Use your electronic device to make purchases digitally, without physically presenting your PrimeTrust Visa debit or credit card (not available on all devices).
Every time a chip credit card is used in-store at a chip-activated terminal, a unique one-time code is generated that’s used to approve the transaction—providing an additional layer of security.
Fraud Alerts
7/12/16
HOW PRIMETRUST HANDLES OUTSIDE SECURITY BREACHES
To help ensure PrimeTrust member safety, whenever there is a confirmed security breach outside of PrimeTrust, our protocol is to turn-off signature-based transactions, while still allowing PIN-based transactions, and reissue new debit or credit cards to our members at no cost to the member. The reissuing process could take up to three weeks, depending on the total number of people, members and non-members, involved in the breach. If a member chooses not to wait for a no-cost card to be mailed to them, they may come to a branch and an instant issue card may be purchased for a $10.00 fee.
6/3/16
EXTORTION E-MAIL SCHEMES TIED TO RECENT HIGH-PROFILE DATA BREACHES
The Internet Crime Complaint Center (IC3) continues to receive reports from individuals who have received extortion attempts via e-mail related to recent high-profile data thefts. The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details, will be released to the recipient's social media contacts, family, and friends if a ransom is not paid. The recipient is instructed to pay in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions. The recipients are typically given a short deadline. The ransom amount ranges from 2 to 5 bitcoins or approximately $250 to $1,200.
The following are some examples of the extortion e-mails:
“Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”
“If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”
“If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”
“We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need to send exactly 5 bitcoins to the following address.”
“We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, You can easily stop this letter from being mailed by sending 2 bitcoins to the following address.”
Fraudsters quickly use the news release of a high-profile data breach to initiate an extortion campaign. The FBI suspects multiple individuals are involved in these extortion campaigns based on variations in the extortion emails.
If you believe you have been a victim of this scam, you should reach out to your local FBI field office, and file a complaint with the IC3 at www.ic3.gov. Please include the keyword “Extortion E-mail Scheme” in your complaint, and provide any relevant information in your complaint, including the extortion e-mail with header information and Bitcoin address if available.
TIPS TO PROTECT YOURSELF:
Do not open e-mail or attachments from unknown individuals.
Monitor your bank account statements regularly, as well and as your credit report at least once a year for any fraudulent activity.
Do not communicate with the subject.
Do not store sensitive or embarrassing photos of yourself online or on your mobile devices.
Use strong passwords and do not use the same password for multiple websites.
Never provide personal information of any sort via e-mail. Be aware, many e-mails requesting your personal information appear to be legitimate.
Ensure security settings for social media accounts are turned on and set at the highest level of protection.
When providing personally identifiable information, credit card information, or other sensitive information to a website, ensure the transmission is secure by verifying the URL prefix includes https, or the status bar displays a “lock” icon.
The FBI does not condone the payment of extortion demands as the funds will facilitate continued criminal activity, including potential organized crime activity and associated violent crimes.
1A Bitcoin payment destination containing 26 to 35 alphanumeric characters beginning with the number 1 or 3.
This article can be found at http://www.ic3.gov/media/2016/160601.aspx
5/10/16
FRAUD ALERTS
Place a Fraud Alert
Ask 1 of the 3 credit reporting companies to put a fraud alert on your credit report. They must tell the other 2 companies. An initial fraud alert can make it harder for an identity thief to open more accounts in your name. The alert lasts 90 days but you can renew it.
Why Place an Initial Fraud Alert
Three national credit reporting companies keep records of your credit history. If someone has misused your personal or financial information, call 1 of the companies and ask for an initial fraud alert on your credit report. A fraud alert is free. You must provide proof of your identity. The company you call must tell the other companies about your alert.
An initial fraud alert can make it harder for an identity thief to open more accounts in your name. When you have an alert on your report, a business must verify your identity before it issues credit, so it may try to contact you. The initial alert stays on your report for at least 90 days. You can renew it after 90 days. It allows you to order one free copy of your credit report from each of the three credit reporting companies. Be sure the credit reporting companies have your current contact information so they can get in touch with you.
Ask the company to put a fraud alert on your credit file.
Confirm that the company you call will contact the other 2 companies. Placing a fraud alert is free. The initial fraud alert stays on your credit report for 90 days.
Be sure the credit reporting companies have your current contact information so they can get in touch with you.
Update your files. The credit reporting company will explain that you can get a free credit report, and other rights you have.
Mark your calendar. The initial fraud alert stays on your report for 90 days. You can renew it after 90 days.
Update your files.
Record the dates you made calls or sent letters.
Keep copies of letters in your files.
Contact Information for the Credit Reporting Companies
Each year, criminal actors target US persons and visa holders for Stolen Identity Refund Fraud (SIRF). SIRF is defined as the fraudulent acquisition and use of the Personally Identifiable Information (PII) of US persons or visa holders to file tax returns. The fraudulent tax returns are sent to bank accounts or pre-paid cards that are held under their control. SIRF is relatively easy to commit and extremely lucrative for criminal actors. While all U.S. taxpayers are susceptible to SIRF, over the past year, criminal actors have targeted specific portions of the population, including: temporary visa holders, the homeless, prisoners, the deceased, low-income individuals, children, senior citizens, and military personnel deployed overseas. This may be due to the perception by criminal actors that these individuals are less likely to be aware of or receive notification that their identity has been stolen.
After criminal actors steal PII, they use corrupt tax preparation companies or online tax software to file fraudulent tax returns with the stolen identity information at the federal and state level. The only legitimate information needed to file a fraudulent tax return is a name and social security number. This information is obtained by criminal actors through a variety of techniques, including computer intrusions, the online purchase of stolen PII, the physical theft of data from individuals or third parties, the impersonation of government officials through both phishing and cold-calling techniques, the exploitation of PII obtained through one's place of employment, the theft of electronic medical records, and searching multiple publicly available Web sites and social media. After the criminal actors electronically file fraudulent tax returns, they use pre-paid debit cards or bank accounts under their control to route fraudulent returns. The balances on the pre-paid cards and bank accounts are depleted shortly after the tax refund is issued.
Additionally, investigative information shows cyber criminals compromised legitimate online tax software accounts during the 2015 tax season. Cyber criminals modified victims' online tax software account information, diverting tax refunds to bank accounts or pre-paid cards under their control.
Many victims of SIRF do not know they have been targeted until they try to file their legitimate tax return. Many also receive notifications in the mail that their returns are being audited or are under review before they have even filed their tax returns.
Monitor your bank account statements regularly, as well and as your credit report at least once a year for any fraudulent activity.
Report unauthorized transactions to your bank or credit card provider as soon as possible.
Be cautious of telephone calls or e-mails that require you to provide your personal information, especially your birth date or social security number. If you are in doubt, do not provide the requested information.
Do not open e-mail or attachments from unknown individuals. Additionally, do not click on links embedded in e-mails from unknown individuals.
Never provide personal information of any sort via e-mail. Be aware, many e-mails requesting your personal information appear to be legitimate.
