Is It Time to Buy a Biometric Scanner?

Biometrics can provide an additional layer of security — which is why you'll see more and more of them built into your devices.

Identity theft is still out there, keeping pace with the latest innovations and security measures, and snaring new victims every day. With the advent of cheaper, standalone, easy-to-integrate biometric technology for authentication, is it time to buy a fingerprint scanner?

What’s a Biometric Scanner?

Biometric technology uses physical or biological information, like a fingerprint, retinal scan or heartbeat, to authenticate a person’s identity. You can currently purchase the most commonplace biometric scanner — that is, one that uses a fingerprint —starting at around $50. The scanner can be used to protect computers and other devices that support biometric scanning technology.

Do Biometrics Provide Additional Security?

The short answer: Yes.

Authentication can effectively use three things to keep the wrong people out: something you know, something you have and something you are. We’re all familiar with the first line of defense. “What you know” takes the form of security questions, passwords and a security picture, and there are various strategies to keep it all straight. Some choose to use password managers or proprietary systems like Apple’s iCloud Keychain. Others prefer to have an encrypted personal security list (logins, passwords) stored on a cloud server. Still others put “what they know” (but couldn’t possibly remember) on a USB stored on a keychain or in a safe if the information is not encrypted. And, yes, some go a little further, choosing to use a fingerprint-encrypted drive (i.e., biometrics). How you manage what you know comes down to personal preference, but the first line of defense is not fail-safe. In fact, there are hacks and breaches all the time. (If you believe you were the victim of a hack, you can view two of your free credit scores on Credit.com for signs of identity theft.)

The second line of defense, “something you have,” could be access to an email account, a key fob or your mobile phone. You need to have your phone in hand, for instance, to receive the verification code so you can get waved through some digital security checks. This is called two-factor authentication — and, yes, it’s more secure than simply protecting accounts with an alphanumerical password.

The last line of defense, “something you are,” is a really hot topic right now. As I mentioned earlier, in sophisticated systems, this might include a scan of your retina, your finger- or handprints, your body weight (including ups and downs), your height, your face or all of the above. This information is clearly specific to you — and not so easily replicated — so again, it’s miles more secure that the old standard password or, even, two-factor authentication.

Needless to say, were you to implement a security protocol that combined all three of the above protocols of authentication, a.) criminals would have a really hard time making any money, but b.) we would all be frustrated.

Does It Have a Place in the Home?

Biometric authenticators have been the security mode for quite some time in the military and wherever large amounts of money or gold or drugs or weapons are stored, as seen in countless spy and heist movies, but they are slowly making their way into people’s homes.

From smartphones to gun lockers to personal computers, a steady march of devices is offering a biometric element for the user-authentication process. One example comes by way of a new secure credit card being tested by MasterCard in a chain of supermarkets in South Africa. The card is able to store an encrypted copy of the user’s fingerprint, which would make it exceedingly difficult for a scammer to beat.

(Would it be impossible to beat? As with all great capers, only the crooks know for sure. There was a flurry of coverage not too long ago about how photos of people flashing a peace sign could lead to the theft of their fingerprints, thanks to the proliferation of high-definition cameras. But fact-checking website Snopes listed the story as “Unproven,” and for good reason. While it is theoretically possible, no criminals have been caught doing it.)

Should I Run Out & Buy a Fingerprint Scanner?

Here’s the rub: You won’t really need to.

Unless you were born a long time ago, you may not know what an 8-track is. It came before the cassette tape, which preceded the CD, which is the grandfather of the MP3. When you want to make a point about obsolescence, there are few better examples than those clunky old tapes. I bring them up because current standalone biometric scanners are without a doubt the 8-track of digital security devices.

If you accept the similarity between biometric scanning devices and MP3 players, the answer to the question above will be crystal clear. These days, MP3s can be played by all the devices we use most. We’re seeing the same thing happen with biometric scanning.

Whether it’s a smartphone, a computer or Mastercard’s new fingerprint-encrypted cards, all stripes of products you use on a daily basis will eventually feature built-in biometric scanners. And, if you are buying something today and prefer devices with built-in (rather than bolt-on) security, don’t despair. There are already plenty of choices out there. Case in point: Anyone with the latest generation of a particular smartphone likely has the option of locking and unlocking the device with their thumb.

Personally, unless and until all devices that should be secure feature biometric scanners, I would suggest opting for those that do — much in the same way I’d advise you to refrain from using ‘1234’ as your password. You can learn more about biometric technology, how it works (and whether it can be hacked) here.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: Michael Krinke 

The post Is It Time to Buy a Biometric Scanner? appeared first on Credit.com.

Why Tax Collection Scams Are Getting Harder to Stop

Sad but true: The IRS is selling debt to collection agencies, so you've got be extra-careful now that tax season is over.

I’ve written about tax-related crime for years, and have always offered this fail-safe rule to avoid tax scams: If you ever receive a call from the IRS about back taxes or any other money you supposedly owe the government, hang up because it’s a scam.

There was something comforting about that advice — maybe even a little satisfying. I mean, who secretly doesn’t want to hang up on the taxman? But it seemed no amount of repetition was enough to stem the tide of tax-related scams, and no matter how many times I wrote about that simple, satisfying tactic, the message never reached the people most vulnerable to such shenanigans.

