Most Likely to Be Scammed? Not Seniors, but Millennials

Most Likely to Be Scammed? Not Seniors, but Millennials


Gray-haired folk have long held “most scammed” status, but it may be time to pass on that unfortunate legacy. While the retirement-aged are targeted most often, increasing data shows that it’s millennials — our children and grandchildren ages 18 to 35 — who are most likely to lose money to fraudsters. Consider these recent findings:

Phone scams. About 1 in 10 American adults lost an estimated $9.5 billon to phone scams last year. Leading the pack were millennial men between ages 18 and 34, who were three times more likely to be victimized than the overall population, reports mobile communications company Truecaller, which offers a spam-blocking phone app. Its Harris-conducted survey of 2,000 adults finds that 33 percent of male mills report losing money to phone scammers; that compares to just 3 percent of males between ages 55 and 64 and 1 percent of men 65 and older. Meanwhile, some 11 percent of female millennials got duped, four times the rate of women 55 and older.

IRS imposter scams. Among the scariest and most successful phone scams: calls from self-described IRS agents threatening arrest, property seizure or deportation. Although millennials are less likely than Gen Xers (born between 1965 and 1984) or boomers (born 1946 to 1964) to receive tax scam calls, they are six times more likely to reveal credit card and Social Security numbers and other sensitive information, finds another just-released survey of 1,000 adults. Roughly 17 percent of millennials confessed that they had forked over ID theft-worthy details to mystery callers who could cite the last four digits of their Social Security number (as tax scammers often do), compared to only 3 percent of Gen Xers and 2 percent of boomers.

Job scams. Overall, about 1 in 6 job seekers have been scammed while searching for work online, and the highest gotcha rate is among that generation considered the most tech-savvy — millennials. In a 2015 survey of 2,600 American adults, job-search website FlexJobs finds that 20 percent of millennial job seekers got scammed, compared to 13 percent of those in their 60s.

Tech support scams. Millennials, especially men between 18 and 35, are the most often targeted and leading scammer-paying victims tricked by phony pop-up ads or alerts warning of a crippling computer virus. The top danger zone to snag most-duped male mills in these tech support scams: porn websites.

Everyday fraud. In its own research of more than 2,000 adults last year, the Better Business Bureau finds that some 30 percent of those between ages 25 and 34 lost money to scammers; it’s only single digits among those 55 and older.

What explains these trends? As experts continue to study the “whys,” the leading theories:

  1. We’re better prepared. Older is wiser — at least when it comes to recognizing that we’re vulnerable to scams. And heeding news, advice and warnings by AARP’s Fraud Watch Network and others, we are better able to spot scams and act accordingly. Tracking some 30,000 consumers targeted in different schemes, the BBB finds that nearly 9 in 10 seniors recognized the scam in time, with only 11 percent reporting they lost money. Millennials, meanwhile, lose money three times more often, likely being duped because they are clueless or could care less about educating themselves to prevent scams.
  2. Millennials think they’re invulnerable. Ask mills to describe the typical scam victim and their usual reply: an elderly, naive woman with less income and education. (The reality is younger college graduates have the highest gotcha rates.) While scam-savvy oldsters know that anyone is vulnerable, some researchers believe that millennials are most likely to have an “invulnerability illusion” — the belief that other people are more vulnerable than themselves. That mindset leads to more impulsive decision-making.
  3. They overuse and overtrust technology. Raised with the internet and cellphones, the average millennial, studies say, spends about 18 hours per day using some type of digital media. Because they are so familiar and comfortable with technology, defenses (and common sense radar) can take a back seat. Compared with other age groups, millennials are more likely to be careless with their tech — such as not using passwords to lock computers and cellphones and accessing financial accounts and doing online shopping on risky public Wi-Fi.
  4. They overshare. Tweets about breakfast. Selfies over lunch. Millennials love to share their lives online with who-knows-who, and that often includes details best kept private — names, birth dates, likes and dislikes, and other personal information that could be used for identity theft and scam-targeting sucker lists. Promise them a prize or other “tangible benefits,” and the majority of millennials willingly share their personal information with even unrecognized online askers. And guess which age group, says online security firm Norton, most likely willy-nilly shares their computer and cellphone passwords? No surprise (again): those between 18 and 34.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Photo: iStock/Zinkevych

Also of Interest

 

See the AARP home page for deals, savings tips, trivia and more.



Source link

From Pop-Up Warnings to $9 Million Payout: Inside the Tech Support Scam

From Pop-Up Warnings to $9 Million Payout: Inside the Tech Support Scam



How do scammers reap more than $9.5 million with phony pop-up ads or blinking alerts warning of a crippling computer virus or security problems?

Their scareware success usually starts with “malvertisements” (malicious online advertising intended to damage or disable computers), which are designed to trick their prey into believing the bogus bug and calling a designated “support line” for help. It usually ends with a victim-made call lasting 17 minutes and a request for an average $291 to supposedly “repair” the feigned problem.