If you use online tax services, ensure your bank account is accurately listed before and after you file your tax return.
Ensure sensitive information is permanently removed from online tax software accounts that are no longer being used. Allowing online accounts to become dormant can be risky and make you more susceptible to tax fraud schemes.
Millennials were one of the most victimized groups of phone scams in 2015
FotoliaRunning a scam by calling victims on the phone seems so old school. In the digital world, you would think scammers would focus on Internet schemes instead.
But apparently, scammers hold to the adage “if it ain't broke, don't fix it.” Because telephone scams, even in the 21st century, appear to be very effective indeed.
In a survey conducted for Truecaller, the Harris Poll found that 11% of U.S. consumers lost money in 2015 to a telephone scam. And that's just the number that admitted it to a survey-taker.
Remarkably, that represents a 53% increase over the 2014 survey, suggesting that scammers have been busy dialing for dollars, something of a quaint method in this day and age.
Losses of $7.4 billion
The survey estimates 27 million U.S. consumers lost approximately $7.4 billion to this scheme – an average of $274 per victim.
“For as much progress as we’ve made in areas of fraud detection and caller ID, phone scams and spam on our mobile devices continue to increase at an astonishing rate,” Tom Hsieh, VP of Growth and Partnerships at Truecaller, said in a release. “We think this should sound an alarm to millions of unsuspecting Americans who continue to lose out on billions of dollars every year, yet still aren’t taking the proper precautions they need to protect themselves from becoming a victim, or identifying important calls they should be taking because they aren’t able to recognize the source of the number.”
While the scammers may still be targeting victims using 20th century tools, a notable trend is the increased targeting of mobile phones, as opposed to landlines. About 74% report the scammer called their cell phone. That's up sharply from 2014, when only 49% of the victims were called on a mobile device.
Men fall for it more than women
Another interesting factoid – men were twice as likely to report losing money over the phone than women. Among generations, Millennials make up a huge portion of phone scam victims, right behind seniors.
The survey suggests a need for better awareness of these scams and information on how to combat them. A first step is to make sure your telephone numbers are registered on the national DO NOT CALL list.
Being on this list will not stop scammers from calling, but it will stop legitimate telemarketers. That means if you get a call from a telemarketer who isn't from a non-profit, a political organization, or a survey company, chances are good it's a scam.
You should also be aware of the tried and true schemes that scammers use time and time again. You'll find a partial run-down of the most common phone scams here.
Tips for Taxpayers, Victims about Identity Theft and Tax Returns
Here’s a 2013 article from the IRS, but it has relevant information for 2016 as you file your taxes.
IRS YouTube Videos ID Theft: Protect Yourself from Identity Theft English | Spanish | ASL ID Theft: Are You a Victim of Identity Theft? English | Spanish | ASL
Podcasts ID Theft: Protect Yourself from Identity Theft English | Spanish ID Theft: Are You a Victim of Identity Theft? English | Spanish
FS-2013-3, January 2013
The Internal Revenue Service is taking additional steps during the 2013 tax season to protect taxpayers and help victims of identity theft and refund fraud.
Stopping refund fraud related to identity theft is a top priority for the tax agency. The IRS is focused on preventing, detecting and resolving identity theft cases as soon as possible. The IRS has more than 3,000 employees working on identity theft cases – more than twice the level of a year ago. We have trained more than 35,000 employees who work with taxpayers to recognize and provide assistance when identity theft occurs.
Taxpayers can encounter identity theft involving their tax returns in several ways. One instance is where identity thieves try filing fraudulent refund claims using another person’s identifying information, which has been stolen. Innocent taxpayers are victimized because their refunds are delayed.
Here are some tips to protect you from becoming a victim, and steps to take if you think someone may have filed a tax return using your name:
Tips to protect you from becoming a victim of identity theft
Don’t carry your Social Security card or any documents with your SSN or Individual Taxpayer Identification Number (ITIN) on it.
Don’t give a business your SSN or ITIN just because they ask. Give it only when required.
Protect your financial information.
Check your credit report every 12 months.
Secure personal information in your home.
Protect your personal computers by using firewalls, anti-spam/virus software, update security patches and change passwords for Internet accounts.
Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know who you are dealing with.
If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost or stolen purse or wallet, questionable credit card activity or credit report, contact the IRS Identity Protection Specialized Unit at 800-908-4490 (Mon. - Fri., 7 a.m. - 7 p.m. local time; Alaska & Hawaii follow Pacific Time).
If you believe you’re a victim of identity theft
Be alert to possible identity theft if you receive a notice from the IRS or learn from your tax professional that:
More than one tax return for you was filed;
You have a balance due, refund offset or have had collection actions taken against you for a year you did not file a tax return;
IRS records indicate you received more wages than you actually earned or
Your state or federal benefits were reduced or cancelled because the agency received information reporting an income change.
If you receive a notice from IRS and you suspect your identity has been used fraudulently, respond immediately by calling the number on the notice.
If you did not receive a notice butbelieve you’ve been the victim of identity theft, contact the IRS Identity Protection Specialized Unit at 800-908-4490 right away so we can take steps to secure your tax account and match your SSN or ITIN.
Also, fill out the IRS Identity Theft Affidavit, Form 14039. Please write legibly and follow the directions on the back of the form that relate to your specific circumstances.
In addition, we recommend you take additional steps with agencies outside the IRS:
Tips for Protecting Your Identity during the Holidays
Credit bureau Equifax is offering tips for protecting your identity as we head into the holiday season.
This year’s busy holiday shopping season entails a lot of credit and debit card swipes, vacations and generally frantic activity. It’s a perfect time for identity thieves to flourish.
So, right on the heels of National Cyber Security Awareness month (October), Equifax put together the following tips for keeping your identity secure – during the holidays and all year long:
At school, visit the IT department to ensure that your campus Internet is secure.
At work, when filling out forms that require your personal information try to submit the sensitive information handwritten through priority mail, instead of online.
Keep birth certificates, Social Security cards, and other personal documents in a lockbox in your home.
When disposing of documents, use a diagonal shredder.
Take outgoing bills, government forms, or tax forms directly to the post office.
Refrain from putting your driver’s license number on your personal checks.
Consider writing just your first initial and last name on checks.
Always shred credit card receipts at home.
Install anti-virus software, anti-malware software and a firewall on your computer and keep the programs up to date.
Use unique passwords that are different for each Web site.
Refrain from including your birth-date or other sensitive information on your social media accounts, even just the month and day.
Consider a credit monitoring and identity theft protection product.
These are great tips. One last thought is that it’s important to change your passwords often – particularly following times when you’ve been swiping in strange places (such as shopping malls).
Stay safe this holiday season, so you can enjoy peace of mind all year.
Online banking has made managing personal finances easier than ever. However, it has also provided cyber criminals with a whole new way to get at Americans’ money. In 2014, hackers snatched $16 billion from about 13 million consumers, according to Javelin Strategy and Research, making it more important than ever to safeguard data.
