Here’s How to Make Sure You Don’t Fall for the Latest Tax Scam

You know never to respond to a phone call from the IRS, because — say it with me — they never call. Well, this latest scam has been taking taxpayers for a ride.

True or False: The time for IRS-related swindles and scams is behind us — until next tax season. If you’re still reading this, you probably guessed “false.” And yep, it’s sad but true: Those pesky swindlers are still at it.

Normally, when summer arrives with its parade of warm days and fewer demands on our attention, there is a quiet month or so when very little happens in the way of IRS-related activities (quarterly payments being the only thing you might expect on a list of tax-related things to do). So, you should be safe from the current scam making the rounds — but you’re not. The IRS recently issued a warning about a scam that’s been luring summertime tax-fraud victims.

You know never to respond to a phone call from the IRS, because — say it with me — they never call. (The agency does have debt collectors representing them now, but you’ll receive several notices before they call you and you can expect to be contacted by one of four firms —CBE Group, ConServe, Performant and Pioneer Credit Recovery — not an IRS agent, more on this below.) Well, this latest scam put a saddle on that old nag and has been taking taxpayers for a ride.

Here’s how: You get a call from the IRS telling you about official correspondence sent via snail mail — certified mail, no less. The letters were returned to the IRS as undeliverable. They tried to mail you the notice you needed. They have to call you.

So, what do you do? Hang up.

The thing about these scams is that they always have the ring of truth to them. (Remember, con man is short for confidence man.) If you stay on the phone, you will be informed that there was an issue with your tax return and you owe money that is extremely late in getting where it’s supposed to be. You have to pay with a card that is connected with the Electronic Federal Tax Payment System (EFTPS). Sounds legitimate, because the EFTPS is one of the ways you can pay your taxes. That said, you can’t do it with a gift card or any other kind of prepaid card, which is what the scam requires to pay out the fraudster. (You can also pay taxes with credit cards, which you can learn about here.)

The IRS never calls to bird-dog money, although there is one new exception. Congress has mandated that the IRS hire collection agencies to chase certain extremely delinquent taxpayers. If you receive such a call, get off the phone and contact the IRS directly to verify the situation.

Also bear in mind that taxpayers who owe the IRS money generally know it. They have received multiple notices, did not dispute the assessments and/or did not make the payments. If you get a surprise call asking for money, be doubtful. (You can see how unpaid taxes are impacting your credit by viewing two of your credit scores for free on Credit.com.)

Can You Scam-Proof Yourself?

In this particular instance, you actually can avoid getting got 100% of the time. It’s pretty simple: Simply hang up. But there is no way to absolutely scam-proof yourself.

There are more ways to get burned by tax scams than you can shake a beach umbrella at — bogus tax preparers, scam artists who file a tax return using your identity and steal the refund, sleazeballs who promise huge tax refunds for an extra fee, which is nothing compared to the penalty you will pay after the IRS audits you.

My book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves provides countless stories about how cyber criminals lure victims, but the best way to stay safe is to do what you’re doing now: Stay aware.

Image: AleksandarGeorgiev

The post Here’s How to Make Sure You Don’t Fall for the Latest Tax Scam appeared first on Credit.com.

5 Scary Wedding Scams to Avoid This Season

The wrong call can mean the difference between an unforgettable wonderful day and a day that makes you angry every time you think about it.

Weddings require many important decisions and the wrong call can mean the difference between an unforgettable wonderful day and a day that makes you angry every time you think about it.

The often unreasonably high expectations of families and friends and at least one spouse-to-be only makes matters more fraught. With such a high level of stress, it’s only a matter of luck that mistakes don’t get made. Scam artists are counting on that.

There will be a repeating theme in this article, and it’s this: Be certain you know who you’re dealing with, and when you think you’re sure, check some more. Here are five wedding scams you want to avoid.

1. Sham Wedding Planners

Scammers take advantage of distraction, and there are few things in life so exquisitely discombobulating as the planning of a wedding. Add to that the high likelihood that the bride and groom may not be overly familiar with different kinds of transactions that help make an event run smoothly — purchases, contracts, rentals, hiring — and you have fertile ground for fraud.

It is a good rule of thumb to look for trouble when anything out of the ordinary comes up. I’ve heard of scams that were run through radio stations, where the “planner” offered a free wedding to a couple who couldn’t afford one and then raised the money from listeners. That counts as out of the ordinary, but the scam that lands in your inbox may be subtler. In the radio scam, vendors are hired but never paid. The “planner” skips town with all the money.

Another familiar scam involves blank checks and the flakiness of many vendor hires. A “planner” will ask the couple for checks written out for a specific amount but without filling in the payee because, they are told, it’s up in the air as to who’s going to get the gig. The scammer cashes all the checks, no one is hired and the wedding doesn’t happen quite so wonderfully as planned. (Here’s what you need to know about bounced checks.)

2. Pricey Wedding Photographer Scams

A photographer shows up and takes pictures. He sends proofs to you. They are tiny and low-resolution, but you can see they are fantastic. Next comes the bill.

Now, wedding photography is expensive, but we’re talking crazy-town prices here. One scammer banked $140,000 before getting nailed. The ruse: Take the money and never deliver the goods or extort a huge payment in exchange for them. The variation on this theme is taking a size-able deposit and simply not showing up.

