12 Places Your Data May Not Be Safe (And What You Can Do)

Someone could be spying on you right now and you might not even know about it.

Data compromises and the identity-related crimes that flow from them are now the third certainty in life, right behind death and taxes. That said, there is plenty you can do to stay as crime-proof as possible.

According to Risk Based Security, more than 4.2 billion records were compromised worldwide in 2016 alone. In truth, the total number of compromised records is unknowable. Here’s what you do need to know: it is a near certainty that most, if not all, of your personal identity portfolio is already “out there.”

How to Keep Your Personal Information Safe

Identity theft is a catch-as-catch-can endeavor. Where there is a will, there is almost always a way. In fact, many, if not most, of us have already been compromised either by a breach or as a result of obsessive (and excessive) overexposure on social media. Enough of our personally identifiable information (PII) is readily available on the web to make us easy targets for phishing attacks and identity-related crimes.

Thankfully, identity theft is often a crime of opportunity. All that vulnerable information still needs to be accessed, which may require more effort than your average identity thief is willing to expend. This is why it’s important to keep your data safe from those opportunistic hands.

Here’s what you need to bear in mind at every turn: It’s likely that you’re going to “get got” with PII that hasn’t been compromised . . . yet.

Though it may seem like a lost cause, you can make yourself a harder target to hit. First, you should follow the three Ms:

Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and consider freezing your credit.
Monitor your accounts. Check your credit report regularly, keep track of your credit score, and review major accounts daily if possible. If you prefer a more laidback approach, sign up for free transaction alerts from financial services institutions and credit card companies or purchase a sophisticated credit and identity monitoring program.
Manage the damage. Make sure you quickly get on top of any incursion into your identity and enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions, and HR departments.

Where to Check Your PII

To minimize your exposure to identity thieves, you’ll want to evaluate places that may not be making the security of your PII a priority. Here are twelve places that may not be keeping your personal data safe.

1. Small businesses: Mom-and-pop shop owners have a lot on their plates, and managing your personal data isn’t necessarily on the front burner. Whether it’s the company that fills your oil tanks, a lawn service, or a local store where you have a tab, ask how they store your information. If they give you a vague answer, ask them to erase whatever they have—and watch them do it, if possible.
2. Children’s sports leagues: Children’s sports leagues need basic information to enroll your child, including medical contacts, names, addresses, emergency contact information, and other data points that can be used in identity-related crime. If you get a vague answer about data storage, ask them to erase whatever they have.
3. Doctors and dentists: You ever see those color-coded files sticking out of open metal cabinets at a medical provider’s office? They contain all the information needed to steal your healthcare services, compromise your financial accounts, or file fake tax returns and divert your refunds. If you see something, say something. Either way, ask your medical professionals how they store your records and request that they be stored securely.
4. Veterinarians: You might not think that your vet’s office could be a point of vulnerability. Worse yet, the possibility of data compromise may not have occurred to your vet, either. Ask how they store your data. Chances are good they will improve their methods once they understand the immediate consequence of lost business for failing to do so. If they don’t respond, ask for your file and vamoose.
5. Gyms and fitness clubs: Increasingly, fitness clubs are on the ball when it comes to data security, but you’ll still want to ask how they store your information. If they don’t have a satisfactory answer, you may want to consider looking for a different gym.
6. Educational institutions: Many people contribute to the care and education of our children. Unfortunately, not all of them are educated in the ways of cyber hygiene, which is why it matters how your child’s information is stored by these institutions. Always ask about it and request that your child’s information be stored securely. Once it no longer makes sense for a particular institution to have personal information about your children, ask that they delete their records.
7. Accountants: While bigger accounting firms are liability-minded, smaller firms and one-person operations may not be as up to date on cybersecurity best practices. In addition to having hard copies of your files, which contain extremely sensitive personal data, your accountant has to send electronic files to the IRS and other state agencies that collect your taxes. Make sure they are using secure networks and store your files securely. If they don’t, it’s in your best interest to look for a more secure accountant.
8. Lawyers: If you’re worried about the amount of sensitive data residing with your accountant, take a moment to reflect upon the sort of personal information that resides with your attorney. It’s okay to have a direct conversation about their data security practices. If there is any pushback, take your business (and your data) elsewhere.
9. Real estate agents: While they may not have a lot of your PII, real estate agents have enough for a thief to get a foothold into your mineable credit. If your agent gives you a vague answer about how they handle sensitive information, don’t give them any—or limit what you share to the bare minimum required.
10. Car dealerships: Car dealerships are focused organizations. While their employees know a great deal about closing deals, they may not know how to close the gates to ID thieves—and because they offer credit, they are in possession of the skeleton key to all your finances: your Social Security number. Make sure it’s safe. You’ll want to check with any other retailers that offer credit as well, since they will also have access to your SSN.
11. Travel agencies: In order for travel agents to do their job, they likely need your name, address, date of birth, contact info, emergency contact information, license or passport number, and credit or debit card number. You need to know how long they will keep it and how they will store it. If you are not satisfied with their explanation, cruise on over to someone else.
12. Home: Your domicile is an El Dorado of personal information, and you need to be able to protect those riches. Store all of your most-sensitive documents in a secure, fireproof location. Better yet, scan and store them in an encrypted, password-protected thumb drive.

