus charities and malware-laden links that promise shocking or compelling videos. But the newest ruse may be even crueler: A Facebook page falsely claiming that Carnival is offering a free 4- to 7-day cruise for victims ravished by either Harvey or Irma, along with $100 in onboard credit. The catch: “Just pay taxes and port fees.”

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Also of Interest


See the AARP home page for deals, savings tips, trivia and more.



Source link

Why Kids Are So Vulnerable to Identity Theft, and How to Protect Yours

Why Kids Are So Vulnerable to Identity Theft, and How to Protect Yours


Photo Credit: iStock/RichVintage

Kids will be kids: Blabbing on social media. Eagerly completing prize-promising online surveys that ask for birthdates and other personal information. Downloading “free” online games and videos that may harbor malware. And through it all, using weak passwords such as pet names, school mascots and using names of best friends that could double as security questions.

Meanwhile, the system remains the system: Requesting, but not legally required, to have a child’s Social Security number on forms for doctor’s appointments, weekend soccer leagues and extra-curricular activities. Publishing school directories with addresses, phone numbers and birth dates. Careless oversharing and weak protection of sensitive data by institutions while proud parents and grandparents think nothing of posting photos and ID theft-worthy details when blabbing on social media about their half-pint offspring.

So it may come as no surprise that the children in your life are among the 143 million American consumers whose sensitive personal information was exposed in the recently announced Equifax data breach. (To check, visit www.equifaxsecurity2017.com, click the “Am I Impacted?” button and enter the child’s last name and the last six digits of SSN.) And if not this time, perhaps in a past or future breach.

That’s because children are especially prized by identity thieves – and from birth to age 18, are targeted and victimized at much higher rates than adults (anywhere from 35 to 51 percent higher, depending on the study). College students are also at greater risk. For crooks, their value comes with virgin credit histories, making it easier to use a child’s SSN to open credit card accounts and apply for loans, utility service or government benefits. “As long as identity thief has a SSN with a clean history, the thief can attach any name and date of birth to it,” Carnegie Mellon University’s CyLab researchers note in their highly cited 2011 report on Child Identity Theft.

What’s worse, child identity theft could continue undetected for years or decades – discovered only when victims eventually apply for credit cards, student loans or a job to learn that their credit is already ruined. Here’s how to protect the young’uns:

Know the warning signs: Assume that identity theft has already occurred, or is in progress, if your child has no existing credit but:

  • Is being mailed credit card and loan offers
  • Denied a bank account, driver’s license or government, health insurance benefits because the SSN is already being used
  • Unable to apply for student aid, including the Free Application for Federal Student Aid (FAFSA)
  • The IRS or state tax agencies send notices that the child didn’t pay income taxes or was claimed as a dependent on a tax return other than yours
  • Getting phone calls or bills from debt collection agencies.

Check the child’s credit report. Unless there are existing credit accounts in the child’s name, you want to hear that there’s no credit report on file under his/her SSN; if a file exists but the child never applied for or was granted credit, assume the worst – and file a police report and complaint with the FTC.

Consider a credit freeze. A smart proactive move – and definite measure if child identity theft has already occurred – a freeze restricts access to a credit file, and unable to review it, creditors are unlikely to issue new accounts. (A freeze, however, does nothing to prevent fraud of existing accounts.) Currently, 29 states allow parents, legal guardians or other representatives of minors to place a security freeze on the minor’s credit report: Alaska, Arizona, California, Connecticut, Delaware, Florida, Georgia, Hawaii, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, New York, North Carolina, Ohio, Oregon, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington and Wisconsin.

But it can be done, no matter where you live – at least with Equifax, Experian and Innovis, a fourth and lesser known credit reporting bureau. TransUnion only allows credit freezes for minors in states that explicitly allow it by law. These freezes may cost – usually under $20 – and can be unthawed for credit checks if the child needs to apply for credit, insurance or a job.

Tell them well – and practice what you preach. Guide children and college-aged adults to keep personal information private, especially online, and adjust privacy settings to make it difficult for strangers to view accounts or post material on their page. Warn them about the dangers of malware from clicking on links (celebrity gossip, free games, music and apps are especially enticing and proven lures by scammers). And you, also, shouldn’t overshare personal information by not sharing their SSN and shredding unneeded documents that display it.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 

 Also of Interest


See the AARP home page for deals, savings tips, trivia and more.

