Equifax Victim Protection Options Everyone Should Know

By now, most of us have heard of the recent data breach at the credit bureau, Equifax. If not, there is a good chance you will be receiving a letter from them letting you know that your social security number and other information was accessed by an unauthorized party. That’s because this event affected 44% of the U.S. population. There are a few items to consider as a follow up to the initial stories on this topic and that is what the following information covers.

There was some controversy about signing up for the offered free credit monitoring and other identity protection services from Equifax. So you might be a bit skeptical of taking them up on it after this, but it’s certainly worth consideration. However, be sure to read the fine print for any service you sign up for, no matter what the service is doing. In this case, there was initially some detail that required those who chose to use the service, called TrustedID Premier to pay for the service automatically once the free term expired. However, that clause has since been removed from Equifax’s terms of service with respect to this breach. So, you can sign up and take advantage for free; but still read the terms of service thoroughly and don’t expect this to completely protect you from identity theft.

If you are still hearing that signing up for the credit monitoring service will exempt you from any class action lawsuit that may arise, that has changed. Equifax has removed that language from its Terms and Conditions, so you can now take advantage of the service without worry.

Consider the options if your social security number was accessed by unauthorized parties for any event; not just this one. Credit monitoring services do not prevent your identity from being stolen. They will alert you if someone tries to obtain credit with your information. Essentially, it gives you a heads up right away so you can take action to remedy before it gets worse. Identity theft protection services, which were also offered, will help you through the process of correcting any fraud, but again won’t prevent it from happening.

On the other hand, consider a credit freeze, which will prevent credit from being taken out in your name. It blocks any attempt to access credit and the credit bureaus will alert you if someone tries. A credit freeze is recommended to those who have had their social security numbers stolen and who are not applying for credit in the near term. That is because a freeze will do just that; freeze access to your credit so no one can access your report.

That said, if a time occurs where you will need to provide access to your credit for some reason, a credit freeze can be lifted and re-implemented if needed. Just make sure to check the fine print to find out how much lead time is needed to do this and if additional costs are involved. In some states, there is a cost associated with freezing credit.

An important detail about taking advantage of any credit monitoring service is that if there already is a freeze on your credit, the credit monitoring services will not work. This is because they need to access your credit reports in order to monitor activity. However, don’t unfreeze it just to sign up for a service. If the third party cannot access your file because it’s frozen, then the credit freeze is doing what it is intended to do.

Something that often gets overlooked is monitoring the credit of children. In theory, children under 18 should not have a credit report, because they are not consumers. Per a 2012 study by the Identity Theft Assistance Center and the Javelin Strategy & Research group, one in 40 families with children under 18 had at least one child whose information was accessed in an unauthorized manner. If you find a report for your child on file with Equifax, Experian, or TransUnion, investigate it and the possibility of fraud using the child’s information.

Also remember that this applies to anyone who has used a social security number to get credit of any type or even to turn on utilities. This breach or any breach that includes stolen social security numbers is not limited to U.S. citizens. Anyone with a social security number can be a victim of identity theft.

© Copyright 2017 Stickley on Security
September 13, 2017

Iron Man Is Taking Your Money In This Resurfaced Scam

Movie stars have all the luck. Everyone wants to be them, including cyber criminals. Robert Downey Jr., who is perhaps most well known as playing Iron Man in the recent Marvel movies is warning his fans that someone is impersonating him and asking for “contributions” to various “causes.”

This is not a new scam, but it seems it is making the rounds again. Watch out for any request that is supposedly from someone famous. Other famous names impersonated in this scam include musicians Brad Paisley and Elton John, actors Ryan Reynolds, Ryan Gosling, Hugh Jackman, Ben Stiller, and Mark Ruffalo. However, it’s likely many others are out there too.

If you want to donate to any of the wonderful charitable causes out there, go directly to those websites and make your contributions there. Alternatively, send checks to their official addresses from their websites. Never send money to sites that randomly appear on your social media news feeds or on those of famous or well-known people. While it is not out of the question that stars may be trying to help their favorite cause, they won’t directly ask their fans.

If you see a plea for help in your social media feed from one of your contacts, be sure to investigate it before sharing it with yours. If you cannot find a link to someone in your network, perhaps reconsider whether you want to ask your contacts to donate.

