Here’s What to Do the Next Time a Business Asks for Your Credit Card by Phone or Email

When we provide our credit card information via remote means, we are often made more vulnerable to identity theft. Here's why.

Recently, I was booking a hotel reservation for a family member and in the process was asked to provide certain information. It was a simple third-party credit card authorization. What could possibly go wrong?

Plenty.

Beyond the fact that I am professionally paranoid — I wrote a book about it — there are so many ways for your information to wind up in the wrong hands, especially your credit card information. When we provide our credit card information via remote means, we are often made more vulnerable to identity theft by the authentication process itself.

There is no best way to conduct this sort of business remotely without putting ourselves in danger of becoming victims of identity theft, but there are better and worse ones. These days, it’s more expedient to focus on the very few ways sensitive information can be made available to third parties without creating unnecessary exposure.

A Better Way for Another Day?

If you are unfazed about sending your information via electronic means, consider something similar: paying for a meal with a credit card. We expose our data and send it on a journey every time we pay a bill at a restaurant.

I saw my first portable credit card reader on American soil the other day when paying the bill at a new restaurant. First, I want to say that the lunch was excellent, and I would have gone back even if the waiter hadn’t trotted out that marvelous handheld identity theft reduction device. I am scam-obsessed, and have long envied our friends on the other side of the Atlantic — and locations in other directions as well — for the ubiquity of at-table card payment.

The reason those machines are great is simple: The server has no opportunity to write down or photograph your card information.

Let that sink in … It’s unsettling now that you think about it, right? All those times a server has walked away with your credit card, what stopped him or her from snapping a quick pic of the front and back before returning to your table?

That reader is new technology. The service industry is finally (belatedly) getting hip to the challenge of protecting consumers from identity theft and other scams, but what should you do while it’s still in catch-up mode?

How to Send Your Stuff

The form that was emailed to me by the hotel made the threat of a sneaky waiter snapping pics of my credit card seem like amateur hour.

Obviously, the reservations department asked for my credit card number and expiration date. They also wanted my billing address, work and home phone numbers, email address and signature. Then there was the outline of a box, under which were the words: “Copy front of the credit card” and “Copy of ID.”

Now, I’ve already confessed to being someone who looks for the angle crooks will try to use. The idea of sending, in addition to all the other information requested, an image of a valid form of identification — in my case, my driver’s license — was truly unthinkable. I’d sooner have my Social Security number puffed out by a skywriter over the House that Ruth Built during a Yankees-Red Sox playoff game. (Not convinced? Read up on the surprising ways identity theft can hurt you.)

The form gave me the option of sending my cornucopia of sensitive personal information via email or by way of fax. Which is the better choice?

Hackers Are Really Good at What They Do

Phone calls and faxes conducted over phone lines can be rerouted, emails can be intercepted. Phone calls can also be listened to, and therein lies another problem. When you call a service provider — any kind that costs a set amount every month— there will come a time during the call when you will have to provide your Social Security number so that the company can run a credit check. A service rep is going to ask you for it — the whole thing.

Remember the waiter? Same problem.

Absolutely nothing can stop that person from writing down your information. And before you ask why you can’t input the information on your keypad, remember: Phone calls are not secure, the tones can be intercepted. Encryption is both complex and costly. This is why the federal government has been investigating the possibility of a universal identifier. But in the meantime, those credit checks or authentications pose the same, if not greater, peril as your credit card’s journey at most restaurants.

Old Is New (But Not Fail-Safe)

As counterintuitive as it seems, using the fax in this scenario is the safer path, though it is not completely safe given the possibility of data interception.

Pro tip: Call before sending a fax that contains personally identifiable information or anything else that is for as few eyes as necessary, and ask the person on the phone if they are near the fax machine, or if not if they can be. Call again to make sure the transmission has been retrieved and isn’t just sitting in a tray waiting for a scam artist to come sauntering by with a smartphone and a shopping list of things they want to purchase using your information.

While we await better solutions, you are the ultimate guardian of your personal information, and your vigilance given the myriad threats out there will lead the way for change. In the meantime, get in the habit of monitoring your finances for any sign of mischief. You can view two of your free credit scores, with helpful updates every 14 days, for free on Credit.com.

Image: nyul

The post Here’s What to Do the Next Time a Business Asks for Your Credit Card by Phone or Email appeared first on Credit.com.

The Vice President Got Phished — Are You Next?

Vice President Pence did what millions of us do every day. He clicked on a link in a phishing email.

America got mail this weekend, about 30 emails, according to reports. They were written as recently as last year by then-Governor Mike Pence and sent from his personal AOL account. While this is a political story, it is not about politics. It’s about a nationwide problem.

