No, Equifax Is Not Calling You. Watch Out for Scam Phone Calls After the Data Breach

Source: iStock

Less than a week after the Equifax data breach was made public, it seems scammers are already looking for opportunities to prey on concerned consumers.

The Federal Trade Commission posted a scam alert Thursday warning consumers to not give their personal information to anyone who calls and claims to be an Equifax representative. Over the summer, hackers breached the Atlanta-based credit bureau’s database and accessed the personal information of about 143 million consumers, including sensitive information like Social Security numbers.

But Equifax is not calling those affected by the breach, so if you get a phone call from someone saying they represent Equifax and want to verify your account information, the FTC advises you hang up. It’s ironic, in a way, to target victims by posing as a concerned Equifax representative. The company has been criticized widely for its sluggish response to the breach, which occurred sometime between mid-May and July but wasn’t discovered until July 29 and wasn’t announced until more than a month later.

In response to the security failure, the House Committee on Energy and Commerce has demanded Equifax answer several questions about the breach, including why the company put off announcing the breach for so long. Equifax has until Sept. 22 to respond to the committee’s questions, and the committee plans to hold hearings on the breach in September or October.

In a company statement, Equifax CEO Richard Smith said the breach was a “disappointing event.”

“Confronting cybersecurity risks is a daily fight,” he added. “While we’ve made significant investments in data security, we recognize we must do more. And we will.”

In the breach, people’s Social Security numbers, dates of birth, addresses, and other personally identifiable information (PII) were compromised, so it’s understandable you’d be worried and are looking for help.

Here’s what you can do to take control of protecting your identity.

Assume you’re affected

While you can go to Equifax’s website and go through a multistep process to see if your information has been compromised, you can also just assume someone has their hands on your personal information. (It’s also worth noting the Equifax site reportedly isn’t reliable for telling you if you’re affected, and many consumers have reported the site is slow to load or doesn’t load at all.) Even if you weren’t among the 143 million whose personal information was compromised in this breach (and the odds aren’t in your favor), chances are it has been or will be in a breach at a different company or organization. With that in mind, you’ll want to focus on how to detect signs of identity theft and how to respond to them.

Monitor your credit

Equifax responded to the breach by offering free credit and identity monitoring to everyone — not just those affected — for a year through TrustedID Premier. You must go to equifaxsecurity2017.com to enroll, which requires entering your last name and the last six digits of your Social Security number. You’ll then be given an enrollment date, which may be several days after you start the enrollment process, at which point you can return to the site to continue enrollment. You’ll need to set a reminder to continue the process, as Equifax won’t send you a notification when it’s time.

You have many other ways to find out if someone has misused your personal information. Several companies offer free credit scores — Credit Karma, Discover, Capital One, Mint, LendingTree (our parent company), etc. — either to everyone or to their customers. To help you choose, we put together this guide to getting your free credit score. Credit Karma also offers a free credit monitoring service, and Discover cardmembers can sign up for alerts when their Social Security numbers are detected on suspicious websites. You can also pay for credit monitoring services from a number of providers, including the three major credit bureaus Equifax, Experian and TransUnion, as well as credit scoring giant FICO.

Consider a credit freeze

You can also freeze your credit so no one, not even you, can apply for new credit using your information. If you do this, you have to initiate a freeze with each of three major credit bureaus, as well as “thaw” each report when you want to apply for a new credit account. Every time you freeze and thaw your credit you may be charged a fee, which varies by state. This only protects you from credit fraud and does not prevent things like taxpayer identity theft, criminal identity theft, medical identity theft, and insurance identity theft.

On Sept. 15, Equifax announced it is waiving the fee for removing and placing credit freezes on Equifax credit reports through Nov. 21, 2017. Anyone who paid for an Equifax freeze at or after 5 p.m. EDT on Sept. 7 will receive a refund, the company said.

Have a plan for responding to identity theft

One of the best ways you can prepare for identity theft is to detect it early. After that, you need to know how to resolve it. You can do this yourself by filing a police report, disputing fraudulent accounts on your credit reports, and making the phone calls necessary to correct any problems stemming from the fraud. Or you could pay someone to help you with this time-consuming task. Check with your employer to see if they offer identity theft insurance or identity theft resolution services as an employee benefit, and if not, consider paying for it.

We’ve rounded up the best identity theft resolution services here.

