13 Simple Steps to Protect Your Privacy

13 Simple Steps to Protect Your Privacy

Photo credit: iStock/Natali_Mis

Simple steps can go a long way in protecting your privacy from prying eyes, including those belonging to on-the-lookout scammers. Some of the easiest and (usually) free safeguards to reduce your risk of scams, hacking and other dastardly deeds:

  • Password-protect every device you own – smartphone, PC, laptop, and tablet – with a PIN that isn’t among these commonly
  • used, and most-often hacked: 0000, 1111, 1212, 1234, 2580 (middle column of keyboard) or 5555. Also avoid your birthdate, birth year, and portions of your phone address, address or SSN.
  • Check if your email address was compromised in a data breach at https://haveibeenpwned.com. If you were poned, change that password used for that and other account.
  • Use a password manager to remember all your passwords in a well-protected digital space, generate new ones, and/or even automatically complete log-in fields; you only need to remember a master phrase. Some versions are free; those with top-line features cost upwards of $50.
  • On social media, taking surveys or even completing product and service forms, don’t share personal details including your birthdate, birthplace, phone number, family members, income, even hobbies. Even legitimate companies may share these ID theft-worthy nuggets with who-knowns-who. Never provide your Social Security number, even the last four digits, unless you initiate contact or it’s legally required.
  • Protect your Google, Yahoo or Outlook email (and other accounts) with two-factor authentication so any sign-in from a different device requires a second layer of security, such as a code texted to your phone. Check twofactorauth.org for websites that offer two-factor authentication.
  • Install the HTTPS Everywhere extension to ensure all your activity on major websites is encrypted and less vulnerable to hacking.
  • Visit optoutprescreen.com or call 1-888-567-8688 to get off mailing lists for pre-approved credit card offers, which can be stolen by identity thieves to get new cards in your name. Stop “junk” mail from direct-marketing mailing lists at dmachoice.org.
  • Mail outgoing payments from a secure USPS dropbox or the post office, not from your home mailbox. Try to retrieve incoming mail soon after its delivery – especially in coming weeks, when ID thieves can steal just-delivered tax-related documents.
  • Get and keep copies of your medical records – a binder works well – adding each new treatment and prescription. This way, you have paper proof (and better defense) if your records are stolen, altered, or used in medical identity theft that could compromise your own health care.
  • Review every Explanation of Benefits (EOB) statement from your insurer. Call about any appointment, treatment or prescription that wasn’t yours. Once a year, review all benefits paid out in your name.
  • Don’t choose “personal” password security questions – or if you do, provide false answers. With some online research, fraudsters can learn “Where were you born?” and “What’s your mother’s maiden name?” to access your account. Keep track of fabricated answers by setting up “accounts” in a password manager.
  • Consider how you pay. Credit cards offer the best fraud protection; with bank-issued debit cards, your out-of-pocket liability depends on when unauthorized charges are reported. Be suspicious of payment requests by prepaid, reloadable debit card or wire transfer; scammers prefer those methods because they are like sending cash – hard to trace and virtually impossible for consumers to get money back.
  • Don’t make photocopies of medical, tax-related or other sensitive documents from digital copiers at libraries or businesses. Information stored on their hard drives can be retrieved by ID thieves who purchase leased or discarded machines.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest

See the AARP home page for deals, savings tips, trivia

Source link

Post-Disaster Scams: Fallout Fraud from Hurricane Harvey (and Future Catastrophes)

Photo Credit: iStock_honglouwawa

After devastating parts of Texas were hit with record rainfall in what the National Weather Service described as “beyond anything experienced,” expect a flood of Hurricane Harvey-themed fraud to continue…even after the waters recede.

That’s because of what’s already been experienced after virtually every other major natural disaster: Scams that prey on those whose lives and homes have already been destroyed, as well as good-hearted strangers hoping to help from thousands of miles away. Here’s a timeline of what to expect in the wake of Harvey, as well as future disasters:

Charity scams are typically the first gotcha out of the gate. (Even before Superstorm Sandy made landfall, more than 1,000 new websites with “Sandy,” “relief” or related keyword search terms were registered, many by scammers). Some charity scams come by unsolicited phone calls or front-door visits, but more begin with randomly blasted text messages, emails and social media posts to direct would-be donors. There, personal information and credit card numbers are collected for supposed donations (and possible identity theft); some scammer sites also infect your computer with information-stealing malware.