Although financial institutions dedicate plenty of resources to fighting fraud, there are several actions you can take to thwart thieves. Here’s where to get started.
1. Create strong passwords
Make fraudsters’ lives more difficult by coming up with robust passwords. That means ditching any login credentials that contain easy-to-find information like your name or birthplace. Instead, use a combination of numbers, letters and symbols. Include a mix of lower- and uppercase letters, and consider changing it every few months. Write your passwords down, but don’t keep them saved on your computer. Instead, store them somewhere safe in your home.
Download security software
Bolster your desktop or laptop’s virtual armor by installing the latest security software, which can ward off viruses and other bugs. You should also practice caution when browsing the web. Most times, a simple eye-test should suffice — if it looks sketchy, click away. This is especially true if you’re ordering something online. If a website doesn’t look trustworthy, or at all gives you pause, don’t enter your credit card information. Credit card fraud data suggest that hackers will increasingly target online transactions as technology gets more secure around in-person purchases.
3. Avoid e-mail scams
Viruses and malware can also infect your system via e-mail. Cyber criminals are pretty crafty these days and often disguise themselves by using names from your list of contacts. Read every e-mail carefully, even if it purports to come from your colleague or best friend. If something looks suspicious, don’t open any links or attachments, and definitely don’t send your credit card or bank account number.
4. Monitor transactions
Try to get into the habit of logging into your account and looking over your transactions regularly, even daily. If something looks amiss, contact your financial services provider immediately. They’ll be able to freeze your account, investigate the security breach and possibly refund any money that was lost.
5. Sign up for alerts
Take precautions one step further by enrolling in text and e-mail alerts, which are offered by financial institutions like PrimeTrust Federal Credit Union. You can tailor these alerts to notify you about potentially suspicious activity — say, whenever more than $200 is withdrawn from your account — and you can also opt to receive daily checking account balance notifications.
Thebottom line Putting a stop to online crime requires a joint effort between financial institutions and the members that they serve. By making some of the aforementioned moves, you’ll be lowering your risk of getting caught off guard.
INTERNET OF THINGS POSES OPPORTUNITIES FOR CYBER CRIME
The Internet of Things (IoT) refers to any object or device which connects to the Internet to automatically send and/or receive data.
As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors. Similar to other computing devices, like computers or Smartphones, IoT devices also pose security risks to consumers. The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats.
What are some IoT devices?
Automated devices which remotely or automatically adjust lighting or HVAC
Security systems, such as security alarms or Wi-Fi cameras, including video monitors used in nursery and daycare settings
Medical devices, such as wireless heart monitors or insulin dispensers
Thermostats
Wearables, such as fitness devices
Lighting modules which activate or deactivate lights
Smart appliances, such as smart refrigerators and TVs
Office equipment, such as printers
Entertainment devices to control music or television from a mobile device
Fuel monitoring systems
How do IoT devices connect?
IoT devices connect through computer networks to exchange data with the operator, businesses, manufacturers, and other connected devices, mainly without requiring human interaction.
What are the IoT Risks?
Deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices. Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety. The main IoT risks include:
An exploitation of the Universal Plug and Play protocol (UPnP) to gain access to many IoT devices. The UPnP describes the process when a device remotely connects and communicates on a network automatically without authentication. UPnP is designed to self-configure when attached to an IP address, making it vulnerable to exploitation. Cyber actors can change the configuration, and run commands on the devices, potentially enabling the devices to harvest sensitive information or conduct attacks against homes and businesses, or engage in digital eavesdropping;
An exploitation of default passwords to send malicious and spam e-mails, or steal personally identifiable or credit card information;
Compromising the IoT device to cause physical harm;
Overloading the devices to render the device inoperable;
Interfering with business transactions.
What an IoT Risk Might Look Like to You?
Unsecured or weakly secured devices provide opportunities for cyber criminals to intrude upon private networks and gain access to other devices and information attached to these networks. Devices with default passwords or open Wi-Fi connections are an easy target for cyber actors to exploit.
Examples of such incidents:
Cyber criminals can take advantage of security oversights or gaps in the configuration of closed circuit television, such as security cameras used by private businesses or built-in cameras on baby monitors used in homes and day care centers. Many devices have default passwords cyber actors are aware of and others broadcast their location to the Internet. Systems not properly secured can be located and breached by actors who wish to stream live feed on the Internet for anyone to see. Any default passwords should be changed as soon as possible, and the wireless network should have a strong password and firewall.
Criminals can exploit unsecured wireless connections for automated devices, such as security systems, garage doors, thermostats, and lighting. The exploits allow criminals to obtain administrative privileges on the automated device. Once the criminals have obtained the owner’s privileges, the criminal can access the home or business network and collect personal information or remotely monitor the owner’s habits and network traffic. If the owner did not change the default password or create a strong password, a cyber criminal could easily exploit these devices to open doors, turn off security systems, record audio and video, and gain access to sensitive data.
E-mail spam attacks are not only sent from laptops, desktop computers, or mobile devices. Criminals are also using home-networking routers, connected multi-media centers, televisions, and appliances with wireless network connections as vectors for malicious e-mail. Devices affected are usually vulnerable because the factory default password is still in use or the wireless network is not secured.
Criminals can also gain access to unprotected devices used in home health care, such as those used to collect and transmit personal monitoring data or time-dispense medicines. Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection. These devices may be at risk if they are capable of long-range connectivity.
Criminals can also attack business-critical devices connected to the Internet such as the monitoring systems on gas pumps. Using this connection, the criminals could cause the pump to register incorrect levels, creating either a false gas shortage or allowing a refueling vehicle to dangerously overfill the tanks, creating a fire hazard, or interrupt the connection to the point of sale system allowing fuel to be dispensed without registering a monetary transaction.
Consumer Protection and Defense Recommendations
Isolate IoT devices on their own protected networks;
Disable UPnP on routers;
Consider whether IoT devices are ideal for their intended purpose;
Purchase IoT devices from manufacturers with a track record of providing secure devices;
When available, update IoT devices with security patches;
Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it operate on a home network with a secured Wi-Fi router;
Use current best practices when connecting IoT devices to wireless networks, and when connecting remotely to an IoT device;
Patients should be informed about the capabilities of any medical devices prescribed for at-home use. If the device is capable of remote operation or transmission of data, it could be a target for a malicious actor;
Ensure all default passwords are changed to strong passwords. Do not use the default password determined by the device manufacturer. Many default passwords can be easily located on the Internet. Do not use common words and simple phrases or passwords containing easily obtainable personal information, such as important dates or names of children or pets. If the device does not allow the capability to change the access password, ensure the device providing wireless Internet service has a strong password and uses strong encryption.
Article found at http://www.ic3.gov/media/2015/150910.aspx
7/3/15
GIFT CARD SCAMS
While it is very popular to purchase, spend, and give others gift cards, the FBI would like to warn consumers of the potential for fraud. The online presence of the Secondary Gift Card Market has grown significantly in recent years. The Secondary Gift Card Market provides a venue for consumers to resell unwanted gift cards. However, criminal activity has been identified through sites facilitating such exchanges.