More than anything, remain calm as you sort through the fallout of this breach. Focus on making a plan for protecting yourself from and responding to identity theft and making sure you only deal with trustworthy service providers.

The post No, Equifax Is Not Calling You. Watch Out for Scam Phone Calls After the Data Breach appeared first on MagnifyMoney.

How to Donate to Hurricane Relief Without Getting Scammed

 

iStock

When natural disasters strike, Americans pour in money and support to help the victims.

But while relief efforts are uplifting, they come with a caveat for anyone looking to contribute: How can you give money safely and securely to people who need it most?

Fundraising scams and fake charities often show up after hurricanes and other disasters. These practices aren’t new either — less than six months after Hurricane Katrina hit the Gulf Coast in 2005, the FBI had opened 100 investigations into fraudulent fundraising sites.

“After disasters like this, we do often see more organizations popping up, and it does take some time if there are scams out there to identify what they are,” says Katelynn Rusnock, the advisory system manager for Charity Navigator, an independent charity watchdog organization. Based in Glen Rock, N.J., Rusnock specializes in communicating potential wrongdoing found within charities.

So how can you make sure you’re not donating to a fake organization? Here are five ways to avoid fundraising scams.

Make sure the charity is legitimate with charity tracking sites

Learn about the organization before you give away any of your money, Rusnock recommends. Charity Navigator, and similar sites such as CharityWatch and GuideStar, maintain up-to-date listings of registered nonprofits, which you can use to check whether or not an organization is legitimate.

When in doubt, Rusnock suggests giving to larger nonprofits that have contributed to previous major disasters.

“Larger organizations that often respond to disasters are usually fairly equipped to deal with these types of things,” she says. “They have the teams with the expertise, and they’ve got the experience to do this well.”

Look up their employer identification number on the IRS website

You also can look up charities by checking their employer identification number (EIN), which will show if they’re registered with the Internal Revenue Service. Rusnock says you should be able to find this number on an organization’s website, and recommends asking them directly if it isn’t readily available. To help verify these groups, the IRS has created a tool on its website for searching charities by their EIN.

Check scam alerts from the Federal Trade Commission

Additionally, the Federal Trade Commission frequently updates a list of scam alerts so you can stay aware of recently reported groups.

The FTC reports that a flood insurance scam is already proliferating in the wake of Hurricane Harvey. Homeowners and renters get robocalls telling them their flood premiums are past due and that they need to submit a payment in order to get relief from their insurer.

You can sign up to get scam alerts sent directly to your email.

Beware of fake social media fundraising

While social media can be a helpful source of information about ways to give, and seeing friends talking about donating online can make it seem like an enticing option, it’s also unregulated and can be exploited by scam artists and phony nonprofits.

In times of heightened need, scammers using fake Facebook accounts and Twitter bots to post spam or malware links can be some of the biggest offenders.

Phishing is also a common concern, according to the United States Computer Emergency Readiness Team, a division of the Department of Homeland Security. Fraudulent organizations may send out emails or texts asking for direct donations or personal information, which are often attempts to steal a person’s identity. You should avoid giving out personal information or clicking on links from unknown sources.

Look out for red flags, like requests for payment via wire transfers

It’s also smart to be conscious of how a charity wants you to donate. In the FTC’s guide for avoiding fundraising scams, the organization warns that groups asking for payment in cash or through a wire transfer are more likely to be fake. Additionally, charities that offer to send an overnight courier to collect money, or use other tactics to pressure you to act quickly, are usually worth avoiding.

To combat this, Rusnock says it’s best to give directly to the charity through their own website, as opposed to using outside channels, such as social media or emails, that may or may not be associated with the organization.

Crowdfunding could be deceitful, too. According to the Better Business Bureau, campaigns on sites such as Kickstarter and Indiegogo can be unreliable, as it’s hard to determine whether or not a source is trustworthy or not. Still, there are some reliable ways to use these services, and GoFundMe has even set up an official page specifically for Hurricane Harvey relief and for Hurricane Irma relief. GoFundMe also offers to refund customers if they find out their donations weren’t used as promised.

Once you choose a legitimate charity, Rusnock suggests sticking with the organization. While many people tend to only donate immediately after a disaster strikes, she recommends signing up for recurring payments, or checking back in with the organization months after your first donation to learn about their current needs.

“A lot of people want to go out and donate after this happens, but we encourage donors — if they’re able to — to continue to support that organization even once the crisis is no longer in the news,” Rusnock says. “Oftentimes the charity is still responding long after attention has shifted away.”