3. Missing Flowers

When it comes to flower scams, we’re talking about a different line of business but very similar types of fraud. Maybe this scam takes the form of an independent contractor who assures you they make breathtaking arrangements for a fraction of the cost other places charge. All you have to do is write them a check for the flowers you need and show up to your wedding. They’ll handle everything. They never show up, and you can guess the rest.

How to Avoid Vendor Scams

There is no substitute for checking references. You should look for reviews online, but know that this will not help detect a fraudster with several aliases. Ask for references, no fewer than five, and then call them.

Bear in mind that a quality scammer may have a wing man or two, but not five. That said, you never know. Maybe they’ll give you what you request. You still have some agency here. Listen carefully to the references when you call, because if they’re not for real you’ll be able to tell. Get detailed. Be friendly. You’re getting married. They know how great and frenzied that can be (if they are for real).

Additional tactics: Ask about the reference provider’s honeymoon or for the name of another vendor used at their wedding. Be creative. Do your homework, and you won’t get got by these kinds of scams.

4. Gift Theft

According to Vogue, the average cost of a wedding gift in 2016 for a co-worker or distant relative was $50 to $75. For someone closer, it was $75 to $150. While some gifts are purchased online and sent straight to the home of the newlyweds, many are brought to the wedding. And you guessed it — thieves are waiting to steal them.

To avoid the tragedy of walking wedding gifts, make arrangements to either have all the gifts watched or stored somewhere secure.

5. Home Invasion

Nothing like a wedding to signal to a home-invasion specialist exactly when you and your relatives will for sure not be home. The best rule of thumb here is to avoid making public the precise plans for your wedding.

But assuming word gets out, what should you do? Let your neighbors know you’ll be away and ask them to keep an eye on things. If you have an alarm system, make sure it’s armed. It’s also worth calling your local police department to explain your concern. It depends where you live, but they may send a car out to check on your house while you’re away.

Weddings bring out the best and worst in people, but there are ways to ensure you protect what should be one of the most joyous occasions of your life. Avoiding scams is 99.9% a matter of approaching transactions with caution and common sense. When planning your wedding, take the time to make it the time of your life.

Finally, if you have reason to believe you’ve been the victim of fraud, don’t shrug it off. You can view two of your credit scores for free on Credit.com.

Image: maximkabb

The post 5 Scary Wedding Scams to Avoid This Season appeared first on Credit.com.

Now’s the Time to Talk Online Security With Your Children

Whether you’re a helicopter parent or more laissez-faire, we have some words of wisdom to offer.

Summer’s here and the time is right for getting hacked or worse, having the contents of your computer held hostage by ransomware. For a couple of carefree and extreme data-consuming months, kids everywhere will be doing whatever they want online even if you’ve tried to control them.

In other words, be very afraid.

Only you know if it is time to have “the talk” with your child about online security. But before you sheepishly clear your throat in their doorway, have you had the talk with yourself?

No amount of whistling in the dark will keep you safe from the crazed clicking of an unthinking child. It’s crucial to remember that safe online habits aren’t an innate skill; they need to be taught. That said, there are many parenting styles when it comes to all things online. Some parents choose to be hands-off about it, and if that’s working for you, more power to you.

Actually, I take that back. There are countless pitfalls, pratfalls and worse awaiting your child — and with that your entire family — as well as anyone else unlucky enough to be connected to your home network.

Whether you’re a helicopter parent or more laissez-faire, we have some words of wisdom to offer. Here are four subjects to broach when talking online security with your children.

1. Stay Alert

Online security and threats threats are fluid. You can be completely on top of your game one day and get hacked the next because you aren’t prepared. The goal should be to become security-minded. While it helps to know about the most recent exploits and threats, it’s better to get into the mindset of those old Highlights Magazine exercises and think, “What’s wrong with this picture?” The moment you think you’ve got everything under control, you become an easier target. Stay alert. (If you believe you’ve been the victim of identity theft, don’t shrug it off. You can view two of your credit scores for free on Credit.com.)

2. Use Better Passwords

Increasingly, people are turning to password managers to keep their accounts safe, since it can be difficult to remember a large number of long and strong passwords. These managers generate random passwords and allow you to manage the process with a single master password. If you are not using a manager, make sure everyone in the house is using sufficiently complex passwords that are unique to the key accounts in your home, and never let your kids use any of your passwords!

3. Monitor Them

No one likes the specter of Big Brother, but your kids aren’t your siblings, they are your wards. While many advocates of internet privacy will say that a child’s travels online should be protected, even from parents, I think of monitoring online behavior in the same way I do a trip to the pediatrician — it’s my duty as a parent to know and protect all of my child’s sensitive personal information.

The same goes for internet history and app usage. You need to know what they’re doing. While bullying, compromising pictures and other activities you may find could make a different conversation necessary, your job is online safety.

4. Establish Ground Rules

The best way to keep your family safe from the wandering clicks of a child is to start teaching a secure mindset right away. Tell them to look for secure HTML, which can be found in the URL of your browser, where you will see a padlock symbol or the letters HTTPS (instead of HTTP) or both.

Have rules about app shopping. Encourage your kid to check with you if they are unsure about a site or an app. Pick an app store that you know won’t carry shady app developers. Teach your kids about phishing scams, how they work and what to do when they think one arrives in their email or messaging apps. But most important, let the subject of online security be an ongoing discussion.

These are some big-picture considerations and a few on-the-ground concerns to help you start thinking about online security. Only you can figure out the best way to tell your child to keep their online travels safe and protect your whole family.

