Tips for Mitigating Risk Associated with Identity Theft

It’s all too common nowadays: identity theft and the risk it poses to your credit history. If you determine that you are a victim of a data breach, a lost wallet/Social Security Card, or falsely filed tax return, below are the steps to follow to help mitigate your risk:

  • Add a verbal password to the account and any accounts you are primary or joint on.
  • Add a 90-day fraud alert with Experian, Equifax and Transunion.
  • File a police report with local law enforcement.
  • File a report with the FTC and complete the FTC Identity Theft Victim’s Complaint and Affidavit form if you discover unauthorized inquiries or trade lines.
  • Inform your other Financial Institutions of the breach.

The ID Theft Brochure below contains additional information to assist you.

 

ID Theft Brochure_Page_1ID Theft Brochure_Page_2

 

Smartphone Malware is Rising Quickly. Are You Prepared?

Smartphones have become the norm when it comes to mobile phone devices. Long gone are the boxy cellular telephones with the protruding antennae of the 1970s and even the small, but less functional flip phones of the 1990s. And remember the mobile phones that came with a case the size of a backpack?

As nice as it is to reminisce, it’s important to realize that with more functionality and computer-like abilities, smartphones are also becoming bigger targets for malware developers and pesky cybercriminals who are set on getting your money.

Kaspersky Security has done some research and found that the percentage of malicious applications installed on mobile devices between January and October 2014 is on the rise and rapidly. The numbers range from .01% of all apps installed in Japan to well over 2% in Vietnam, the highest on the list. The U.S. ranked number 20 of 24 countries evaluated at .07%

Not surprisingly, the number of malicious apps has increased from around 1 million in early 2012 to over 120 million in the last quarter of 2014. While Trojans stealing banking credentials and malicious adware are rising up the popularity chain, the more “old-fashioned” malware installed from games or other software and text messaging to premium numbers still make the chart. It is probably not surprising that Russia pops up in conversations about malware. Russia is often used as a testbed for mobile banking malware developers before distributing them to other countries. In the same period, Kaspersky reports that for every 501-1200 mobile malware infections in the U.S., there are between 1201 to 14,000 in Russia. The fewest mobile banking malware infections occur in South America, Africa, and Australia.

Besides installing anti-malware and keeping it updated on your mobile devices, you can also avoid it by not sideloading apps onto your smartphone. This is when they are downloaded from a location other than the official app stores. The app stores have extra security measures to help prevent malicious programs from entering the stores. Although it is not guaranteed, due to the sheer volume of apps that are in them, it is an extra layer provided that is not there when you download from other places.

While we are on the topic of sideloading, this is allowed on Apple devices if they are jailbroken. This opens your device up to additional risks because some of the inherent security tools are no longer working for you the way they were designed. Android devices have more flexibility with regard to downloading applications and even more if they are rooted. Therefore, it’s advised not to jailbreak or root your smartphones.
If you want or need to download something to your smartphone, do some research on the app first. If it contains something malicious, the reviewers will state as much. Also, be aware of apps that cost money but don’t actually do anything. The reviews or a quick search for news on the app in a search engine should provide you with some information on the app.

We text more than we talk these days, it seems. So cybercriminals are also taking advantage of our anti-social behavior and exploiting text messages. Often, they will send malicious code via link in a text message or perhaps in an attachment. So, don’t open those when they arrive unless you are certain they are legitimate. Otherwise, you may end up sending a lot of money to a premium number renter because the app placed malware on your phone called repeatedly. You also may get some nasty messages from your friends and contacts because that same piece of malware also sent spam texts to everyone in your contact list.

So it is perhaps more important than ever to stay ahead of the game by securing your smartphones, using security tools available, and not falling for social engineering tactics such as phishing.

 

©Copyright 2015 Stickley on Security

Stolen Uber Passenger Information for Sale Promising Buyers a Free Ride   

Uber LogoUber passengers are now being advised to change their account passwords immediately.  Reports are appearing claiming that an “unlimited” number of Uber accounts are being offered for sale on underground sites.

The price tag is $5 to receive some personal details and “limited” credit card information, and the event is causing the company to investigate whether or not their network may have been breached. The credit information that is being advertised for sale is reportedly only the last four digits of the card number.