Never forget, the ultimate guardian of the consumer is the consumer. No one cares more about the protection of your personally identifiable information and your financial security than you do.

Image: shapecharge

The post 12 Places Your Data May Not Be Safe (And What You Can Do) appeared first on Credit.com.

The Hidden Cost of Verizon’s ‘Free’ Rewards Program: Your Data

Free rewards programs can actually cost you in terms of privacy.

With the announcement of Verizon Up, a new wireless rewards program that provides users with customer incentives, first-dibs opportunities on things like VIP tickets and other exclusive deals, we thought it was time to review how reward marketing plans work.

First, the good news: Verizon Up is free!

Like their intrusive cousin the loyalty program, reward-based marketing schemes usually require no additional fees. In essence, Verizon Up is a camouflaged version of what author Seth Godin calls “permission marketing.”

Now the bad news: Nothing is free. Verizon is making you pay with your personal information instead of money. But make no mistake: They’re going to profit more than you will from the arrangement. (Note: Verizon did not return our request for comment.)

Never were the words of the German philosopher Georg Wilhelm Friedrich Hegel more prescient: “To be free is nothing, to become free is everything.” Translation: In the world of big data, there’s no such thing as “free.” If a company offers you something for your data, you’re the product. They are monetizing your information.

The eligibility requirements on Verizon’s website make this clear. Opting in enables Verizon to personalize marketing sent your way by them, and by other companies, using your data.

What Data?

These days “your data” is pretty much anything marketing companies can get their hands on. If you belong to a gym, it may be selling that fact to a third party, and with it possibly more data about how often you go and anything you bought there to enhance your workout.

If you use a mobile phone, your data could include everywhere you have gone and most likely anything discussed via text. Whether or not you use the popular Waze app, there’s data on how fast you drive, which in the wrong (or right) hands could affect the rates you pay for car insurance — never mind the possibility that law enforcement could one day claim jurisdiction in the realm of cyberspace-clocked speeding tickets.

When it comes to your data, the goal is to create a granular portrait of you — your interests, likes, dislikes, passionate yearnings — all of it prepared and arranged for resale to companies and organizations hoping to match products and services with various aspects of your personality.

How Specific Does This Get?

The kind of information the big data companies have — what constitutes “your data” — depends on your privacy hygiene. The less you share, the fewer times you opt in, the more privacy you will enjoy.

Companies like to incentivize the sharing of personal data. Sometimes it’s by creating something fun, like a toy or gaming experience. The lure of social media is hard to resist but every like and comment becomes part of your sellable data.

If you’ve ever signed up for a loyalty program, everything you’ve purchased will be included under the heading of “your data,” providing a very specific window into your life, not just simple stuff like your gender and age — they already know that — but your health and habits based on what you buy. And of course, your credit card companies know more about you than almost anyone else — including, probably, you. (You can get an idea of what they see about you with a free credit report snapshot on Credit.com.)

Nothing to See Here

Remember the story about the emperor’s new clothes? Basically, he didn’t have any. That’s the deal here. And while Verizon is not alone in perpetrating a consumer data grab, their recent announcement makes them today’s blue-plate special.

As is the way with this kind of offer, Verizon Up will provide users with some perks, but for what? And is it a fair swap?

To be clear, whenever the right to use your data, without limitation, is the ask, saying “yes” is never going to be the answer I recommend. It doesn’t matter what you’re getting for it. In this case, Verizon is asking to monetize the data on products and services that you use (and pay for) as well as far more personal stuff, “including location, web browsing and app usage.”

Does this mean your iPhone Safari browser can be set to “Private” and it doesn’t matter? Internet service providers can see any traffic that doesn’t move via virtual private network. So, is everywhere you go online still visible, able to be sold to a third party no matter how private?

It doesn’t matter. Get in the habit of saying no.

When it comes to privacy, you need to be your own advocate. As Toni Morrison said, “Nothing and nobody is obliged to save you but you.”

Image: serdar_yorulmaz

The post The Hidden Cost of Verizon’s ‘Free’ Rewards Program: Your Data appeared first on Credit.com.

The Apps Your Partner Could Be Using to Spy on You

Someone could be spying on you right now and you might not even know about it.

“These apps are brutal,” Ondrej Krehel told me during a conversation about spyware, or “spouseware” as the software is sometimes called.

“It doesn’t matter what ‘intended use’ these app developers claim in their sales pitches. They are increasingly being used by teens to spy on their love interests,” Krehel said. “It’s quite prevalent.”

Krehel is CEO and founder of LIFARS, a digital forensics and cybersecurity intelligence firm. He sees spyware as a concern for consumers.

“The malware that is used to spy on terrorists and other criminals is not too different from the spyware currently marketed to consumers — although it has fewer features,” Krehel said.

What ‘Spouseware’ Can Do

FlexiSpy, mSpy and Mobile Spy are some of the names in the consumer spyware app business. The applications make it possible to monitor virtually every communication made on a targeted smartphone or computer.

The various spyware, or spouseware, apps available on the market can let users see absolutely everything that happens on a device. It’s like a surveillance camera pointed at the user’s screen.

