Job Seekers Beware: ‘Re-packing’ Jobs Could Lead To Jail Time!

Long-term unemployment is still a reality for 2.8 million Americans. They’re isolated and increasingly desperate, making them a perfect target for cyber-criminals.

The Better Business Bureau is reporting a new breed of cyber-crime that turns innocent people into accessories in the distribution of stolen merchandise. The scam starts like a lot of others, with a job offer from an anonymous company. The work sounds ideal. It’s work-from-home, set your own hours, and work as much or as little as you like. Best of all, it’s easy. You receive shipments at your house, then repack them and ship them to another address.

If you sign up, you’ll receive packages containing products and instructions about shipping them to other addresses, sometimes overseas. Your employer will want you to cover shipping, but promises to reimburse you for costs on top of your salary. At the end of the month, you get a check from your employer.

The first bad news comes when you attempt to cash that paycheck and it turns out to be fake. All the work you’ve done, plus the shipping costs you paid out of pocket, are gone. It’d be bad enough if it ended there.

Worse yet, you might end up facing criminal charges. At the very least, you’ll be an accessory to the theft of the goods you handled. If you helped to redistribute those goods, you handled stolen property. Even if you didn’t know the goods are stolen, if you didn’t ask questions where a reasonable person would have, you’re guilty.

To make matters worse, if you shipped those items internationally, you likely had to lie on customs documents. That’s a federal offense. The scammers just tricked you into taking all of the legal risk while they keep the money.

Similar scams are common in money laundering. A scammer will contact you or leave a post on a job board asking for financial service assistance. They’ll send a check and ask you to deposit it, then wire them back some of the money. You can keep a portion of it as your payment. The check was written against stolen funds and the issuing institution refuses to pay it. You’re out whatever you wired the scammer and could face charges as an accessory to fraud.

These scams are an unfortunate part of the job search process. They prey on the uncertainty and desperation that characterizes long-term unemployment. The widely anonymous nature of the Internet provides a perfect cover for schemers. If you want to keep yourself safe, follow these tips:

1.) Be proactive in your job search

It’s possible that your dream job may fall in your lap, though it’s far more likely that you’ll have to work really hard to get it. If you post your resume on a job site and walk away, it’s possible that the only people who are going to contact you are scammers. If you work with a recruiter or employment agency, you’ll form a contact that can help you land the job you want.

Working with an agency will also help you weed out the scams. You’ll have someone you know and trust to sort the real opportunities from the bogus ones. They’ll help put your resume in places where it needs to be instead of in the wrong hands.

2.) Check the links

Many of these scams work by “spoofing” a legitimate job posting. You’ll see an email saying that X company has reviewed your resume and thinks you would be a good fit for this position. The email will contain a link to something designed to look like a legitimate job posting on a big job board like Monster or Indeed.

Checking to see where links are really going is a hassle, but a quick mouse-over the link will show you the URL. If you don’t recognize the domain (the first part after the http:// and before the .com or .org), don’t click the link. Report the email as the scam attempt it is.

3.) Watch for keywords

“Repackaging” or “reboxing” are common keywords in these scams. For money-laundering, scammers often refer to the work they are proposing as “payment processing” or “wire transfer assistance.” It’s worth taking a moment to think about what you’d be doing. No legitimate business would need a personal checking account to move money around. If they’re a business that can pay for your services, they have a checking account. Similarly, they have an address and postal services.

If an employer is seeking your personal information before they’ve hired you, they’re not a potential employer. They’re crooks trying to steal your identity. It’s as simple as that.

Buyer Beware: 4 Tips For Shopping At Going-Out-Of-Business Sales

Big-name retailers like Sears and Kmart are closing doors around the country, and niche shops like Delia’s are shutting down entirely. That means the newspapers and email boxes are littered with “going-out-of-business” ads. New products are going to be available at deep discounts.

The prime season for going-out-of-business sales is now.  In January, retailers that are going out of business are facing down a new set of bills without a major spending season until at least April. Now is the time they start shutting their doors and liquidating their merchandise.

It may seem like these sales represent a golden opportunity. Retailers have bills to pay and are desperate for cash. Meanwhile, consumers can buy stuff they need at a serious savings.

But it’s not that simple. The owner of a store that’s shutting its doors is still going to be responsible for the bills they owe. They’re trying to minimize their losses by selling goods as fast as possible. They’re also not counting on a lot of repeat customers, so they have little incentive to be truthful or honest. Watch out for the following tricks:

1.) ‘As-is’ merchandise

One of the first things most retailers do when they begin a liquidation sale is change their return policy. They’re trying to get inventory out the door, and having it come back in prevents them from doing so. They won’t take returns for any reason.