For fraud-free fundraising, you should contact the charity directly. Don’t trust requests that come to you. Stick with names and reputations vetted at Charity Navigator, Charity Watch, and Give.org, and follow these tips to avoid post-disaster charity scams. To immediately help Harvey victims, call the Red Cross at 1-800-RED CROSS, visit redcross.org or text the word HARVEY to 90999. For Salvation Army donations, call 1-800-SAL-ARMY, visit http://helpsalvationarmy.org or text STORM to 51555.

Rip-off repairmen known as “storm chasers” will flock to Texas as soon as the rain stops to begin their kind of soaking. These out-of-town tradesmen present themselves as roofers, carpenters, electricians and other tradesmen, and promise a quick repair for an upfront payment. Some just take the money and run; others may do “quick” but shoddy or incomplete work that may not be covered by homeowners insurance.

Because qualified and reputable tradesmen will also come to Texas for work, ensure both your wallet and home are protected by first asking your insurer to survey the damage and recommend approved contractors. Locals may be hard to find, so search and verify names through state licensing agencies, and provide your insurer with proof of contractor licenses, workers compensation insurance, written estimates and scope of work in detail, before hiring and paying anyone. It’s also wise to get a copy of the contractor’s driver’s license or other photo ID.

Imposter scams. Charity scammers aren’t alone in playing a rip-off role. As in past natural disasters, Harvey hoaxsters may pose as employees of the Federal Emergency Management Agency (FEMA) or insurance companies. Under the guise of doing an inspection and offering restitution or low-interest loans to rebuild, they angle for personal and financial information like Social Security and bank account numbers to use for identity theft. Others seek entry to homes to case for later burglary. Beware of demands for upfront payment, allegedly to process claims or pay your insurance deductible. Ask for identification, verify credentials, and keep in mind that FEMA doesn’t charge for any service.

Flood cars. In the coming weeks, the thousands of vehicles submerged in Harvey’s floodwaters will be offered for sale, possibly thousands of miles from Texas. That’s because when vehicles damaged by floods are deemed a total loss by insurers, owners are paid off and these so-called flood cars are hauled to a salvage yard, where they are supposed to be sold for parts. But roughly half wind up being purchased, cleaned up and resold to dealers and individual buyers. Although initially drivable, problems quickly occur: Rust attacks the engine and body. Wires that were water-soaked dry up and crack. Brakes, door locks, power windows, transmission and heating and air conditioning units fail. Some may even explode while being driven.

To avoid buying a flood car, enter its vehicle identification number (VIN) at VINCheck, a free service from the National Insurance Crime Bureau that could reveal a vehicle’s flood damage and previously Texas occupancy; Carfax and AutoCheck are also good sources. Also do your own sleuthing: Musty smells indicate mildew that couldn’t be cleaned while overpowering fragrances suggest the seller may be hiding something. Be suspicious of carpeting that looks too new, is discolored or has water stains. Check engine crevices and exposed screw heads, the glove compartment, door panels, under seats and the spare tire well for water lines or signs of mud, silt or rust. Beware of water condensation, fogging or water lines inside headlights, taillights and dashboard gauges. Repeatedly test electrical equipment – wipers, turn signals, heater and air conditioner, power windows and locks – and check engine wires; if they don’t bend easily, they may soon crack because of water damage.

Prepare for next time. Along with death and taxes, there’s a third certainty: Mother Nature will again go wild, possibly in your town. Whether it’s a future hurricane (yes, I’ve been there…several times), tornado, wildfire or other disaster, a little foresight and preparation goes a very long way. Before seconds really count, use this guide to prepare that must-have paperwork, often overlooked but crucial items and reduce insurance hassles.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.


Source link

New Make-A-Wish Scam a Triple Threat That Swindled $20 Million Last Time

Photo credit: iStock/leolintang

A new scam feigning the Make-A-Wish Foundation goes beyond just being despicable for exploiting the respected name of a national charity helping children with life-threatening medical conditions.

It combines a trio of the most successful types of schemes – sweepstakes scams, charity scams, and government imposter scams – increasingly used by telephoning fraudsters, and mimics a near-identical ruse seven years ago that bilked older Americans out of $20 million.

Scammers posing as employees of the Federal Trade Commission or non-existent “Consumer Protection Agency” are currently calling Americans to say they have won a six-figure cash sweepstakes run by Make-A-Wish.

