Tag Archives: Adam Levin

How to Avoid Summer Scams

As the weather gets warmer, mosquitos and ticks re-enter our lives, and along with them comes their larger cousin, the scam artist. There are ways to prepare for those seasonal meal stealers. The same goes for scams, as knowledge is the best repellent.

Either way, some scams never seem to get old, as evidenced by the huge number of people that continue to fall for them no matter how many warnings we issue. There are always new variations that snare even the wariest consumers.Ticks and mosquitos aren’t harmless—they are well-known vectors for serious illnesses. Scam artists also are vectors for a plague that affects millions of people each year: identity theft. But sometimes a scam is of the simpler smash-and-grab variety.

With that, I give you this summer’s smorgasbord of scams.

1. The summer rental scam

It’s not the easiest thing to find a summer rental that has all the right elements: a reasonable distance from the beach, the right number of bedrooms and bathrooms, a pets welcome policy. So, when you do find the right one, the tendency for most people is to pounce. Don’t be most people. If you get scammed on a rental, you’re not going to know till you show up at the front door and a puzzled person peers back at you.

The best thing you can do is visit the property in question beforehand. If you are working with a real estate agent, ask for his or her license number and check it, request references if there are no reviews online, and confirm that the address is real and the premises are truly available for rent.

See also: Be on the Lookout for Tax Scams  

2. Summer job as credit application

It is sadly a common occurrence that when kids are offered a “job,” they provide their information for tax purposes, including their Social Security number, and then never hear back. The reason: The only “job” was a robbery. Their identity is stolen, and because kids will be kids, it often takes a long time for them to realize the jerk who flaked on a summer job offer gutted their creditworthiness. (Here are four ways identity theft can impact your credit.)

Never provide sensitive personal information to a job site or anyone claiming to offer a job at the start of the process. Before you show up for an interview, make sure the job is legit: You can figure this out by doing an online search or making a few phone calls.

3. Door-knocker scams

Summer is the time for door-knocking scams. Sometimes the knocker wants you to help save an endangered species or an embattled population far away, sometimes they are selling a lawn service, home maintenance or sustainably produced electricity—all these causes, services and products may be legitimate, but the person offering them … not so much.

If a stranger comes to your door, your level of suspicion should be high from a personal and digital security perspective. If you like what a knocker has to say, tell them that you will go online to help their cause or buy a product, and send them on their way.

4. Wi-Fi scams

This is a year-round thing, but people still get got all the time by phony Wi-Fi scams, and the problem is only getting worse now that more municipalities are offering free access to the internet. The problem is that free Wi-Fi doesn’t guarantee secure Wi-Fi.

Always check with the network provider or someone of authority before logging on to any new wireless connection. Use a VPN, or virtual private network, to conduct any transactions that involve sensitive information.

5. Front desk, fake menu scams

Hotel scams are many and various, and it’s best just to remember that you are a target whenever you are traveling, but there are two scams that are sufficiently common. The first is the front desk scam, which is pretty simple.

You check in late, you’re tired and your phone rings. The scammer doesn’t know when you checked in. He or she is calling random rooms. You are told there is a problem with your credit card. Can you please confirm the number? The second scam to look out for is the menu scam. Scammers produce fake ones, and then steal your credit card information when you call to place an order.

If you get a call from the front desk, hang up and call back or go in person to confirm your payment method. Use your smartphone to order food or call the front desk for suggestions.

6. Moving scams

Summertime is moving time. Just make sure your relocation isn’t a moving experience of the hair-pulling kind. While there are many great services out there, there also are some fraudulent ones that could wind up costing you big time.

With online services like Task Rabbit and Angie’s List to name but two, there are ways to choose a moving service that suits your needs and provides reviews. Just make sure you check out their reputation online before they show up at your door.

You may have identity theft repellent

If you think you might have been a victim of identity theft, it’s important to monitor your credit for anything out of the ordinary—primarily accounts and delinquencies you don’t recognize. You can get a copy of each of your three major credit reports for free once a year at AnnualCreditReport.com and you can use a free tool like Credit.com’s credit report card to check for signs of identity theft every month.