Image: mixetto 

The post Now’s the Time to Talk Online Security With Your Children appeared first on Credit.com.

How the Superhero Approach Can Help You Avoid Identity Theft

You are more vulnerable to attack than you may realize, but there’s plenty you can do to make yourself harder to hit.

A recent Experian study found that most people still have a lot to learn about the risk of identity theft. The majority of those surveyed felt like they were safe from identity theft, but not for the right reasons. The most popular misconception was that scammers, phishers and identity thieves only target the rich and possibly famous.

In reality, identity thieves target low-hanging fruit. To an identity thief, we’re all Kim Kardashian.

More than half of the respondents didn’t think they’d make a good target for scammers because of bad credit. This is also a misconception, since a crook will generally have zero scruples about taking over your credit accounts (even with their crippling interest rates), and making them even more impossible to manage by further damaging your credit.

What Makes a Good Target?

The number one criterion is whether or not personally identifiable information (PII) has been compromised in a data breach, but there are other ways that we expose (and overexpose) ourselves. One of the most common ways is through oversharing on social media.

Our information is out there, but there are things we can do to make it harder to exploit.

Enter Clark Kent, Bruce Banner, Peter Parker and Bruce Wayne. All have a mix of gadgets and superpowers that make them formidable opponents in a fight. They’re also known for being good in a crisis, which is not always the case for regular people when they find out, for instance, their identity has been stolen.

Another difference between us and the superhero elite: Instead of Lex Luthor, Absorbing Man, Doctor Octopus and the Joker, we’re often targeted by a slipper-wearing enemy who simply likes to shop beyond their means or grab our tax refunds, or a small-time crook who’s good at guessing games.

To avoid their arch enemies, superheroes lead double lives. Having an alter ego allows them to avoid detection in a world where their nemesis is always going for a kill. You need to do the same thing.

In the real world, we’re all superheroes, at least when it comes to the stalking arch enemy waiting to Ka-Pow us with credit-based smash-and-grabs. Here are some superhero tactics that can help protect you.

Abandon Your Past

If you feel compelled to post pictures and memories to social media, you are playing a dangerous game that an identity thief can use to scam you. Details about you can help a good scammer figure out the answers to your security questions.

Be Evasive

Even if you think it can’t be avoided, your first answer when asked for your SSN should be no. If they insist, ask how they will store the information. If you don’t like the response (they don’t know how it’s stored, etc.), say no again.

Lie

There is no task force out there rounding up people who provide a fake birthday on a gym membership application. Sometimes you can’t fudge date of birth, because it is a pivotal identifier, but you can certainly lie to your heart’s content on social media, where many thieves look for victims. The same goes for security questions. Make up an alternate story: You grew up on a farm in Kansas, you’re nearsighted, etc.

Be Consistent & Vigilant

If you’re going to take the liar’s route, remember your backstory. There’s nothing worse than providing a telling clue when faced with one of your arch enemy’s henchmen because your guard is down.

Use a Nickname

Since many thieves mine useable data about you on social media, that’s the place to use your childhood nickname only your besties know. The benefit there is that your name is a primary piece of PII, and whatever your embarrassing moniker was or is, it’s not associated with your Social Security number.

Take a page from the superhero annals to protect your identity. You are more vulnerable to attack than you may realize, but there’s plenty you can do to make yourself harder to hit.

One very easy thing you can do is adopt the Three Ms, which I describe in detail in my book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. The short version of them:

• Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity and consider freezing your credit. (We explain here what a credit freeze is.)

• Monitor your accounts. Check your credit report religiously, keep track of your credit score (you can view two of your scores for free on Credit.com) and review major accounts daily, if possible. If you prefer a more laid-back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or purchase a sophisticated credit-and-identity monitoring program.

• Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises. These are often available for free, or at minimal cost, through insurance companies, financial services institutions and HR departments.

Finally, if you have not yet claimed your superhero identity, you can do so online, but bear in mind Encryptoman (aka me) is already taken.

Image: PeskyMonkey

The post How the Superhero Approach Can Help You Avoid Identity Theft appeared first on Credit.com.

6 Summer Scams & How to Avoid Them

Just as mosquitoes can ruin a summer picnic, a good scammer can turn a winning day into a master class on losing your mind.

As the weather gets warmer, mosquitos and ticks re-enter our lives, and along with them comes their larger cousin, the scam artist. There are ways to prepare for those seasonal meal stealers. The same goes for scams, as foreknowledge is the best repellent.

Ticks and mosquitos aren’t harmless — they are well-known vectors for serious illnesses. Scam artists are also vectors for a plague that affects millions of people each year: identity theft. But sometimes a scam is of the simpler smash-and-grab variety.

Either way, some scams never seem to get old, as evidenced by the huge number of people that continue to fall for them no matter how many warnings we issue. There are always new variations that snare even the wariest consumers.

With that, I give you this summer’s smorgasbord of scams.

1. The Summer Rental Scam

It’s not the easiest thing on earth to find a summer rental that has all the right elements: a reasonable distance from the beach, the right number of bedrooms and bathrooms, a pets welcome policy. So, when you do find the right one, the tendency for most people is to pounce. Don’t be most people. If you get scammed on a rental, you’re not going to know till you show up at the front door and a puzzled person peers back at you. Oh yeah, and good luck finding the rental office, because it’s an abandoned drive-in.