Here’s an at-a-glance list of what kind of information would-be spies can see:

  • All social media
  • Snapchat
  • Encrypted messaging apps like WhatsApp
  • Dating Apps
  • Text messages
  • Calls
  • Real-time GPS location

At $29.99 a month, pretty much anyone can be a spy. MSpy alone has more than a million users.

The stories of stalkers, jilted lovers and overzealous admirers are legion. In 2014, NPR reported that 85% of 72 domestic violence shelters they surveyed said they were working with victims whose abusers tracked them with GPS. Seventy-five percent said they had worked with victims whose abusers used hidden mobile apps to eavesdrop on them remotely.

While there is sadly no shortage of stories out there, most are told under the cloak of aliases. Although largely anecdotal, Krehel told me the misuse of spyware among teens was without doubt a growing problem.

“I would say 30% of the spyware users out there are young guys spying on their girlfriends,” he said.

The end user agreements are clear. These apps are to be used for legal purposes only. The marketing is not pointed at monitoring fidelity, but rather what a child is getting up to or as an enterprise tool for managing employees.

The app developers make it clear that any monitoring made possible with spyware should be done with the consent and knowledge of the party whose device is being tracked.

MSpy’s user agreement says: “User acknowledges that the Software shall be used for the purpose of monitoring, tracking and obtaining access to certain devices as cell phone and computer (including, but not limited to, email and text messages) of children and employees and other device owners with their consent hereto, including through the use of devices, on which the Software is installed.”

It is illegal to spy on someone without their consent. The problem here is that while it’s illegal, the penalties are not very serious. Krehel stated that while a person might get 30-day jail sentence or pay a fine, the damage inflicted is sometimes life-changing with victims and the people in touch with them suddenly finding themselves in divorce proceedings, losing jobs or even committing suicide.

What to Do

As with all things security-related, it is good practice to assume that the unimaginable — or in this case the prevalent — can happen to you, too. It’s also wise to take the necessary measures to prevent it.

  • While it is possible to install spyware remotely on some Apple products, most often physical possession of a device is required. Never surrender your device to anyone, or leave it unattended.
  • Don’t assume your passwords are unknown to those closest to you. (Check out these tips for better internet safety.)
  • Never share your cloud credentials, since this makes it possible to install some types of spyware.
  • Protect your passwords and change them often. Or use biometric authentication.
  • Don’t assume that just because you don’t see a spyware app on your device that it isn’t there. Check for installed apps and software (this may require programs that review apps and software), and become acquainted with the software and apps out there.
  • If you suspect you’ve got spyware on a device, save what needs to be saved on an external drive and wipe the device, restoring the factory default settings. But bear in mind that there are some snooping techniques (the NSA place their exploits directly on a chip in the device hardware) where a factory reset won’t help you.
  • To further guard against fraud and identity theft, monitor your credit for any suspicious changes. You can get a free credit report snapshot on Credit.com.

It’s rough out there for people concerned about their privacy, but being alert goes a long way.

Image: shapecharge

The post The Apps Your Partner Could Be Using to Spy on You appeared first on Credit.com.

Is Your Gym Exposing More Than Your Abs?

The gym is a great place to burn off steam — and to get scammed.

When Apple announced a serious hardware flaw last week, and the critical security patch that addressed it, my first thought was perhaps arbitrary: “That exploit would work at the gym.” My next thought: what else would?

The discovery of a zero-day exploit affecting hardware—specifically a WiFi chip embedded in the main processors of Apple devices—was serious news. The vulnerability makes it possible for a hacker within range to “execute arbitrary code on the Wi-Fi chip.” A similar vulnerability was announced and patched on the Android platform earlier in the month.

The gym is often seen as a safe space to burn off steam, clear your head and boost your heart rate but it can also be dangerous. The gym stores a lot of personal information and is filled with strangers in close proximity to one another. Because of this, it’s important to think about more than building physical strength — building cyber strength is crucial to making yourself a harder target to hit.

The gym is often seen as a safe space to burn off steam, clear your head and boost your heart rate but it can also be dangerous. The gym stores a lot of personal information and is filled with strangers in close proximity to one another. Because of this, it’s important to think about more than building physical strength — building cyber strength is crucial to making yourself a harder target to hit.

Here are a few things to make your next trip to the gym as scam-proof as possible.

How Is Your Personal Information Stored?

Your gym can require and request a ton of personal information: your Social Security number, driver’s license number, credit and banking information, your home address, and in some cases your medical or health information. When in the hands of the wrong person, this information can lead to identity theft and major breach of privacy.

Your job is to reduce your attackable surface and watch out for scams.

The first question you should ask is how your information is stored, and who has access to it. Don’t accept a vague answer unless it is the correct answer. “I’m not sure,” might indicate an ill-informed point of contact at the front desk or, worse, a total lack of data security. Don’t be surprised if everyone who punches the clock at your gym has access to your information.

Because of this, it’s important to think about what kind of information your gym has and why they need it. Try to limit what information they get, even if it is “required.” While the gym needs to identify you, they don’t need much data to do that. It’s your job to give them the bare minimum they need.

Juice Jacking

Be wary of charging your devices at the gym. Simply plugging your phone into the wall can make you vulnerable to juice jacking, a cyberattack where a charging port does double duty as a data connection that either steals user data or downloads malware to steal it at a later time.