It’s also a good idea to check with your insurance agent, bank, credit union or the HR department where you work. It is increasingly more common as a perk of your relationship with the institution to be offered free access to a program that provides education, proactive assistance and damage control if you become a victim of identity theft.

See also: Are Scams Killing Direct Marketing?  

If it’s not free, you may be able to get it at a minimal cost. (Full disclosure: CyberScout, a company I founded in 2003, provides these services to institutional clients, and they in turn offer the service to their clients, customers, members or employees.)

This post originally appeared on ThirdCertainty.

Full disclosure: CyberScout sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Is It Time to Buy a Biometric Scanner?

Identity theft is still out there, keeping pace with the latest innovations and security measures and snaring new victims every day. With the advent of cheaper, standalone, easy-to-integrate biometric technology for authentication, is it time to buy a fingerprint scanner?

What’s a biometric scanner?

Biometric technology uses physical or biological information, like a fingerprint, retinal scan or heartbeat, to authenticate a person’s identity. You can currently purchase the most commonplace biometric scanner—that is, one that uses a fingerprint—starting at around $50. The scanner can be used to protect computers and other devices that support biometric scanning technology.

Do biometrics provide additional security?

The short answer: Yes.

Authentication can effectively use three things to keep the wrong people out: something you know, something you have and something you are. We’re all familiar with the first line of defense. “What you know” takes the form of security questions, passwords and a security picture, and there are various strategies to keep it all straight.

Some choose to use password managers or proprietary systems like Apple’s iCloud Keychain. Others prefer to have an encrypted personal security list (logins, passwords) stored on a cloud server. Still others put “what they know” (but couldn’t possibly remember) on a USB stored on a keychain or in a safe if the information is not encrypted. And, yes, some go a little further, choosing to use a fingerprint-encrypted drive (i.e., biometrics). How you manage what you know comes down to personal preference, but the first line of defense is not fail-safe. In fact, there are hacks and breaches all the time. (If you believe you were the victim of a hack, you can view two of your free credit scores on Credit.com for signs of identity theft.)

See also: Are Passwords Finally Becoming Passé?  

The second line of defense, “something you have,” could be access to an email account, a key fob or your mobile phone. You need to have your phone in hand, for instance, to receive the verification code so you can get waved through some digital security checks. This is called two-factor authentication—and, yes, it’s more secure than simply protecting accounts with an alphanumerical password.

The last line of defense, “something you are,” is a really hot topic right now. As I mentioned earlier, in sophisticated systems, this might include a scan of your retina, your finger- or handprints, your body weight (including ups and downs), your height, your face or all of the above. This information is clearly specific to you—and not so easily replicated—so, again, it’s miles more secure that the old standard password or even two-factor authentication.

Needless to say, were you to implement a security protocol that combined all three of the above protocols of authentication, a) criminals would have a really hard time making any money, but b) we would all be frustrated.

Does it have a place in the home?

Biometric authenticators have been the security mode for quite some time in the military and wherever large amounts of money or gold or drugs or weapons are stored, as seen in countless spy and heist movies, but they are slowly making their way into people’s homes.

From smartphones to gun lockers to personal computers, a steady march of devices is offering a biometric element for the user-authentication process. One example comes by way of a new secure credit card being tested by MasterCard in a chain of supermarkets in South Africa. The card is able to store an encrypted copy of the user’s fingerprint, which would make it exceedingly difficult for a scammer to beat.

(Would it be impossible to beat? As with all great capers, only the crooks know for sure. There was a flurry of coverage not too long ago about how photos of people flashing a peace sign could lead to the theft of their fingerprints, thanks to the proliferation of high-definition cameras. But fact-checking website Snopes listed the story as “Unproven,” and for good reason. While it is theoretically possible, no criminals have been caught doing it.)

Should I buy a fingerprint scanner?

Here’s the rub: You won’t really need to.