There are both online and in-store venues for reselling gift cards. Kiosks and pawn shops are an option for consumers who prefer to handle a transaction in person. Secondary Gift Card Market websites exist to exclusively buy and sell gift cards.
Some of the various types of gift card scams reported to the IC3 are as follows:
Victim sells a gift card on an auction site, receives payment for the sale, and sends the PIN associated with the gift card to the buyer, who disputes the charge after using the gift card.
Victim purchases an item on an auction site and is advised by the seller to purchase gift cards to pay for the transaction. After purchasing thousands of dollars in gift cards, the victim finds out the auction transaction is a scam.
A Secondary Gift Card Market site agrees to pay a victim for a discounted merchant gift card. The victim sends the code on the gift card, and the payment for the transaction was reversed. Thus, the buyer uses the gift card code to purchase an item and stops payment to the seller.
Consumers should beware of social media postings that appear to offer vouchers or gift cards, especially sites offering deals too good to be true, such as a free $500 gift card. Some fraudulent offers may pose as Holiday promotions or contests. The fraudulent postings often look as if a friend shared the link. Oftentimes, these scams lead to online surveys designed to steal personal information. Never provide your personal information to an unknown party or untrustworthy website.
Tips to Prevent Gift Card Fraud:
Consumers can take several steps to protect themselves when buying and selling gift cards in the Secondary Gift Card Market, as listed below:
Check Secondary Gift Card Market website reviews and only buy from or sell to reputable dealers.
Check the gift card balance before and after purchasing the card to verify the correct balance on the card.
The re-seller of a gift card is responsible for ensuring the correct balance is on the gift card, not the merchant whose name is on the gift card.
When selling a gift card through an online marketplace, do not provide the buyer with the card’s PIN until the transaction is complete. Online purchases can be made using the PIN without having the physical card.
When purchasing gift cards online, be leery of auction sites selling gift cards at a discount or in bulk.
When purchasing gift cards in a store, examine the protective scratch-off area on the back of the card for any evidence of tampering.
If you believe you have been a victim of a gift card scam, you may file a complaint, providing all relevant information, with the IC3 at www.IC3.gov.
6/8/15 Section 8 Scammers Cheat People Seeking Housing
If you’re looking for Section 8 housing assistance, here’s something you need to know: scammers have made websites that look like registration sites for Section 8 waiting list lotteries. If you pay a fee or give your personal information, the scammers will take it. And you still won’t be on a real Section 8 waiting list. In fact, there is no fee to register for a Section 8 waiting list.
If you search online for the Section 8 voucher waiting list, the top search results often are bogus sites. The sites look very real: their names may say “Section 8,” and they might show an Equal Housing Opportunity logo. They ask for fees and your personal information, like your Social Security number, but they won’t do anything for you. The scammers will keep your money and disappear. They also may give your personal information to identity thieves.
Here’s the real way things work: The U.S. Department of Housing and Urban Development (HUD)’s Section 8 program gives funding to local government housing authorities. The local authorities issue housing choice vouchers to help people find housing in privately-owned rental units. To get on the waiting list for a voucher, find your local housing authority and call or email them. Ask how to sign up for the Section 8 waiting list lottery in your area. As I said, there is no fee to register.
In another twist, some fake sites list Section 8 properties that supposedly are available. They promise you can rent one, if you pay the first month’s rent via wire transfer or a prepaid card. The properties might exist, but the ads are fakes placed by scammers. If you pay, you just lose your money.
People have lost money and personal information to scammers – but they’ve also lost the chance to be in the actual lottery. Most people don’t realize they’ve been scammed until after the waiting list is closed.
Keep these tips in mind to avoid a Section 8 lottery scam:
Contact your local housing authority to find out how to register for the Section 8 waiting list lottery. You’ll find their email and phone number on the HUD site. Follow their instructions to sign up.
Housing authorities do not charge fees, and they won’t reach out to you by phone or email to suggest that you join a waiting list. A housing authority also will never ask you to wire money or pay with a prepaid card. Those are sure signs of a scam.
Treat your Social Security number and other personal information (say, credit card numbers), like cash. Don’t give them out on a website you find through a search.
Article can be found at https://www.consumer.ftc.gov/blog/section-8-scammers-cheat-people-seeking-housing
5/1/15 HACKTIVISTS THREATEN TO TARGET LAW ENFORCEMENT PERSONNEL AND PUBLIC OFFICIALS
Summary
Law enforcement personnel and public officials may be at an increased risk of cyber attacks. These attacks can be precipitated by someone scanning networks or opening infected emails containing malicious attachments or links. Hacking collectives are effective at leveraging open source, publicly available information identifying officers, their employers, and their families. With this in mind, officers and public officials should be aware of their online presence and exposure. For example, posting images wearing uniforms displaying name tags or listing their police department on social media sites can increase an officer's risk of being targeted or attacked.
Many legitimate online posts are linked directly to personal social media accounts. Law enforcement personnel and public officials need to maintain an enhanced awareness of the content they post and how it may reflect on themselves, their family, their employer or how it could be used against them in court or during online attacks.
Threat
The act of compiling and posting an individual's personal information without permission is known as doxing. The personal information gathered from social media and other Web sites could include home addresses, phone numbers, email addresses, passwords and any other information used to target an individual during a cyber attack. The information is then posted on information sharing Web sites with details suggesting why the individual should be targeted.
Recent activity suggests family members of law enforcement personnel and public officials are also at risk for cyber attacks and doxing activity. Targeted information may include personally identifiable information and public information and pictures from social media Web sites.
Another dangerous attack often used by criminals is known as “swatting.” This involves calling law enforcement authorities to report a hostage situation or other critical incident at the victim's residence, when there is no emergency situation.
Defense
Defending Against Hacktivism:
While eliminating your exposure in the current digital age is nearly impossible, law enforcement and public officials can take steps to minimize their risk in the event they are targeted.
Turn on all privacy settings on social media sites and refrain from posting pictures showing your affiliation to law enforcement.
Be aware of your security settings on your home computers and wireless networks.
Limit your personal postings on media sites and carefully consider comments.
Restrict your driver license and vehicle registration information with the Department of Motor Vehicles.
Request real estate and personal property records be restricted from online searches with your specific county.
Routinely update hardware and software applications, including antivirus.
Pay close attention to all work and personal emails, especially those containing attachments or links to other Web sites. These suspicious or phishing emails may contain infected attachments or links.
Routinely conduct online searches of your name to identify what public information is already available.
Enable additional email security measures to include two factor authentication on your personal email accounts. This is a security feature offered by many email providers. The feature will cause a text message to be sent to your mobile device prior to accessing your email account.
Closely monitor your credit and banking activity for fraudulent activity.
Passwords should be changed regularly. It is recommended to use a password phrase of 15 characters or more. Example of a password phrase: Thisisthemonthofseptember,2014.