Taxpayers still got taken in by scam artists dialing for dollars every day. It didn’t matter if the crook posed as an IRS employee, or if he ventured into the truly absurd with a claim that he worked for a collection agency that bought back tax debt from the agency. It was wacky stuff, the IRS selling debt. But it was wackier than that …

All you had to know was this: The IRS did all its own collecting, and it conducted all its business via snail mail. It never called. The advice was solid: Let your spirit fly! Do or say whatever you want when the IRS called about back taxes or an audit because it wasn’t them!

You know where I’m going with this, right? Yep, leave it to our friends in Washington to take a bad situation and make it worse.

Earlier this month, IRS chief John Koskinen announced that the IRS would be immediately outsourcing certain debt collection activities to one of four debt collection companies: CBE Group of Cedar Falls, Iowa; Conserve of Fairport, New York; Performant of Livermore, California; and Pioneer of Horseheads, New York.

You read that right. The IRS is outsourcing debt to collection agencies.

When this was initially announced last September, I was convinced that it was a joke—and a pretty good one. Extra points for coming up with something more or less unthinkable— since truly, debt collection agencies could not be a more problematic solution to the IRS’s back tax problem — but it turns out it wasn’t their joke.

You can thank Congress for this epic face palm. Although it didn’t get much attention when it passed in 2015, one of the provisions of the Fixing America’s Surface Transportation Act required the IRS to hire private-sector debt collectors to pay for it.

Since consumers are going to have to handle this year’s post-tax season a little different as a result, here are some telltale giveaways that you’re getting scammed and should hang up:

  1. You get a call from a collection agency not listed above. Only those four agencies are approved for these collections.
  2. You do not owe back taxes.
  3. The person calling you has asked you to send money somewhere other than the IRS. Even though the four collection agencies are making the call, the check goes to the Fed.
  4. The caller asks you to pay in the form of gift cards, prepaid cards or asks you to wire funds.
  5. The caller is aggressive or rude — a violation of your debt-collection rights.
  6. You are asked for any information that can be used to conduct a financial transaction: Social Security number, bank account, credit or debit card number. (If you do turn over personal information, keep an eye on your credit for signs of identity theft. You can view your free credit report summary on Credit.com.)
  7. If you are low-income, there may be other options for you. Contact the IRS to find out what they may be before discussing your debt with a collection agency.

By now we’ve gotten pretty good at surviving the ridiculous decisions made on Capitol Hill, but this latest one is a doozy. Happily, my old advice still stands. If you get a call from a debt collector, don’t engage until you verify the debt. If it was a legit collector, they’ll furnish written verification within five days of calling you, and here’s what to do when that happens.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: MartinPrescott

The post Why Tax Collection Scams Are Getting Harder to Stop appeared first on Credit.com.

6 Easter Scams You Want to Avoid

Easter is a time for family, but there are six scams you'll want to watch out for.

Easter is a time for family, colorful parties and egg hunts, but sadly it also attracts scam artists looking to make a quick buck during the high-fructose corn syrup free-for-all.

There are all stripes of Eastertime cons and scams waiting for you if you’re not paying attention — or even if you are. Some don’t really qualify as scams, whether we’re talking about those colorful plastic eggs for storing treats, sometimes loaded with lead paint, that old favorite Kinder Eggs, now illegal due to choking hazards, or folks selling bad chocolate. First and foremost, you need to be a savvy consumer.

But awareness isn’t such an easy thing when there are so many ways a person can get scammed. Here are six scams to watch out for.

1. Charity Scams

Some people say Easter was originally a pagan holiday to celebrate fertility, which explains the eggs and bunnies, but it’s primarily a religious holiday, and as such there are plenty of scams out there pointed at spiritually minded people looking to make the world a better place.

If you get an email from a charity, even if it’s one you’ve given to in the past, don’t click any links. Type in the URL or find it through search and make sure the address is correct. Scam sites will often be slightly different than legitimate ones. And although this should go without saying, never give a donation over the phone if you receive an unsolicited solicitation. Call the charity, or use a secure site to make your contribution rather than providing your information by phone, or send a check.

2. E-Cards

As I’ve said ad nauseam, including in my book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, never click strange links or download files you receive — even e-cards that appear to be from loved ones or friends. E-cards can mask links to malware.

3. Cute Meme Scams

The same thing goes for all the cute stuff you get via email this time of year. Before you click on the link below a message, ask yourself: Is it worth hours of hassle getting a virus off your computer or causing malware to install ransomware or a keystroke logger on your machine that gives a crook access to every financial account you visit on your computer?

4. Pet Scams

For better or worse (usually worse for the animals), adorable pet babies are a gift idea associated with Easter. In addition to the question as to whether unexpected livestock or woodland creatures are a good idea, if you’re going to go pet shopping for the holiday, beware that scammers are lying in wait to grab your money and disappear into thin air. Whenever buying a pet, do it in person.

5. Airline Scams

Easter Week is often during a school recess, and many people try to book last-minute travel. Be very careful when booking flights. Take the time to determine whether or not it’s a scam. For starters, only do business with a secure (look for the padlock next to the URL) and well-reviewed site, and make sure the address is correct. (You can see more tips for surfing the internet safely here.) Also take the time to read and understand the privacy policy.