The as-expected gotcha: An upfront fee upwards of $4,500 first must be paid to cover taxes, insurance and/or courier services, according to warnings from federal and state officials across the U.S. The as-you-can-guess realities:

  • Make-A-Wish doesn’t participate in sweepstakes. Or chain letters. Or telemarketing of any kind.
  • The FTC’s only participation in sweepstakes? Trying to stop these scams. No acting as messenger or handling sweepstakes money. Also, no chain letters or telemarketing of any kind.
  • There is no “Consumer Protection Agency.” It’s a smack at two government watchdog agencies — the Consumer Financial Protection Bureau, which oversees banks and financial institutions, and the Bureau of Consumer Protection, an agency within the FTC. Along with the equally fake “Consumer Protection Bureau,” the bogus “Agency” title is used in other scams.


You should never, ever believe that a government employee (or anyone else) is calling to give you sweepstake or lottery money; if you win a lottery, for instance, it’s on you to claim a prize. Or that you need to pay upfront to get a prize. Or that a respected and admired charity is footing the bill instead of using donations for their intended purpose.

It should be that obvious. But it’s not.

The new Make-A-Wish scam is a near repeat of a ruse in 2010. Then, scammers working from boiler rooms in Costa Rica held the same make-believe sweepstakes, supposedly sponsored by Make-A-Wish. They claimed to be from the FTC or Internal Revenue, reinforcing that lie with internet phone technology to display Washington, D.C.’s 202 area code on targets’ Caller ID (like they’re doing again now before instructing “winners” to call a phone line with an Arizona area code, where Make-A-Wish is headquartered).

Before authorities busted that crime ring, $20 million was swindled under the guise of paying upfront “luxury taxes” on touted winnings – primarily from older Americans, a population known to be generous in charitable donations (especially those said to help sick children), patriotic and trusting in their government, and especially vulnerable to sweepstakes scams. Notice how many people buy lottery tickets despite a 1-in-292 million shot of winning Powerball and ask yourself: Who isn’t receptive to the idea of receiving a fortune out of the blue?

Like other charities, Make-A-Wish gets spoofed every few years (another name-dropping sweepstakes occurred in 2012). Other bogus sweepstakes “scampaigns” currently making the rounds use the same fake “Consumer Protection Bureau” and “Agency,” moniker, including one that scammed $40,000 from a retired couple in Ohio.

The names, however, do not matter. Charities don’t give away money; they hope to collect it. Your tax dollars don’t go to awarding or managing sweepstakes or lotteries. Only scammers and their prize lies require upfront funds to supposedly award you money.

It’s may be a triple threat but has an easy answer: Just hang up.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

The Reign of Spain? Riskiest Vacation Destinations for Hacking Mobile Devices

The Reign of Spain? Riskiest Vacation Destinations for Hacking Mobile Devices

Photo credit: iStock/Jasmina007

If you’re heading overseas this popular vacation month, don’t underestimate the risks of your smartphone, tablet or other portable devices being hacked…even when visiting countries not typically associated with cybercrime.

True, the U.S. leads all popular vacation destinations in overall mobile threats, where hacking of files and data on hand-held devices occurs about 5 million times per year, according to Keeper Security, a Chicago-based password manager firm. (Previous research by Symantec, which makes Norton antivirus products, indicates the riskiest American cities are Seattle, Boston, Washington, San Francisco and Raleigh).

The United Kingdom is a distance second with 2 million threats, followed by Spain (1.7 million), France (700,000), Poland (475,000), Canada and Italy (400,000 each), Portugal (375,000), the Netherlands (320,000) and Greece (75,000).

But considering our nation’s population, use of mobile devices and availability of public WiFi, only about 1.5 percent of Americans and tourists are victimized – putting us solidly in the middle of the “at-risk” pack. With those factors in the mix, Spain reigns, followed by Portugal and the United Kingdom; each has a population-based mobile hacking rate at least twice as high of ours, according to Just About Travel – a U.K. based website. The Netherlands ranks number 4 with a nearly 2 percent gotcha rate, and following the U.S. at number 5 are Poland, Canada, France and Greece.

What about China, India, Brazil and Russia, which along with America, claim the world’s highest rate of smartphone use? Mobile threats are less likely to occur within those countries, says Keeper CEO Darren Guccione, because they are not as prosperous as the U.S or U.K. (and cyber-crooks prefer to follow the money). Meanwhile, language barriers make Japan, Germany and other countries less attractive targets, he tells the Fraud Watch Network.

No matter your destination, some additional advice to prevent mobile threats beyond these must-know strategies for on-the-road online security:

Take charge when you recharge. Don’t charge your devices with anything other than your own chargers plugged directly into the wall or into your adapter. “It’s easy for cyber thieves to install malware onto hotel and other public docking stations,” notes Guccione. “And never connect any USB drive or other removable media that you don’t personally own.”