Be aware of pretext or suspicious phone calls or emails from people phishing for information or pretending to know you. Social engineering is a skill often used to trick you into divulging confidential information and continues to be an extremely effective method for criminals.
Advise family members to turn on security settings on ALL social media accounts. Family member associations are public information and family members can become online targets of opportunity.
4/21/15 CRIMINALS HOST FAKE GOVERNMENT SERVICES WEB SITES TO ACQUIRE PERSONALLY IDENTIFIABLE INFORMATION AND TO COLLECT FRAUDULENT FEES
From May 2012 to March 2015, the FBI’s Internet Crime Complaint Center (IC3) has received complaints regarding criminals hosting fraudulent government services websites in order to acquire Personally Identifiable Information (PII) and to collect fraudulent fees from consumers.
Although the volume and loss amounts associated with these websites are minimal to date, the victims are having their PII data compromised which may be used by criminals for any number of other illicit activities, ranging from the creation of fraudulent IDs and passports to fraudulent loans and tax refunds. The PII can include the victim’s name, address, phone number, e-mail address, social security number, date of birth, and mother’s maiden name.
This is how the scheme usually happens: victims use a search engine to search for government services such as obtaining an Employer Identification Number (EIN) or replacement social security card. The fraudulent criminal websites are the first to appear in search results, prompting the victims to click on the fraudulent government services website. The victim completes the required fraudulently posted forms for the government service they need. The victim submits the form online, believing they are providing their PII to government agencies such as the Internal Revenue Service, Social Security Administration, or similar agency based on the service they need. Once the forms are completed and submitted, the fraudulent website usually requires a fee to complete the service requested. The fees typically range from $29 to $199 based on the government service requested. Once the fees are paid the victim is notified they need to send their birth certificate, driver’s license, employee badge, or other personal items to a specified address. The victim is then told to wait a few days to several weeks for processing. By the time the victim realizes it is a scam, they may have had extra charges billed to their credit/debit card, had a third-party designee added to their EIN card, and never received the service(s) or documents requested. Additionally, all of their PII data has been compromised by the criminals running the websites and can be used for any number of illicit purposes. The potential harm gets worse for those who send their birth certificate or other government-issued identification to the perpetrator.
Follow-up calls or e-mails to the perpetrator(s) are normally ignored and many victims report the customer service telephone numbers provided are out of service. The FBI recommends that consumers ensure they are communicating or requesting services/merchandise from a legitimate source by verifying the entity. When dealing with government websites, look for the .gov domain instead of a .com domain (e.g. www.ssa.gov and not www.ssa.com).
Below are some consumer tips when using government services or contacting agencies online:
Use search engines or other websites to research the advertised services or person/company you plan to deal with.
Search the Internet for any negative feedback or reviews on the government services company, their Web site, their e-mail addresses, telephone numbers, or other searchable identifiers.
Research the company policies before completing a transaction.
Be cautious when surfing the Internet or responding to advertisements and special offers.
Be cautious when dealing with persons/companies from outside the country.
Maintain records for all online transactions.
As a consumer, if you suspect you are a victim of an Internet-related crime, you may file a complaint with the FBI’s Internet Crime Complaint Center atwww.IC3.gov.
Criminals are proficient in stealing the personally identifiable information (PII) of individuals to facilitate various fraud activities, including using stolen identity information to file fraudulent tax returns. Once the fraudsters obtain victim PII, they electronically file tax returns and set up pre-paid debit cards or bank accounts to route fraudulent returns. The balances on the pre-paid cards and bank accounts are depleted shortly after the tax refund is issued.
The fraudsters utilize multiple methods to obtain the information needed to file a tax return. The most popular methods include: computer intrusion, the online purchase of stolen PII, the recruitment of insiders who have legitimate access to sensitive information, the physical theft of computers that contain PII, the impersonation of Internal Revenue Service personnel, and the aggregation of information that is obtained through multiple publicly available Web sites.
Recent open source reporting indicates that cyber criminals also target and compromise legitimate online tax software accounts of individuals. Cyber criminals conducting this scheme modify victims’ bank accounts to divert transfers to bank accounts or pre-paid cards under their control.
Victims who filed complaints with the Internet Crime Complaint Center (IC3) reported they discovered they were victims of tax refund fraud when they tried to file a return and were notified by the Internal Revenue Service that their Social Security Numbers had already been used to file a tax return. One individual reported that due to an error in direct deposit account information submitted on his return, he was issued a check. However, the victim had not yet filed a return. Others reported before they filed their return, they received notification that their returns were being audited or were under review.
A recent investigation identified a tax refund fraud ring responsible for filing approximately 644 fraudulent tax returns totaling over $1.9 million in attempted fraud. Using fraudulently obtained PII, the fraudsters submitted tax returns and requested the funds be deposited into bank accounts under their control. The group recruited college students to open accounts to collect the tax refund monies. The students withdrew funds via ATMs and counter withdrawals. The students then passed the majority of the funds to another group member and kept a portion of the refund as payment for the use of their bank accounts to conduct the scheme.
This type of fraud is a growing concern as the number of complaints filed with the IC3 has doubled from 2013 to 2014.
If you believe you have been a victim of this scam, you should reach out to your local IRS or FBI field office, and you may file a complaint with the IC3 atwww.IC3.gov. Please provide any relevant information in your complaint.
Tips to protect yourself:
Monitor your credit statements for any fraudulent activity.
Report unauthorized transactions to your bank or credit card company as soon as possible.
Review a copy of your credit report at least once a year.
Be cautious of scams requiring you to provide your personal information.
Do not open email or attachments from unknown individuals.
Never provide credentials of any sort via email. This includes clicking on links sent via email. Always go to an official website.
If you use online tax services, double check to ensure your bank account is accurately listed before and after you file your tax return.
Ensure accounts that are no longer being utilized are properly deleted or scrubbed of sensitive information. Allowing online accounts to become dormant can be risky and make you more susceptible to tax fraud schemes.
"ISIS" Hacks Credit Unions - What You Need To Know
ISIS is the new face of terrorism and the Internet is the next front. Terror organizations use social media to recruit members, spread their messages and plan attacks. That they would also use hacking to evoke fear should come as no surprise.
That appears to be what happened on March 9 this year when visitors to the websites of several credit unions did not see the front page they were expecting. Instead, they saw a black screen with the logo for the Islamic State. Under the image were the words "Hacked by Islamic State (ISIS) We Are Everywhere :)" along with a link to a now-defunct Facebook page.
A closer examination of the defacement suggested to the FBI that this was not the work of the international terrorist group. First, the smiley face at the end of the message does not fit the tone of other messages the group has sent. Second, the targets, which included several small businesses and credit unions, seem out of character for the group. Most of the group's rage tends to focus on agents and governments it views as occupying territory in the Middle East. Third, the level of damage was relatively low. A sophisticated hacking operation would aim to debilitate or destroy economically or politically important assets. While taking down a credit union's website for a few hours is certainly disconcerting, the dollar amount of that can be applied to the damage is relatively low.