The emails, released to the Indianapolis Star in response to a public records request, include state business. The revelation is that Pence used his private email account to conduct business — an account we now know categorically was not secure from the prying eyes of hackers since, per various reports, it sent out emails saying Pence had been robbed overseas and was in need of money to get back home, a classic email scam you’ve no doubt heard of.

Pence’s Email Problems

The emails released by the Indy Star were addressed to Pence’s chief of staff and also his homeland security officer. As such, they open a window into Pence’s tenure as governor where there shouldn’t be one. Emails discussed political issues — like the resettlement of Syrian refugees — and other sensitive matters.

The news immediately resulted in public parades of schadenfreude on the left. After all, former Secretary of State Hillary Clinton arguably lost the election because of the same issue. But while there is plenty to make fun of here, there really is very little in the way of relevance between the two email stories.

While there have been more detailed tales of the tape between the two stories, you only need to know that former Secretary of State Clinton did something, that while legal, was strongly discouraged by her employer, the State Department, and what Pence did was under no such strictures — a sentiment Pence and his press secretary echoed in statements to the press. (Pence could not be reached for comment by Credit.com.)

What Pence & Clinton Have in Common With You

This latest email snafu is about control, but not over the flow of information, secrets or privileged access to information. It’s actually about an alarming lack of control. That lack of control has to be laid at the feet of information security experts who are tasked with keeping us safe.

We can do amazing things in the realm of coding, but somehow a fix to the phishing pandemic continues to elude us. The main reason for this is at least understandable: It’s a crime that preys on human nature — something that can’t be (reliably) coded.

Vice President Pence did what millions of us do every day. He clicked on a link in a phishing email, the victim of garden-variety social engineering. In doing so, he did us a favor, though it’s doubtful he will get much credit for it. He highlighted an area where our nation needs to do way more. Phishing is a national epidemic, and we all need to worry about it. If leaders of the free world can fall for this scam, so can you.

What’s Phishing — & How Can I Avoid it?

Phishing emails spoof legitimate companies or contacts in an attempt to get the recipient to click on a fraudster’s link. As I wrote about in my book, Swiped, you can probably spot a phishing email in your sleep, and you would no sooner click on a link in an email about suspicious activity on your bank account than you would leave your wallet in a crosswalk in Times Square.

However, best practices often fly out the window when it comes to salacious material about our favorite celebrities. Think about it this way: As you wander in the darker alleys and backstreets of the internet, where the risks should outweigh all other considerations, are you willing to forego sensible web behavior when the likely outcome will be catastrophic?

The main threat is malware. You can expect it to wind up on your computer if you decide to search the less safe parts of the internet for material that was never meant for your eyes anyway.

It may be something simple, like code that turns your computer into a spam distribution center, or a more serious app that will record your keystrokes (including when you log in to your bank, email, social networking, brokerage accounts, or the gubernatorial back office). There’s no way to know what you’re getting yourself into. The best course of action is to use your imagination — or possibly even your sense of what should be off-limits. Malware leads to identity theft and worse.

If you tend to chase breaking news stories and like to download the ephemera related to them (eyewitness photographs, blog posts), you may want to do a malware scan of your computer.

As a matter of fact, this kind of scanning should be a part of your habit of monitoring your various points of contact with the outside world — your attackable surface — regularly for signs of intrusion. (You can also monitor two of your free credit scores for foul play every two weeks on Credit.com.)

The lack of cybersecurity acumen manifested in the phishing of a governor should serve as a cautionary tale for everyone. Unless you are never off your guard, it’s highly likely that you will get scammed. The solution to the phishing pandemic is nowhere in sight. Be careful because the light at the end of the tunnel could well be the headlight of a bullet train.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: EOSdude

The post The Vice President Got Phished — Are You Next? appeared first on Credit.com.

How Trump’s Immigration Policy Spurred a Deportation Scam

Here's how Donald Trump's policies could affect your money.

For those who thought President Trump’s stance on immigration was the gossamer of election year overpromising, it’s time to adjust that thinking. The administration last week unveiled plans to target all “removable” aliens. It is a staggering number of people: 11 million.

If I told you that Price Waterhouse blamed the envelope mix-up at the Oscars on a practical joke devised by Warren Beatty and provided a link to the story, would you click through? How about if I included a link to a picture of the actual card that made Oscar history?

Fake news is the scam artist’s stock in trade — whether we’re talking about the kind that our 45th president keeps talking about, or something that takes advantage of a trending story.

Scam artists work fast, often riffing off the daily news to build their improvised traps, but sometimes they rip their scams from the headlines and take them to the street. (You can monitor two of your free credit scores for signs of foul play every two weeks on Credit.com.)