And the intriguing in-betweens? It’s all part of a new study, reported as the first analysis of its kind, by researchers at the National Security Institute (NSI) at Stony Brook University, who spent eight months studying the tactics of tech support scammers.

First, they built a tool — ROBOVIC, short for Robotic Victim — to automatically crawl the web to find the scammers. After collecting some 25,000 domains and thousands of phone numbers used in these schemes, the three researchers made 60 calls to various scammer-provided numbers displayed in pop-up warnings, posing as recruited “victims.” What they learned:

  • To spread malware that generates the bogus pop-up warnings — sometimes disguised with a Windows blue-screen background to make it more believable — fraudsters obtain thousands of low-cost domain names, such as .space and .xyz (which, after .com, .net and .org, is the fourth most-registered global top-level domain name on the internet).
  • Most scammer-run domains have a life span of only 11 days, with about half of scam domains operating no longer than three days. Con artists frequently use URL shorteners, to better hide on legitimate websites.
  • In addition to bogus warnings, these scams sometimes use intrusive programs and other techniques so computer owners can’t close their browsers or leave the “Call this number” page.
  • Of some 5 million pages visited, ROBOVIC discovered about 22,000 tech support scam pages hosted at roughly 8,700 domains. With previous research on fake antivirus scams indicating about 2 percent of targets fall for such ploys, the researchers estimate that each domain generates $2,000 per day.
  • Once targets call, swindlers usually follow a script. First, they say they need to learn more about what could have caused the alert, leading prey to a designated website to “run tests.” There, a remote administration tool is loaded so scammers can access their computers. Asking would-be victims about recent usage, they offer “all is not lost” assurances to incentivize callers to pay for bogus repair services.
  • In backtracking the scammers’ connections to their PCs, the Stony Brook team determined that the overwhelming majority of these con artists (some 85 percent) operate in India. About 10 percent work in  the U.S., and about 5 percent in Costa Rica.
  • Although 15 telecommunications providers were used, more than 90 percent of scammer-controlled support-line numbers were routed through four VoIP services — Twilio, WilTel, RingRevenue and Bandwidth.
  • Scammer call centers employ an estimated 11 tech support fraudsters.
  • Prices for rip-off repairs ranged between $70 and $1,000, but the average price was $291. All told, the research teams estimated that $9.7 million in profits were made from these scams.
  • The bottom line, according to lead researcher Nick Nikiforakis: “Don’t trust what your browser tells you about the safety and security of your system. People need to understand there’s no legitimate scenario where your computer will start beeping and ask you to call a toll-free number.”

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Photo credit: iStock/daboost



Source link

Smart Moves to Hack-Proof Your “Smart Home”

Smart Moves to Hack-Proof Your “Smart Home”


With innovative and in vogue “smart home” devices, you can control your home’s lighting, temperature, sprinkler system, door locks, TV, even dinner…all with a smartphone app. Maybe that’s why these high-tech household helpers are already in millions of American homes – with predictions that by decade’s end, some 50 billion household devices will be connected to the internet via the user’s home Wi-Fi network.

But these gizmos, part of increasingly popular Internet of Things technology designed to help homes operate more easily and efficiently, also bring risk. Millions have already been hacked, used for nefarious purposes ranging from screaming obscenities at a baby to being enlisted as soldiers in a botnet army that, temporarily knocked  offline top websites including Amazon, PayPal, Netflix and Twitter, as demonstrated last October in what some experts believe was a “test” cyber attack to gauge vulnerabilities.

And the more connected you home is, the better chance cyber crooks can use those devices to track your movements or remotely access your home computer and smartphone to glean email, banking and online shopping data. Your defense:

Change default passwords. Make sure you don’t use the manufacturer’s default password on your router or any smart home device. Most people never change those typically weak, factory-issued passwords – and that’s why so many devices, including routers, printers and cameras, were enlisted for the October attack. Each device should have a unique (and strong) password. A password manager can help: Popular versions that use cloud technology include LastPass, Dashlane and 1Password; apps on your computer’s hard drive include RoboForm, Password Safe and KeePass.

Create separate Wi-Fi networks. You want one for your computers and another for smart home devices. Many routers have a guest network option, which you can use for smart devices. Or you can purchase a separate internet connection for the new-fangled gizmos, or split an existing internet connection using a virtual local area network (with help from a tech-savvy buddy or Geek Squad-type business).

Stay “updated.” Promptly download legitimate updates when you receive a legitimate prompt for your connected device. These can improve function, and include patches for newly discovered security vulnerabilities.

Disable unnecessary features. Deactivate functions you don’t need – especially cameras and microphones, which are hackers’ most favored exploitable features.

