Why Kids Are So Vulnerable to Identity Theft, and How to Protect Yours

Why Kids Are So Vulnerable to Identity Theft, and How to Protect Yours

Photo Credit: iStock/RichVintage

Kids will be kids: Blabbing on social media. Eagerly completing prize-promising online surveys that ask for birthdates and other personal information. Downloading “free” online games and videos that may harbor malware. And through it all, using weak passwords such as pet names, school mascots and using names of best friends that could double as security questions.

Meanwhile, the system remains the system: Requesting, but not legally required, to have a child’s Social Security number on forms for doctor’s appointments, weekend soccer leagues and extra-curricular activities. Publishing school directories with addresses, phone numbers and birth dates. Careless oversharing and weak protection of sensitive data by institutions while proud parents and grandparents think nothing of posting photos and ID theft-worthy details when blabbing on social media about their half-pint offspring.

So it may come as no surprise that the children in your life are among the 143 million American consumers whose sensitive personal information was exposed in the recently announced Equifax data breach. (To check, visit www.equifaxsecurity2017.com, click the “Am I Impacted?” button and enter the child’s last name and the last six digits of SSN.) And if not this time, perhaps in a past or future breach.

That’s because children are especially prized by identity thieves – and from birth to age 18, are targeted and victimized at much higher rates than adults (anywhere from 35 to 51 percent higher, depending on the study). College students are also at greater risk. For crooks, their value comes with virgin credit histories, making it easier to use a child’s SSN to open credit card accounts and apply for loans, utility service or government benefits. “As long as identity thief has a SSN with a clean history, the thief can attach any name and date of birth to it,” Carnegie Mellon University’s CyLab researchers note in their highly cited 2011 report on Child Identity Theft.

What’s worse, child identity theft could continue undetected for years or decades – discovered only when victims eventually apply for credit cards, student loans or a job to learn that their credit is already ruined. Here’s how to protect the young’uns:

Know the warning signs: Assume that identity theft has already occurred, or is in progress, if your child has no existing credit but:

  • Is being mailed credit card and loan offers
  • Denied a bank account, driver’s license or government, health insurance benefits because the SSN is already being used
  • Unable to apply for student aid, including the Free Application for Federal Student Aid (FAFSA)
  • The IRS or state tax agencies send notices that the child didn’t pay income taxes or was claimed as a dependent on a tax return other than yours
  • Getting phone calls or bills from debt collection agencies.

Check the child’s credit report. Unless there are existing credit accounts in the child’s name, you want to hear that there’s no credit report on file under his/her SSN; if a file exists but the child never applied for or was granted credit, assume the worst – and file a police report and complaint with the FTC.

Consider a credit freeze. A smart proactive move – and definite measure if child identity theft has already occurred – a freeze restricts access to a credit file, and unable to review it, creditors are unlikely to issue new accounts. (A freeze, however, does nothing to prevent fraud of existing accounts.) Currently, 29 states allow parents, legal guardians or other representatives of minors to place a security freeze on the minor’s credit report: Alaska, Arizona, California, Connecticut, Delaware, Florida, Georgia, Hawaii, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, New York, North Carolina, Ohio, Oregon, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington and Wisconsin.

But it can be done, no matter where you live – at least with Equifax, Experian and Innovis, a fourth and lesser known credit reporting bureau. TransUnion only allows credit freezes for minors in states that explicitly allow it by law. These freezes may cost – usually under $20 – and can be unthawed for credit checks if the child needs to apply for credit, insurance or a job.

Tell them well – and practice what you preach. Guide children and college-aged adults to keep personal information private, especially online, and adjust privacy settings to make it difficult for strangers to view accounts or post material on their page. Warn them about the dangers of malware from clicking on links (celebrity gossip, free games, music and apps are especially enticing and proven lures by scammers). And you, also, shouldn’t overshare personal information by not sharing their SSN and shredding unneeded documents that display it.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.


 Also of Interest

See the AARP home page for deals, savings tips, trivia and more.


Source link

Rigged Carnival Games: Are You Being Played When Playing Midway Classics?

Rigged Carnival Games: Are You Being Played When Playing Midway Classics?

Photo credit: iStock/lisinski

Heading to a summer carnival or state fair? Don’t worry so much about looking foolish carrying an oversized stuffed teddy bear en route to that funnel cake feast. The bigger concern should be in feeling foolish after dropping a wad of cash trying to win that plushy prize, but winding up with empty hands and pockets.