That’s what happened last week in reaction to Trump’s immigration policy. Criminals were waiting in the wings to capitalize on it, which inspired thuggish stick-ups and made necessary a warning from the office of New York Attorney General Eric Schneiderman.

The alert was issued after raids were conducted nationwide by the U.S. Immigration and Customs Enforcement (ICE). According to reports, hundreds of undocumented immigrants were arrested. It was big news, giving rise to political indignation by opponents of the Trump doctrine and sparking fear among immigrant communities.

Almost immediately, the scams began. According to Schneiderman’s office, four men wearing ICE apparel stopped a man on a street off of Roosevelt Avenue in Queens. They demanded cash. When he refused, they told the man he would be arrested. In another incident that made the news, a man in the immigrant-filled Queens neighborhood was told to hand over $250 or be arrested.

It’s unclear whether the ICE apparel was legitimate or duplicated by the thieves.

ICE gear can be purchased online, but Sallycopshop.com, one purveyor of such apparel, said it requires proof of employment by the law force. (Two other online sites offering ICE gear declined to comment for this article or failed to respond before publication.)

“The customer must ship their work address and have an ICE government email address for items with badges or lettering on it,” a Sallycopshop.com spokesperson said in an email. “We do go through each order individually to validate the customer is a federal agent or officer.”

Although many images of the recent ICE raids feature real officers wearing jackets and body armor clearly marked “ICE,” an agency spokesman told me that ICE officers and agents work in street clothes.

“I’m going to guess there are special requirements for clothing that indicate an official law enforcement capacity,” agency spokesperson Khaalid Walls said.

Regardless of the methods, there are several scams immigrants worried about the specter of ICE arrests need to be on the lookout for. Here are the big three, along with some tips culled from Schneiderman’s recent warning.

1. Fake ICE Agents

The attorney general states that ICE agents will never ask for money or threaten detainment and do not have the authority to enter your resident without a court-issued warrant. If a purported ICE agent knocks on your door, be polite, but firm. The law’s the law. Ask to see badges, and if you still smell a rat, call 911.

2. Beware Phone Calls

Some criminals stay out of sight, preferring to make phone calls that amount to the same sort of “pay or don’t stay” shakedown. Anyone who has read my columns warning of IRS phone scams will recognize this modus operandi — and this next tip. Remember: Just because your caller ID says the caller is from the government doesn’t make it so. Phone numbers can be spoofed. Bottom line: Immigration will not ask for anything important over the phone — not your personally identifying information and not money. If “they” do, hang up.

3. Notario Scams

As Schneiderman’s office points out, notario can be a much bigger and better job in Latin America — with a lot more power — than “notary” connotes in the U.S. In Latin America, a notario is anyone who can perform legal services — including lawyers. Beware people who try to make bank on this linguistic misunderstanding. Whether the claim is to speed up an application or otherwise help you get legal status, be careful. Check credentials and ask for references. If you are met with hostility, say goodbye and find a reputable service.

There are more tips and information regarding common traps and shady practices that immigrants face on the Attorney General’s website, which directs New York residents to report potential fraud or other issues regarding immigration services to its Immigration Services Fraud Unit Hotline at (866) 390-2992 or via email at Civil.Rights@ag.NY.gov. Those outside New York can get in touch with the Federal Trade Commission and file a complaint in their state.

Here is the great irony: Trump’s push to arrest and deport “removable” immigrants has given rise to fake cops, sewing doubt about the immigration enforcement authorities in a way that echoes Trump’s constant refrain of “fake news,” which has dangerously destabilized the public’s trust in our media.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: ginosphotos 

The post How Trump’s Immigration Policy Spurred a Deportation Scam appeared first on Credit.com.

The Latest Way Fraudsters Are Abusing Personal Information

According to a 2016 report from the security firm ThreatMetrix, identity thieves are working a new seam in the identity theft gold mine: online lending.

According to a 2016 report from the security firm ThreatMetrix, identity thieves are working a new seam in the identity theft gold mine: online lending. There is an increase in attacks against providers of alternative lending products.

The reason online lenders have attracted this unwanted attention has to do with the niche they occupy. First, they typically offer smaller loans in the $2,000 to $5,000 range. They differentiate themselves in a crowded market by providing faster turnaround than traditional lenders. It is that speed that makes it an ideal transaction type for the commission of identity theft: Thieves use fake or stolen personal information to apply for funds they can get quickly — before the lenders or potential victims know what’s happened.

I know what you’re thinking: Really? And yes, I am sorry to say it — but very much so: Really. We’re talking about THIS again, because last year fraudsters were able to scam $16 billion from consumers. This is yet another example of how identity thieves abuse people’s personally identifiable information to the detriment of both consumers and businesses. That tells me that we need to keep talking about how to stop being such an easy target.