This little change can free them up to sell damaged, broken or otherwise defective merchandise at retail. Under ordinary circumstances, they’d never put the item on the shelf. Now, though, there’s no reason to keep it in the back.

If you’re buying fragile goods, like electronics or dinnerware, ask if you can open the box to make sure everything’s there. If a store employee seems unwilling, think twice. You might be on the verge of buying a lemon.

Beyond damaged goods, retailers may attempt to do the same thing with mislabeled products. At clothing sales, stores may counting on impulse decisions to drive volume. Since the price is so steeply discounted, many people will be tempted to purchase without trying on first. This is a great way to end up with a dress that doesn’t fit.

Also, don’t count on a warranty. Manufacturers will try to direct you to your retailer to honor your warranty. They’ll use this blame-shifting tactic to get out of paying for new merchandise. Expect the product you buy at a liquidation sale to receive no support.

2.) Discount gimmicks

There’s so much money to be made from going-out-of-business sales that a new kind of company has emerged. So-called professional liquidators run these sales on behalf of companies. The first thing they’ll do is mark up the prices of every item in the store by 20-30%.

Because of that, when you see “10% off everything in the store,” you should really be reading “5% increase on everything in the store.” The first weeks of a liquidation sale are an exercise in manipulative consumer psychology. The advertised discounts and the appearance of scarcity will drive consumer spending.

What keeps stores from running these kind of “mark-up/mark-down” sales all the time is reputation. When a store is going out of business, though, those concerns are the first thing out the door. “Everything must go” includes the brand and any integrity they’ve established with their customers.

While the discounts will come, they’ll come much later in the sale. They’ll also be on a much more limited selection of goods. Most of these firms increase their discounts weekly. By the second or third week of the sale, prices may be below retail.

3.) Buy now!

Liquidation sales rely on scarcity to create a sense of urgency. The limited time frame and small quantity of desirable goods can lead to impulsive decision-making. You can pay more for goods you don’t really need if you’re not careful.

Businesses may be desperate, but not quite in the way they’re portrayed. They’re desperate to make money now. The owners of these businesses have bills piling up and need cash. They’re not afraid to make long-shot claims about the features or effectiveness of their products.

This sense of urgency is most palpable during the first week or so of the sale. This is when most firms plan to make the most of their money. Holding off will mean less selection, but it will also mean less pushiness from salespeople.

4.) How you pay matters

Obviously, if you have gift cards, use them or lose them. Competitors aren’t going to honor those. Laws also provide little protection for gift card holders. Bankruptcy law treats them as creditors, meaning you’ll have to fight for repayment with credit card companies and other lenders. In general, once the merchandise is gone, the card is worthless.

Paying cash for large-ticket items to a desperate business can also be a poor choice. If you’re not leaving the store with your purchase, a cash deposit can leave you out of luck if they close before delivering your goods. You can sue, but the company doesn’t have assets to pay your damages.

Your best bet is to pay with a credit or debit card. These instruments frequently have refund policies that exist independent of retailers. If the goods never show up, you can get your deposit back by calling your issuer. Leave as small a deposit as the retailer will allow to protect yourself as much as possible.

Shop liquidation sales like you shop everything else: cautiously. Consider your options and shop around to find the best prices and make sure you actually need something before you buy it. Liquidation sales can be a great way to score some savings, but be cautious on the way.

How To Choose A Tax Preparer (And Why You Might Need To)

It’s tax time!  As you’re gathering your pay stubs and receipts in preparation for your annual headache, it might be worth considering whether you need professional help this year. A few things have changed.

First, the IRS is losing funding. If you were counting on getting help with the forms from the IRS, you might be in for record wait times. The IRS budget has fallen by 10% in the last five years, while costs have increased. Staff reductions of around 8% have mostly affected customer service and fraud protection, while training budgets have been cut down to almost nothing. Even if you do get through, the person you’re talking to will  be less likely to help you. One taxpayer watchdog group claims 47% of calls going to the IRS this year won’t get answered. Those who do will have to wait an average of 34 minutes to talk to a human.

The IRS maintains a “priority” line for tax professionals, which is the first reason you should consider hiring one. While the wait times there will be just as long, it won’t be you who has to do the waiting.

Second, this will be the first year the IRS has had to implement the tax credits and penalties of the Affordable Care Act. There will also be new rules for foreign taxpayers thanks to the Foreign Account Compliance Act. This will be the most complicated tax return many consumers have ever filed, according to Charles McCabe, president of Peoples Tax Income.

Third, the IRS will have less ability to enforce and investigate tax returns. This means you can be a little bolder in claiming a deduction or credit you might be entitled to, but it also means you need to streamline your return for easy processing. A tax professional will be able to help you accomplish both those goals.