Although not every carnival game is rigged, all can be and many are – making those near impossible to win in hopes you keep trying (and fork over a small fortune). Here’s how you can be played when playing the midway’s most popular “skill” games:

Balloon Pop
Not to deflate your hopes, but this fairgrounds favorite is notorious for sticking it to patrons who try to burst balloons with a thrown dart. How? While fully-inflated balloons pop easy enough, those at some carnival games can be filled to only about one-third of their full air capacity, so darts bounce off without piercing.

To further deflect your throws (and hopes), carnival-used darts may be lighter than store-bought types, with tips that are purposely dulled or broken off. Unless aiming for the fullest balloons, expect this one-two punch to pop-prevent even accurate throws.

Basketball Shoot
Making a free throw from a closer distance than the shooting line on a regulation (or driveway) basketball court may seem like an easy score…if it’s a typical rim. But hoops at some carnivals games are smaller and oval-shaped – not round – so they appear “regular” from your vantage point. But with as little as a half-inch margin of error, even free-throw phenoms can have trouble scoring.

Other foul plays: Balls can be over inflated to make them super-bouncy for a harder score. Backboards are sometimes angled to make it harder to sink shots off it. And netting or shims may be placed between the rim and backboard to interfere with your depth perception.

Milk Bottle Pyramid
Knock down stacked bottles or pins and you win, right? Not when bottles are filled with lead or other hefty helpers to weigh up to 10 pounds each. And the softballs (often filled with cork) or sandbags you’re provided are lighter than usual.

Other carny-provided curve-balls: If just one bottle (usually, those on the bottom and middle) sticks out as little as 1 inch from the others, it can absorb enough of the ball’s force to prevent others from toppling. And beware of curtain backdrops; they can brace closely placed bottles to help prevent them from being knocked over.

Ring Toss
What explains the scant 1-in-700 chance of winning this game, according to a 1980s FBI investigation? Like the basketball shoot, it’s the equipment you’re provided. Often, the rings you’re provided are often just a smidgen wider than the target bottleneck or spike, and made of hard plastic to facilitate bouncing. When the carnival worker shows how easy it is to toss for success, suspect he’s using wider rings than those you’ll be provided, or standing close enough (often directly above the targets) for an easier drop onto the target.

Shoot the Star
The bull’s eye can be on you when trying to shoot out a star or other pattern from a paper target. To thwart your marksmanship, carnival rifles are designed to have less precision than other BB guns – with less air pressure (so many BBs can’t pierce the target) and sights that may been tampered with. Meanwhile, ammo may also be smaller than traditional BBs and in shorter supply than what’s needed to easily accomplish the task.

Tubs of Fun
The goal is to toss softballs into large, angled buckets, and have them stay inside. And there’s no problem doing that when the carny does a demonstration – or even gives a practice throw or two. Reason: There’s already a ball inside the tub to deaden the force of future throws so tosses stay inside the tub.

But once you hand over your money for the “real” game, the balls are removed and without one for deadening, your tosses bounce out – thanks, in large part, to midway mainstay “muck” buckets from the home improvement store whose hard plastic helps give your tosses extra bounce. Some especially unscrupulous carnies may even place springs beneath the tubs for even more bounciness.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.


Source link

Don’t Be a Scam Mark When You Park

Don’t Be a Scam Mark When You Park

There are many routes to a ripoff, including several schemes that can occur when you park your car:

Fake fines. A longtime ruse, phony parking tickets have resurged in recent months. The “classic” con involves windshield-left violations that appear authentic. Thanks to inexpensive hand-held printers, scammers can produce on-the-spot thermal printouts that look like actual tickets produced by police-used machinery, either standalones or placed in brightly colored envelopes, purchased online, like those used by some law enforcement. Motorists who receive these phony tickets are usually directed to pay the fine at scammer-run websites that also appear authentic, where sensitive personal information including bank account details may be solicited. These websites could also harbor malware.

Joining these schemes is the latest ruse: Bogus emails received by residents in several states that falsely claim a newly issued or past-due parking or traffic violations. Usually spoofed to appear to come from a local police department or state DMV, this conning correspondence demands personal information, payment (often by credit card or prepaid debit card) and can include links or attachments that “direct unsuspecting users to a malicious download that may expose your computer to a virus,” warns the New York State Department of Motor Vehicles.