The New Normal?

There’s a question mark up there because unfortunately curiosity and disbelief are still the most common reactions consumers have when the conversation turns to identity-related crime. Personally, I would add that it boggles the mind people still question the prevalence of the identity theft scourge.

Here’s the deal: Your chances of getting “got” have never been better, whether it’s in a simple credit card fraud scam, a mind-rackingly complex attack on every available crumb of value to be had through the exploitation of your financial reach in the world, or this latest trend where identity thieves target online lenders.

Is it really the new normal? The answer: No, it is not.

There is, in fact, nothing new about it. It’s the plain old vanilla, 100% normal now. The trend began well over a decade ago. If I were being a stickler, the heading would say, “the mind-numbingly old but still not totally understood normal” or “the how can this still be something I have to write about normal.”

When it comes to identity theft, it’s all about your personally identifiable information being in the wrong hands and not so much about what you do to protect yourself. But before you throw your hands in the air and start singing like Madam Butterfly, keep reading.

What You Can Do

With tongue firmly in cheek, one thing you can do is read Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves (full and shameless disclosure: I wrote it, and it is now available in paperback).

Since the book came out last year, the problem has gotten much worse. In fact, 2016 brought a new all-time high, with an estimated 15.4 million U.S. consumers becoming victims in one stripe of identity-related crime or another. That’s up from 13.1 million the year before.

You can keep your information from being used by scammers by placing a freeze on your credit. This will make it impossible for anyone to utilize your credit without the authentication to thaw it (including you). In addition, you need to practice what I call in my book, The Three Ms:

• Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity.

• Monitor your accounts. Check your credit report religiously, keep track of your credit score, review major accounts daily if possible. (You can check two of your credit scores for free every two weeks on Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from financial services institutions and credit card companies or purchase a sophisticated credit and identity monitoring program.

• Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises — oftentimes available for free or at minimal cost through insurance companies, financial services institutions and HR departments.

It says somewhere in the Bible that the fastest runner doesn’t always win the race, and the strongest warrior doesn’t always win the battle. We learn in the same verse that the wise can go hungry and even the most talented among us can be dirt poor. If the scribes had lived today, they would have added that even the most careful among us can become victims of an identity-related crime.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: Ridofranz

The post The Latest Way Fraudsters Are Abusing Personal Information appeared first on Credit.com.

How to Make Sure Someone Doesn’t Steal Your Tax Refund

Identity thieves filed 787,000 fraudulent returns in 2016. Here's how to make sure it doesn't happen to you this year.

Americans taxpayers are too lax about identity theft, according to a poll from CyberScout.

A survey conducted by the data security and identity protection firm found more than half of Americans aren’t worried about tax fraud, despite federal reports showing identity thieves filed 787,000 fraudulent returns in 2016, which adds up to more than $4 billion in fraud.

The survey also found that only 35% of taxpayers ask their preparers to use two-factor authentication (which is stronger than a single password) to protect their information. On top of that, only 18% use an encrypted USB drive to save tax documents that contain sensitive information. When it comes to choosing a tax preparer, 50% of respondents said they chose their tax preparers online, didn’t screen them beforehand or weren’t sure how to evaluate a tax preparer at all. CyberScout said this puts consumers at risk of getting scammed. Finally, more than half (51%) of taxpayers expecting refund checks in the mail don’t use a locked mailbox.

These findings come from a nationally representative survey of more than 1,500 Americans aged 18 and over commissioned by CyberScout, using Google Consumer Survey.

“In tax season, it is crucial that everyone remain vigilant and on high alert to avoid tax-related identity theft or phishing schemes,” said Adam Levin, founder and chairman of CyberScout and author of “Swiped.” Levin is also the co-founder of Credit.com.

How Taxpayers Can Protect Themselves

Tax season is one of the busiest times for identity thieves, but there are steps taxpayers can take to protect themselves. Here’s what CyberScout recommends:

  • Use a password-protected Wi-Fi connection when filing your taxes. Use a long and complex password — not just for your Wi-Fi but also for any accounts you’re using during the tax-filing process.
  • Get your return via direct deposit. If you must receive a return check via mail, have it sent to a locked mailbox.
  • Ask your tax preparer to use two-factor authentication to protect your documents and personal information.
  • Use an encrypted USB drive to save sensitive tax documents.
  • Never give information to anyone who contacts you by phone or online claiming to be from the IRS. The IRS will never contact you this way.
  • Monitor your accounts and online identity for any signs that your identity has been stolen. For example, if you see a sudden, unexpected change in your credit scores, it could indicate your identity has been stolen. You can easily get a look at your credit by using our free credit report snapshot, which is updated every 14 days.