The problem, though, is that tax returns have become an increasingly common target for fraud. Criminals file bogus returns on behalf of identity theft victims. Unscrupulous tax preparers may also file negligent returns designed to get big refunds deposited into their own accounts. This can leave you robbed of your return and facing serious IRS penalties.

When you choose a professional, you need to be sure you’re getting someone who will keep your best interests at heart. You need to do your homework and only entrust your financial information to a certified professional.

Here are three steps to help you find one.

1.) Do it by the numbers

For the first time, the IRS doesn’t have the authority to regulate tax preparers. In 2014, all professional preparers were required to obtain a PTIN (preparer tax identification number) which meant they were regulated. A recent federal court decision, though, ruled that the program overstepped the IRS’s authority.

The IRS Return Preparer’s Office came out with a compromise program. While preparers are no longer required to have PTINs, those who are serious about being transparent can complete a voluntary continuing education program to receive one. If you’re going to sit down with someone and reveal all your financial secrets, make sure they’ve gone through the program.

2.) Get references

In the same way you’d ask your friends to refer you to a hair stylist or a contractor, you should ask around to see who uses a tax preparer. Hiring help with tax returns is done by 60% of Americans; so the odds are good you know someone who does. If all of your friends file their own taxes, consider asking the owner of a local business you frequent. Small business tax preparation is incredibly complicated, but a good preparer can save a small business owner good money. They may be willing to refer you to their preparer.

You can work backward, too. Before you sit down with a preparer, ask him or her for the names of happy clients. If you don’t get any, think twice. Tax professionals work on the same reputation-based advertising that drives other service professionals. Someone who’s not willing to talk about success stories may not have any.

3.) Consider going big

If all else fails, consider going to a big corporate preparer. H&R Block and others like them have been around forever and they don’t stay in business by robbing customers. Their size and stability can provide some safety.

That size, though, can also create problems for them. Their training programs are not as rigorous as the education that independent preparers usually have been through. They also tend not to retain employees for very long, leading to a lot of inexperienced preparers. Be sure you ask critical questions about the moves they’re making.

12 Ways To Practice Safe ATM Transactions

ATM fraud is on the rise. Here are 12 ways to protect yourself and your account from theft!

1. Look for recent device modifications – bulky keypads, electrical tape, fresh glue, unworn plastic, etc. These can be signs of a PIN capture device being used.

2. Check for cameras – tiny pinholes provide clear views of the keypad and are a prime target for recording PINs. Security cameras designed for safety are obvious and usually mounted further away.

3. Cover the PIN pad with your other hand to keep your transaction safe from prying eyes.

4. Look for people sitting nearby who are using laptops, tablets, or cellphones. If they’re sitting there for more than a few minutes, they may be eavesdropping using the device.

5. Do not share your PIN with anyone you don’t want using your card (and that should be a very small circle). If you write down your PIN (not recommended), keep it in a secure location away from the card. Don’t carry it in your wallet or record it in your phone!

6. Only use ATMs in well-lit, public spaces. Prefer those that offer drive-up service and don’t have buildings or heavy foot traffic nearby.

7. If you have trouble with an ATM, go to the nearest bank branch or use another ATM. DO NOT let strangers “help” you with the transaction.

8. Avoid ATMs in tourist hot spots like shopping malls – these high traffic areas make it easier for thieves to work.

9. Monitor your checking account statement regularly for suspicious or unknown charges.

10. Report any unusual account activity to your credit union right away.

11. Remember that POS terminals, gas station consoles and other payment locations are just as vulnerable as standalone ATMs.

12. Whenever possible, process your debit card transaction as a “credit” transaction so you will be prompted to sign for it rather than enter a PIN that can be seen by the next person in line.

Be Wary of ‘Order Confirmation’ Emails

Republished from http://krebsonsecurity.com/2014/12/be-wary-of-order-confirmation-emails/ originally published on 12/14/2014

If you receive an email this holiday season asking you to “confirm” an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.

Home Depot Scam Confirmation

An “order confirmation” malware email blasted out by the Asprox spam botnet recently.

Seasonal scams like these are a perennial scourge of the holidays, mainly because the methods they employ are reliably successful. Crooks understand that it’s easier to catch would-be victims off-guard during the holidays. This goes even for people who generally know better than to click on links and attachments in emails that spoof trusted brands and retailers, because this is a time of year when many people are intensely focused on making sure their online orders arrive before Dec. 25.

Walmart Scam Confirmation

This Asprox malware email poses as a notice about a wayward package from a WalMart order.