Though it seems unlikely, if your gym’s owner isn’t up to date with scams, the gym may unwittingly allow a hacker to install a data-stealing kiosk for members to use.

Always pay attention to phone pop-ups. Both Apple and Android now have stopgaps to avoid juice jacking exploits, but the warning screen can be distractedly tapped away and ignored, thus opening the door to an intruder.
If you want to reduce the risks while charging your devices at the gym, look into USB cords without data transporting cables. You can also make juice jacking impossible by using the AC adapter your device came with or a back-up battery device.

Public Wi-Fi

Here’s another way your devices can leave you vulnerable to attack. Signing on to your gym’s public Wi-Fi can be risky — such is the case whenever you log on to a public Wi-Fi network. Another thing to remember: Hackers may not always ask for the gym owner’s permission to set up the Wi-Fi network that’s labeled with the gym’s name.

In addition to the fake Wi-Fi set up, there’s the threat of a man-in-the-middle attack. This attack can secretly alter the communication between two parties and even lead to eavesdropping by an unknown third party.

If you are going to log on to the Wi-Fi at your gym, always look for HTTPS in the address and the green lock near the URL of the sites you visit and think long and hard before visiting destinations like banks, credit cards and the like that require or provide access to sensitive information.

Remember, if you ever have any suspicion your information has been compromised, always contact your credit card providers ASAP. It’s also helpful to check your credit for any sudden changes (You can get a free credit report snapshot at Credit.com) While knowing the latest threats out there, and utilizing security updates the moment they are issued is great and absolutely necessary, it’s important to bear in mind that there is no anti-fraud silver bullet. Gyms are neither better nor worse than anywhere else when it comes to data security practices, but they are definitely places where you can be harmed.

If you assume your information is vulnerable, at the gym or anywhere else, and you take the effort to limit your data exposure and minimize your attackable surface, you have the best shot at staying in good shape. If you do find a security problem at your gym, maybe it’s time to demand solutions. At the very least, if you see something, say something. And if you’re really worried, find a new gym that practices better cyber and data hygiene.

Image: BraunS

The post Is Your Gym Exposing More Than Your Abs? appeared first on Credit.com.

Can Your Adopted Pet Expose You to Fraud?

Unfortunately, pet ownership can also make you a target for phishers, scammers and identity thieves.

Pet ownership has definite upsides. You get companionship and exercise and the satisfaction of doing a good deed. Plus, people who own pets live longer. Unfortunately, pet ownership can also make you a target for phishers, scammers and identity thieves.

The Vector du Jour

With 65% of U.S. households including pets (and an estimated $60 billion in spending on them), pet owners represent persons of interest for scammers.

The focus here is on a nearly universal practice: microchipping.

When a pet is adopted, it almost always comes with a microchip implanted at the back of the neck between its shoulder blades (or on the left side of the neck among European rescues). The chip is the size of a grain of rice, and it includes a 10-digit number that has been registered to the adopter. With more than 94% of dogs coming by way of either rescue and/or adoption according to the Humane Society, this is a fertile field for fraud .

These microchips can aid in the return of a lost animal, but are far from a perfect solution. In fact, a study published in 2012 by the American Society for the Prevention of Cruelty Toward Animals found that after searching the neighborhood and having the pet return on its own, microchips were the most common way pet owners were reunited with their owners. In a study published by the Journal of the AVMA, research revealed that only 22 percent of lost dogs entering shelters were returned to their families. That percentage rose to more than 52 percent when a dog was microchipped.

So there is an argument for microchipping. Because there is no unified database for these microchips, a found pet may be on any number of registries, which is good news from the standpoint of crime prevention, because scam artists can’t just pet-nap an animal, scan it, and contact the owner to collect a ransom. (That said, this scenario is theoretically possible. A universal microchip reader can be purchased by anyone.)

Public-Facing Data Is Risky

Many microchipping companies recommend that you provide your mobile phone number. It makes sense on the pet recovery side of things, but none at all on the protecting yourself from scams side—mobile numbers are fast becoming our new Social Security numbers.

The basic mechanism of the scam is simple, and you should be wary of it. You will either get an email (which you provided information to the registry) or a text (to the mobile number you provided), and it will include your pet’s name and some issue that needs your attention. Maybe your dog license is expired. It could be anything. The point is that with your personal information out there in a public-facing database, you’re ripe for the picking. It’s a scam waiting to happen, and you have provided the means of your own victimization by doing the right thing by your pet.

If you have replied to one of these messages, it’s a good idea to check your credit for any changes, because you may have been communicating with a scammer. (You can check two of your scores for free on Credit.com.)

Whenever you get an unexpected message, however you get it, you are in danger of getting got. A basic rule of thumb: distrust AND verify. Provide no information until you’re sure who’s asking for it.

What You Can Do

You can see if your information is public by searching for your phone number. You should also search your home and email addresses. Your goal for the best possible data hygiene would be that none of that information yields your name on a search engine.

If you find your information is out there (and not just in connection with a pet), call the company that provides the information online and ask for it to be hidden from the public. While this may slow the process of getting your pet back should it go missing, you will still be reunited, while not exposing your data to anyone who plugs random 10-digit numbers into a pet microchip registry.

Image: fcscafeine

The post Can Your Adopted Pet Expose You to Fraud? appeared first on Credit.com.