It could be that you receive an email or a phone call informing you that you have a chance to cash in on a big win: Free airline tickets. There have been several attempts to contact you about the tickets (you won them through a sweepstakes you have never heard of, in which you were automatically enrolled when you purchased some product or service you can’t recall, and you’re going to lose the tickets if you don’t act quickly. There are certain requirements. But meeting those obligations will cost you far more than the alleged free tickets.

6. Last-Minute Vacation Rental Scam

The scam happens when a thief finds a rental property online and uses the details to create his or her own website and listing. There may even be bogus five-star reviews, and the deal will sound particularly affordable, possibly due to a one-day-only internet sale. You book the listing, pay either by credit card or wire transfer, and pack your bags.

Here’s the problem: When the time comes and you show up for your vacation, that’s not your condo. It’s not just a matter of bait and switch, where the gorgeous property on the website doesn’t exactly live up to the reality. In this case, the property is very real and even very beautiful … but you didn’t rent it. There may even be another family inside. You now find yourself on vacation with nowhere to sleep, and your scammer is nowhere to be found.

Tip: Whenever you’re booking a rental property — for any reason, not just a beach getaway — there’s a sneaky little trick you can use to verify the authenticity of the listing and the property. Instead of emailing, call the person, but first do an online search for other businesses in the area surrounding the property, then ask the contact some specific questions to which you’ve already figured out the answers. How far is it to the nearest beach access? Where is the nearest restaurant with a kids’ menu? How far are we from an emergency room in case someone in our group gets hurt?

The thing about an Easter sugar high is that it makes you happy, and then you crash. When it comes to these scams, it’s all crash and no high. If you have reason to believe you’ve been the victim of a scam, don’t brush it off. You can check for warning signs by viewing two of your free credit scores on Credit.com.

Image: FatCamera

The post 6 Easter Scams You Want to Avoid appeared first on Credit.com.

How to Enjoy Your Vacation Without Getting Scammed

These are the scams to look out for while you're getting your vacation on.

Spring has begun, which means open season on travelers who aren’t well-versed in the various scams waiting for them on the seamier side of paradise. While the scams abound, being forewarned is forearmed.

Here are some typical scams that can ruin your vacation, drawn from my book Swiped: How to Protect Yourself in a World Filled with Scammers, Phishers, and Identity Thieves.

1. Asocial Media?

One seldom publicized use of social media (at least in crime circles) involves monitoring posted photographs for clues about where you live and what you have that’s worth stealing. In addition to providing a visual inventory, photographs can contain hidden information called geotags that allow a thief to pinpoint the location of your home. If you post pictures while you’re on vacation, you might as well display a flashing neon sign saying, “Rob me.” Rather than sharing your adventure in real time, it is far safer to relive the memories with everyone you know when you return. If you simply can’t resist the urge, at the very least tighten your privacy settings so that you strictly limit who can see these posts.

2. Ticket Scams

You receive a letter informing you that you have a chance to cash in on a big win: free airline tickets. There have been several attempts to contact you about the tickets (you won them through a sweepstakes you have never heard of, in which you were automatically enrolled), and you’re going to lose them if you don’t contact the travel agency or cruise line immediately. The letter provides a toll-free number to call. You call it and there are … well, certain requirements (like providing a credit card or Social Security number). Meeting those obligations will cost you far more than the alleged free tickets. (Fallen for this one? Be sure to check your credit for warning signs of identity theft. You can view two of your credit scores for free, with updates every two weeks, on Credit.com.)

3. Hotel Front Desk Scam

Your plane gets in late, you can’t get a taxi and by the time you arrive at your hotel all you want to do is take a shower and go to bed. About an hour after checking in, the phone in your room rings. It’s the front desk calling to tell you that the credit card you gave them was declined. “Can you please read me your credit card number again? Or, if you would prefer, you can give me another credit card.” If this happens, in lieu of readily handing over your digits, take a trip to hotel lobby to confirm whether there is an actual issue.,

4. Hotel Pizza Scam

When you check into your hotel, you see flyers in the lobby or under your door for a pizza joint. It’s late and you’re starving, so you call the number on the flyer. Someone answers exactly the way you expect they will. You place your order. They ask for your credit card number, which you immediately provide because your mind is on the pie and not your personally identifiable information. Several hours later, you’re still waiting. And starving. Unfortunately, the only one getting fed is the thief — and your credit card is for dinner.

5. Vacation Rental Scam

A thief finds a rental property online and uses the details to create his own website and listing. They’ll even have bogus five-star reviews from fake renters, and it will be particularly affordable, possibly due to a one-day-only internet sale. You book the listing and pay either by credit card or wire transfer, and you get ready to pack your bags.

Here’s the problem: When the time comes and you show up for your vacation, that’s not your condo. It’s not just a matter of bait and switch, where the gorgeous property on the website doesn’t exactly live up to reality. In this case, the property is very real and even very beautiful … but you didn’t rent it. There may even be another family staying in it that week. You now find yourself on vacation with nowhere to sleep, and your scammer is nowhere to be found.

If the person can’t answer questions accurately — or takes too long to answer, which indicates that they’re also doing an online search —that could be a red flag. It is possible that the rental agent is located in another city, but someone in his or her offices should have at least laid eyes on the property and be able give you an idea of the answers.

Tip: Whenever you’re booking a rental property — for any reason, not just a beach getaway — there’s a sneaky little trick you can use to verify the authenticity of the listing and the property. Instead of emailing, call the person on the phone, but first do an online search for other businesses in the area surrounding the property, then ask the listing agent some specific questions that you’ve already figured out the answers to. How far is it to the nearest beach access? Where is the nearest restaurant with a kids’ menu? How far are we from an emergency room in case someone in our group gets hurt?