The best thing you can do is visit the property in question beforehand. If you are working with a real estate agent, ask for his or her license number and check it, request references if there are no reviews online and confirm that the address is real and the premises are truly available for rent. Some home-rental websites have their own vetting processes and offer guarantees that will protect you in case of fraud.

2. Summer Job as Credit Application

It is not completely bizarre to need a background check before getting hired, but chances are that the young person in your life looking for a summer job is not applying to be a bank clerk or armored car driver. When it comes to providing personally identifiable information to an employer, use your head.

It is sadly a common occurrence that when kids are offered a “job,” they provide their information for tax purposes, including their Social Security number, and then never hear back. The reason: The only “job” was a robbery. Their identity is stolen, and because kids will be kids, it often takes a long time for them to realize the jerk who flaked on a summer job offer gutted their creditworthiness. (Here are four ways identity theft can impact your credit.)

Never provide sensitive personal information to a job site or anyone claiming to offer a job at the start of the process. Before you show up for an interview, make sure the job is legit: You can figure this out by doing an online search or making a few phone calls.

3. Door-Knocker Scams

Summer is the time for door-knocking scams. It can be anything really. Sometimes the knocker wants you to help save an endangered species or an embattled population far away, sometimes they are selling a lawn service, home maintenance or sustainably produced electricity — all these causes, services and products may be legitimate, but the person offering them … not so much.

If a stranger comes to your door, your level of suspicion should be high from a personal and digital security perspective. If you like what a knocker has to say, tell them that you will go online to help their cause or buy a product, and send them on their way.

4. Wi-Fi Scams

This is a year-round thing, but people still get got all the time by phony Wi-Fi scams, and the problem is only getting worse now that more municipalities are offering free access to the internet. The problem is that free Wi-Fi doesn’t guarantee secure Wi-Fi.

Always check with the network provider or someone of authority before logging on to any new wireless connection. Use a VPN, or virtual private network, to conduct any transactions that involve sensitive information. (Here are 50 more ways to avoid falling victim to hackers.)

5. Front Desk & Fake Menu Scams

Hotel scams are many and various, and it’s best just to remember that you are a target whenever you are traveling, but there are two scams that are sufficiently common. The first is the front desk scam, which is pretty simple.

You check in late, you’re tired and your phone rings. The scammer doesn’t know when you checked in. He or she is calling random rooms. You are told there is a problem with your credit card. Can you please confirm the number? The second scam to look out for is the menu scam. Scammers produce fake ones, and then steal your credit card information when you call to place an order.

If you get a call from the front desk, hang up and call back or go in person to confirm your payment method. Use your smartphone to order food or call the front desk for suggestions.

6. Moving Scams

Summertime is moving time. Just make sure your relocation isn’t a moving experience of the hair-pulling kind. While there are many great services out there, there are also some fraudulent ones that could wind up costing you big time.

With new online services like Task Rabbit and Angie’s List to name but two, there are ways to choose a moving service, large or small, that suits your needs and provides reviews. Just make sure you check out their reputation online before they show up at your door.

You May Have Identity Theft Repellent

Just as mosquitoes can ruin a summer picnic, a good scammer can turn a winning day into a master class on losing your mind as bank accounts are drained, credit cards are maxed out and large purchases are made in your name. There’s a way out, and you may already be covered.

If you think you might have been a victim of identity theft, it’s important to monitor your credit for anything out of the ordinary — primarily accounts and delinquencies you don’t recognize. You can get a copy of each of your three major credit reports for free once a year at AnnualCreditReport.com and you can use a free tool like Credit.com’s credit report card to check for signs of identity theft every month.

It’s also a good idea to check with your insurance agent, bank, credit union or the HR department where you work. It is increasingly more common as a perk of your relationship with the institution to be offered free access to a program that provides education, proactive assistance and damage control if you become a victim of identity theft.

If it’s not free, you may be able to get it at a minimal cost. (Full disclosure: CyberScout, a company I founded in 2003, provides these services to institutional clients, and they in turn offer the service to their clients, customers, members or employees.)

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: Imgorthand

The post 6 Summer Scams & How to Avoid Them appeared first on Credit.com.

Are You Hack-Proof? Here’s How to Make Sure

If you see a story about a data breach or a security compromise on a device you use, consider that an action item for your day.

While the writing has been on the wall for a long time, last Friday it was in the news wires when a new strain of ransomware called WannaCrypt raged like an out-of-control wildfire across Europe and Asia, ultimately impacting computers in 150 countries.

For many affected by this hack, a few hundred dollars in ransom money is a pittance when compared to the cost of hiring someone to attempt the recovery of your files after they’ve been encrypted. These ransomware attacks would cease to be profitable were there easy workarounds. But at this time, it is highly likely that if you happen to get got by one of these attacks, you should assume your files could be gone for good.

That’s why it’s critical you learn how to protect yourself.

Cyber Hygiene

If you’re like most people, you spend about 40 minutes a day on personal hygiene. While that’s a considerable amount of time, you probably don’t consider it to be an issue. It is not the same thing when it comes to cybersecurity. Were it as simple as downloading and installing software updates, the time spent on cyber grooming would be minimal (though the patches do seem to come fast and furious these days).

The issue really is that cyber hygiene is something one should practice 24/7/365. Come to think of it, it requires about the same amount of commitment and mindfulness as it takes to make sure your hair is OK and there’s no spinach in your teeth.

Here are some things to consider including in your daily cybersecurity routine.