The Common Scams People Still Fall for All the Time

The scams are dumb, but the victims are not. Here's why we keep falling for these fraudulent tricks and how to stop doing so.

The top site for classified ads in the U.K. conducted a study recently that should send a wave or two to this side of the Atlantic. When it comes to scams, it’s all about the bait. Gumtree found that even with the forethought that a listing was a scam, more than a third of their users would still go ahead with a transaction. As my mother would say … Actually, she’d probably just shake her head.

It doesn’t matter where they happen. Scams are as international and ubiquitous as the human capacity to be tricked. And while some scams are super-nova dumb, that does not always mean that most people who fall for them are.

Scams rely on a simple fact of life: People are busy. Most of us aren’t Zen masters of meditation. It’s hard to fully occupy each and every moment because we lead distraction-filled lives. We’re not constantly up on the fire tower scanning the horizon for smoke, and that’s a good thing.

Unfortunately, there are some real slime balls out there who rely on this problem of ours.

Here are some recent scams that are making the rounds:

Amazon Phishing Scam

In this scam, you get an email from Amazon. It informs you that there’s been a problem of some sort. Don’t focus on what sort, because it’s these nuances that will get you got. If you get an email from Amazon telling you that there’s been a problem with an order, or that a recent order was canceled, it’s time to focus. It could be a scam.

How it works: There’s a link in the email that leads to a site that looks identical to Amazon, but you’re not anywhere near the site. The scammers are looking to get your personal information to use in the commission of identity theft, and your financial information to drain your credit card or bank account.

What to do: Visit your Amazon account by logging in directly. Do not use the link in the scam phishing email.

[Editor’s note: Keeping track of your credit scores can help you spot signs of fraud early on. A significant decrease in your scores could be a sign that someone has gotten hold of your information and using it without your permission. You can check your credit scores regularly using Credit.com’s absolutely free Credit Report Summary.]

Smishing Scams

Smishing isn’t terribly different from phishing, but if you’re not expecting at least the possibility of a smishing text, you might fall for it. The text arrives and appears to be from your bank. It could be from your internet provider. Generally, it’s from somewhere that can negatively impact your life, and that would also be in possession of your mobile digits.

How It Works: The smishing text informs you that someone has tried to access your account or it’s been frozen (again don’t get caught up on the details, the account or anything else), and your password or some other data needs to be updated. There’s a link to use where you can authenticate yourself by entering your personal information (for example, your Social Security number), and secure your account.

What to Do: If you regularly use your smartphone to access the internet, bear in mind that there are hidden dangers everywhere, and pause before you pounce on text warnings.

Sweepstakes Scam

You get a phone call from someone very cheerful, and maybe even a little breathless in the delivery of their blue-sky greetings. You’ve just won the Publishers Clearinghouse Sweepstakes. You’re a millionaire or a $500,000-aire. The prize patrol is 20 minutes away, so get dressed and be ready for your photo op with a beach towel-sized check.

How It Works: This scam preys on the wonderful human trait that, no matter how our day or month or year is going, hope springs eternal. Part of your prep for the prize patrol, however, requires that you pay the processing fee upfront. There could be many explanations for it, but the bottom line is you’re going to have to spend money to collect the prize.

What to Do: Hang up, and don’t bother changing your clothes. If you really have money coming to you from the sweepstakes or lottery, they are legally obligated to get it to you.

IRS Phone Scam

You get a phone call from the IRS, which is not entirely far-fetched anymore because Congress directed the IRS to collect back taxes with help from collection agencies. So, you could get a legitimate call from one of these four collection agencies: CBE Group of Cedar Falls, Iowa; Conserve of Fairport, New York; Performant of Livermore, California; or Pioneer of Horseheads, New York.

How It Works: The caller says you owe taxes (never mind the particulars as this is the nuance stuff that fuels any good scam), and if you don’t pay you’re going to be arrested (or some other bad thing will happen). Payment can only be made through a prepaid debit card or gift card, because of the particular kind of hell you created with your fictional bad behavior. You are informed that the purchase of whatever card you are told to buy is linked to the Electronic Federal Tax Payment System.

What to Do: Hang up and wait for a letter from the IRS notifying you of the situation, or call the IRS directly to inquire about any taxes you may owe.

The Grandparent Scam

Here’s one that doesn’t prey on the attention deficit disorder called daily life, but rather, it plays on the heartstrings. This scam relies on the sharing of information on social media, and the universal inability among some people to recognize a relative’s voice.

How It Works: A targeted grandparent gets a call asking for emergency funds, either directly from the grandchild who is actually a scammer armed with family names gleaned from your social media account — or someone representing them (a lawyer, bail bondsman, police officer). The story is good. All scammers are good storytellers. The ask is doable. They need money wired now.

What to Do: Never wire money unless you are absolutely certain where and to whom it’s going. If possible, double check a request with another relative. If you’re told secrecy is necessary (because a parent or sibling will be mad), just say no. Bigger picture advice: Don’t overshare. Set your privacy as tight as it will go, and don’t let people tag you in photos. And while it’s hard to sift through these days, get rid of any friends on social media who aren’t actually friends. Perhaps you should use this as an opportunity to prune a few friends too. You know, the ones that are always asking you for money.