 

The post How to Donate to Hurricane Relief Without Getting Scammed appeared first on MagnifyMoney.

How to Avoid Scams in the Wake of the Storm

High angle view of credit card with security lock on computer keyboard. Computer keyboard is in full frame position, defocussed. Focus on lock. Horizontal composition. Image developed from RAW format.

You’ve seen the dramatic footage of rescues and calamities, shots of stranded families, pets, and wildlife—even giant carp—and you’ve probably had the same reaction many other Americans had the past few weeks: “How can I help?”

There are myriad ways you can ease the suffering and hardship being experienced in the wake of Hurricane Harvey, but there are also a number of pitfalls to watch out for.

It is quite easy to fall prey to scam artists who come out in full force whenever a disaster of this magnitude occurs. In fact, the National Center for Disaster Fraud (NCDF) was instituted after Hurricane Katrina with a mission to hold post-disaster scam artists in check.

“Unfortunately, criminals can exploit disasters, such as Hurricane Harvey,” a recent NCDF release warned. These criminals have one goal: to get rich (or less poor) quick by sending crooked communications—and it doesn’t matter if it is via SMS, email, social media, or fraudulent websites designed to solicit contributions.

Several state attorneys general have sent out similar communiqués over the past week. If you want to help but are worried about scams, we’ve outlined best practices for you here.

What to Avoid

There are many ways a scam can go down. It’s worth bearing in mind that, just as you go to work, these criminals are also “going to work”—but their job is conjuring up new and ingenious ways to garner ill-gotten gains.

Phony Websites: One ploy that happens every year is in connection with the annual registration of storm names. Each spring, when the National Weather Service announces the roster of storm names, phony websites are registered using those storm names. These are hedges. Should the particular storm occur, the scammer is ready with a website purporting to collect relief funds—but in this case, it is relief from the criminal’s unbearable urge to separate you from your money, and, worse, your desire to help.

Crowdsourcing: Another common ploy is the GoFundMe page. Sometimes these pages are legitimate, but it’s up to you to do the research to figure that out. Crowdsourcing sites like GoFundMe provide you with the means to communicate with the organizer requesting funds, and you should always do so before donating.

Just because you saw the story of a particular person’s horrendous plight on the news doesn’t mean the GoFundMe campaign is legitimate. Scam artists saw the same segment. If you have any questions about a particular page, you should contact the crowdsourcing site directly in addition to the organizer of the campaign that you’d like to help.

Email Appeals: Do not reply to email appeals. Don’t do it if it’s an organization that you’ve given money to over and over. Don’t do it even if it’s your mom. Just don’t do it. The chances that you’re being baited into a phishing scam are high. It’s easier and safer to delete that message and type the URL of whatever charity is making the appeal into a securely connected internet browser instead.

The same goes for emails that link to images of a storm’s aftermath. Do not click those links.

Forwarded Emails: Never click on links emailed to you about big news events, even if they come from friends or family, unless you confirm with the sender that they actually sent the link. But, even then, be wary. They may just be forwarding a malware-laden email they received from someone they thought they knew (who was a scammer masquerading as the person they thought they knew). Email accounts can be spoofed, and any identity thief worth their salt can quickly and easily scam you using this method.

Never forget, if a scammer can get you to click on the right malware, they can drain your bank accounts or available credit, open accounts in your name, take advantage of your access to health care, divert your tax refunds, or commit other crimes in your name.

It’s also important to watch out for relief-related fraud. There have been multiple reports of people impersonating FEMA inspectors, insurance inspectors, and representatives of the National Flood Insurance Program. These impersonators perform another form of fraud—filing claims for relief money in your name.

Better Bets

If you’re looking for vetted places where your money will do the most good, there are many legitimate sources of information about helpful organizations.

If you see a story that interests you, get in touch directly with the organization or person featured. In our connected society, this is almost always possible, and it cuts out the risk of “getting got” by someone in the middle looking to take your money and run.

Before you submit your payment, make sure the charity you selected can actually deliver relief to victims. There are legitimate charity efforts that simply cannot deliver, often due to a lack of on-the-ground resources. Check to see if the charity you’re interested in already has operations in place, and if they don’t, find one that does.

If you’re worried you may have been the victim of identity theft or credit card fraud, you’ll want to check your bank accounts and credit reports regularly for suspicious activity. You can check your credit report for free at Credit.com.