1. Install Updates

When you are trying to find something online or use an app, an update notice can be like a mosquito that’s overly interested in you, but the last thing you should ever do is swat that notice away. It is often the only thing standing between you and the bad guys out there who are looking for a way to exploit weaknesses in the security features of the devices you use on a daily basis.

2. Use Standard Encryption

Both Apple and PC now offer a way to protect the content stored on your hard drive, and it’s so easy there’s no reason not to use it. It’s called FileVault on Apple and BitLocker on PCs. It is easy to set up, and renders everything on your machine unreadable by a hacker who gains access to it.

3. Back Up Your Digital Life on an External Drive

For less than $60, you can purchase an external hard drive large enough to store an immense amount of data. That’s where you want to keep your most sensitive personal information. The reason is simple: It is air-gapped (not connected to the internet) most, if not all, of the time. There is no need to be online to backup your hard drive to an external drive. Extra points if you encrypt your data.

4. Use a Password Manager

If you’re not using long and strong passwords, or still using the same password across multiple platforms and websites, you need to read this. For those who get over that rather low bar, it’s time to improve your game. It used to be that people made cheat sheets with their passwords and stored them in their desks (bad) or on an encrypted thumb drive (way better). That’s no longer necessary. Password managers take away the risk associated with having your passwords written down where they can be found and used. You need only remember one. As far as services go, there are many, and all are better than older methods of managing passwords. Research them online and make sure to read their reviews.

5. Read the URL Address

There are more spoof sites out there than you may realize, and they are there to do harm, not good. Always look at the URL to be sure you are on the site you intended to visit and not a clone — the clone will often have a very similar address, so look closely. For an additional layer of security, you might want to consider downloading HTTPS Everywhere, a plug-in that works on Chrome and Firefox and enables HTTPS encryption automatically on sites that support it.

6. Think Before You Click

The number one way people get got is thoughtless clicking. Whether it is a fake or corrupted website designed to plant malware on your device or a phishing email that looks like it came from a trusted institution or a friend but is in reality from a cyber fiend, you must have a pause in place — and it has to be automatic — when it comes to clicking on anything that comes your way from “out there,” even — or especially if — it looks like a friend or family member sent it.

7. Make Your Security a Seamless Part of Your Day

If you see a story about a data breach or a security compromise on a device you use, consider that an action item for your day. Just take a second to find out if you are affected, and then take whatever precaution you can. The 40 minutes that average person spends on personal grooming is a good rule of thumb. Think of your cyber hygiene like a glance in the mirror.

8. Use Two-Factor Authentication

Increasingly, two-factor authentication is available on the accounts we use daily, and it is essential that you set it up. It means that if a person hijacks one of your accounts, there isn’t much damage they can do without also having possession of your mobile phone or access to your email account. It’s an easy measure anyone can take to improve their personal cybersecurity.

In my book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, I go into greater detail about the various ways your information can be got and what you can do to protect it. The main lesson: Practice what I call “The Three Ms,” which are as follows:

  • Minimize Your Exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and consider freezing your credit. (Here’s how to decide if you need a credit freeze.)
  • Monitor Your Accounts. Check your credit report religiously, keep track of your credit score, read Explanation of Benefits statements from your health insurer and review major accounts daily, if possible. (You can check two of your credit scores for free on Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from your bank, credit union and credit card companies or purchase a sophisticated credit and identity monitoring program.
  • Manage the Damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve compromises. These are oftentimes available for free or at a minimal cost through insurance companies, financial institutions and HR departments.

Worried about getting hacked? You can find a full 50 ways to avoid (and deal with) a cyberattack on Credit.com. 

Image: LightFieldStudios

The post Are You Hack-Proof? Here’s How to Make Sure appeared first on Credit.com.

4 Mother’s Day Scams You Want to Avoid

While it sure feels like there are more scams out there than mothers, it only takes one who “has your number” (or email) to ruin Mother’s Day.

Did you know that with the exception of Christmas, people spend more money on Mother’s Day than any other holiday? The forecast for 2017 is $23.6 billion, and if you think scammers aren’t on the job, there’s a new marshmallow bridge spanning Loon Lake I’d to sell you a piece of.

In order, the most-gifted recipients of Mother’s Day sentimental swag are mothers and stepmothers, then wives, daughters, sisters or stepsisters, grandmothers, godmothers, and, for the overzealous beyond that familial range — friends.

Here are four scams you’ll want to avoid while you’re shopping.

1. Greeting Cards

These days, paper greeting cards cost anywhere from 50 cents to $8, but the average cost of a festive snail-mail missive is between $4 and $5. This explains the huge uptick in e-cards’ popularity. They are more environmentally friendly and cost nothing. Sounds like a win-win, right? Not exactly. This method of transmitting heartfelt sentiment — as with all new technology — has the potential to create a massive headache for the mothers in your life who have something coming to them.

Specifically, the problem with e-cards is that they open the door to fake e-cards. Most people on social media accept friend requests from strangers, and once those strangers are welcomed into the fold, they are allowed as friends to see friends of their new friends. They can figure out who among your relatives has kids, and send them a fake e-card in your name — one carrying malware that can steal the recipient’s identity or wreak havoc in cyberspace. One click can install a keystroke logger that turns any electronic device into a transmitter of login information (endangering every account, especially finances), rope devices into botnets that distribute spam or launch distributed denial of service attacks on major websites.

Remember the rule: Never trust, always verify. Ask the person who sent you the e-card, in a separate email, if they sent a card. Don’t click through without a response, because there is no way to know the URL and determine if it’s legitimate.