Before paying a parking ticket, verify its legitimacy by contacting the issuing agency – either calling or looking up its website yourself; don’t rely on what’s printed on tickets, and be suspicious of any website that doesn’t end in .gov or .org. Police don’t email citations (or news about them), so don’t risk malware by clicking on links or attachments.

Parking lot posers. It can cost a small fortune to park in the official lot of a stadium or other event venue, and that’s what helps those guys who eagerly direct you to a nearby lot to park at a fraction of the price. Some are legitimate, but others are there to collect your upfront payment, point you to a space, and then hit the road. Problem is you may not know the difference until after that ballgame or concert to find your vehicle gone. Reason: The parking lot poser took the money and ran – and the lot’s real owner called a towing company. If you don’t want to spring for “official” parking in designated venue-owned lots, ensure surrounding lots have signs of legitimacy – such as booths, uniformed attendants and real signs noting the name and phone number of the company versus “Park Here” painted on plywood.

Car rescue and repair ripoffs. Stranded in a parking lot? Before relying on the kindness of strangers, make sure a help-offering Good Samaritan isn’t angling for a quick payment to “fix” a problem he caused. Such malevolent mechanics typically wait in parking lots, looking for their top targets – women in their 70s and those whose vehicles have out-of-state license plates. After their prey parks, they disable vehicles by deflating tires or disconnecting wire or cables after popping the hood of older or unlocked vehicles…then offer help when their mark returns. Advice: Before accepting assistance, politely inform parking lot helpers that while you appreciate any assistance they can provide, you cannot pay for their services. The crooks will likely drive off, and if you’re not a member of AAA, realize that police can lend a hand, and many auto insurers and vehicle manufacturers (especially for newer models) offer emergency roadside assistance.

Home heists help. Parking lots at movie theaters and shopping malls can help burglars pull off a successful heist. How? After waiting until a car’s occupants go inside, they can break into cars specifically to get addresses from vehicle registrations and auto insurance cards. Knowing they at least a two-hour window of opportunity (at least for movie-goers), these crooks then drive off to burglarize the victims’ homes. Although this isn’t how most home burglaries occur, it does happen. To prevent potential problems, keep your address-revealing documents and GPS in a locked glove compartment, hidden under a seat or truck wheel well, or carry these items with you.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

2 New Twists in IRS Impostor Scams

2 New Twists in IRS Impostor Scams

Photo credit: iStock/max-kegfire

Despite crackdowns that busted several crime rings and resulted in scores of arrests in what reigned as the top scam for three consecutive years, IRS impostors are still going strong, launching two new twists in their long-running schemes that have already bilked U.S. taxpayers of at least $55 million since 2013.

In one ploy scammers posing as IRS agents are phoning citizens about a supposed tax debt, but are now claiming that the agency has already mailed them two certified letters about overdue taxes and that those letters were returned as “undeliverable.” In these phone calls, fraudsters threaten immediate arrest unless immediate payment is made — with a prepaid debt card only.

Swindlers falsely claim that prepaid debit cards are required to be linked to the government’s Electronic Federal Tax Payment System (EFTPS), an automated system for paying federal taxes electronically using the internet or by phone using the EFTPS voice response system. EFTPS is offered free by the U.S. Treasury Department and does not require the purchase of a prepaid debit card. And because this system is automated, taxpayers won’t receive a call from the IRS, the agency notes.

The other new ploy, revealed last week, targets tax preparers with bogus emails “seeking extensive amounts of sensitive preparer data” that the IRS warns could enable scammers to steal client data and to file fraudulent tax returns. These bogus emails, purportedly from a major tax software education provider in the U.S. (which the IRS did not identify), claim that problems with its database require accountants and other tax preparers to provide an extensive amount of sensitive information.

In addition to professional identifiers such as the preparer’s electronic filing information number and preparer tax identification number, these fake emails, which may originate in the U.S., seek preparers’ log-in credentials, answers to secret security questions, birth dates, Social Security numbers, even mothers’ maiden names. “The email is unusual for the amount of sensitive preparer data that it seeks. The IRS reminds all tax professionals that legitimate businesses and organizations never ask for usernames, passwords or sensitive data via email. Nor should a preparer ever provide such sensitive information via email if asked.”

As IRS impostor scams continue, your defense plan stays the same. No matter what new ruse follows — or what threats or claims are made — avoid being a victim by keeping in mind these telltale indicators of what scammers do but the IRS will not.