Famous people typically don’t communicate with their fans individually to ask for contributions of any kind. In fact, Downey Jr. wrote on his Facebook page: “I will never ever communicate via private chat platforms, and I would never ask individual fans for money for any reason.” He continued, “Any communication from me will originate from my public, verified social media pages, and all fundraising is done via broad, public campaigns.”

Brad Paisley wrote a similar notice when his name was being used for this scam.

© Copyright 2017 Stickley on Security
September 11, 2107

Equifax Isn’t Calling

Ring, ring. “This is Equifax calling to verify your account information.” Stop. Don’t tell them anything. They’re not from Equifax. It’s a scam. Equifax will not call you out of the blue.

That’s just one scam you might see after Equifax’s recent data breach. Other calls might try to trick you into giving your personal information. Here are some tips for recognizing and preventing phone scams and impostor scams:

– Don’t give personal information. Don’t provide any personal or financial information unless you’ve initiated the call and it’s to a phone number you know is correct.

– Don’t trust caller ID. Scammers can spoof their numbers so it looks like they are calling from a particular company, even when they’re not.

– If you get a robocall, hang up. Don’t press 1 to speak to a live operator or any other key to take your number off the list. If you respond by pressing any number, it will probably just lead to more robocalls.

If you’ve already received a call that you think is fake, report it to the FTC.

If you gave your personal information to an imposter, it’s time to change any compromised passwords, account numbers or security questions. And if you’re concerned about identity theft, visit IdentityTheft.gov to learn how you can protect yourself.

For more information about the Equifax breach, visit Equifax’s website, www.equifaxsecurity2017.com  (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.) or contact their call center at 866-447-7559.

Lisa Weintraub Schifferle, Attorney, FTC, Division of Consumer and Business Education
September 14, 2017

Avoid Hurricane Clean-Up Scams

After natural disasters like Hurricanes Irma and Harvey, unlicensed contractors and scammers often come into the affected area promising immediate clean-up and debris removal. Some demand payment up-front for work they never do. Others simply lack the skills, licenses, and insurance to legally do the work.

Here are some tips to protect yourself, your property, and your money:

– Check with local consumer protection officials to find out whether tree and debris removal contractors need to be licensed in your area. If so, check out the license for the contractor you’re considering. Never sign any document or pay any contractor before verifying their license.

– Ask contractors for references and, if possible, call previous clients. Talk with your neighbors about what they’re paying for similar work.

– Write down the contractor’s driver’s license and vehicle information (make, model, and license plate number) in case you need to report the contractor to authorities.

– Ask a contractor to give you their license and certificate of insurance once they are on your property. If a contractor tells you certain work is covered by your insurance, call your insurance company to confirm.

– Get a written estimate and sign a written contract. Make sure it includes a description of the work, the materials included, when the work will be finished, the price, and the address and phone number of the contractor. Read all contracts and make sure all the blanks are filled in before you sign.

– Pay with a credit card or check so you can dispute charge or cancel the payment if there are problems later. Be wary of contractors who ask you to pay them in cash – even for a deposit. Negotiate a reasonable down payment, and only pay in full when the work is done to your satisfaction.

– Trust your gut. If you have any doubts about hiring someone, take your business elsewhere.

– If you have second thoughts about the contractor you hired, you have the right to cancel a contract within three days if you signed it in your home or at a seller’s temporary location, like a hotel room, convention center, or restaurant.

For more information, visit Dealing with Weather Emergencies.


by Colleen Tressler, Consumer Education Specialist, FTC
September 12, 2017

Everything You Touch On Your Mobile Device Can Be Stolen

Recently researchers at Kaspersky Lab discovered that a dangerous piece of malware has just become more dangerous. It has always been able to get access to smartphones, overlay legitimate apps with fake ones, and steal financial account login credentials. Now, it can also infiltrate the accessibility features on Android devices and become a keylogger.

But what exactly is a keylogger, you might be wondering?

Keyloggers can track and log every single keystroke made on the device. This means if you type anything into any text area of the device, it’s being recorded and going to the cybercriminals. So now, not only can Svpeng make phone calls, get access to administrator functions, intercept text messages, take screen shots, it now can also log everything you do; including get your banking credentials and drain your account. Talk about intrusive!

Always be cautious of installing any app on your mobile devices. Do a lot of research first to make sure you really do want to download any given product. Read the reviews and analyze whether or not they are legitimate. If there are only a few reviews and they are glowing, perhaps it’s better to wait until a few more people are the guinea pigs.