The IRS also keeps taxpayers updated on the latest scams on its website. In most cases, if it sounds too good to be true, it probably is. You can find some more tips for avoiding common tax scams here.

Image: jacoblund 

The post How to Make Sure Someone Doesn’t Steal Your Tax Refund appeared first on Credit.com.

3 Tax Scams You Need to Watch Out For

Becoming a victim of a tax scam is not only frustrating and expensive, it could get you in trouble with the IRS.

In the early 60s, Roger Maris and Mickey Mantle hit a remarkable number of home runs including a famous back-to-back four-bagger, which according to Yogi Berra was the reason he famously quipped, “It’s déjà vu all over again.” While spring training is still a few weeks away, we’re in the thick of a tax season, where legions of scammers are swinging for the back wall.

According to the IRS, there was a 400% increase in phishing and malware incidents during the 2016 tax season. With the April 15 filing deadline still feeling as far away as the Green Monster from home plate in Fenway Park, Yogi Berra’s other dictum — it ain’t over till it’s over — was never more true.

My book “Swiped: How to Protect Yourself in a World Full of Phishers, Scammers and Identity Thieves” goes into great detail about the various tactics cyber criminals use to lure you, but the most important thing you can do to keep yourself scam-free this tax season is educate yourself on the most prevalent risks out there.

As ever the best (yet pretty boring) advice is to file your taxes as early as possible. Tax-related identity theft is primarily aimed at grabbing your tax refund, and scammers are creative, sophisticated, persistent, and move very quickly once your information is in hand. Armed with your Social Security number, date of birth and a few other pieces of your personally identifiable information, which if you have been involved in a data breach (you can check here to see warning signs and view two of your credit scores for free on Credit.com) is likely available on the dark web, they are off to log on to motels’ Wi-Fi networks, bunny-slippered feet resting comfortably on coffee tables, furiously filing fraudulent tax returns online.

Here are some other things to bear in mind as the tax season is upon us:

1. Phishing

There is no bigger threat. Phishing was recognized as a word by the Oxford English Dictionary more than 10 years ago, which is the main reason I thought of Yogi Berra’s déjà vu quip. By now it is a home truth that there are phishers out there. Catfishing is a regular part of the popular imagination, and phishing emails hit our inboxes with the same regularity as the various promotional emails we get from retailers and media outlets.

Phishing emails take many forms, but they are most commonly pointed at getting enough of your personally identifiable information to commit fraud in your name (identity theft). They also commonly contain a link that places malware on your computer. These programs can do a variety of things (none of them good), ranging from recruiting your machine into a botnet distributed denial of service attack to placing a keystroke recorder on your computer to access bank, credit union, credit card and brokerage accounts to gathering all the personally identifiable information on your hard drive.

Here’s what you need to know: The IRS will never send you an email to initiate any business with you. Did you hear that? NEVER. If you receive an email from the IRS, delete it. End of story. Oh, and they will never initiate contact by way of phone call either.

That said, there are other sources of email that may have the look and feel of a legitimate communication that are tied to other kinds of tax scams.

2. The Criminal Tax Preparation Scams

You learned how to do homework in school for this reason: Not all tax preparers are the same and you must vet anyone you’re thinking about using well before handing over a shred of your personally identifying information. Get at least three references, check online if there are any reviews and call them.

Here’s why: At this time of the year, tax prep offices that are actually fronts for criminal identity theft tend to pop up around the country in strip malls and other properties and then promptly disappear a few days later. Make sure the one you choose is legit!

3. Shady Tax Preparation

Phishing emails may not be aimed at stealing your personally identifiable information or planting malware on your computer. They may be simply aimed at getting your attention and business through enticing (and fraudulent) offers of a really big tax refund. While these preparers may get you a big refund, it could well be based on false information.

Be on the lookout for questions about business expenses that you did not accrue, especially watching out for signals from your preparer that you are giving him or her a figure that is “too low.”

Other soft-cons of shady tax preparation include inflated deductions, claiming tax credits to which you are not entitled and declaring charitable donations you did not make. Bottom line here: We’re all connected these days, and chances are you will get caught, so just make sure you are working with someone who follows the instructions (yes, they’re complicated, and that’s why it’s not a bad idea to get help).

As Yogi Berra said, “You can observe a lot by watching.” Tax season is stressful without the threat of tax-related identity theft and other scams. It’s important to be vigilant, because, to quote Yogi all over again, “If the world were perfect, it wouldn’t be.”

Image: RonTech2000

The post 3 Tax Scams You Need to Watch Out For appeared first on Credit.com.

5 Ways to Avoid Getting Catfished This Valentine’s Day

Love hurts. Here's how to protect yourself from a hacker Valentine.