6. Skimmers

Keypad overlay devices, ATM skimmers (you can see one in action here) with a pinhole camera — there are many versions. Sometimes skimmers and the hardware associated with them can be spotted (if you know what you’re looking for and it’s one of the skimmers you can detect, for instance, by banging on the ATM machine or trying to shake the user-interface module), but often it’s impossible to detect a skimmer scam. When you’re out having fun, by definition you are distracted and understandably off guard. Try to remember that even in the midst of the time of your life there are bad guys out there intent on a major buzzkill. And monitor your bank statements carefully so you spot any fraud that may have occurred.

7. Wi-Fi Scams

Not all Wi-Fi is created equal, and it’s not all secure. If you’re not sure about a Wi-Fi connection, be careful about what you do online. Do your banking and bill paying on your secure home network, and let your time off truly be downtime so that you don’t end up having a downer of a vacation. You can go here to learn more tips for better internet safety.

Image: filadendron

The post How to Enjoy Your Vacation Without Getting Scammed appeared first on Credit.com.

Here’s What to Do the Next Time a Business Asks for Your Credit Card by Phone or Email

When we provide our credit card information via remote means, we are often made more vulnerable to identity theft. Here's why.

Recently, I was booking a hotel reservation for a family member and in the process was asked to provide certain information. It was a simple third-party credit card authorization. What could possibly go wrong?

Plenty.

Beyond the fact that I am professionally paranoid — I wrote a book about it — there are so many ways for your information to wind up in the wrong hands, especially your credit card information. When we provide our credit card information via remote means, we are often made more vulnerable to identity theft by the authentication process itself.

There is no best way to conduct this sort of business remotely without putting ourselves in danger of becoming victims of identity theft, but there are better and worse ones. These days, it’s more expedient to focus on the very few ways sensitive information can be made available to third parties without creating unnecessary exposure.

A Better Way for Another Day?

If you are unfazed about sending your information via electronic means, consider something similar: paying for a meal with a credit card. We expose our data and send it on a journey every time we pay a bill at a restaurant.

I saw my first portable credit card reader on American soil the other day when paying the bill at a new restaurant. First, I want to say that the lunch was excellent, and I would have gone back even if the waiter hadn’t trotted out that marvelous handheld identity theft reduction device. I am scam-obsessed, and have long envied our friends on the other side of the Atlantic — and locations in other directions as well — for the ubiquity of at-table card payment.

The reason those machines are great is simple: The server has no opportunity to write down or photograph your card information.

Let that sink in … It’s unsettling now that you think about it, right? All those times a server has walked away with your credit card, what stopped him or her from snapping a quick pic of the front and back before returning to your table?

That reader is new technology. The service industry is finally (belatedly) getting hip to the challenge of protecting consumers from identity theft and other scams, but what should you do while it’s still in catch-up mode?

How to Send Your Stuff

The form that was emailed to me by the hotel made the threat of a sneaky waiter snapping pics of my credit card seem like amateur hour.

Obviously, the reservations department asked for my credit card number and expiration date. They also wanted my billing address, work and home phone numbers, email address and signature. Then there was the outline of a box, under which were the words: “Copy front of the credit card” and “Copy of ID.”

Now, I’ve already confessed to being someone who looks for the angle crooks will try to use. The idea of sending, in addition to all the other information requested, an image of a valid form of identification — in my case, my driver’s license — was truly unthinkable. I’d sooner have my Social Security number puffed out by a skywriter over the House that Ruth Built during a Yankees-Red Sox playoff game. (Not convinced? Read up on the surprising ways identity theft can hurt you.)

The form gave me the option of sending my cornucopia of sensitive personal information via email or by way of fax. Which is the better choice?

Hackers Are Really Good at What They Do

Phone calls and faxes conducted over phone lines can be rerouted, emails can be intercepted. Phone calls can also be listened to, and therein lies another problem. When you call a service provider — any kind that costs a set amount every month— there will come a time during the call when you will have to provide your Social Security number so that the company can run a credit check. A service rep is going to ask you for it — the whole thing.

Remember the waiter? Same problem.

Absolutely nothing can stop that person from writing down your information. And before you ask why you can’t input the information on your keypad, remember: Phone calls are not secure, the tones can be intercepted. Encryption is both complex and costly. This is why the federal government has been investigating the possibility of a universal identifier. But in the meantime, those credit checks or authentications pose the same, if not greater, peril as your credit card’s journey at most restaurants.

Old Is New (But Not Fail-Safe)

As counterintuitive as it seems, using the fax in this scenario is the safer path, though it is not completely safe given the possibility of data interception.

Pro tip: Call before sending a fax that contains personally identifiable information or anything else that is for as few eyes as necessary, and ask the person on the phone if they are near the fax machine, or if not if they can be. Call again to make sure the transmission has been retrieved and isn’t just sitting in a tray waiting for a scam artist to come sauntering by with a smartphone and a shopping list of things they want to purchase using your information.

While we await better solutions, you are the ultimate guardian of your personal information, and your vigilance given the myriad threats out there will lead the way for change. In the meantime, get in the habit of monitoring your finances for any sign of mischief. You can view two of your free credit scores, with helpful updates every 14 days, for free on Credit.com.