 



Source link

Get Wise to These Common (and Costly) Student Aid Scams

Get Wise to These Common (and Costly) Student Aid Scams


Photo credit: iStock/SIphotography

In this new school year, parents of high schoolers face an age-old problem: How to pay for college.

Considering the bulk of available student aid is loans – currently more than $1.3 trillion in sometimes crushing student debt is owed by 44 million U.S. borrowers – many turn a hopeful eye to snagging scholarships and grants that don’t have to be repaid…only to get blindsided.

Each year, some 350,000 students and tab-footing parents lose as much as $100 million to student aid scams that falsely promise scholarships for college-bound seniors or “loan forgiveness” to those already with student debt.

Here’s what to know to avoid getting schooled:

Who offers the scholarship – and why? Legitimate scholarships make no secret of the sponsor, usually with an About Us page and/or information about the scholarship’s history and past winners. Unrecognized companies and non-profits (and their addresses) should be verified checked with an online search; scams may tout government- or official-sounding names with “National,” “Federal,” “Federation,” “Foundation” and “Administration” in titles.

Judging and award criteria should be outlined, along with a privacy policy ensuring that applicants’ information won’t be sold to others. If neither is obvious, assume a scam. Requests for Social Security numbers and other sensitive information of students or parents won’t be requested on legitimate applications, only those of scammers.

Faux application fees. It costs nothing except time and effort to apply for legitimate scholarships; scams require application fees. At $5 to $35, it may seems like small price to nab an alleged endowment, but the money quickly adds up: The typical scholarship-for-profit scheme – disguised in an official-looking website or arriving via U.S. mail or email courtesy of purchased mailing lists – receives up to 10,000 applications. Even if (and it’s a big “if”) awards are offered, they are few and small – maybe “a $1,000 scholarship or two,” reports FinAid, a leading (and free) website to locate scholarships and other college aid.

“Secret” list scams. These fraudsters allege to have the skinny on little-known or untapped opportunities, but it’s a big, fat lie. There are no “secret scholarship lists” and for up to $500, typically required upfront, these services do nothing more than what students should do – search no-cost scholarship-listing websites such as FinAid and FastWeb.

Prize lies. In these scams, students are told they already won a scholarship worth thousands of dollars – but need to pay a “disbursement” or “redemption” fee, or even upfront taxes on that money. These crooks may claim the scholarship is “guaranteed” or promise “your money back.” Or that a credit card is needed to “hold this scholarship” or that your student has been “selected” or is a “finalist” for an award that wasn’t applied for. No matter the language, understand there’s really one word – “scam.”

Also beware of so-called scholarship checks that arrive by mail; the recipient is asked to deposit it and forward a portion to a third-party (not the university). What happens? The deposited check proves to be a fake, The forwarded amount is lost, and money drawn from its deposit must be repaid.

Flimflam form fillers. For fees up to $1,000, these self-described “counselors” claim they’ll handle all the paperwork to help students and parents apply for need-based grants, work-study and other financial aid. But the only application that determines eligibility for such programs is the Free Application for Federal Student Aid (FAFSA) – and note the first word. For those interested in any federal and most school-offered aid, FAFSA applications begin Oct. 1 for students planning to begin college in the summer or fall of 2018. Besides paying unnecessarily “service” fees, FAFSA requires sensitive financial details, another reason for parents to complete it themselves.

Conversely, legitimate admissions consultants work one-on-one with students to provide guidance on other aspects of the admissions process – writing essays, studying for SATs and perhaps helping with other (non-FAFSA) forms. Whereas you have to find them – typically through referrals from the child’s high school or intended college – FAFSA fraudsters are more likely to recruit customers on Facebook or through telemarketing and mailed letter.

Loan lies. Attend those financial aid seminars promoted by the high school and you’ll get usable, accurate info on how to apply for student loans – the primary source of financial aid – through Federal Student Aid, the U.S. Department of Education and other programs offering government-back student loans (the safest and usually least expensive option). Beware of presenters making unexpected and off-site invites, pitching insurance products such as annuities, or angling for personal information including SSNs. Steer clear of any loans that require an advance fee for applying or to “qualify” (sometimes hawked as an “origination” or “guarantee” fee); real student loans deduct any fees from the disbursement check and don’t require upfront costs.