Rather, the FBI suspects this is the work of fairly unsophisticated domestic hackers. The target selection fits more with an attention-seeking group of malcontents. The strategy of website defacement is popular among amateur computer security students seeking to prove their skills or leave a "calling card." No member data, accounts, or contact information was compromised in the hack and the defacement of the websites has already been reversed.
As with every other security compromise, the possibility that a more serious data breach occurred is not out of the question. In most cases, this breach would involve rigging the website to install malicious software on users' computers. While it is unlikely, precautions are free and an ounce of prevention is worth a pound of cure when it comes to information security. If you're concerned about your computer integrity, take the following four steps.
1.) Install, update, and run security software
Using the Internet without antivirus software is like reaching your hand into a medical sharps disposal bin. You're going to get something and the results won't be pretty. Several free antivirus programs exist. Using a VPN, Virtual Private Network, like Marble – available with PrimeTrust Peace of Mind Checking – is an excellent way to protect your information.
If you already have antivirus software, you might think you're covered. Yet, antivirus programs only protect against specific kinds of malicious programming. While they're certainly the worst of the worst, viruses are only one kind of threat you face on the Internet. You also need an anti-malware program, like MalwareBytes or Spybot. These programs find and remove security threats that, while not quite to the level of viruses, can still compromise your computer.
These programs are still serious threats. Data breaches at Home Depot, Target and others were caused by malware on company computers. Even professional security experts occasionally forget about defending their systems this way.
Once you get the software installed, make sure to keep it updated and run it regularly. The scans usually take between 20 minutes and an hour. That's all it takes to stay safe from the worst threats.
2.) Change your passwords
It appears unlikely that any user data was compromised in this most recent round of hacks. Still, there's no reason not to be cautious. Change the passwords you use to log on to major financial websites and any website where you use those same passwords. If you use your PrimeTrust password to access your email, change your email password, too.
It's a good idea to cycle passwords every six months or so anyway. Doing so helps to keep your accounts safe. If you have trouble remembering to do so, consider using a password management service to keep track of your security.
Always choose strong passwords. Four random words with a number on the end is a great way to randomize passwords but keep them somewhat memorable. Just look around your computer area and use the names of the first four objects you see, followed by your birth month. Doing so creates a password that humans can easily commit to memory, but the most powerful computers would take years to crack.
3.) Get a credit score report
You can get a free credit report every year, and it's a good idea to do so. If you're planning to buy a house or a car this year, you might want to hold off and use your free report closer to your purchase date. If you don't have major purchases planned for this year, you can use your free credit score report to check if you've been hacked.
Look for accounts you don't remember opening or large, sudden upswings in debt utilization. These could be signals that someone's compromised your identity. Call the credit reporting bureau immediately to report suspicious activity.
This alleged ISIS hack is nothing to fear, but it's worth being cautious all the same. It's much easier to take preventative action than to regret not having done so. Taking these steps can help ensure you stay safe, no matter what happens.
Tax season is sometimes a nightmare for small business owners. When employed folk complain about their difficulties with a single W-2 and the standard deduction, small business owners just roll their eyes. The mess of paperwork, regulations and fees would drive most people right up the wall.
There’s another group who relies on that struggle to make an opportunistic buck: scammers. The IRS just released its annual report of the “Dirty Dozen” tax scams to watch out for in 2015. Phone scams targeting small business owners remain near the top. The FTC reports that tax-related identity theft is the most commonly reported identity theft crime; complaints rose a staggering 230 percent between 2013 and 2014.
Scammers are increasingly targeting small businesses. They know the tax situation for small business owners is far more complicated and that businesses have much more credit available than the average individual. A richer reward and a distracted mark are like dollar signs for these criminals.
The scam works as follows:
A con artist calls your small business and threatens you with fines, penalties and even jail if you don’t cooperate. The sky’s the limit on what they might request. Some will be content with demanding a huge payment – thousands of dollars. Others will press you for personally identifying information like your financial account numbers, credit card numbers, or tax identification number. These numbers will be later used to commit other forms of fraud or identity theft.
The persuasive power of this scam comes from emotional contrast. The caller will begin with hostility and aggression to put you on the defensive. This assault is followed with a conciliatory approach. The scammer will take your side and offer to take care of this if you cooperate. Imagine good cop/bad cop, but played by the same person.
Other versions of the scam might play another angle, insisting that you’re owed money in the form of a refund. The caller will ask for your account number for depositing the additional money. Of course, no refund occurs and the caller will milk your checking account for all they can.
Whatever the approach, the result is the same: You’re left sorting out the mess of an identity theft scam and perhaps losing all the proceeds of your business. Don’t let it happen to you. Follow these three steps to avoid this scheme.
1.) Stay calm
The power of the scam is in its ability to get you angry, scared or confused. At that point, you’re not deciding or processing. You’re reacting. Reactions can be influenced much more heavily by tone and selective presentation of information. When you stay calm, you remain more in control of the situation.
Think back to your last interaction with government. Maybe you needed to get permits for your business or wanted support from the chamber of commerce. Whatever it was, it didn’t happen that day. It probably didn’t happen that week. Government entities move at a glacial pace, and no one from the IRS is going to take your house if you don’t pay right this very minute.
“The first IRS contact with taxpayers is usually through the mail,” said IRS Commissioner John Koskinen in a statement. “Taxpayers have rights, and this is not how we do business.” Before any legal action is taken, the IRS would send a notice via certified letter, which requires a signature. It’s extraordinarily unlikely that you would miss a notice like this one.
2.) Know your rights
Those taxpayer rights Mr. Koskinen mentioned are important. Before the IRS could seize your property, they would have to take you to court. Before they could put you in jail, you would have to be convicted of a crime. In both cases, your property and freedom are protected by the demand for due process of law.
If you have reason to worry about your taxes, your first call should not be to the IRS. It should be to a tax lawyer. A lawyer will be able to tell you with certainty whether or not you should worry, and they will be able to advise you on what to do to keep yourself out of trouble.
Under no circumstances should you comply with a telephone or email demand for money by someone claiming to represent the government. No government agency in the country would operate like that. It would be a serious violation of your rights.
3.) Gather information and report
If you’re the target of a scam like this, there are several agencies set up to help you. You should record as much information as possible from the scammer, including the name they’re using, the phone number they’re calling from and any other possibly identifying information. Odds are good they will use this same information in another scam. Also, don’t forget to record the basics: the date, a brief summary of the threat and how they contacted you.
Once you have this information, contact the Tax Inspector General for Tax Administration through their website: www.treasury.gov/tigta. They have a form to use in reporting a tax official impersonation scam.
The Federal Trade Commission also maintains a database of scams to help other consumers avoid being tricked. You can report this incident to them at www.ftccomplaintassistant.gov. These reports will also help if you accidentally released information or made a payment to a fraudster.