The One-Ring Scam

This one is simple. Your phone rings once. That’s it. The scam relies on a couple things, though. First, there’s a curiosity factor. Second, there’s the very real possibility that most people have not memorized every area code used in the United States. But forget that, because caller ID can be be gamed with a spoofed phone number. Here’s what you need to know: Your phone rang once.

How It Works: You call back the number, and you’re automatically charged for a service that you didn’t want, or money is otherwise sucked out of your phone account to appear at the end of the billing cycle.

What to Do: If your phone rings once, assume the conversation that didn’t happen wasn’t worth happening. Wait for whomever called to leave a message, and never (ever) return fire.

There are more scams happening all the time, and no way to chronicle every one of them. But the baseline behavior of pausing and thinking for a moment, “Could this be a scam?” is your best protection to keep fraudsters at bay.

Image: Kerkez

The post The Common Scams People Still Fall for All the Time appeared first on Credit.com.

How to Avoid the Latest Airbnb Scam

Airbnb should have shut down these scams the first time they happened to a customer using their site. But there's a reason they haven't.

A friend of mine showed up last night at a place we sometimes meet. He looked like Red Sox pitcher Chris Sale after lobbing a game-ending home run to Aaron Judge of the Yankees. He was supposed to have been on a plane to Italy. I asked him what happened.

“We were all set to head out,” he said. “First leg: Rome. But I just canceled our tickets, like, a second ago.”

I asked why.

“Airbnb scam,” he said.

It was supposed to be the perfect trip. He and his wife have a 2-year-old, so they were looking for a destination vacation that would let them hang out in one place. The patch of paradise they rented was not an easy journey: two flights, a long car ride, a ferry and another long car ride.

That said, it seemed worth it. The fairy tale villa was on an island off the coast with views of the Mediterranean, a swimming pool and more than enough room for three families. The fee was steep, but not terrible since it was being shared by three renters: 6,000 euros a week.

“We were bummed that we had to be a day late to the place, but it turned out to be a godsend, because when our friends got there yesterday, the owners were there,” my friend said. “They weren’t renting the place. It was the third time that month they’d had people show up who had rented their house on Airbnb.”

The only inaccuracy in his statement is this: They didn’t rent the house via Airbnb. They thought they did.

A similar thing happened to a woman who arrived in New York from Barbados to buy her wedding dress. Malissa Blackman rented two apartments in the heart of the city to accommodate her mom, two sisters and two bridesmaids. When they arrived at 400 Fifth Avenue, the doorman gave the bad news. They’d been suckered, and they weren’t the first victims to come looking for nonexistent rental apartments in the building. At least two other groups had succumbed to the same nefarious plot, paying as much as $400 a night for the fictional flats.

Out $2,000, Blackman was forced to pay for two hotel rooms at an additional cost of $2,600. The next day, she found her perfect dress made by her favorite designer, but after the swindle, the $2,500 price tag was just too much for her. She had to get a cheaper dress and was heartbroken.

What Makes These Scams Possible?

You’re not alone in thinking that Airbnb should have shut down these scams the first time they happened to a customer using their site. But they haven’t because the scams didn’t occur on their site.

Blackman had responded to a property on “airbnb.com” and started to discuss terms with the “owner” of the listing on the site’s proprietary and secure app. She was offered another option during that chat and was asked if it would be possible to email the link. She allowed it, and that was how the scam went down.

Airbnb is clear about the danger of going off its site or app to conduct business. They send a warning email if a member of Airbnb asks to communicate via email. The problem here is that these warnings can be missed in the flurry of email that is triggered when you do business online. Compounding that problem, warnings are so common these days we may ignore them so long as we feel we’re in familiar territory — for instance, while looking at a what appears to be a legit listing on the site warning us.

In Blackman’s case, the scammer sent her a link that took her to a clone site, a perfect copy of Airbnb with one key difference: The URL was airbnb.com-listining-online31215.info. At first blush, this might seem like a hard thing to detect, and maybe you are right there with Blackman, feeling perplexed. There is a tell though, and one you won’t miss going forward if you want to play it safe on the internet. The URL in question goes to a dotinfo address, not a dotcom.

Airbnb phishing tales abound, but these ploys are avoidable if you know what to look for. (Here are three dumb things you can do with your email.) If you are asked to wire money or pay in a way that doesn’t use Airbnb, stop communicating with the renter. It’s a dead giveaway a scam is afoot. Whether you are lured off the site by an Airbnb user or you receive an email with a link to the site, always look at the URL carefully. The differences can be subtle. Better yet, take Airbnb’s advice and stay on its site or app.

If you believe you’ve been the victim of a scam, don’t shrug it off. You can check for signs of mischief by viewing two of your credit scores for free on Credit.com.

Image: noblige

The post How to Avoid the Latest Airbnb Scam appeared first on Credit.com.

Here’s How to Make Sure You Don’t Fall for the Latest Tax Scam

You know never to respond to a phone call from the IRS, because — say it with me — they never call. Well, this latest scam has been taking taxpayers for a ride.

True or False: The time for IRS-related swindles and scams is behind us — until next tax season. If you’re still reading this, you probably guessed “false.” And yep, it’s sad but true: Those pesky swindlers are still at it.