Did you hear about the guy from Bucksnort, Tennessee, who sent a catfisher his life savings after a steamy back-and-forth on a popular dating app? The amount lost: $4,395.45, which was the supposed cost of airfare and visa expedition for the victim’s true love to get from Kiev, Ukraine.

If you think you did hear about it, you’re mistaken, because I made it up. The reason I did that: Too many catfishing scams go unreported. As a result, awareness does not match the threat.

Not that long ago, online dating was viewed as a sad place where desperate people went to connect with other sad, desperate people. That is no longer the case. Any stigma attached to online dating is a thing of the past, with the Pew Research Center reporting that more than 15% of U.S. adults have used online dating sites or dating apps. A majority of Americans now say it is a good way to meet people. That said, the shame of appearing desperate remains, and that’s why catfishers often get away with their crimes.

It is not uncommon for military personnel to be targeted. A recent case involved members of Hamas creating fake Facebook profiles and luring Israeli soldiers with them. The goal there was much more serious than mere robbery: They were sending video chat links that contained a Trojan Horse virus that extracted contacts, locations, apps, pictures, and any files, and gave the hackers access to the camera and microphone on the victim’s computer.

How to Avoid Catfishing Scams

If you think you’re not susceptible, think again. You are. That’s the rule of the jungle. Those who never trust and always verify are the safest — though admittedly it might put a cramp in your online dating life.

Here are five tips for avoiding catfishers this Valentine’s Day from my book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.

  1. Beware of romantic interest from someone who says they can’t meet. He’s really American, but lives abroad right now (but is using an online dating site and contacting people in your city). Her phone got shut off. His webcam won’t work. Scammers always have a hundred arrows in their cupid’s quiver of reasons why you can’t meet them in person, talk on the phone, or even see them on a webcam, and they’re almost all disguising the fact that they’re using another person’s picture and a made-up identity to woo you. Before you let yourself get sucked into a whirlwind romance with a would-be Romeo or Juliet, make sure the person you think you’re falling for is more than just a few ghostwritten love letters and a model’s picture.
  2. Be suspicious of someone who always has emergencies. Once a catfisher thinks she or he has hooked a live one, they’ll test their mark to see how far they can push the trust they’ve worked hard to build. (It doesn’t hurt that this can play into their efforts to avoid actually having to meet, talk, or be seen.) But while having emergencies is a
fact of life, involving people who don’t really know you in them really isn’t — and asking for money to resolve them is really bad form.
  3. Never turn over personal information or pictures you wouldn’t want widely available. Maybe your new squeeze-muffin will suddenly ask for a credit card number to buy a plane ticket, inquire about where your bank is located, or request something like your Social Security or passport number. Maybe they’ll ask for pictures of you in compromising situations, or to engage in some racy video chats. While giving out your personal information is enough of an identity gamble, don’t ignore the increased risk of having your personal pictures or screengrabs used against you as blackmail by a catfisher out for more than just titillation.
  4. Don’t give someone money or help him or her access money. Alarm bells should start going off the moment any potential romantic partner asks you for even a smidge of financial assistance. His or her first request might be small — perhaps something to help take care of an emergency situation —but most catfishers quickly accelerate their requests for money. If you refuse to help, they might ask you to deposit a check or accept a wire transfer from a friend and pass the money along, but the money you’re supposed to get never really arrives or the check bounces, leaving you holding the bag.
  5. Never click strange links or download files you receive. Even the most heartfelt-seeming e-card can mask something more dangerous than an online-only romance: Weird links to unfamiliar sites or files you’re asked to download can contain malware or viruses that do more than just spam your computer with ads. You could end up with a keystroke logger on your system, which would allow the sender to see passwords to everything (including your checking account), or a virus that turns your computer into a botnet to launch attacks against other sites. If you don’t really know the person, don’t trust the file (and, sometimes, even if you do know the person, don’t trust the file).

If you do wind up giving your personal information to a scammer, be sure to monitor your credit for signs of identity theft. You can do so by viewing your free credit report snapshot, updated every 14 days, on Credit.com.

Remember, Valentine’s Day is a time to celebrate love. (You can go here to find more scams to watch out for as Feb. 14 approaches.) It’s a day to share your heart and your good fortune with those you love, not your personally identifiable information and your money with a hacker sitting on a mattress in a dark basement.

Image: AleksandarNakic

The post 5 Ways to Avoid Getting Catfished This Valentine’s Day appeared first on Credit.com.

The Issue With Nixing the Affordable Care Act That No One Is Talking About

Without a replacement, millions Americans will lose health insurance — and that creates a moral hazard. Here's how.