Unless you were born a long time ago, you may not know what an 8-track is. It came before the cassette tape, which preceded the CD, which is the grandfather of the MP3. When you want to make a point about obsolescence, there are few better examples than those clunky old tapes. I bring them up because current standalone biometric scanners are without a doubt the 8-track of digital security devices.

See also: Biometrics and Fraud Prevention: Seeing Eye to Eye  

If you accept the similarity between biometric scanning devices and MP3 players, the answer to the question above will be crystal clear. These days, MP3s can be played by all the devices we use most. We’re seeing the same thing happen with biometric scanning.

Whether it’s a smartphone, a computer or MasterCard’s new fingerprint-encrypted cards, all stripes of products you use on a daily basis eventually will feature built-in biometric scanners. And, if you are buying something today and prefer devices with built-in (rather than bolt-on) security, don’t despair. There already are plenty of choices out there. Case in point: Anyone with the latest generation of a particular smartphone likely has the option of locking and unlocking the device with their thumb.

Personally, unless and until all devices that should be secure feature biometric scanners, I would suggest opting for those that do—much in the same way I’d advise you to refrain from using “1234” as your password. You can learn more about biometric technology, how it works (and whether it can be hacked) here.

Full disclosure: CyberScout sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

This post originally appeared on ThirdCertainty.

Be on the Lookout for Tax Scams

Las fall, authorities in India busted nine — yes, nine — bogus IRS call centers, arresting 70 people on suspicion of tricking (and often scaring) Americans into sending money to settle “pressing” but nonexistent tax bills.

You receive a call from a purported IRS agent claiming you owe money and must pay it immediately. If you can’t (or don’t) come up with the money pronto, well, you can expect a police officer or U.S. marshal at your door, and you will be arrested and thrown in jail. In a 21st-century version of this scheme, you receive a robocall where an automated voice directs you to call a specific number to settle your debts with Uncle Sam. If you don’t call back right away, you could be anything from sued to arrested to deported, or maybe you’ll just have your driver’s license revoked.

It’s an inelegant ruse, of course. The prize? Your hard-earned cash and, for good measure, some of your personally identifiable information (PII).

See also: Implications for Insurance Taxation?  

I probably don’t have to explain this hot-and-heavy approach because you’ve probably been on the receiving end of one of these phone calls. IRS scams are so prevalent they topped the Better Business Bureau’s top scams of 2015 by a mile — and that was well before the IRS itself issued a warning to taxpayers saying there was a “summer surge” last year in IRS impersonation scams, with a new variant asking poor, unsuspecting taxpayers to fork over payment on iTunes gift cards.

A sigh of relief?

If you think the major bust in India means you can breathe a little easier every time your phone rings, unfortunately, you’re wrong.

Make no mistake, those nine phony call centers represent only a small fraction of all the nefarious enterprises out there. Consider the latest stats from the U.S. Treasury Inspector General for Tax Administration published in The Wall Street Journal: 8,000 victims have paid more than $47 million because of these completely phony “IRS agents.”

Scams are akin to the old whack-a-mole game or, to put an even finer point on it, a Lernaean hydra — cut one of them down, and two more will spring forth. In fact, around the same time police were raiding the bogus call centers, reports had surfaced that there was a new IRS scam in town: Fraudsters have started to send out notices about fake IRS tax bills related to the Affordable Care Act via email and traditional snail mail in an effort to meet their, ahem, sales goals.

What you can do

You should stay vigilant because it’s about to get significantly more difficult to avoid getting got. The IRS announced it’s going to begin using private collection firms to handle overdue federal tax debt, a change that could effectively throw the one-step method of avoiding phony IRS agents — hang up the phone! — out the window.

The IRS has yet to make it completely clear whether it’s going to allow the collection firms it’s hired to call debtors directly. But even with this significant change, there will be a few dead giveaways that there’s a scammer on the other end of the line.