Use multifactor authentication. Many smart home device apps offer two-step authentication that users can opt into under “settings.” In addition to your password (something you know), this second layer of protection could be a security key or a one-time code sent to your cellphone (something you have).

Don’t use public Wi-Fi. Turn off the “automatically connect” setting on phones and don’t access device apps in airports, coffee shops or other vulnerable locations.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Photo: iStock/faithiecannoise

 

 



Source link

Beware of These “Last-Minute” Tax Scams, Even if You Already Filed

Beware of These “Last-Minute” Tax Scams, Even if You Already Filed


As the April 18 filing deadline looms, a new wave of tax scams is heating up. Whether you’ve already filed your 2016 return – and especially if not – here’s how to protect yourself from these “last-minute” schemes currently making the rounds:

Don’t trust “update” requests. One popular phishing ploy this time of year involves emails supposedly from tax software providers such as TurboTax or TaxACT. They request users to “update” their information. “These ruses generally urge taxpayers to give up sensitive data such as passwords, Social Security numbers and bank account or credit card numbers,” warns the IRS. In addition to emails, beware of similar “update” requests by phone or text supposedly from tax software providers, banks and credit card companies.

Step lightly on TAP requests. Another info-phishing con: Emails that promise a refund that supposedly come from the Taxpayer Advocacy Panel. While TAP is an authentic volunteer board that advises the IRS on taxpayer issues, it doesn’t deal with refunds, or even have access to any taxpayer’s personal and financial information, notes the agency. There emails are from scammers phishing for SSNs and financial account information.

Know the drill. Tax-related correspondence is mailed; the IRS and other tax agencies do not initiate contact by phone, text or email. In the 2016 season, the IRS saw a 400 percent uptick in phishing and malware attempts, most commonly scam emails claiming information or a problem related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information. These fakes include an attached link, which can harbor malware, that leads to an IRS-mirroring website run by scammer. Note the tinkered address such as “irsgov” (without the dot between “IRS” and “gov”), irs.net, or a similar variation.

Meanwhile, the IRS imposter phone scam is alive and well, preying on taxpayers including recent immigrants. In addition to the usual ploy – threats of arrest, deportation or property seizure over an allege debt – a new spin has IRS imposters promising a refund, a move to trick targets into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request. Ignore it, instead calling the IRS at 800-829-1040.

Choose preparers to not lose. Good luck finding a preparer this late in the game, but if you’re still looking, some tips to finding one who’s reputable (if only for next year): Check this IRS directory for credential preparers, and here for organizations provided free help. The AARP Foundation’s Tax-Aide program offers free, individualized tax preparation for low-to moderate-income taxpayers at more than 5,000 locations nationwide. If your adjusted gross income was less than $64,000 last year, you qualify for the IRS Free File program. Beware of preparers (especially with temporary storefronts or conduct business at your home) who promise overly generous refunds, want you to sign a blank return, say that fees are based on the size of your refund claim “secrets” loopholes.

Accountants under attack. Let your numbers-cruncher know of these schemes against them: In a new scam, the IRS reports that fraudsters pose as a client (namely, you), asking tax preparers to make a last-minute change to their refund destination, often to a prepaid debit card. Tax preparers are urged to verbally reconfirm information with clients should they receive last-minute email request to change an address or direct deposit account for refunds.

Another scheme: Emails to tax preparers that warn they need to update or access to their own tax preparation software via a bogus “unlock” link that leads to a fake web page, asking for their user name and password so cybercrooks can access client information. Ruses also include other tax prep provider-posing ploys and attempts to steal data such as PTINs, EFINs or e-Service passwords.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 

 

 



Source link

Why and How College Students are Scammed

Why and How College Students are Scammed


College students are ideal victims for identity theft, with clean or still non-existent credit histories ripe for exploitation…and often clueless to their risks and value to scammers.

They are more likely to boast birth dates and other personal nuggets on social media that can be pieced together by Facebook-trawling identity thieves. Use public Wi-Fi for risky online shopping, banking, and to access email. Open links that hide computer malware touting free music and games, information-requiring surveys and prizes, or intriguing text messages and emails.

If they have credit, it’s usually free of problems being jointly held or otherwise supervised by a parent; if they don’t, even better for scammers to use their identities to open fraudulent accounts for credit cards, loans and utility service. In between classes and keggers, few college students check their credit reports, explaining why those 18 to 24 take five times longer than other age groups to detect identity theft that’s already occurred – and that discovery is often made when they apply for car loans, mortgages and post-degree jobs.