Image: nyul

The post Here’s What to Do the Next Time a Business Asks for Your Credit Card by Phone or Email appeared first on Credit.com.

The Vice President Got Phished — Are You Next?

Vice President Pence did what millions of us do every day. He clicked on a link in a phishing email.

America got mail this weekend, about 30 emails, according to reports. They were written as recently as last year by then-Governor Mike Pence and sent from his personal AOL account. While this is a political story, it is not about politics. It’s about a nationwide problem.

The emails, released to the Indianapolis Star in response to a public records request, include state business. The revelation is that Pence used his private email account to conduct business — an account we now know categorically was not secure from the prying eyes of hackers since, per various reports, it sent out emails saying Pence had been robbed overseas and was in need of money to get back home, a classic email scam you’ve no doubt heard of.

Pence’s Email Problems

The emails released by the Indy Star were addressed to Pence’s chief of staff and also his homeland security officer. As such, they open a window into Pence’s tenure as governor where there shouldn’t be one. Emails discussed political issues — like the resettlement of Syrian refugees — and other sensitive matters.

The news immediately resulted in public parades of schadenfreude on the left. After all, former Secretary of State Hillary Clinton arguably lost the election because of the same issue. But while there is plenty to make fun of here, there really is very little in the way of relevance between the two email stories.

While there have been more detailed tales of the tape between the two stories, you only need to know that former Secretary of State Clinton did something, that while legal, was strongly discouraged by her employer, the State Department, and what Pence did was under no such strictures — a sentiment Pence and his press secretary echoed in statements to the press. (Pence could not be reached for comment by Credit.com.)

What Pence & Clinton Have in Common With You

This latest email snafu is about control, but not over the flow of information, secrets or privileged access to information. It’s actually about an alarming lack of control. That lack of control has to be laid at the feet of information security experts who are tasked with keeping us safe.

We can do amazing things in the realm of coding, but somehow a fix to the phishing pandemic continues to elude us. The main reason for this is at least understandable: It’s a crime that preys on human nature — something that can’t be (reliably) coded.

Vice President Pence did what millions of us do every day. He clicked on a link in a phishing email, the victim of garden-variety social engineering. In doing so, he did us a favor, though it’s doubtful he will get much credit for it. He highlighted an area where our nation needs to do way more. Phishing is a national epidemic, and we all need to worry about it. If leaders of the free world can fall for this scam, so can you.

What’s Phishing — & How Can I Avoid it?

Phishing emails spoof legitimate companies or contacts in an attempt to get the recipient to click on a fraudster’s link. As I wrote about in my book, Swiped, you can probably spot a phishing email in your sleep, and you would no sooner click on a link in an email about suspicious activity on your bank account than you would leave your wallet in a crosswalk in Times Square.

However, best practices often fly out the window when it comes to salacious material about our favorite celebrities. Think about it this way: As you wander in the darker alleys and backstreets of the internet, where the risks should outweigh all other considerations, are you willing to forego sensible web behavior when the likely outcome will be catastrophic?

The main threat is malware. You can expect it to wind up on your computer if you decide to search the less safe parts of the internet for material that was never meant for your eyes anyway.

It may be something simple, like code that turns your computer into a spam distribution center, or a more serious app that will record your keystrokes (including when you log in to your bank, email, social networking, brokerage accounts, or the gubernatorial back office). There’s no way to know what you’re getting yourself into. The best course of action is to use your imagination — or possibly even your sense of what should be off-limits. Malware leads to identity theft and worse.

If you tend to chase breaking news stories and like to download the ephemera related to them (eyewitness photographs, blog posts), you may want to do a malware scan of your computer.

As a matter of fact, this kind of scanning should be a part of your habit of monitoring your various points of contact with the outside world — your attackable surface — regularly for signs of intrusion. (You can also monitor two of your free credit scores for foul play every two weeks on Credit.com.)

The lack of cybersecurity acumen manifested in the phishing of a governor should serve as a cautionary tale for everyone. Unless you are never off your guard, it’s highly likely that you will get scammed. The solution to the phishing pandemic is nowhere in sight. Be careful because the light at the end of the tunnel could well be the headlight of a bullet train.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: EOSdude

The post The Vice President Got Phished — Are You Next? appeared first on Credit.com.

How Trump’s Immigration Policy Spurred a Deportation Scam

Here's how Donald Trump's policies could affect your money.

For those who thought President Trump’s stance on immigration was the gossamer of election year overpromising, it’s time to adjust that thinking. The administration last week unveiled plans to target all “removable” aliens. It is a staggering number of people: 11 million.

If I told you that Price Waterhouse blamed the envelope mix-up at the Oscars on a practical joke devised by Warren Beatty and provided a link to the story, would you click through? How about if I included a link to a picture of the actual card that made Oscar history?

Fake news is the scam artist’s stock in trade — whether we’re talking about the kind that our 45th president keeps talking about, or something that takes advantage of a trending story.

Scam artists work fast, often riffing off the daily news to build their improvised traps, but sometimes they rip their scams from the headlines and take them to the street. (You can monitor two of your free credit scores for signs of foul play every two weeks on Credit.com.)

That’s what happened last week in reaction to Trump’s immigration policy. Criminals were waiting in the wings to capitalize on it, which inspired thuggish stick-ups and made necessary a warning from the office of New York Attorney General Eric Schneiderman.