If you’ve fallen for this, be sure to check your credit for signs of mischief. You can view two of your credit scores for free on Credit.com. And, if you need to up your digital savvy, here are four tips for internet safety.

2. Fake Flowers

Nothing brightens a mother’s day more than a beautiful bouquet. If you are ordering online, make sure the URL matches the shop’s website if you clicked through from anything other than your own search results. Call the shop to make sure they are the real deal.

Another favorite ruse dating back some time: Selling fake coupons from stores that promise monthly or weekly flower delivery. Remember, if it sounds too good to be true, most likely it is. Either work with a florist you know or find one near the recipient and conduct business with them directly.

3. More Fake Coupons

Fake coupons for saving are making the rounds again this year, most recently on Facebook, where people have been tempted by a $50 coupon redeemable at Lowe’s Home Improvement. If you click through, you’ll be asked to take a survey that solicits personal information and to post the offer on your Facebook timeline. Needless to say, the coupon is worthless.

“These coupons are not offers extended by Lowe’s,” the company wrote in response to customer questions on its Facebook page. “It is a scam and Lowe’s is unable to honor the coupon.”

Likewise, you should avoid a similar $75 coupon for Bed Bath & Beyond also making the rounds on social media. It’s a classic phishing scheme. When victims click on the link, they land on a fraudulent site that looks like the real thing, where consumers are prompted to enter sensitive personal information as well as their credit card number.

Bed Bath & Beyond similarly warned consumers that the coupons were fraudulent.

“We are sorry for any confusion and disappointment this fake coupon has caused,” it wrote on its Facemaiebook page. “We are partnering with Facebook to have these coupons removed. Thank you for your understanding!”

Facebook did not immediately respond to request to comment.

Caution should be used when it comes to any coupons, be they for a restaurant, an all-inclusive spa day or an in-home massage. It’s always best to call a favorite spot and make arrangements. There are plenty of crooks out there willing to represent those places to steal your personal or payment information.

4. Gift Cards



A whopping $46 billion was spent on gift cards last year, and numbers like that always attract scam artists. How it works: The scammer goes to the in-store sales rack and writes down the numbers on gift cards. They then call the customer service departments identified on the back of the cards to see if (and when) they have been activated. Like tax-related fraud, this scam succeeds or fails depending on how fast a transaction occurs, so if you get a gift card, it’s always best to use it as soon as you can. Otherwise, you may find it’s already been cashed in.

Finally, beware of third-party sites selling discounted gift cards. While some gift card resale sites are legitimate and offer buyer protections, not all do and open marketplaces that don’t specialize in this type of sale can be particularly susceptible to fraudsters. That’s why I recommend always going to the official financial service or retailer’s website to purchase gift cards.

While it sure feels like there are more scams out there than mothers, it only takes one who “has your number” (or email) to turn Mother’s Day into a real mutha, so be careful.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: Eva-Katalin

The post 4 Mother’s Day Scams You Want to Avoid appeared first on Credit.com.

5 Tricks to Make Your Identity Portfolio More Secure

Here are five things you can do to improve your identity portfolio.

I’ve written extensively about the importance of building a credit portfolio. Credit equals buying power, which, when used wisely, can lead to increased net worth. Put simply, bad credit means fewer consumer choices and a staggering number of lost opportunities in the way of deals, car-factory incentives and other credit-based transactions. No matter the purchase type, the lowest interest rates and the biggest loans go to those with the strongest credit portfolios. You can read about building your credit portfolio here.

Another portfolio is the one most people neglect, if they even know it exists: the identity portfolio. Your identity portfolio is not something you can buy, trade or sell. It’s not as easy to assign a value to it. You can manage it badly and (most likely) not go bankrupt. In most situations, you won’t even lose any money — though you may not be able to get your hands on whatever was stolen by identity thieves for a while. That said, a poorly managed identity portfolio can cost you big time.

First of all, the longer your money is tied up (it can take between six months to almost one year to get a stolen tax refund), the longer it will lie dormant. You can’t invest accounts that are still receivable. Second, you lose something that’s hard to quantify — your peace of mind and your ability to get through your day undistracted.

In more concrete terms, while the crime committed against you is getting sorted out, your credit will take a hit. You will lose the chance to take advantage of credit-based purchases while you are resolving the fallout from identity theft. (Not sure if you’ve been the target of identity theft? You can check for signs by viewing two of your credit scores for free on Credit.com.)

Here are five things you can do to improve your identity portfolio to make sure that doesn’t happen.

1. Adopt Two-Factor Authentication

Increasingly, the websites you visit most — the ones that require authentication — will offer two-factor authentication. Whether the process triggers a code being sent to your phone via SMS or it fires off an email with that information, this simple security precaution makes it more difficult for a hacker to take over your accounts. The reason: They need more than the answers to your security questions or your login credentials. Two-factor authentication works because the scammer needs control of your email or access to your SMS messaging, which in most cases requires actual possession of your phone (and the security code to unlock it).

2. Make Your Login/User ID Complex

Hackers and scam artists are very good at cracking the virtual safes where you keep your money, and they know how to slip past the gates protecting your social media activity. Many sites still insist on making people use their email addresses as a user ID. While it’s not as quite as risky as a Social Security number or a name/date of birth combination, your email is personally identifiable information (PII). If you are given the choice to make up a user ID, there is no reason it has to be your name. Get creative or treat it like a password (but don’t get so creative that you are tempted to share your clever inventions with friends and strangers via social media). Always assume the bad guys are watching — they are.