How are college students scammed? The top ruses targeting your children and grandchildren include:

Fake employment. In the latest, fast-growing scheme, scammers place advertisements for phony job opportunities (often administrative work) on college employment websites, and/or recruit students via hacked school email accounts, warns the FBI. Gleaning Social Security numbers, bank account details and other sensitive information, “hired” students (often interviewed in nearby hotel lobbies or other non-workplace locations) are paid with counterfeit checks, instructed to deposit them and wire-transfer a portion to a provided vendor under the guise of job-necessary software or other equipment. Students lose the money wired, any funds drawn from the bogus deposit, and their bank account could be frozen. Plus their SSN and other valuable info is in enemy hands.

Pay now imposters. Using caller ID spoofing to make calls appear to be from the IRS or school financial aid office, scammers phone those with student loans threatening dire consequences – including arrest or non-graduation – unless they immediately pay a non-existent “federal student tax” or other bogus fees. Again, scammers make a quick buck and glean personal details for possible identity theft.

Scholarship and grant scams. These services claim to have lists of “secret” or “guaranteed” awards for current and future college students, or will provide no-fail help with paperwork. They demand upfront fees and then don’t deliver. The better route: Get reputable scholarship info for free at websites like FinAid and FastWeb, or directly from individual colleges.

 

False freebies. From must-have gizmos touted in surveys and bogus social media giveaways to free-trial offers of acne creams, gym memberships and you-name-it, expect attached strings, such as having to provide ID-worthy personal details, credit cards and hard-to-cancel memberships.

 

Credit card cons. Offers are all over campus and the internet, but beware. Plastic pitched heavily to college students often have sky-high interest rates and/or annual fees. Others are from identity thieves who merely pose as credit card companies. When shopping for credit and prepaid debit cards, stick with recognized and reputable names; run from anything with an APR near or above 25 percent or an annual fee of $30 or more.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Photo: Martin Dimitrov/ iStock

Also of Interest


See the AARP home page for deals, savings tips, trivia and more.



Source link

Spring Cleaning for Scam-Proofing

Spring Cleaning for Scam-Proofing


Spring cleaning shouldn’t end with a yard sale or Goodwill drop-off. Some seasonally appropriate sprucing tips to reduce risk of identity and other theft:

Wallet. Clean it of what you shouldn’t be carrying: A Social Security card (unless you’re heading to an SSA office), cheat sheets with PINs or passwords for bank cards or online accounts, spare keys for your home or car, and blank checks. Unless you’re heading to a doctor or health facility for the first time, don’t carry your Medicare card – with or without it, you’ll get emergency medical care. If you feel you must carry it, make a photocopy and remove or block out several digits of your SSN.

Home office. Maybe it’s the kitchen table and a box from the garage, but every home should have a cross-cut shredder. Put it to good use: After ensuring all is correct, immediately shred bank statements, sales and cash-withdrawal ATM receipts, paid credit card statements and utility bills, expired warranties, unsolicited credit card and insurance offers and canceled checks that are not tax related. Unless keeping for yuks, destroy old photo IDs. Pay stubs and undisturbed medical bills shouldn’t be kept longer than one year; tax returns and pertinent forms (W-2s, 1099s and records for declared tax deductions) no longer than seven.

Safely store, preferably in a bank safe deposit box or home-based lockable cabinet or carry box: birth and marriage certificates, family member death certificates, Social Security and Medicare cards, active passports (even if you don’t travel), divorce decrees, college diplomas and military records, wills and trusts, home deeds and vehicle titles, and power of attorney paperwork.

Keep secure but easily accessible: tax returns for the past three years, active appliance warranties and manuals, loan statements and payment books, insurance policies, a household inventory list (TVs, jewelry, etc.), health benefit information, and family health records including vaccinations. On your home printer, line up every card you keep in your wallet — driver’s license, credit and debit cards, insurance cards – and make a copy of the front and back of this plastic lineup, securely storing these pages in this “accessible” pile (useful if your wallet is lost or stolen.)

Medicine Cabinet. Remove and shred pharmacy labels before tossing empty prescription bottles. Hide prescription medications (particularly painkillers) when you expect home cleaners, healthcare workers, utility and contractor service calls or other visitors, or if your home is up for sale.

Computers and phones. Delete unnecessary and unused files, accounts and apps. Back up and store important documents, photos and files — including just-filed tax returns — on a separate flash drive, compact disc or external hard drive, or a secure Cloud service. If donating or recycling old computers, smartphones or other devices, wipe the memory completely and restore to factory settings.

Ensure that antivirus protection software is up to date on all actively used devices, set for regular “Quick” and “Full” scans and firewall-enabled. Clear the memory on Internet browsers used on your computer and smartphone – now and at least weekly to prevent hackers from accessing stored passwords. Enable two-factor authentication on financial and other online accounts; review (and enact) privacy settings on social media accounts and don’t overshare sensitive details – address, workplace, family members or upcoming vacation plans or purchases. Consider getting paperless statements from banks and credit card companies to reduce the risk that sensitive personal identifying information could be stolen from your mail.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 

 

 

 



Source link

Pin It on Pinterest