  1. Telephone or email to demand immediate payment, or call about taxes owed without first having mailed you a bill. Although the IRS now uses private debt collectors, those four companies (CBE Group, ConServe, Performant and Pioneer Credit Recovery) chase only extremely delinquent taxpayers after several past-due notices have been mailed. And unlike scammers, those collectors will not identify themselves as IRS agents.
  2. Demand a specific payment method such as prepaid debit card, gift card or wire transfer. The IRS does not use these methods for tax payments.
  3. Request that tax payments be made to a third party. All federal tax payments should be made payable only to the U.S. Treasury.
  4. Ask for credit or debit card numbers over the telephone.
  5. Threaten to immediately bring in local police or other law enforcement groups to have the taxpayer arrested for not paying.


When in doubt about claims you owe taxes, contact the IRS at 1-800-829-1040. If you know you don’t owe taxes or have no reason to believe that you do, report requests for payment (and scam calls and emails) to the Treasury Inspector General for Tax Administration at 1-800-366-4484 or at www.tigta.gov.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

New Trends in Cyber Scams

New Trends in Cyber Scams

Photo credit: iStock/BrianAJackson

According to the cyber security company, Symantec – known for their Norton and LifeLock products – cyber criminals reached “new levels of ambition” last year.

Below are some key highlights of their 2017 Internet Security Threat Report.

Deemed “the weapon of choice,” one in 131 emails sent in 2016 contained a malware-laden link or attachment – the highest rate in five years. Malicious email is “a proven attack channel,” reports Symantec. “It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.” Burgeoning trends in what awaits in your inbox:

  • Spear-phishing attacks aimed to defraud specific people rather than more widely distributed generic messages. Often disguised as routine correspondence such as invoices or delivery notifications, one spear-phishing campaign – spoofed emails instructing targets to reset Gmail account passwords – provided access to Hillary Clinton’s campaign chairman John Podesta’s account and resulted in hacked emails revealed by WikiLeaks during the 2016 presidential election.
  • Business email compromise (BEC) scams, which rely on carefully composed spear-phishing emails that target more than 400 companies each day, scamming more than $3 billion over the last three years.
  • A growing proportion of spam – roughly 53 percent of all emails sent – now contains malware.

Often initiated by email, ransomware attacks increased 36 percent worldwide in 2016 to seize control of personal computers and institution-wide networks, encrypting hostage files to make them inaccessible until a ransom is paid for their release. Termed by Symantec as “the most dangerous cyber crime threat facing consumers and businesses in 2016,” the company identified 101 new “ransomware families” last year – tripling previous numbers.

Another three-fold increase: The demanded ransom amount – an average of $1,077 per victim compared to just $294 in 2015. The U.S. is the most targeted and lucrative market, says Symantec, with 64 percent of American victims willing to pay a ransom to regain their files, compared to 34 percent globally.

Data Breaches
Although the total number of data breaches decreased last year – 1,209 compared to 1,211 in 2015 and 1,523 in 2014 – they now have a bigger impact. Symantec says that last year, some 1.1 billion identities were exposed, an average of 927,000 per attack; that’s twice the 2015 rates on both counts. In 2016, there were 15 individual breaches in which more than 10 million identities were exposed, up from 13 in 2015.

“Smart Home” Devices
With weak factory-issued default passwords that are rarely changed (or can’t be), smartphone app-controlled household devices including thermostats, security cameras, door locks, sprinkler systems and even coffee makers are a worrisome new frontier in computer crimes. Such Internet of Things (IoT) gizmos are already in millions of Americans homes, with predictions that some 50 billion devices will be employed by decade’s end.

Already, millions IoT devices have been hacked, typically enlisted as soldiers in a botnet army that, last October, temporarily knocked offline top websites including Amazon, PayPal, Netflix and Twitter. Some experts suspect this was a test attack to gauge (and prove) their vulnerabilities.

Most often hacked are IoT devices with these passwords, so if you can change them, do so ASAP: “Admin” and “root” lead the list in attempts to log in to the Symantec honeypot (a security technique used to attract swindlers and learn their practices), followed by “123456,” “12345,” “password,” “1234,” “admin123,” “test,” and “abc123.” The default password for the Ubiquiti brand of routers – “ubnt” – was also in the top 10, reinforcing the wisdom of having a unique (and strong) password for your home router as well as each smart home device.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.



Source link

Pin It on Pinterest