The alert was issued after raids were conducted nationwide by the U.S. Immigration and Customs Enforcement (ICE). According to reports, hundreds of undocumented immigrants were arrested. It was big news, giving rise to political indignation by opponents of the Trump doctrine and sparking fear among immigrant communities.

Almost immediately, the scams began. According to Schneiderman’s office, four men wearing ICE apparel stopped a man on a street off of Roosevelt Avenue in Queens. They demanded cash. When he refused, they told the man he would be arrested. In another incident that made the news, a man in the immigrant-filled Queens neighborhood was told to hand over $250 or be arrested.

It’s unclear whether the ICE apparel was legitimate or duplicated by the thieves.

ICE gear can be purchased online, but Sallycopshop.com, one purveyor of such apparel, said it requires proof of employment by the law force. (Two other online sites offering ICE gear declined to comment for this article or failed to respond before publication.)

“The customer must ship their work address and have an ICE government email address for items with badges or lettering on it,” a Sallycopshop.com spokesperson said in an email. “We do go through each order individually to validate the customer is a federal agent or officer.”

Although many images of the recent ICE raids feature real officers wearing jackets and body armor clearly marked “ICE,” an agency spokesman told me that ICE officers and agents work in street clothes.

“I’m going to guess there are special requirements for clothing that indicate an official law enforcement capacity,” agency spokesperson Khaalid Walls said.

Regardless of the methods, there are several scams immigrants worried about the specter of ICE arrests need to be on the lookout for. Here are the big three, along with some tips culled from Schneiderman’s recent warning.

1. Fake ICE Agents

The attorney general states that ICE agents will never ask for money or threaten detainment and do not have the authority to enter your resident without a court-issued warrant. If a purported ICE agent knocks on your door, be polite, but firm. The law’s the law. Ask to see badges, and if you still smell a rat, call 911.

2. Beware Phone Calls

Some criminals stay out of sight, preferring to make phone calls that amount to the same sort of “pay or don’t stay” shakedown. Anyone who has read my columns warning of IRS phone scams will recognize this modus operandi — and this next tip. Remember: Just because your caller ID says the caller is from the government doesn’t make it so. Phone numbers can be spoofed. Bottom line: Immigration will not ask for anything important over the phone — not your personally identifying information and not money. If “they” do, hang up.

3. Notario Scams

As Schneiderman’s office points out, notario can be a much bigger and better job in Latin America — with a lot more power — than “notary” connotes in the U.S. In Latin America, a notario is anyone who can perform legal services — including lawyers. Beware people who try to make bank on this linguistic misunderstanding. Whether the claim is to speed up an application or otherwise help you get legal status, be careful. Check credentials and ask for references. If you are met with hostility, say goodbye and find a reputable service.

There are more tips and information regarding common traps and shady practices that immigrants face on the Attorney General’s website, which directs New York residents to report potential fraud or other issues regarding immigration services to its Immigration Services Fraud Unit Hotline at (866) 390-2992 or via email at Civil.Rights@ag.NY.gov. Those outside New York can get in touch with the Federal Trade Commission and file a complaint in their state.

Here is the great irony: Trump’s push to arrest and deport “removable” immigrants has given rise to fake cops, sewing doubt about the immigration enforcement authorities in a way that echoes Trump’s constant refrain of “fake news,” which has dangerously destabilized the public’s trust in our media.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: ginosphotos 

The post How Trump’s Immigration Policy Spurred a Deportation Scam appeared first on Credit.com.

The Latest Way Fraudsters Are Abusing Personal Information

According to a 2016 report from the security firm ThreatMetrix, identity thieves are working a new seam in the identity theft gold mine: online lending.

According to a 2016 report from the security firm ThreatMetrix, identity thieves are working a new seam in the identity theft gold mine: online lending. There is an increase in attacks against providers of alternative lending products.

The reason online lenders have attracted this unwanted attention has to do with the niche they occupy. First, they typically offer smaller loans in the $2,000 to $5,000 range. They differentiate themselves in a crowded market by providing faster turnaround than traditional lenders. It is that speed that makes it an ideal transaction type for the commission of identity theft: Thieves use fake or stolen personal information to apply for funds they can get quickly — before the lenders or potential victims know what’s happened.

I know what you’re thinking: Really? And yes, I am sorry to say it — but very much so: Really. We’re talking about THIS again, because last year fraudsters were able to scam $16 billion from consumers. This is yet another example of how identity thieves abuse people’s personally identifiable information to the detriment of both consumers and businesses. That tells me that we need to keep talking about how to stop being such an easy target.

The New Normal?

There’s a question mark up there because unfortunately curiosity and disbelief are still the most common reactions consumers have when the conversation turns to identity-related crime. Personally, I would add that it boggles the mind people still question the prevalence of the identity theft scourge.

Here’s the deal: Your chances of getting “got” have never been better, whether it’s in a simple credit card fraud scam, a mind-rackingly complex attack on every available crumb of value to be had through the exploitation of your financial reach in the world, or this latest trend where identity thieves target online lenders.

Is it really the new normal? The answer: No, it is not.

There is, in fact, nothing new about it. It’s the plain old vanilla, 100% normal now. The trend began well over a decade ago. If I were being a stickler, the heading would say, “the mind-numbingly old but still not totally understood normal” or “the how can this still be something I have to write about normal.”