2/10/15 TurboTax Security Concerns- Everything You Need To Know
Intuit, makers of the popular tax software TurboTax, briefly deactivated their state return filing functionality on February 6th. The reason? The company detected an increase in "suspicious" filings and thought there may have been a data breach. Many states, following their lead, stopped accepting e-filed claims from TurboTax in an effort to curb fraudulent returns.
After an investigation, Intuit found no problems with its internal security. "The information used to file fraudulent returns was obtained from other sources outside of the tax preparation process," according to the company's statement. The failing was in the internal control processes TurboTax uses to verify identities.
Since discovering the flaw, TurboTax has implemented industry-standard multi-factor verification systems on its state return systems. As of this communication, 49 states have resumed accepting TurboTax filed state returns. That's small comfort for the thousands of taxpayers who may have had fraudulent returns filed in their names, putting their refund in jeopardy and possibly landing them in legal trouble.
This breakdown couldn't come at a worse time for the makers of TurboTax. Just weeks after the company made a splash with a Super Bowl ad, they removed several important functions from their Basic edition. If tax filers had investment income, contractor income, or real estate revenue, they would have to pay $40 in upgrade fees and enter a variety of personal, sensitive information.
After a public outcry, the company offered to provide a $25 rebate to people who had purchased the basic edition and needed the upgrade edition. This was often not enough to cover the purchase price. The pricing confusion created uncertainty for many taxpayers about the viability of TurboTax going forward.
Now, the company has to deal with security concerns as well. Given the timing, the greatest distress is coming from taxpayers who have already filed their state returns. If you filed between Thursday, February 5th and Friday, February 6th, contact your state department of revenue to ensure your return was received.
Nineteen states have reported suspicious activity filed in just a two-week period. Federal returns, which use much more stringent security protocols were unaffected by the fraudulent activity. Most taxpayers are discovering their personal information has been compromised when they receive a notification that a return has already been filed using their information. In Utah, 29 confirmed fraudulent returns have been filed and another 8,000 have been flagged as suspicious. State departments of revenue have offered a variety of responses to the situation. Minnesota is no longer accepting returns from TurboTax despite the company's assurance that the system is secure. So far, no other states have reported such concerns with the system.
All this chaos means TurboTax may not be a great choice for your personal income tax filing this year or next. If you're concerned about it, here are three steps you can take to keep yourself safe.
1.) Get a refund
If you bought TurboTax and are concerned you won't be able to securely file your taxes with it, now is the time to get a refund on your purchase. H&R Block is offering its tax preparation software free of charge to people who purchased TurboTax this year, which may be a good option. Intuit claims to be working with the state of Minnesota to restore e-filing options, but does not have a timetable in place for restoring that functionality.
The company is also offering refunds for tax preparation costs for Minnesota residents. Calling TurboTax's support line or using their online complaint form is the best way to get your money back. Unfortunately, the time lost preparing the return in TurboTax is gone forever.
2.) File early
Given the elevated rates of fraud this year, you may want to tackle your taxes earlier. Filing a return is the best way to be notified of a compromise to your data. If you receive an error that a return with your SSN has already been filed, call your state department of revenue immediately. You may have been a victim of fraud.
On the positive side, filing early will also get you your refund early! You can put the money in your account and rest easy for one more year. Once you have all your tax documents, you can file online. Take care of it soon!
3.) Get a credit report
If you get your return rejected for a matching social security number, it's a good idea to assume your information has been compromised. That means your identity is at risk. You need to react accordingly.
Start by getting a credit report. Keep a careful eye out for accounts you don't recognize. One of the first things an identity thief will do is open a credit card and start spending your money. You don't want your first notification to be a collection call for debts you didn't create. Early reporting can limit your damages and help police catch the bad guys.
If you're worried about protecting your identity, PrimeTrust is pleased to offer credit monitoring services through our Peace of Mind checking products. We can keep an eye on your credit to look for suspicious activity and notify you as soon as something looks uncertain. If you're interested in credit monitoring, call, click, or stop by PrimeTrust today!
Hackers have stolen information on tens of millions of Anthem Inc. customers, in a massive data breach that ranks among the largest in corporate history.
The information stolen from the insurance giant includes names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses and employment information, including income data.
Anthem said there is no evidence that credit card or medical information was compromised. While damage is still being assessed, the compromised database contained up to 80 million customer records.
Formerly known as Wellpoint, Anthem (ANTM) is the second-largest health insurer in the United States. The company operates plans including Anthem Blue Cross, Anthem Blue Cross and Blue Shield Amerigroup and Healthlink.
Anthem pledged to individually notify current and former customers if their data has been stolen, and by late Wednesday evening, some members reported receiving e-mails from the insurer informing them of the breach. Anthem will offer free credit monitoring and identity protection services to affected customers.
"Anthem's own associates' personal information -- including my own -- was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data," CEO Joseph Swedish said in a letter to customers.
Anthem said the breach resulted from a "very sophisticated external cyber attack," and that law enforcement agencies were still working to identify the perpetrator. The company has retained Mandiant, a leading cybersecurity firm, to help in the investigation.
The insurer is the latest in a series of companies to suffer severe data breaches. Last year, hackers obtained credit card data for 40 million Target shoppers, as well as personal information -- including names, addresses, phone numbers and e-mail addresses -- for 70 million customers.
Records have also been stolen from Neiman Marcus, JPMorgan Chase (JPM), Experian, eBay(EBAY, Tech30) and Home Depot (HD).
The Federal Bureau of investigation said that it was aware of the intrusion, and was investigating the matter. The agency also praised Anthem's decision to quickly address the breach.
"Anthem's initial response in promptly notifying the FBI after observing suspicious network activity is a model for other companies and organizations facing similar circumstances," the FBI said. "Speed matters when notifying law enforcement of an intrusion."
CNNMoney (Hong Kong) February 5, 2015: 2:42 AM ET
Found at http://money.cnn.com/2015/02/04/technology/anthem-insurance-hack-data-security/index.html
1/23/15
You Don't Have An 'Email Quota'
Scammers will concoct any number of believable-looking lies in pursuit of your personally identifying information. They'll pretend to be anyone and claim anything to get you scared, anxious and uncertain. They know that's when you are most likely to make mistakes.
A new circulating scam is a remix of that old con. The Better Business Bureau reports this week on a new malware distribution scheme.
In this scheme, the scammers email you pretending to be from your email service provider (Google, Yahoo, etc.). They'll tell you you've exceeded your email quota or that you have "deferred email." The email will instruct you to follow a link to retrieve your un-checked email. Other variations of the scheme will tell you that you need to "update your personal information" to continue using your email service, which will require you to click a link to log in.
The link is to a malware download site, and once you click the link, you'll be infected. The breed of malware will vary from attempt to attempt. Some may only bog down your computer with popup ads and other irritations. Others will root through your browsing history and personal files, looking for account numbers, personal information, and passwords. You may never know you've been infected until you get an unexpected credit card collection call.
Some scammers have gotten more sophisticated with the initial pitch, and will include "unsubscribe" or "change notification settings" in the footer of the e-mail. People looking to reduce the amount of unsolicited email they receive might click this link. They would be disappointed to learn that this link will also direct them to malware download sites.