When changing passwords, Uber account holders are advised to use a separate one from any other online account. Duplicate account credentials have been blamed for other recent incidents, such as the “naked celebrity” and Google Gmail stories of last year. New passwords should not include any identifiable information such as birthdate or driver’s license number and should be a minimum of eight characters long. In addition, special characters, numbers, and both upper and lower case letters should be included.

Uber has stated there is no evidence of a breach at this time. However, “vendors” on the site AlphaBay are claiming to have sold over 144 accounts since March 18 and more than 3,000 over all. Below is a screen shot of a site selling the accounts.

To add value to their crime services, purchasers may also buy a guide helping them to avoid getting caught for a mere $1.87 more. Some other vendors of the information are claiming that the supplied email addresses and passwords included in the packages are 100% valid and others are offering to supply account information based on geographic location.

There is little doubt that this will become big news giving scammers the opportunity to go phishing. Beware of any email communication asking you for information or to verify information. Uber does want you to change your password, but they will not send you and email with a link to their site. Go directly to any site you wish to visit, it is best not to click on email links or open attachments. The end result, if the email was from a criminal, will be malware.

One of the sellers, Courvoisier, is well-known in the card stealing arena and is known to have stolen massive amounts of credit card information.

 

©Copyright 2015 Stickley on Security

Job Seekers Beware: ‘Re-packing’ Jobs Could Lead To Jail Time!

Long-term unemployment is still a reality for 2.8 million Americans. They’re isolated and increasingly desperate, making them a perfect target for cyber-criminals.

The Better Business Bureau is reporting a new breed of cyber-crime that turns innocent people into accessories in the distribution of stolen merchandise. The scam starts like a lot of others, with a job offer from an anonymous company. The work sounds ideal. It’s work-from-home, set your own hours, and work as much or as little as you like. Best of all, it’s easy. You receive shipments at your house, then repack them and ship them to another address.

If you sign up, you’ll receive packages containing products and instructions about shipping them to other addresses, sometimes overseas. Your employer will want you to cover shipping, but promises to reimburse you for costs on top of your salary. At the end of the month, you get a check from your employer.

The first bad news comes when you attempt to cash that paycheck and it turns out to be fake. All the work you’ve done, plus the shipping costs you paid out of pocket, are gone. It’d be bad enough if it ended there.

Worse yet, you might end up facing criminal charges. At the very least, you’ll be an accessory to the theft of the goods you handled. If you helped to redistribute those goods, you handled stolen property. Even if you didn’t know the goods are stolen, if you didn’t ask questions where a reasonable person would have, you’re guilty.

To make matters worse, if you shipped those items internationally, you likely had to lie on customs documents. That’s a federal offense. The scammers just tricked you into taking all of the legal risk while they keep the money.

Similar scams are common in money laundering. A scammer will contact you or leave a post on a job board asking for financial service assistance. They’ll send a check and ask you to deposit it, then wire them back some of the money. You can keep a portion of it as your payment. The check was written against stolen funds and the issuing institution refuses to pay it. You’re out whatever you wired the scammer and could face charges as an accessory to fraud.

These scams are an unfortunate part of the job search process. They prey on the uncertainty and desperation that characterizes long-term unemployment. The widely anonymous nature of the Internet provides a perfect cover for schemers. If you want to keep yourself safe, follow these tips:

1.) Be proactive in your job search

It’s possible that your dream job may fall in your lap, though it’s far more likely that you’ll have to work really hard to get it. If you post your resume on a job site and walk away, it’s possible that the only people who are going to contact you are scammers. If you work with a recruiter or employment agency, you’ll form a contact that can help you land the job you want.

Working with an agency will also help you weed out the scams. You’ll have someone you know and trust to sort the real opportunities from the bogus ones. They’ll help put your resume in places where it needs to be instead of in the wrong hands.

2.) Check the links

Many of these scams work by “spoofing” a legitimate job posting. You’ll see an email saying that X company has reviewed your resume and thinks you would be a good fit for this position. The email will contain a link to something designed to look like a legitimate job posting on a big job board like Monster or Indeed.

Checking to see where links are really going is a hassle, but a quick mouse-over the link will show you the URL. If you don’t recognize the domain (the first part after the http:// and before the .com or .org), don’t click the link. Report the email as the scam attempt it is.