When it comes to identity theft, it’s all about your personally identifiable information being in the wrong hands and not so much about what you do to protect yourself. But before you throw your hands in the air and start singing like Madam Butterfly, keep reading.

What You Can Do

With tongue firmly in cheek, one thing you can do is read Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves (full and shameless disclosure: I wrote it, and it is now available in paperback).

Since the book came out last year, the problem has gotten much worse. In fact, 2016 brought a new all-time high, with an estimated 15.4 million U.S. consumers becoming victims in one stripe of identity-related crime or another. That’s up from 13.1 million the year before.

You can keep your information from being used by scammers by placing a freeze on your credit. This will make it impossible for anyone to utilize your credit without the authentication to thaw it (including you). In addition, you need to practice what I call in my book, The Three Ms:

• Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity.

• Monitor your accounts. Check your credit report religiously, keep track of your credit score, review major accounts daily if possible. (You can check two of your credit scores for free every two weeks on Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from financial services institutions and credit card companies or purchase a sophisticated credit and identity monitoring program.

• Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises — oftentimes available for free or at minimal cost through insurance companies, financial services institutions and HR departments.

It says somewhere in the Bible that the fastest runner doesn’t always win the race, and the strongest warrior doesn’t always win the battle. We learn in the same verse that the wise can go hungry and even the most talented among us can be dirt poor. If the scribes had lived today, they would have added that even the most careful among us can become victims of an identity-related crime.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: Ridofranz

The post The Latest Way Fraudsters Are Abusing Personal Information appeared first on Credit.com.

Why the CFPB Is in Danger of Getting Trumped

The Trump administration has taken a concerted effort to destroy, defang and scrap the Consumer Financial Protection Bureau. Here's why it's wrong.

Just beyond the Trump swelter of the hour, lawmakers have been busy concocting plans to dismantle key achievements of the Obama years. Among those accomplishments currently targeted is a concerted effort to destroy, defang, scrap (feel free to select the word) the Consumer Financial Protection Bureau.

The CFPB was created to protect consumers from the kinds of predatory practices that played a big part in the financial meltdown of 2007 to 2008. The idea was simple: Create a federal agency to be, to quote Sen. Elizabeth Warren, “the cop on the beat” in the financial sector. The CFPB was to have the ability to take decisive action to shut down questionable practices. The CFPB was designed to be the regulatory safeguard against future financial wipeouts. (Think: Batman.)

It’s Populist!

Given the populist nature of Mr. Trump’s ascent to the White House, it remains for me a real head-scratcher as to precisely why the CFPB is on the chopping block.

The agency is tasked after all with policing financial products (and practices) that specifically take advantage of consumers. It has jurisdiction over a host of consumer “favorites” like credit reporting agencies, payday lenders, debt collectors, debt settlement companies and student loan servicers, as well as banks, credit unions, credit card companies and many other financial services organizations operating in the United States.

With the power to ban financial products deemed “deceptive, unfair or abusive,” the CFPB also possesses the authority to impose significant penalties on financial predators.

What kind of penalties are we talking about? More than $5 billion so far, including a record $100 million against Wells Fargo in 2016 ($185 million all in). The CFPB has helped nearly 30 million consumers recover several billions of dollars in remedies from financial companies. All this, and in 2016 the CFPB, experiencing a huge amount of growth both in programs and staff, stayed $67 million under its budget cap.

So, if the CFPB hasn’t been too expensive for the federal government to run, what’s the problem? Follow the money.

Conservatives argue that the Dodd-Frank Wall Street Reform and Consumer Protection Act (aka Dodd-Frank, the law that authorized the creation of the CFPB) has cost businesses more than $24 billion in compliance-related expenses and 61 million paperwork hours. It’s also a federal agency, and it has a fairly big budget. This is what the Republicans are focused on.

You can almost hear President Trump: “So, why are we spending so much money on this thing? It’s sad, really.”

It’s Under Attack

Rep. Jeb Hensarling, chair of the House Committee on Financial Services, cited what he calls “the avalanche of regulations that smother the U.S. economic system” in his latest rally to kill the Consumer Financial Protection Bureau. This so-called “avalanche” was in response to an economic event that nearly destroyed the world economy.

Hensarling seems to be motivated primarily by conservative ideology, a central tenet of which being that too much centralized power is a bad thing. “The CFPB is arguably the most powerful, least accountable agency in U.S. history,” Hensarling wrote in a recent Wall Street Journal opinion piece. “CFPB zealots have the power to determine the ‘fairness’ of virtually every financial transaction in America. The agency defines its own powers and can launch investigations without cause, imposing virtually any fine or remedy, devoid of due process.”

In an Oct. 11, 2016, decision, a federal appeals court ruled that the president should have the authority to fire the director of the CFPB other than for cause. The agency is currently appealing the court’s decision. “Other than the President,” Judge Brett Kavanaugh wrote for the 2-1 majority, “the Director of the CFPB is the single most powerful official in the entire United States Government, at least when measured in terms of unilateral power.” Anticipating the popular response, Kavanaugh added, “That is not an overstatement.”

The reason I say the attacks are mainly ideological is complicated, but in essence it seems like pressure from financial sector lobbyists plays a big part in the pushback against the CFPB and that the focus on centralized power is really just putting sheep’s clothing on an influence-buying wolf.