If you're looking to keep yourself safe from this new threat, here are three steps you can take.
1.) Know your Terms of Service
While there are upper limits on the amount of email your service provider will store for you, unless you're sending DVDs worth of information regularly, you will never approach that limit. Gmail, for instance, will store around 65 gigabytes of email data for you. This is bigger than the biggest memory card available for your camera. If you received 23 professional-quality photos every day, it would take you a year to exceed your storage limit, assuming you never deleted any of them.
Email service providers also set some limits on the number of emails you can send, but if you're clicking the send button each time, you'll never exceed that frequency. These limits are designed to prevent malicious or fraudulent activities, which is why they target automatic message sending. If you're running a business out of your home, you might worry about tripping this limit. For your personal email, though, this will never be a concern.
If you're expecting an email regarding a job interview, family news, or other significant life event, be proactive. Contact the person you're expecting to hear from and ask for an update. Sitting and waiting creates anxiety, which makes an environment ripe for scams.
2.) Don't follow mystery links
If you receive an email from someone you don't know, and it contains a hyperlink, don't click it. Even visiting malicious websites can infect your computer, causing untold damage. Even if the message comes from someone you know, if there's no context for the link, don't click it.
You can take steps to figure out if the message you've received is legitimate. Look at the "from" line. The message may appear to be from "Google Admin," but the email address might be googleadmin@freesites.ru (for example). If the second part of the email address (the domain) doesn't match what you think it should be, it's probably bogus. If there's even a shred of doubt in your mind, don't click.
Part of practicing good Internet hygiene is keeping your computer away from dangerous websites. Even if you think there's nothing on your computer worth stealing, your computer could be used by scammers to cause serious damage to your friends and family. Stay safe, and keep your friends safe, too.
3.) Report suspicious activity
Email service providers take these scams as seriously as you do. Someone is trafficking in their good name to exploit their customers. They are eager to put a stop to it to keep their brand image safe and their customers happy.
If you have any doubt about the legitimacy of a message, forward it to your provider's abuse address. Gmail has an option to "Report phishing" in the drop-down menu next to the reply button. Yahoo and Hotmail offer similar functionality. For larger corporations, try forwarding the message to "abuse" or "admin" @ the company's website - abuse@target.com, for example.
These companies would rather sort through a thousand false positives than let people continue to defraud their customers. They value you because they're providing you a service. Don't hesitate to let them know something's amiss.
An aggressive and sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be employees of the IRS, but are not. These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.
Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting.
Or, victims may be told they have a refund due to try to trick them into sharing private information.
If the phone isn't answered, the scammers often leave an “urgent” callback request.
Note that the IRS will never: 1) call to demand immediate payment, nor will the agency call about taxes owed without first having mailed you a bill; 2) demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe; 3) require you to use a specific payment method for your taxes, such as a prepaid debit card; 4) ask for credit or debit card numbers over the phone; or 5) threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
For more details on this ongoing scam, see:
IR-2014-105, Scam Phone Calls Continue; IRS Unveils New Video to Warn Taxpayers
The IRS has been alerted to a new email phishing scam. The emails appear to be from the IRS and include a link to a bogus web site intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between "IRS" and "gov"), though notably, not IRS.gov (with a dot). Don’t get scammed. These emails are not from the IRS.
Taxpayers who get these messages should not respond to the email or click on the links. Instead, they should forward the scam emails to the IRS at phishing@irs.gov. For more information, visit the IRS's Report Phishing web page.
The IRS does not initiate contact with taxpayers by email to request personal or financial information.
PRIMETRUST IS NOT SENDING TEXT MESSAGES TO MEMBERS. THIS IS A SCAM.
Please remember to NEVER give out your credit card/debit card number and other information to someone who calls/texts/e-mails you. We have your account information (we may ask you to verify the last few digits) and will not ask for it.
Holiday Shopping Tips
12/03/14—The FBI reminds holiday shoppers to beware of cyber criminals who are out to steal money and personal information. Scammers use many techniques to defraud consumers, from phishing e-mails offering too good to be true deals on brand-name merchandise to offering quick cash to victims who will re-ship packages to additional destinations. Previously reported scams are still being executed today.
While monitoring credit reports on an annual basis and reviewing account statements each month is always a good idea, consumers should keep a particularly watchful eye on their personal credit information at this time of year. Scrutinizing credit card bills for any fraudulent activity can help to minimize victims’ losses. Unrecognizable charges listed on a credit card statement are often the first time consumers realize their personally identifiable information has been stolen.
Bank transactions and correspondence from financial institutions should also be closely reviewed. Bank accounts can often serve as a target for criminals to initiate account takeovers or commit identity theft by creating new accounts in the victims’ name. Consumers should never click on a link embedded in an e-mail from their bank, but rather open a new webpage and manually enter the URL (web address), because phishing scams often start with phony e-mails that feature the bank’s name and logo.
When shopping online, make sure to use reputable sites. Often consumers are shown specials on the web, or even in e-mail offers, that look too good to be true. These sites are used to capture personally identifiable information, including credit card numbers, addresses and phone numbers to make fraudulent transactions. It’s best to shop on sites with which you are familiar and that have an established reputation as trusted online retailers, according to the MRC, a nonprofit that supports and promotes operational excellence for fraud, payments and risk professionals within eCommerce.
If you look for an item or company name through a search engine site, scrutinize the results listed before going to a website. Do not automatically click on the first result, even if it looks identical or similar to the desired result. Many fraudsters go to extreme lengths to have their own website appear ahead of a legitimate company on popular search engines. Their website may be a mirrored version of a popular website, but with a slightly different URL.
Purchases made on these sites could result in one or more of the following consequences: never receiving the item, having your credit card details stolen, or downloading malware/computer virus to your computer. Before clicking on a result in a search engine, inspect the URL of the destination website. Look for any misspellings or extra characters such as a period or comma as these are indicative of fraud. When taken to the payment page of a website, again verify the URL and ensure it is secure by starting with “HTTPS,” not just “HTTP.”
Here are some additional tips you can use to avoid becoming a victim of cyber fraud:
Do not respond to unsolicited (spam) e-mail.
Do not click on links contained within an unsolicited e-mail.
Be cautious of e-mail claiming to contain pictures in attached files; the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
Avoid filling out forms contained in e-mail messages that ask for personal information.
Always compare the link in the e-mail to the link you are actually directed to and determine if they match and will lead you to a legitimate site.
Log on directly to the official website for the business identified in the e-mail instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
Contact the actual business that supposedly sent the e-mail to verify that the e-mail is genuine.
If you are requested to act quickly or there is an emergency that requires your attention, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
Remember if it looks too good to be true, it probably is.
Tweet It seems like there’s a new data leak or identity theft trick to be worried about every week. If you’re not informed, you ri...
Your savings federally insured to at least $250,000 by the National Credit Union Administration (NCUA) and backed by the full faith and credit of the United States Government.