Also be sure to download them from the product’s official app store. While there is no guarantee these are 100% safe, they generally do go through more security scrutiny than those that are on third party sites.

Keep current backups of important data and photos too in case malware does strike. Then it’s easy to restore the last copy to the device and keep your precious family photos. All the data can be stored in the cloud, on a computer, or an external hard drive. Sometimes it will cost a bit, but it will be worth it should you ever need to take advantage of it.

Remember that malware isn’t limited to free apps. Sometimes it is found in paid ones as well.

One more thing; this evolution of Svpeng seems to be pretending to be an Adobe Flash Player installer. Remember, Adobe Flash Player does not exist for Android. Don’t fall for it.

This version also does not steal from those who have their primary language on the device set to Russian. So, if you meet that criterion, you’re safe this time. The malware still installs and checks the language of the device to see if it is Russian and it could have an effect on other functionality, such as speed. However, it exempts those people from the damage it can do.

As of last count, this reboot of Svpeng has affected users in 23 countries.

© Copyright 2017 Stickley on Security

Four Common Scams That Take Advantage Of Current Events

There are a lot of scams being perpetrated by the unscrupulous wanting to make a buck. Many of them are surprisingly simple to pull off and therefore, persist and evolve over time and to keep up with current events. With the recent weather patterns depositing massive amounts of wind and water on land causing millions of dollars in damages, it’s not unusual to see an uptick in scams that take advantage of human suffering and compassion. Following are several of the most common ones that are currently making the rounds.

1. Disaster Relief/Charity

Americans are an empathetic group and scammers are very aware. That’s why scams persist that piggyback on natural disasters such as the recent one, Harvey that hit the Gulf Coast of the U.S. Similar ones appeared after Hurricane Katrina, the earthquake in Nepal, and others.

Often these are so successful because they spread very quickly on social media such as Facebook and Twitter. It’s likely that the upcoming Hurricane Irma, expected to hit the coast of the U.S. by the weekend, will be used in such scams in the very near term, so be aware of these and don’t fall for them.

When natural disasters happen and you want to send money, donate through a well-known and respected charity. They will accept payment cards on their websites, can add it to your mobile bill via well-advertised text numbers, and deduct it directly from your bank account at some ATMs. All are a better option than clicking links seen in email or on social media.

2. Insurance Scams

In the case of hurricanes and flooding, the Federal Trade Commission receives many complaints about flood insurance scams targeting those in the affected areas. Homeowners receive robocalls claiming that their insurance premiums are overdue. To receive compensation for flood damage, money needs to be paid immediately.

Work with your insurance agent when filing claims against your policies. This goes for any type of insurance for which you pay premiums. Your agent will be able to assist you on a personal level.

3. Dying or Sick Baby

The Dying or Sick Baby version is when someone pretends they have a very sick or dying child who needs medical care. In a twist on this, often seen on Facebook and other social media are desperate requests for some type of assistance to pay recovery costs for friends or friends of friends with links to crowdfunding sites. While some of these may be legitimate, be aware that it is a very common scam as well.

When sharing requests for donations on social media, verify that the need is real before passing it on to your friends. If you cannot trace it back to someone in your network, reconsider if you want to forward it on to your friends, family, or colleagues.

Always take time to verify any such stories independently; even if it sounds like a very urgent matter. It doesn’t usually take much time to confirm if a relative or friend is sick or really does need help. If you cannot verify it, don’t send money.

4. Phishing and Copycat Scams

Finally, always watch out for phishing scams. These usually increase during times of crisis. Don’t click links or attachments from unknown persons or if the content is unexpected. If you want to help, verify with the sender before clicking. Copycat scammers will use website addresses that are very similar to the ones for which we are all familiar during natural disasters and emergencies. Check URLs closely before clicking and if the name is slightly different or the site is not secure (there is no padlock icon, no “https” preceding the address, or some other indication of safety), don’t put in any sensitive information.

As always, if you are told that cash, gift cards, a money service such as Western Union, or pre-paid cards are the only form of payment accepted, question the legitimacy of any request.

If you come across these scams or have been a victim, file a complaint with the Federal Trade Commission (FTC). There is information at the website on how to do this efficiently.

© Copyright 2017 Stickley on Security