3. Answer Security Questions Creatively

Security questions are a real problem. After decades of oversharing on social media, your mother’s maiden name, what high school you attended, the make of your first car and your favorite action movie are all up for grabs. Think you’ve been careful? What about your friends? Are you tagged? Mentioned? Even if you don’t have an account, chances are good that the people closest to you — those sharing biographical information with you — are active on social media. To avoid the possibility of a crook guessing his or her way into your life, your answers to security questions should always be lies. As above, let your spirit fly. But don’t be so creative that you can’t remember your lies. If you’re afraid of losing track, create a cheat sheet and store it on an encrypted thumb drive.

4. Store Your PII on an Encrypted Thumb Drive

Losing your most essential personally identifiable information is a real drag. I recommend scanning the most crucial documents, as well as your login information if you don’t use a password manager, encrypting that information, and storing it on an air-gapped device, a category that includes the humble thumb drive. Keep one at home and store the other in a safe deposit box or a safe. This is particularly useful when you’re traveling.

5. Choose Built-in Biometric Authentication

Speaking of thumb drives, for a reasonable price you can buy one that requires your fingerprint to access the information stored on it. Whether it’s a new smartphone or a gun safe, there are an increasing number of products that offer biometric security features.

Remember, as I discuss at length in my book SWIPED, don’t share too much information with folks you don’t know, whether in person, on the phone or online via social media, and never authenticate yourself to anyone unless you are in control of the interaction.

Bear in mind, micro-trends on social media (10 concerts I’ve been to, one is a lie; top 10 favorite movies, important books you’ve never read, etc.) are not only a fun way to get to know your friends better. They offer hackers information that can be used to answer security questions. In fact, you never know the origin of these digital stadium waves. It’s wise to assume they were started by identity thieves looking to harvest useable information. So resist the urge to answer them.

It’s also critical to set long and strong passwords and properly secure all computers, smartphones and tablets used by you and your family. As mentioned, use two-factor authentication when possible and shred sensitive documents.

Too much to remember? The nonprofit Identity Theft Resource Center (ITRC) has created a simple set of protocols called SHRED:

  • Strengthen passwords
  • Handle PII with care
  • Read credit reports annually
  • Empty your purse/wallet
  • Discuss these tips with friends

I encourage you to do all of the above and make good privacy and security hygiene a part of your daily life. Change the way you think about identity theft and your personally identifiable information. Over time, you will naturally become more vigilant. You will bear in mind what happens when people overshare on social media. You will be careful about who you tell what and why. You will not let down your guard, and before you know it, your identity portfolio will have a triple-A rating.

Image: andresr

The post 5 Tricks to Make Your Identity Portfolio More Secure appeared first on Credit.com.

Is It Time to Buy a Biometric Scanner?

Biometrics can provide an additional layer of security — which is why you'll see more and more of them built into your devices.

Identity theft is still out there, keeping pace with the latest innovations and security measures, and snaring new victims every day. With the advent of cheaper, standalone, easy-to-integrate biometric technology for authentication, is it time to buy a fingerprint scanner?

What’s a Biometric Scanner?

Biometric technology uses physical or biological information, like a fingerprint, retinal scan or heartbeat, to authenticate a person’s identity. You can currently purchase the most commonplace biometric scanner — that is, one that uses a fingerprint —starting at around $50. The scanner can be used to protect computers and other devices that support biometric scanning technology.

Do Biometrics Provide Additional Security?

The short answer: Yes.

Authentication can effectively use three things to keep the wrong people out: something you know, something you have and something you are. We’re all familiar with the first line of defense. “What you know” takes the form of security questions, passwords and a security picture, and there are various strategies to keep it all straight. Some choose to use password managers or proprietary systems like Apple’s iCloud Keychain. Others prefer to have an encrypted personal security list (logins, passwords) stored on a cloud server. Still others put “what they know” (but couldn’t possibly remember) on a USB stored on a keychain or in a safe if the information is not encrypted. And, yes, some go a little further, choosing to use a fingerprint-encrypted drive (i.e., biometrics). How you manage what you know comes down to personal preference, but the first line of defense is not fail-safe. In fact, there are hacks and breaches all the time. (If you believe you were the victim of a hack, you can view two of your free credit scores on Credit.com for signs of identity theft.)

The second line of defense, “something you have,” could be access to an email account, a key fob or your mobile phone. You need to have your phone in hand, for instance, to receive the verification code so you can get waved through some digital security checks. This is called two-factor authentication — and, yes, it’s more secure than simply protecting accounts with an alphanumerical password.

The last line of defense, “something you are,” is a really hot topic right now. As I mentioned earlier, in sophisticated systems, this might include a scan of your retina, your finger- or handprints, your body weight (including ups and downs), your height, your face or all of the above. This information is clearly specific to you — and not so easily replicated — so again, it’s miles more secure that the old standard password or, even, two-factor authentication.

Needless to say, were you to implement a security protocol that combined all three of the above protocols of authentication, a.) criminals would have a really hard time making any money, but b.) we would all be frustrated.

Does It Have a Place in the Home?

Biometric authenticators have been the security mode for quite some time in the military and wherever large amounts of money or gold or drugs or weapons are stored, as seen in countless spy and heist movies, but they are slowly making their way into people’s homes.