3.) Watch for keywords

“Repackaging” or “reboxing” are common keywords in these scams. For money-laundering, scammers often refer to the work they are proposing as “payment processing” or “wire transfer assistance.” It’s worth taking a moment to think about what you’d be doing. No legitimate business would need a personal checking account to move money around. If they’re a business that can pay for your services, they have a checking account. Similarly, they have an address and postal services.

If an employer is seeking your personal information before they’ve hired you, they’re not a potential employer. They’re crooks trying to steal your identity. It’s as simple as that.

Buyer Beware: 4 Tips For Shopping At Going-Out-Of-Business Sales

Big-name retailers like Sears and Kmart are closing doors around the country, and niche shops like Delia’s are shutting down entirely. That means the newspapers and email boxes are littered with “going-out-of-business” ads. New products are going to be available at deep discounts.

The prime season for going-out-of-business sales is now.  In January, retailers that are going out of business are facing down a new set of bills without a major spending season until at least April. Now is the time they start shutting their doors and liquidating their merchandise.

It may seem like these sales represent a golden opportunity. Retailers have bills to pay and are desperate for cash. Meanwhile, consumers can buy stuff they need at a serious savings.

But it’s not that simple. The owner of a store that’s shutting its doors is still going to be responsible for the bills they owe. They’re trying to minimize their losses by selling goods as fast as possible. They’re also not counting on a lot of repeat customers, so they have little incentive to be truthful or honest. Watch out for the following tricks:

1.) ‘As-is’ merchandise

One of the first things most retailers do when they begin a liquidation sale is change their return policy. They’re trying to get inventory out the door, and having it come back in prevents them from doing so. They won’t take returns for any reason.

This little change can free them up to sell damaged, broken or otherwise defective merchandise at retail. Under ordinary circumstances, they’d never put the item on the shelf. Now, though, there’s no reason to keep it in the back.

If you’re buying fragile goods, like electronics or dinnerware, ask if you can open the box to make sure everything’s there. If a store employee seems unwilling, think twice. You might be on the verge of buying a lemon.

Beyond damaged goods, retailers may attempt to do the same thing with mislabeled products. At clothing sales, stores may counting on impulse decisions to drive volume. Since the price is so steeply discounted, many people will be tempted to purchase without trying on first. This is a great way to end up with a dress that doesn’t fit.

Also, don’t count on a warranty. Manufacturers will try to direct you to your retailer to honor your warranty. They’ll use this blame-shifting tactic to get out of paying for new merchandise. Expect the product you buy at a liquidation sale to receive no support.

2.) Discount gimmicks

There’s so much money to be made from going-out-of-business sales that a new kind of company has emerged. So-called professional liquidators run these sales on behalf of companies. The first thing they’ll do is mark up the prices of every item in the store by 20-30%.

Because of that, when you see “10% off everything in the store,” you should really be reading “5% increase on everything in the store.” The first weeks of a liquidation sale are an exercise in manipulative consumer psychology. The advertised discounts and the appearance of scarcity will drive consumer spending.

What keeps stores from running these kind of “mark-up/mark-down” sales all the time is reputation. When a store is going out of business, though, those concerns are the first thing out the door. “Everything must go” includes the brand and any integrity they’ve established with their customers.

While the discounts will come, they’ll come much later in the sale. They’ll also be on a much more limited selection of goods. Most of these firms increase their discounts weekly. By the second or third week of the sale, prices may be below retail.

3.) Buy now!

Liquidation sales rely on scarcity to create a sense of urgency. The limited time frame and small quantity of desirable goods can lead to impulsive decision-making. You can pay more for goods you don’t really need if you’re not careful.

Businesses may be desperate, but not quite in the way they’re portrayed. They’re desperate to make money now. The owners of these businesses have bills piling up and need cash. They’re not afraid to make long-shot claims about the features or effectiveness of their products.

This sense of urgency is most palpable during the first week or so of the sale. This is when most firms plan to make the most of their money. Holding off will mean less selection, but it will also mean less pushiness from salespeople.

4.) How you pay matters

Obviously, if you have gift cards, use them or lose them. Competitors aren’t going to honor those. Laws also provide little protection for gift card holders. Bankruptcy law treats them as creditors, meaning you’ll have to fight for repayment with credit card companies and other lenders. In general, once the merchandise is gone, the card is worthless.