According to Malcovery, a company that closely tracks email-based malware attacks, these phony “order confirmation” spam campaigns began around Thanksgiving, and use both booby-trapped links and attached files in a bid to infect recipients’ Windows PCs with the malware that powers the Asprox spam botnet.

Asprox is a nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email (such as the pharmaceutical spam detailed in my new book Spam Nation), and perpetuates additional Asprox malware attacks. Asprox also deploys a scanning module that forces hacked PCs to scan websites for vulnerabilities that can be used to hack the sites and foist malware on visitors to that site. For an exhaustive and fairly recent analysis of Asprox, see this writeup (PDF) from Trend Micro.

Malcovery notes that the Asprox spam emails use a variety of subject lines, including “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order.”

Target Scam Confirmation

Target is among the many brands being spoofed by Asprox this holiday season.

If you receive an email from a recognized brand that references an issue with an online or in-store order and you think it might be legitimate, do not click the embedded links or attachment. Instead, open up a Web browser and visit the merchant site in question. Generally speaking, legitimate communications about order issues will reference an order number and/or some other data points specific to the transaction — information that can be used to look up the order status at the merchant’s Web site.

Sony Hack: What You Need To Know

It’s easy to think no one is safe on the Internet anymore. On December 1, tech giant Sony joined retailers like Home Depot and Target on the list of apparently vulnerable computers. A large-scale hacking effort hit its films division, Sony Pictures.

There are quite a few reasons for consumers to be aware of this developing story. First off, if you’re a PlayStation owner, you might be wondering if your data was compromised. In addition, if you’re an Internet user, you might be wondering how to keep yourself safe from future hacks. To help address those concerns, let’s go over what we know and what you need to do to protect yourself.

The Hack

On December 1, the FBI issued a “flash” warning to business owners warning them of a dangerous new strain of malware. The FBI later confirmed that this malware had been used in an attack on Sony Pictures. Sony issued a statement describing the attack that afternoon.

According to Sony, screens across the company went black, their contents replaced by the message “Hacked by #GOP.” GOP, in this case, stands for Guardians of Peace, a known group of cybercriminals. The group also threatens to release “secrets” stolen from Sony servers.

Sony suspects that North Korea, or a nation acting as its proxy, may have engineered the attack out of a desire to stop the new James Franco/Seth Rogen movie “The Interview.” In the film, Rogen and Franco are TV personalities sent by the CIA to assassinate North Korean leader Kim Jong Un. The North Korean government has condemned the film in letters to the United Nations and the White House. A representative of the North Korean government denied responsibility in the attack.

The hackers compromised several screener copies of yet-unreleased Sony movies, including WWII drama “Fury” and the forthcoming remake of “Annie.” They also gained access to a great deal of confidential internal information. The Social Security numbers of several celebrities and the home addresses of many Sony employees have already been made public.

The exact extent of the leak is, as of yet, unknown. Sony has brought in an outside security expert to determine the extent of the damage while the FBI conducts an investigation into the origin of the attack.

The Followup

On December 8, hacker group Lizard Squad launched another attack, this time targeting the PlayStation Network’s login server. Sony has not indicated whether consumer records were affected by the attack and the outage lasted only a few hours.

While there is no direct evidence linking the two events, the timing is suspicious, at the very least. Until Sony completes its investigation, there’s no way to know whether or not the same vulnerability was exploited by both groups. At time of press, the gaming network is secure.

What Was Learned

As it turns out, individual web users aren’t the only victims who need to beware of suspicious downloads. In each of the big security breaches this year, corporate computer users have downloaded devastating malware onto company computers. Even the best security software couldn’t have protected against user negligence.

There’s no need for individual consumers to panic. No user data appears to have been compromised. PlayStation Network users might consider changing their passwords, but no further action is needed. Unless you work for Sony, it’s unlikely your personal information was compromised.

Continue to follow identity monitoring best practices. Check your credit card statements. Change your passwords regularly. Keep an eye on your investment accounts. Report suspicious account activity immediately.

The real lesson from the Sony hack should be the prevalent threat of malware. Even with the highest caliber security software, downloading a dangerous file can do serious damage to your computer- and your identity. Here are a few guidelines to help keep you safe online:

  • Don’t open attachments within emails unless you’re expecting them. The rise of email worms that spread using contact lists means we should always be suspicious of attachments. If you need to share a picture or document, consider using a secure upload service. Try free apps like Dropbox or Google Drive to keep your files safe and shareable.
  • Don’t follow links if you don’t know where they’re going. A malicious program could be cleverly disguised behind a news headline. If you don’t recognize the host of the website, just don’t click it.

Safeguard your login information. Don’t share usernames or passwords for any service with anyone. Any piece of identifiable information you publish can be used to fish for more passwords.