From smartphones to gun lockers to personal computers, a steady march of devices is offering a biometric element for the user-authentication process. One example comes by way of a new secure credit card being tested by MasterCard in a chain of supermarkets in South Africa. The card is able to store an encrypted copy of the user’s fingerprint, which would make it exceedingly difficult for a scammer to beat.

(Would it be impossible to beat? As with all great capers, only the crooks know for sure. There was a flurry of coverage not too long ago about how photos of people flashing a peace sign could lead to the theft of their fingerprints, thanks to the proliferation of high-definition cameras. But fact-checking website Snopes listed the story as “Unproven,” and for good reason. While it is theoretically possible, no criminals have been caught doing it.)

Should I Run Out & Buy a Fingerprint Scanner?

Here’s the rub: You won’t really need to.

Unless you were born a long time ago, you may not know what an 8-track is. It came before the cassette tape, which preceded the CD, which is the grandfather of the MP3. When you want to make a point about obsolescence, there are few better examples than those clunky old tapes. I bring them up because current standalone biometric scanners are without a doubt the 8-track of digital security devices.

If you accept the similarity between biometric scanning devices and MP3 players, the answer to the question above will be crystal clear. These days, MP3s can be played by all the devices we use most. We’re seeing the same thing happen with biometric scanning.

Whether it’s a smartphone, a computer or Mastercard’s new fingerprint-encrypted cards, all stripes of products you use on a daily basis will eventually feature built-in biometric scanners. And, if you are buying something today and prefer devices with built-in (rather than bolt-on) security, don’t despair. There are already plenty of choices out there. Case in point: Anyone with the latest generation of a particular smartphone likely has the option of locking and unlocking the device with their thumb.

Personally, unless and until all devices that should be secure feature biometric scanners, I would suggest opting for those that do — much in the same way I’d advise you to refrain from using ‘1234’ as your password. You can learn more about biometric technology, how it works (and whether it can be hacked) here.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: Michael Krinke 

The post Is It Time to Buy a Biometric Scanner? appeared first on Credit.com.

Why Tax Collection Scams Are Getting Harder to Stop

Sad but true: The IRS is selling debt to collection agencies, so you've got be extra-careful now that tax season is over.

I’ve written about tax-related crime for years, and have always offered this fail-safe rule to avoid tax scams: If you ever receive a call from the IRS about back taxes or any other money you supposedly owe the government, hang up because it’s a scam.

There was something comforting about that advice — maybe even a little satisfying. I mean, who secretly doesn’t want to hang up on the taxman? But it seemed no amount of repetition was enough to stem the tide of tax-related scams, and no matter how many times I wrote about that simple, satisfying tactic, the message never reached the people most vulnerable to such shenanigans.

Taxpayers still got taken in by scam artists dialing for dollars every day. It didn’t matter if the crook posed as an IRS employee, or if he ventured into the truly absurd with a claim that he worked for a collection agency that bought back tax debt from the agency. It was wacky stuff, the IRS selling debt. But it was wackier than that …

All you had to know was this: The IRS did all its own collecting, and it conducted all its business via snail mail. It never called. The advice was solid: Let your spirit fly! Do or say whatever you want when the IRS called about back taxes or an audit because it wasn’t them!

You know where I’m going with this, right? Yep, leave it to our friends in Washington to take a bad situation and make it worse.

Earlier this month, IRS chief John Koskinen announced that the IRS would be immediately outsourcing certain debt collection activities to one of four debt collection companies: CBE Group of Cedar Falls, Iowa; Conserve of Fairport, New York; Performant of Livermore, California; and Pioneer of Horseheads, New York.

You read that right. The IRS is outsourcing debt to collection agencies.

When this was initially announced last September, I was convinced that it was a joke—and a pretty good one. Extra points for coming up with something more or less unthinkable— since truly, debt collection agencies could not be a more problematic solution to the IRS’s back tax problem — but it turns out it wasn’t their joke.

You can thank Congress for this epic face palm. Although it didn’t get much attention when it passed in 2015, one of the provisions of the Fixing America’s Surface Transportation Act required the IRS to hire private-sector debt collectors to pay for it.

Since consumers are going to have to handle this year’s post-tax season a little different as a result, here are some telltale giveaways that you’re getting scammed and should hang up:

  1. You get a call from a collection agency not listed above. Only those four agencies are approved for these collections.
  2. You do not owe back taxes.
  3. The person calling you has asked you to send money somewhere other than the IRS. Even though the four collection agencies are making the call, the check goes to the Fed.
  4. The caller asks you to pay in the form of gift cards, prepaid cards or asks you to wire funds.
  5. The caller is aggressive or rude — a violation of your debt-collection rights.
  6. You are asked for any information that can be used to conduct a financial transaction: Social Security number, bank account, credit or debit card number. (If you do turn over personal information, keep an eye on your credit for signs of identity theft. You can view your free credit report summary on Credit.com.)
  7. If you are low-income, there may be other options for you. Contact the IRS to find out what they may be before discussing your debt with a collection agency.

By now we’ve gotten pretty good at surviving the ridiculous decisions made on Capitol Hill, but this latest one is a doozy. Happily, my old advice still stands. If you get a call from a debt collector, don’t engage until you verify the debt. If it was a legit collector, they’ll furnish written verification within five days of calling you, and here’s what to do when that happens.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: MartinPrescott

The post Why Tax Collection Scams Are Getting Harder to Stop appeared first on Credit.com.