Paying cash for large-ticket items to a desperate business can also be a poor choice. If you’re not leaving the store with your purchase, a cash deposit can leave you out of luck if they close before delivering your goods. You can sue, but the company doesn’t have assets to pay your damages.

Your best bet is to pay with a credit or debit card. These instruments frequently have refund policies that exist independent of retailers. If the goods never show up, you can get your deposit back by calling your issuer. Leave as small a deposit as the retailer will allow to protect yourself as much as possible.

Shop liquidation sales like you shop everything else: cautiously. Consider your options and shop around to find the best prices and make sure you actually need something before you buy it. Liquidation sales can be a great way to score some savings, but be cautious on the way.

How To Choose A Tax Preparer (And Why You Might Need To)

It’s tax time!  As you’re gathering your pay stubs and receipts in preparation for your annual headache, it might be worth considering whether you need professional help this year. A few things have changed.

First, the IRS is losing funding. If you were counting on getting help with the forms from the IRS, you might be in for record wait times. The IRS budget has fallen by 10% in the last five years, while costs have increased. Staff reductions of around 8% have mostly affected customer service and fraud protection, while training budgets have been cut down to almost nothing. Even if you do get through, the person you’re talking to will  be less likely to help you. One taxpayer watchdog group claims 47% of calls going to the IRS this year won’t get answered. Those who do will have to wait an average of 34 minutes to talk to a human.

The IRS maintains a “priority” line for tax professionals, which is the first reason you should consider hiring one. While the wait times there will be just as long, it won’t be you who has to do the waiting.

Second, this will be the first year the IRS has had to implement the tax credits and penalties of the Affordable Care Act. There will also be new rules for foreign taxpayers thanks to the Foreign Account Compliance Act. This will be the most complicated tax return many consumers have ever filed, according to Charles McCabe, president of Peoples Tax Income.

Third, the IRS will have less ability to enforce and investigate tax returns. This means you can be a little bolder in claiming a deduction or credit you might be entitled to, but it also means you need to streamline your return for easy processing. A tax professional will be able to help you accomplish both those goals.

The problem, though, is that tax returns have become an increasingly common target for fraud. Criminals file bogus returns on behalf of identity theft victims. Unscrupulous tax preparers may also file negligent returns designed to get big refunds deposited into their own accounts. This can leave you robbed of your return and facing serious IRS penalties.

When you choose a professional, you need to be sure you’re getting someone who will keep your best interests at heart. You need to do your homework and only entrust your financial information to a certified professional.

Here are three steps to help you find one.

1.) Do it by the numbers

For the first time, the IRS doesn’t have the authority to regulate tax preparers. In 2014, all professional preparers were required to obtain a PTIN (preparer tax identification number) which meant they were regulated. A recent federal court decision, though, ruled that the program overstepped the IRS’s authority.

The IRS Return Preparer’s Office came out with a compromise program. While preparers are no longer required to have PTINs, those who are serious about being transparent can complete a voluntary continuing education program to receive one. If you’re going to sit down with someone and reveal all your financial secrets, make sure they’ve gone through the program.

2.) Get references

In the same way you’d ask your friends to refer you to a hair stylist or a contractor, you should ask around to see who uses a tax preparer. Hiring help with tax returns is done by 60% of Americans; so the odds are good you know someone who does. If all of your friends file their own taxes, consider asking the owner of a local business you frequent. Small business tax preparation is incredibly complicated, but a good preparer can save a small business owner good money. They may be willing to refer you to their preparer.

You can work backward, too. Before you sit down with a preparer, ask him or her for the names of happy clients. If you don’t get any, think twice. Tax professionals work on the same reputation-based advertising that drives other service professionals. Someone who’s not willing to talk about success stories may not have any.

3.) Consider going big

If all else fails, consider going to a big corporate preparer. H&R Block and others like them have been around forever and they don’t stay in business by robbing customers. Their size and stability can provide some safety.

That size, though, can also create problems for them. Their training programs are not as rigorous as the education that independent preparers usually have been through. They also tend not to retain employees for very long, leading to a lot of inexperienced preparers. Be sure you ask critical questions about the moves they’re making.