Never mind his crowd-favorite pledge to build the Great Wall of Mexico with a “big, fat door,” President Donald Trump’s cornucopia of campaign promises included many a forgettable vow. But you had to be whale-spotting from a lily pad on Loon Lake to miss the president’s pledge to repeal the Affordable Care Act (ACA).

What may not be as obvious is the effect that such a move could have on crime — specifically medical identity theft.

Promises are often downgraded to “ideas” post-victory, but now that Candidate Trump is leader of the free world, it’s time to revisit this major pledge. One of the first things our new president did Friday was sign an executive order urging his administration to fight the ACA.

The executive order has no teeth. It simply states the Trump administration’s position, and, sure, that carries with it all the heft brought to bear by the Oval Office. But what is worrisome for proponents of the ACA is that the executive order follows current legislative efforts in Congress to obliterate the centerpiece of President Barack Obama’s legacy. With a newly installed majority, Republicans are poised to dismantle the historic law that helped 20 million uninsured Americans get affordable healthcare. Most recently, in a 227 to 198 vote, members of the House approved a budget that would kill major provisions of the ACA.

“This is a critical first step toward delivering relief to Americans who are struggling under this law,” House Speaker Paul Ryan said last week.

It’s hard to say exactly how many Americans would lose their health insurance should Obamacare go away, since Republicans have yet to outline a plan to replace it. However, a recent study from the non-partisan Congressional Budget Office (CBO) found a straight-up repeal would leave about 18 million people uninsured the following year.

It goes without saying the majority of those affected will not resort to a life of crime in order to acquire healthcare. In fact, it is unlikely, but should Congress, in concert with the Trump administration, repeal the ACA without providing a viable alternative, the sheer number of uninsured people will create a moral hazard — crimes will become a possibility where they would not have been — and this can only result in an uptick in the medical identity theft numbers.

What Is Medical Identity Theft?

As I explain in my book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, medical identity theft is widespread, and potentially deadly.

While there is a long and sordid history of organized crime running healthcare-related scams whereby crooked doctors and garden-variety crooks team up to defraud insurers or get prescriptions for controlled substances that are then sold for recreational use, the theft of one person’s healthcare by another is a very real thing, and it can be life threatening.

Your medical records provide information that can be used in a variety of ways. For instance, once a criminal has your personal information and insurance details, he or she can use it, or enable another person to use it to gain access to the healthcare system in your name, and the result could be the contamination of your medical records with his or her co-mingled information.

Nothing is more dangerous than going to a hospital and having “your” medical records, as used by an identity thief or his/her “customer,” reflect an inaccurate blood type, medical history, or the existence or absence of certain allergies when you are receiving medical care, particularly in an emergency situation.

Another result of medical identity theft can be denial of service. If an impostor uses your insurance to gain access to healthcare, it can affect your own ability to access care: Many insurance plans have annual caps on certain types of procedures and treatments — and obviously no insurance company is going to pay for one person to have an appendectomy twice. An identity thief with access to your insurance could drain your coverage before you even know it’s happened and leave you in the lurch when you need it.

How to Prevent Medical Identity Theft

There are ways to defend against medical identity theft. Most involve proactive monitoring of your medical files. Many larger medical providers permit you to review your medical records by way of a secure website. If your doctor doesn’t offer such a service, you should sit with him, her or their staff at least once per year and review your files to confirm their accuracy. In addition, you should intently review any correspondence you receive from your health insurer, particularly Explanation of Benefit Notices, which will be the most immediate way to discover theft of services.

You should also review your credit reports at least once a year at AnnualCreditReport.com to make sure that all information is accurate. If you notice anything involving medical debt or a collection relating to a medical bill that is news to you, confirm its accuracy and that it’s not an indication you are a victim of medical identity theft.

You might also wish to keep track of your credit scores. Any sudden, unexplained drop could indicate a problem, and that issue might stem from medical identity theft. (You can view two of your free credit scores, updated every 14 days, on Credit.com.)

As for threats to the ACA, nothing has happened … yet. Lawmakers are still trying to figure out how to approach their stated goal of repealing Obamacare, and it won’t be easy. If you have concerns, you can call Speaker Ryan and other lawmakers who have vowed to do away with the ACA. As for the stated goal of repealing the ACA: An ounce of caution may be worth a pound of cure.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: PeopleImages

The post The Issue With Nixing the Affordable Care Act That No One Is Talking About appeared first on Credit.com.

How Secure Will ‘The Cyber’ Be Under Trump?

Here's why we need the CFPB to protect us from identity theft and maintain our cyber security.

I have to admit that when President-elect Trump uttered “the cyber” during the first presidential debate, I was right there with the tech community in the collective eye-rolling that followed. “The Cyber” memes were born, along with real concern about the candidate’s grasp on cyber security, and with the recent announcement of former New York City Mayor Rudy Giuliani as the cyber czar, those concerns multiplied.