  1. If you do owe Uncle Sam, you’ll have received a bill in the mail, and should you be one of the more unfortunate ones turned over to a legitimate collector, you’ll also get written notice that your debt has been transferred over to one of its collection firms: CBE Group, Conserve, Performant and Pioneer.
  2. You’ll be allowed to make your payments online at IRS.gov/PayYourTaxBill, so, if you’re not being told about this option, hang up and notify the IRS.
  3. Payments by check should be made to the “U.S. Treasury.” If you’re being asked to write one made payable to the collector or even the IRS (which can easily be altered to read “MRS.”), hang up the phone.
  4. There will never be any threat involving police or marshals or prison.

Other ways to protect yourself

Here is the toll-free number for the IRS: 800-829-1040. If you get even the slightest inkling that someone is trying to swindle you, hang up and immediately call the agency.

See also: New Worry on ID Theft: Tax Fraud  

If you get an email that looks like it is coming from the IRS about a tax bill, do not click on any links (which could be malware designed to infect and infiltrate your computer system and steal any payment or personal information it can get its hands on). Instead, forward the email to phishing@irs.gov and wait patiently for someone to contact you about its validity.

What to do if you’re a victim

If you think you’ve already been had, well, then you’ve got some work to do. Report the crime to your local police, file a complaint with the Federal Trade Commission and call the IRS at the number provided above to find out if you really owe them money. Contact TIGTA to report the call either at 800-366-4484 or by using its IRS Impersonation Scam Reporting website. And then rely heavily on the three Ms I outline in my book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves:

  1. Minimize your exposure to fraud: If you did turn over your most sensitive personal information, request that a fraud alert be put on your credit file by all three credit bureaus — Equifax, Experian and TransUnion. You need only contact one, and it will electronically notify the other two. You might also consider a credit freeze, which is more comprehensive but cumbersome because you need to notify each credit bureau individually; lockdown of your credit report prevents thieves from opening new accounts in your name.
  2. Monitor your accounts. You might wish to purchase a combination credit and fraud monitoring service, which provides instant alerts if someone tries to open up lines of credit. You also may consider enrolling in transactional monitoring programs offered for free by banks, credit unions and credit card companies that notify you of any activity in your accounts. At the very least, keep an eye on your credit yourself. You can do this by pulling your credit reports for free each year at AnnualCreditReport.com and viewing two of your credit scores for free, updated every two weeks on Credit.com.
  3. Manage the damage. Close any account that has been tampered with or opened by a fraudster without your permission. And if you gave them the veritable skeleton key to your finances — your Social Security number — be sure to notify the IRS, do all of the above and file your taxes as early as possible next year to preclude anyone from getting their grubby little fingers on your refund.

Remember, it’s not just the phony taxman you have to worry about whenever you pick up the phone. Fraudsters come in all shapes and sizes, and, no matter how many scam centers authorities put out of business, the ultimate guardian of the consumer is the consumer (i.e., you)! Stay vigilant. While identity theft may be the third certainty in life, with a little luck you can make it that much harder for fraudsters to get you in their maw.

This post originally appeared on ThirdCertainty.

Full disclosure: IDT911 sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

More on identity theft:
Identity Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Identity Has Been Stolen?

Can Trump Make ‘the Cyber’ Secure?

I have to admit that when now-President Donald Trump uttered the phrase “The Cyber” during the first presidential debate, I was right there with the tech community in the eye-rolling that followed. “The Cyber” memes were born, along with real concern about the then-candidate’s grasp on cybersecurity, and, with the announcement of former New York City Mayor Rudy Giuliani as the cyber czar, those concerns multiplied.

The seeming “misunderestimation” — or possibly anti-comprehension — regarding something so crucial to national security may not on the surface seem like a consumer issue, but it is.

Our nation’s approach to cybersecurity at this juncture — beset by hostile state-sponsored attacks on our electoral process; expertise and secret information grabs from major industries and the federal government; and ransomware attacks — is a matter of the utmost urgency, and the now-president has said as much, to his credit.