Avoid debt relief crooks that charge upfront fees to negotiate a lower loan rate; that’s illegal and easy enough to do yourself – or with help from a student loan counselor certified by the National Foundation for Credit Counseling. And while there are legitimate government programs that can reduce or “forgive” federal student loans, qualifying criteria is strict, including college graduates having to work in specific occupations. The “secret” programs and strategies offered by loan forgiveness fraudsters are bogus and costly; use Uncle Sam’s free Repayment Estimator to determine monthly payments and possible loan forgiveness options.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest


See the AARP home page for deals, savings tips, trivia and more.

 



Source link

New Rules for Password Protection

New Rules for Password Protection


Photo Credit: iStock/Daviles

For more than a decade, we’ve been told to use “strong” passwords that combine upper- and lower-case letters, numbers and special characters. Not only must they be long and complex, the mantra went, but a different password was needed on each online account – changed to another unique (and mind-numbing) letters/numbers/symbols combination every 90 days or so.

Now, the man who originally developed those password rules in 2003 as official guidance for government employees, says you should forget all that.

Why the takeback? Because those %&$#?@!-inspiring but apparently misguided guidelines “just drives people bananas and they don’t pick good passwords no matter what you do,” Bill Burr, now 72 and retired from his job as manager at the National Institute of Standards and Technology, told the Wall Street Journal.

Apparently, most folks couldn’t choose and remember dozens of criteria-meeting, jibberish-intended passwords like “jK&80+y$/hh#&9v+.” So they opted for something they could remember like “MyWe@kP&55w0rd1” and when (or if) passwords were updated, made predictable changes like switching 1 to 2 for a newer “MyWe@kP&55w0rd2.” Hackers weren’t fooled.

Now, the NIST has new guidelines, written with Burr’s input. Password should be long and easy-to-remember, with no mandatory “combinations” or periodic changes. Although there’s no guarantee NIST’s more user-friendly advice will be adopted by consumers or password-requiring websites, some specifics:

 

  • Passwords should be at least 8 characters and up to 64 characters long. Longer is stronger, as password length is the best contributor to its strength.
  • Rather than requiring a combination of letters, numbers, and special characters, emphasis should be what’s easy to remember (while long) – without forced combinations. Today’s leading advice by other experts is to create a memorable pass phrase or sentence in the double-digits, such as “Rufus has loved belly rubs since puppyhood,” a line from a favorite song, or combining nonsensical words such as “OceanographicPeachesSimplicity.”
  • Forget the 90-day rule (as if you really followed it?) that usually results in weaker replacements, as advised last year by the Federal Trade Commission. Instead, change passwords when there’s a reasonable threat, such as a data breach.
  • Websites (and you) should forbid the use of passwords known to have been previously stolen, simple dictionary words, repetitive or sequential characters like “12345678” or “qwerty.” Another don’t: Using passwords that contain the name of the user, service provider or other account-related information.

 

All good advice from NIST, but there’s more you can (and should) do for better, less-hackable passwords:

 

  1. Check ‘em. Before selecting a password, do an online search of “Password Checkers” to gauge contenders’ strength. Also review frequently issued “Worst Passwords” lists for absolute no-nos – “password,” even tweaked, usually ranks high – and check if your passwords have been compromised against 306 million that have been. Meanwhile, a recent study by password manager Dashlane ranks popular websites on their password security policies.
  2. Vault ‘em. A password manager removes the guesswork of having to remember many passwords. With these apps – some freebies and others with added features for up to $50 a year covering several devices – you only need to remember one master password (so make it good), and it remembers your log-in information at different websites. Some password managers also generate strong passwords, changed with each log-in.
  3. Reinforce ‘em. With two-factor authentication, there’s an extra layer of security to vital digital accounts. To access your account, you supply two factors – your password (something you know) and something you have, such as your smartphone, fingerprint or iris scan. For instance, when you log in with your usual password, the two-factor authentication site sends your phone a six-digit code that must be entered before gaining access. Check twofactorauth.org for websites that offer two-factor authentication.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest


See the AARP home page for deals, savings tips, trivia and more.

 



Source link

Pin It on Pinterest