Normally, when summer arrives with its parade of warm days and fewer demands on our attention, there is a quiet month or so when very little happens in the way of IRS-related activities (quarterly payments being the only thing you might expect on a list of tax-related things to do). So, you should be safe from the current scam making the rounds — but you’re not. The IRS recently issued a warning about a scam that’s been luring summertime tax-fraud victims.

You know never to respond to a phone call from the IRS, because — say it with me — they never call. (The agency does have debt collectors representing them now, but you’ll receive several notices before they call you and you can expect to be contacted by one of four firms —CBE Group, ConServe, Performant and Pioneer Credit Recovery — not an IRS agent, more on this below.) Well, this latest scam put a saddle on that old nag and has been taking taxpayers for a ride.

Here’s how: You get a call from the IRS telling you about official correspondence sent via snail mail — certified mail, no less. The letters were returned to the IRS as undeliverable. They tried to mail you the notice you needed. They have to call you.

So, what do you do? Hang up.

The thing about these scams is that they always have the ring of truth to them. (Remember, con man is short for confidence man.) If you stay on the phone, you will be informed that there was an issue with your tax return and you owe money that is extremely late in getting where it’s supposed to be. You have to pay with a card that is connected with the Electronic Federal Tax Payment System (EFTPS). Sounds legitimate, because the EFTPS is one of the ways you can pay your taxes. That said, you can’t do it with a gift card or any other kind of prepaid card, which is what the scam requires to pay out the fraudster. (You can also pay taxes with credit cards, which you can learn about here.)

The IRS never calls to bird-dog money, although there is one new exception. Congress has mandated that the IRS hire collection agencies to chase certain extremely delinquent taxpayers. If you receive such a call, get off the phone and contact the IRS directly to verify the situation.

Also bear in mind that taxpayers who owe the IRS money generally know it. They have received multiple notices, did not dispute the assessments and/or did not make the payments. If you get a surprise call asking for money, be doubtful. (You can see how unpaid taxes are impacting your credit by viewing two of your credit scores for free on Credit.com.)

Can You Scam-Proof Yourself?

In this particular instance, you actually can avoid getting got 100% of the time. It’s pretty simple: Simply hang up. But there is no way to absolutely scam-proof yourself.

There are more ways to get burned by tax scams than you can shake a beach umbrella at — bogus tax preparers, scam artists who file a tax return using your identity and steal the refund, sleazeballs who promise huge tax refunds for an extra fee, which is nothing compared to the penalty you will pay after the IRS audits you.

My book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves provides countless stories about how cyber criminals lure victims, but the best way to stay safe is to do what you’re doing now: Stay aware.

Image: AleksandarGeorgiev

The post Here’s How to Make Sure You Don’t Fall for the Latest Tax Scam appeared first on Credit.com.

5 Scary Wedding Scams to Avoid This Season

The wrong call can mean the difference between an unforgettable wonderful day and a day that makes you angry every time you think about it.

Weddings require many important decisions and the wrong call can mean the difference between an unforgettable wonderful day and a day that makes you angry every time you think about it.

The often unreasonably high expectations of families and friends and at least one spouse-to-be only makes matters more fraught. With such a high level of stress, it’s only a matter of luck that mistakes don’t get made. Scam artists are counting on that.

There will be a repeating theme in this article, and it’s this: Be certain you know who you’re dealing with, and when you think you’re sure, check some more. Here are five wedding scams you want to avoid.

1. Sham Wedding Planners

Scammers take advantage of distraction, and there are few things in life so exquisitely discombobulating as the planning of a wedding. Add to that the high likelihood that the bride and groom may not be overly familiar with different kinds of transactions that help make an event run smoothly — purchases, contracts, rentals, hiring — and you have fertile ground for fraud.

It is a good rule of thumb to look for trouble when anything out of the ordinary comes up. I’ve heard of scams that were run through radio stations, where the “planner” offered a free wedding to a couple who couldn’t afford one and then raised the money from listeners. That counts as out of the ordinary, but the scam that lands in your inbox may be subtler. In the radio scam, vendors are hired but never paid. The “planner” skips town with all the money.

Another familiar scam involves blank checks and the flakiness of many vendor hires. A “planner” will ask the couple for checks written out for a specific amount but without filling in the payee because, they are told, it’s up in the air as to who’s going to get the gig. The scammer cashes all the checks, no one is hired and the wedding doesn’t happen quite so wonderfully as planned. (Here’s what you need to know about bounced checks.)

2. Pricey Wedding Photographer Scams

A photographer shows up and takes pictures. He sends proofs to you. They are tiny and low-resolution, but you can see they are fantastic. Next comes the bill.

Now, wedding photography is expensive, but we’re talking crazy-town prices here. One scammer banked $140,000 before getting nailed. The ruse: Take the money and never deliver the goods or extort a huge payment in exchange for them. The variation on this theme is taking a size-able deposit and simply not showing up.

3. Missing Flowers

When it comes to flower scams, we’re talking about a different line of business but very similar types of fraud. Maybe this scam takes the form of an independent contractor who assures you they make breathtaking arrangements for a fraction of the cost other places charge. All you have to do is write them a check for the flowers you need and show up to your wedding. They’ll handle everything. They never show up, and you can guess the rest.