The seeming “miunderestimation,” or possibly anti-comprehension, regarding something so crucial to national security may not on the surface seem like a consumer issue, but it is.

Our nation’s approach to cyber security at this juncture — beset by hostile state-sponsored attacks on our electoral process, expertise and secret information grabs from major industries and the federal government, and ransomware attacks —is a matter of the utmost urgency, and the President-Elect has said as much to his credit.

But Mr. Trump’s response can’t be just a marketing move or a branding opportunity — things he gets. There must not be merely the appearance of change — commissions talking and debating endlessly with little to show for it. There must be actual boots-on-the-ground solutions — now. Unfortunately, I don’t think that’s what will happen.

The Consumer Financial Protection Bureau specifically comes to mind—our nation’s most successful boots-on-the-ground agency — if Mr. Trump does as many are predicting he will do, and makes it yet another piece of President Obama’s dismantled legacy.

The CFPB was an important accomplishment of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. The agency is charged with protecting consumers from the predatory financial practices that brought about the economic meltdown of 2007 to 2008, and to watch out for signs of future trouble. The CFPB has the power to ban financial products deemed “deceptive, unfair or abusive” and to impose penalties on companies that take advantage of consumers.

Barring a judicial miracle, the current CFPB director Richard Cordray is almost certainly going to receive one of Mr. Trump’s signature “You’re Fired” communiqués. (Interesting side note, our President-elect doesn’t own that trademark.) Worse, an anti-CFPB former Texas Congressman, Randy Neugebauer, appears to be the leading candidate to get the job.

Among other things, the Distinguished Gentleman from Texas thinks payday lenders are too roughly treated by the CFPB and that all business contracts should contain mandatory arbitration clauses (barring class action suits). He also thinks that the CFPB should be headed not by a single director, but by a commission of people from both sides of the aisle. Those of us who support the CFPB believe that this would diminish the agency’s ability to go after dangerous practices that harm consumers in a timely and effective way.

The Trump transition team did not respond to a request for comment regarding it plans for the CFPB and/or Cordray.

This Is About Appointing the Right People

It was reported last week that the cyber security czar role in the Trump administration will fall to the President-elect’s close associate and campaign stalwart, former New York City Mayor Rudy Giuliani.

There is a connection here between what appears to be afoot at the CFPB and the next administration’s approach to cyber security — both represent bad decisions based on a basic incomprehension of what is at stake and what needs to happen next. The CFPB works, specifically the single-director approach. Instead of hiring an opponent of the agency to presumably dismantle it, we should be using it as a model to create a single-director federal agency that emulates the CFPB to oversee cyber security.

As it stands, Mr. Giuliani will be bringing together experts working on cyber security solutions and business leaders who are targeted by hackers from the energy, financial and transportation sectors. The next step that is missing here is a government agency that can fine entities that do not meet the threshold for cyber security best practices— mandated employee education, maintaining technology and tools, hiring experts — practices that the agency would determine and set as a standard. (You can learn more about how to protect yourself from cyber threats like identity theft here and monitor two of your free credit scores for signs of foul play every 14 days on Credit.com.)

In a recent interview, Mr. Giuliani said of the President-elect, “He’s going to elevate this to a very large priority for the government — and I think by doing this, he’s trying to elevate this as a priority for the private sector.”

As the Christian Science Monitor’s Passcode noted, quoting the former NYC mayor, the idea here is pretty simple: Trump will go straight to the public to “educate people on how important [cybersecurity] is, even to the point of their own personal protection.”

That is a fantastic idea that everyone should applaud. Whether the user is in the Pentagon or logging onto a free Wi-Fi network, our cyber security too often comes down to an individual clicking or not clicking on a malware-laden link or falling prey to some other security pratfall.

That said, any agency dedicated to cyber security would need to work closely with the military and intelligence communities, and would also have to focus its resources on real solutions to the dangers we face, many of them extinction-level threats. The person running it would have to be at the cutting edge of cyber security best practices.

When the news came down of Mr. Giuliani’s cyber czar role, experts almost immediately hit Twitter with reasons this was a bad idea. (Mr. Trump’s transition team also didn’t respond to request for comment regarding this choice. Guiliani was not readily available for comment either.) As happens, the cyber security community took a look at the website of Giuiliani’s cyber security company, giulianisecurity.com. They found serious problems, including expired SSL, no https and an exposed CMS login, to name a few. You don’t need to know what these things are, but the cyber czar sure does. There can be no “oops” in his or her record.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: DeanDrobot

The post How Secure Will ‘The Cyber’ Be Under Trump? appeared first on Credit.com.