But Trump’s response can’t be just a marketing move or a branding opportunity — things he gets. There must not be merely the appearance of change, with commissions talking and debating endlessly but with little to show for it. There must be actual boots-on-the-ground solutions — now.

Unfortunately, I don’t think that’s what will happen.

Consumer protection at risk

The Consumer Financial Protection Bureau specifically comes to mind if Trump does as many are predicting he will do and makes it yet another piece of President Obama’s dismantled legacy.

The CFPB was an important accomplishment of the Dodd-Frank Wall Street Reform and the Consumer Protection Act of 2010. The agency is charged with protecting consumers from the predatory financial practices that brought about the economic meltdown of 2007-08 and watching out for signs of future trouble. The CFPB has the power to ban financial products deemed “deceptive, unfair or abusive” and to impose penalties on companies that take advantage of consumers.

Barring a judicial miracle, current CFPB Director Richard Cordray is almost certainly going to receive one of Trump’s signature “you’re fired” communiqués. Worse, an anti-CFPB former Texas representative, Randy Neugebauer, appears to be the leading candidate to get the job.

See also: Election Elevates Cyber Issues for 2017  

Among other things, Neugebauer thinks that payday lenders are too roughly treated by the CFPB and that all business contracts should contain mandatory arbitration clauses (barring class action suits). He also thinks the CFPB should be headed not by a single director, but by a commission of people from both sides of the aisle. Those of us who support the CFPB believe that this would diminish the agency’s ability to go after dangerous practices that harm consumers in a timely and effective way.

The Trump transition team did not respond to a request for comment regarding its plans for the CFPB or Cordray.

This is about appointing the right people

It was reported that the cybersecurity czar role in the Trump administration will fall to the president’s close associate and campaign stalwart: Giuliani.

There is a connection here between what appears to be afoot at the CFPB and the next administration’s approach to cybersecurity. Both represent bad decisions based on a basic incomprehension of what is at stake and of what needs to happen next. The CFPB works — specifically, the single-director approach. Instead of hiring an opponent of the agency to presumably dismantle it, we should be using it as a model to create a single-director federal agency that emulates the CFPB to oversee cybersecurity.

As it stands, Giuliani will be bringing together experts working on cybersecurity solutions and business leaders who are targeted by hackers from the energy, financial and transportation sectors. The next step that is missing here is a government agency that can fine entities that do not meet the threshold for cybersecurity best practices — mandated employee education, maintaining technology and tools, hiring experts — that the agency would determine and set as a standard. (You can learn more about how to protect yourself from cyber threats like identity theft here and can monitor two of your free credit scores for signs of foul play every 14 days on Credit.com.)

In a recent interview, Giuliani said of the Trump, “He’s going to elevate this to a very large priority for the government — and I think, by doing this, he’s trying to elevate this as a priority for the private sector.”

Depending on private sector

As the Christian Science Monitor’s Passcode noted, quoting the former NYC mayor, the idea here is pretty simple: Trump will go straight to the public to “educate people on how important (cybersecurity) is, even to the point of their own personal protection.”

That is a fantastic idea that everyone should applaud. Whether the user is in the Pentagon or logging onto a free Wi-Fi network, our cybersecurity too often comes down to an individual clicking or not clicking on a malware-laden link or falling prey to some other security pratfall.

That said, any agency dedicated to cybersecurity would need to work closely with the military and intelligence communities and would also have to focus its resources on real solutions to the dangers we face, many of them extinction-level threats. The person running it would have to be at the cutting edge of cybersecurity best practices.

See also: Insurance Industry Can Solve Cyber  

When the news came down of Giuliani’s cyber czar role, experts almost immediately hit Twitter with reasons why this was a bad idea. (Trump’s team also didn’t respond to requests for comment regarding this choice. Giuliani was not readily available for comment, either.) As it happens, the cybersecurity community took a look at the website of Giuiliani’s cybersecurity company, giulianisecurity.com. They found serious problems, including expired SSL, no https and an exposed CMS login — just to name a few. You don’t need to know what these things are, but the cyber czar sure does. There can be no “oops” in his or her record.