I don’t know how else to view the willful misunderstanding of what the CFPB actually does, which is simple: It demands accountability from financial institutions. The idea that, as Hensarling said, the CFPB “requires lenders essentially to read their clients’ minds, know and weigh their clients’ comprehension levels, and forecast future risk” is absurd.

Consider, if you will, the various ways consumers got screwed by the Wild West years in the finance world that led to the Great Recession. There is no mind reading required, but plenty of policing is needed.

It doesn’t matter if it’s the latest SNL sketch or Trump’s policy man Stephen Miller proclaiming that the new administration accomplished more in three weeks than most presidents achieve in four or even eight years — a claim that was quickly quashed — though I suppose he was right if you consider chaos an accomplishment. What matters is that we’re getting distracted from assaults on real progress made since 2008.

Killing the CFPB is an ill-advised and dangerous move, and one that will backfire on Republicans in the long run. As we as consumers filter through the latest, greatest Trump outrage (or triumph), and as we focus on the news cycle, huge things are happening behind the scenes. This one might be a doozy, making America unacceptably vulnerable again.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: uschools

The post Why the CFPB Is in Danger of Getting Trumped appeared first on Credit.com.

3 Tax Scams You Need to Watch Out For

Becoming a victim of a tax scam is not only frustrating and expensive, it could get you in trouble with the IRS.

In the early 60s, Roger Maris and Mickey Mantle hit a remarkable number of home runs including a famous back-to-back four-bagger, which according to Yogi Berra was the reason he famously quipped, “It’s déjà vu all over again.” While spring training is still a few weeks away, we’re in the thick of a tax season, where legions of scammers are swinging for the back wall.

According to the IRS, there was a 400% increase in phishing and malware incidents during the 2016 tax season. With the April 15 filing deadline still feeling as far away as the Green Monster from home plate in Fenway Park, Yogi Berra’s other dictum — it ain’t over till it’s over — was never more true.

My book “Swiped: How to Protect Yourself in a World Full of Phishers, Scammers and Identity Thieves” goes into great detail about the various tactics cyber criminals use to lure you, but the most important thing you can do to keep yourself scam-free this tax season is educate yourself on the most prevalent risks out there.

As ever the best (yet pretty boring) advice is to file your taxes as early as possible. Tax-related identity theft is primarily aimed at grabbing your tax refund, and scammers are creative, sophisticated, persistent, and move very quickly once your information is in hand. Armed with your Social Security number, date of birth and a few other pieces of your personally identifiable information, which if you have been involved in a data breach (you can check here to see warning signs and view two of your credit scores for free on Credit.com) is likely available on the dark web, they are off to log on to motels’ Wi-Fi networks, bunny-slippered feet resting comfortably on coffee tables, furiously filing fraudulent tax returns online.

Here are some other things to bear in mind as the tax season is upon us:

1. Phishing

There is no bigger threat. Phishing was recognized as a word by the Oxford English Dictionary more than 10 years ago, which is the main reason I thought of Yogi Berra’s déjà vu quip. By now it is a home truth that there are phishers out there. Catfishing is a regular part of the popular imagination, and phishing emails hit our inboxes with the same regularity as the various promotional emails we get from retailers and media outlets.

Phishing emails take many forms, but they are most commonly pointed at getting enough of your personally identifiable information to commit fraud in your name (identity theft). They also commonly contain a link that places malware on your computer. These programs can do a variety of things (none of them good), ranging from recruiting your machine into a botnet distributed denial of service attack to placing a keystroke recorder on your computer to access bank, credit union, credit card and brokerage accounts to gathering all the personally identifiable information on your hard drive.

Here’s what you need to know: The IRS will never send you an email to initiate any business with you. Did you hear that? NEVER. If you receive an email from the IRS, delete it. End of story. Oh, and they will never initiate contact by way of phone call either.

That said, there are other sources of email that may have the look and feel of a legitimate communication that are tied to other kinds of tax scams.

2. The Criminal Tax Preparation Scams

You learned how to do homework in school for this reason: Not all tax preparers are the same and you must vet anyone you’re thinking about using well before handing over a shred of your personally identifying information. Get at least three references, check online if there are any reviews and call them.

Here’s why: At this time of the year, tax prep offices that are actually fronts for criminal identity theft tend to pop up around the country in strip malls and other properties and then promptly disappear a few days later. Make sure the one you choose is legit!

3. Shady Tax Preparation

Phishing emails may not be aimed at stealing your personally identifiable information or planting malware on your computer. They may be simply aimed at getting your attention and business through enticing (and fraudulent) offers of a really big tax refund. While these preparers may get you a big refund, it could well be based on false information.

Be on the lookout for questions about business expenses that you did not accrue, especially watching out for signals from your preparer that you are giving him or her a figure that is “too low.”

Other soft-cons of shady tax preparation include inflated deductions, claiming tax credits to which you are not entitled and declaring charitable donations you did not make. Bottom line here: We’re all connected these days, and chances are you will get caught, so just make sure you are working with someone who follows the instructions (yes, they’re complicated, and that’s why it’s not a bad idea to get help).

As Yogi Berra said, “You can observe a lot by watching.” Tax season is stressful without the threat of tax-related identity theft and other scams. It’s important to be vigilant, because, to quote Yogi all over again, “If the world were perfect, it wouldn’t be.”

Image: RonTech2000

The post 3 Tax Scams You Need to Watch Out For appeared first on Credit.com.