Avoid “house” computers. Crooks can (and do) install malware on machines made available to the public at libraries, hotels and other businesses. If you do use them, don’t utilize them for tasks where you need to supply log-in or financial credentials such as online shopping, online banking or other sensitive accounts, or even your personal email.

Pack new passwords with your passport. Before leaving, change log-in credentials and passwords for all mobile device apps; with a password manager, you won’t have to remember them. “When doing this, use two-factor authentication if possible,” adds Guccione. Passwords should be no less than eight characters, with a combination of nonsensical letters, numbers, and symbols. “And don’t use the same PIN for hotel room safes that you use for your device password.

Don’t take a vacation from vigilance. Most travelers won’t consider not using portable devices on vacation, and when using them, don’t even consider if a WiFi connection is secure. Follow these tips to detect potentially problematic public WiFi when abroad or even at the local coffee shop.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump

Caption: iStock/GCShutter

Skimming fraud has been around for more than a decade, and continues to evolve. Today’s skimmers – illegal card-reading devices placed on ATMs, gas pumps and other public-area machines that process debit cards – are stealthier and more sophisticated than ever.

These devices “skim” information from the card’s magnetic strip as a nearby hidden camera, also placed by skimming scammers, records the PIN that you enter. Although you get your cash or can make a purchase – none the wiser of a skim scam flim-flam – the crooks can get more: Using information from the skimmer and camera, they make duplicate cards to drain cash from your accounts, or sell your card number and PIN for others to fleece you.

The good news: In most cases, stolen funds are usually reimbursed provided you report the fraud to the card-issuing bank within 60 days (another reason to keep close and timely tabs on accounts).

The better news: With a few simple steps before you use your card, you may be able to detect skimmers and tampered machines to avoid potential trouble. Here’s how:

  1. Pull on the slot. The latest generation of card-reading devices, used with increasing frequency by skimming scammers, are thin “insert skimmers” that fit inside the card slot at an ATM or gas pump. “New evidence suggests that at least some of these insert skimmers – which record card data and store it on a tiny embedded flash drive – are equipped with technology allowing them to transmit stolen card data wirelessly via infrared, the same communications technology that powers a TV remote control,” reports noted cybersecurity blogger Brian Krebs (who provides photos of insert skimmers). So before using the machine, squeeze, wiggle and tug the insert slot to remove insert skimmers, along with some old-school models placed over the card slot that protrude outward. In general, card slots should be flush against the machine; be suspicious of those where the entire or half of the slot sticks out.
  2. Check for spy cameras. Although skimmers record data from a credit or debit card’s magnetic stripe, fraudsters also need your PIN in order to withdrawal cash or sell cloned cards. To glean PINs, they place pinhole “spy” cameras that collect numbers as they’re being typed on the keypad. Look for small holes just above the display screen, on an attached brochure or other type of box, or even on protruding covers placed over the cash dispenser. Even if you can’t detect evidence of a camera, cover your hand when entering your PIN.
  3. Avoid “void” stickers. To help spot skimmer tampering at gas pumps, many stations now place security seals over the cabinet panel as part of a voluntary program, notes the Federal Trade Commission. If the pump panel has been opened – an indication of possible skimmer placement – the label will read “void” and take that clue to fill your car elsewhere. Still, whenever you use a debit card at the pump, you’re safest by pressing the “credit” button instead of “debit.” This way, you can still use your debit card without having to enter a PIN, and the purchase amount is processed through a credit card network that provides greater protection if fraud occurs.
  4. Inspect the keypad. False keypad overlays that look exactly like, and fit directly over, the real McCoy are another way fraudsters can collect PINs as accompanying skimmers get card data. So before entering your card, check the keypad – and think twice before using if it feels loose, spongy, or the keypad panel appears raised or thicker compared to the rest of the machine. Also before using, give several buttons a test run and be suspicious if they feel sticky. Crooks have been known to place glue on and around certain buttons – particularly “enter,” “cancel” and “clear” – to prevent customers from completing a transaction after inserting a cash card and keying in a PIN. (When customers go inside a bank to report the problem, the waiting thief “unsticks” the buttons with a knife to complete the withdrawal.)
  5. Check the audio jack. Most ATMs have an audio jack that goes unnoticed to the average customer – and that works to their advantage. If not perfectly centered inside the plastic overlay cover, it suggests the machine has been tampered with. Another tampering tipoff: Look for cracks or cuts on the plastic covering the receipt slot, cash dispenser or other portions of the machine; these coverings should be completely smooth.


For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.


Source link

Pin It on Pinterest