Full disclosure: CyberScout sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

This article originally appeared on ThirdCertainty.

Be on the Lookout for These 3 Tax Scams

In the early ’60s, Roger Maris and Mickey Mantle hit a remarkable number of home runs — including famous, back-to-back four-baggers that, according to Yogi Berra, were the reason he famously quipped, “It’s déjà vu all over again.” While spring training is still a bit away, we’re in the thick of tax season, where legions of scammers are swinging for the back wall.

According to the IRS, there was a 400% increase in phishing and malware incidents during the 2016 tax season. With the April 15 filing deadline still feeling as far away as the Green Monster from home plate in Fenway Park, Berra’s other dictum — “It ain’t over till it’s over” — has never been more true.

My book, “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves,” goes into great detail about the various tactics cyber criminals use to lure you, but the most important thing you can do to keep yourself scam-free this tax season is educate yourself on the most prevalent risks out there.

As ever, the best advice is to file your taxes as early as possible. Tax-related identity theft is primarily aimed at grabbing your tax refund, and scammers are creative, sophisticated and persistent and move very quickly once your information is in hand. Armed with your Social Security number, date of birth and a few other pieces of your personally identifiable information, which if you have been involved in a data breach (you can check here to see warning signs and view two of your credit scores for free on Credit.com) is likely available on the Dark Web, people are furiously filing fraudulent tax returns online.

See also: Implications for Insurance Taxation?  

Here are three scams to bear in mind as the tax season is upon us:

1. Phishing

There is no bigger threat than phishing. By now, it is a home truth that there are phishers out there. Catfishing is a regular part of the popular imagination, and phishing emails hit our inboxes with the same regularity as the various promotional emails we get from retailers and media outlets.

Phishing emails take many forms, but they are most commonly pointed at getting enough of your personally identifiable information to commit fraud in your name (identity theft). They also commonly contain a link that places malware on your computer. These programs can do a variety of things (none of them good), ranging from recruiting your machine into a bot-net distributed denial-of-service attack; to placing a keystroke recorder on your computer to access bank, credit union, credit card and brokerage accounts; to gathering all the personally identifiable information on your hard drive.

Here’s what you need to know: The IRS will never send you an email to initiate any business with you. Did you hear that? NEVER. If you receive an email from the IRS, delete it. End of story. Oh, and the IRS will never initiate contact you by phone, either.

That said, there are other sources of email that may have the look and feel of a legitimate communication that are tied to other kinds of tax scams.

2. Criminal tax preparation scams

You learned how to do homework in school for this reason: Not all tax preparers are the same, and you must vet anyone you’re thinking about using well before handing over a shred of your personally identifying information. Get at least three references, check online to see if there are any reviews and call them.

Here’s why: At this time of the year, tax prep offices that are actually fronts for criminal identity theft tend to pop up around the country in strip malls and other properties and then promptly disappear a few days later. Make sure the one you choose is legit.

3. Shady tax preparation

Phishing emails may not be aimed at stealing your personally identifiable information or planting malware on your computer. They simply may be aimed at getting your attention and business through enticing (and fraudulent) offers of a really big tax refund. While these preparers may get you a big refund, it could well be based on false information.

Be on the lookout for questions about business expenses that you did not accrue, and especially watch out for signals from your preparer that you are giving him or her a figure that is “too low.”

Other soft cons of shady tax preparation include inflated deductions, claiming tax credits to which you are not entitled and declaring charitable donations you did not make. Bottom line here: We’re all connected these days, and chances are you will get caught, so just make sure you are working with someone who follows the instructions. (Yes, they’re complicated, and that’s why it’s not a bad idea to get help.)

See also: New Worry on ID Theft: Tax Fraud  

As Berra said, “You can observe a lot by watching.” Tax season is stressful even without the threat of tax-related identity theft and other scams. It’s important to be vigilant, because, to quote Berra all over again, “If the world were perfect, it wouldn’t be.”

Full disclosure: CyberScout sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.