How to Avoid Vendor Scams

There is no substitute for checking references. You should look for reviews online, but know that this will not help detect a fraudster with several aliases. Ask for references, no fewer than five, and then call them.

Bear in mind that a quality scammer may have a wing man or two, but not five. That said, you never know. Maybe they’ll give you what you request. You still have some agency here. Listen carefully to the references when you call, because if they’re not for real you’ll be able to tell. Get detailed. Be friendly. You’re getting married. They know how great and frenzied that can be (if they are for real).

Additional tactics: Ask about the reference provider’s honeymoon or for the name of another vendor used at their wedding. Be creative. Do your homework, and you won’t get got by these kinds of scams.

4. Gift Theft

According to Vogue, the average cost of a wedding gift in 2016 for a co-worker or distant relative was $50 to $75. For someone closer, it was $75 to $150. While some gifts are purchased online and sent straight to the home of the newlyweds, many are brought to the wedding. And you guessed it — thieves are waiting to steal them.

To avoid the tragedy of walking wedding gifts, make arrangements to either have all the gifts watched or stored somewhere secure.

5. Home Invasion

Nothing like a wedding to signal to a home-invasion specialist exactly when you and your relatives will for sure not be home. The best rule of thumb here is to avoid making public the precise plans for your wedding.

But assuming word gets out, what should you do? Let your neighbors know you’ll be away and ask them to keep an eye on things. If you have an alarm system, make sure it’s armed. It’s also worth calling your local police department to explain your concern. It depends where you live, but they may send a car out to check on your house while you’re away.

Weddings bring out the best and worst in people, but there are ways to ensure you protect what should be one of the most joyous occasions of your life. Avoiding scams is 99.9% a matter of approaching transactions with caution and common sense. When planning your wedding, take the time to make it the time of your life.

Finally, if you have reason to believe you’ve been the victim of fraud, don’t shrug it off. You can view two of your credit scores for free on Credit.com.

Image: maximkabb

The post 5 Scary Wedding Scams to Avoid This Season appeared first on Credit.com.

Now’s the Time to Talk Online Security With Your Children

Whether you’re a helicopter parent or more laissez-faire, we have some words of wisdom to offer.

Summer’s here and the time is right for getting hacked or worse, having the contents of your computer held hostage by ransomware. For a couple of carefree and extreme data-consuming months, kids everywhere will be doing whatever they want online even if you’ve tried to control them.

In other words, be very afraid.

Only you know if it is time to have “the talk” with your child about online security. But before you sheepishly clear your throat in their doorway, have you had the talk with yourself?

No amount of whistling in the dark will keep you safe from the crazed clicking of an unthinking child. It’s crucial to remember that safe online habits aren’t an innate skill; they need to be taught. That said, there are many parenting styles when it comes to all things online. Some parents choose to be hands-off about it, and if that’s working for you, more power to you.

Actually, I take that back. There are countless pitfalls, pratfalls and worse awaiting your child — and with that your entire family — as well as anyone else unlucky enough to be connected to your home network.

Whether you’re a helicopter parent or more laissez-faire, we have some words of wisdom to offer. Here are four subjects to broach when talking online security with your children.

1. Stay Alert

Online security and threats threats are fluid. You can be completely on top of your game one day and get hacked the next because you aren’t prepared. The goal should be to become security-minded. While it helps to know about the most recent exploits and threats, it’s better to get into the mindset of those old Highlights Magazine exercises and think, “What’s wrong with this picture?” The moment you think you’ve got everything under control, you become an easier target. Stay alert. (If you believe you’ve been the victim of identity theft, don’t shrug it off. You can view two of your credit scores for free on Credit.com.)

2. Use Better Passwords

Increasingly, people are turning to password managers to keep their accounts safe, since it can be difficult to remember a large number of long and strong passwords. These managers generate random passwords and allow you to manage the process with a single master password. If you are not using a manager, make sure everyone in the house is using sufficiently complex passwords that are unique to the key accounts in your home, and never let your kids use any of your passwords!

3. Monitor Them

No one likes the specter of Big Brother, but your kids aren’t your siblings, they are your wards. While many advocates of internet privacy will say that a child’s travels online should be protected, even from parents, I think of monitoring online behavior in the same way I do a trip to the pediatrician — it’s my duty as a parent to know and protect all of my child’s sensitive personal information.

The same goes for internet history and app usage. You need to know what they’re doing. While bullying, compromising pictures and other activities you may find could make a different conversation necessary, your job is online safety.

4. Establish Ground Rules

The best way to keep your family safe from the wandering clicks of a child is to start teaching a secure mindset right away. Tell them to look for secure HTML, which can be found in the URL of your browser, where you will see a padlock symbol or the letters HTTPS (instead of HTTP) or both.

Have rules about app shopping. Encourage your kid to check with you if they are unsure about a site or an app. Pick an app store that you know won’t carry shady app developers. Teach your kids about phishing scams, how they work and what to do when they think one arrives in their email or messaging apps. But most important, let the subject of online security be an ongoing discussion.

These are some big-picture considerations and a few on-the-ground concerns to help you start thinking about online security. Only you can figure out the best way to tell your child to keep their online travels safe and protect your whole family.

Image: mixetto 

The post Now’s the Time to Talk Online Security With Your Children appeared first on Credit.com.