Image: Ismailciydem

The post How to Avoid Scams in the Wake of the Storm appeared first on Credit.com.

The Truth About ‘Obama Student Loan Forgiveness’

Source: iStock

The average 2016 college graduate carries $37,000 worth of student loan debt today according to an analysis of student loan debt by Mark Kantrowitz, publisher of Cappex.com. Kantrowitz tells MagnifyMoney he expects that number to rise for 2017 graduates.

It’s no wonder that those drowning in debt can get desperate. And scammers have come up with a clever way to dupe these borrowers into spending money on services that promise to erase their debt. One of the most popular student loan scams today involves companies that charge borrowers to sign up for the so-called “Obama Student Loan Forgiveness” program.

The only problem is that there is no such loan forgiveness program.

The truth about “Obama Student Loan Forgiveness”

So-called student “debt relief” companies use “Obama Student Loan Forgiveness” as a blanket term for the various flexible federal student loan repayment programs implemented over the last decade by the Bush and Obama administrations.

What they don’t tell unwitting consumers is that these programs, which include income-driven repayment plans and Public Service Loan Forgiveness, among others, are free to borrowers and do not require paying for any special services in order to enroll.

Promising relief to indebted college graduates, these companies lead people to believe that enrolling in these programs requires special assistance — which they may offer for a sizable upfront fee and/or recurring monthly payments. Rather than getting the help they need, borrowers are duped into paying for something they could easily accomplish for free with a simple phone call to their student loan servicer.

While there are multiple ways you can get scammed by debt relief companies claiming to offer you “Obama Student Loan Forgiveness,” there are some red flags that can help you spot a scam.

6 ways to spot a student debt relief scam

It’s important to note that it’s not illegal for a company to charge a borrower to enroll them in a program that’s free to them. These companies are arguably taking some of the work out of getting enrolled, even if that “work” could easily be accomplished with a phone call to your student loan servicer.

Nonetheless, some debt relief firms take things a bit too far, and it’s important to be aware of scams out there. After all, student loan forgiveness scams are really only one part of a broad range of debt relief scams. Debt relief scams share many of the same qualities and employ similar tactics to mislead consumers into paying for their services.

Here are some red flags to watch out for:

  1. They ask for fees upfront. By law, debt relief services are not allowed to ask for payment until they have performed services for their customer. A legitimate debt relief service may ask for a fee upfront, but they will place that payment in an escrow account, and they will not officially receive the payment until they complete the work.
  2. They charge fees for free government services. This one is a bit tricky. So long as a company makes it clear that it is possible to gain access to a government debt relief program for free, it’s not illegal for them to charge consumers for their help in enrolling in those programs. However, the worst actors out there will keep that information to themselves, leading consumers to believe they need to pay a professional for access.
  3. They claim to be affiliated with the U.S. Department of Education. The Department of Education, which manages the federal student loan system, does not partner with any debt relief services. Any company claiming to be associated with the Department of Education is a scam.
  4. They “guarantee” that your debt will be forgiven. Services will try to entice customers by promising total loan forgiveness or a reduction in their student loan payments. But monthly payments for borrowers enrolled in federal student loan repayment programs are established by law and cannot be negotiated. Also, the legitimate loan forgiveness programs out there usually require making payments for several years, and there is no company that can promise loan forgiveness unless you meet those payment requirements first.
  5. They advertise “pre-approval” for debt relief programs. There is no “pre-approval” for federal income-driven repayment or loan forgiveness programs. They are free for borrowers, and so long as your loans are in good standing, it’s a matter of the types of loans you have when you took them out that qualifies you for the different programs. To see if you qualify for a given program, contact your loan servicer directly.
  6. They offer to make your student loan payments for you. You should be the only person submitting payments to your loan servicer. The Department of Education has contracted these loan servicers to manage federal student loans, and loan payments should be made directly through their websites. Never send your payment to a debt relief firm, even if they promise to pay your loans for you. The exception here is if you’re working with a debt relief firm to settle a debt with a lump-sum payment. In that case, they are legally required to hold your cash in an FDIC-insured account until they officially settle the debt. And if their client decides they no longer want their services, they have to return the funds to them in full.

Do your due diligence before working with any debt relief service, by keeping an eye out for these red flags, as well as checking sites like the Consumer Financial Protection Bureau, the Federal Trade Commission, or the Better Business Bureau for complaints against the company.

What to do if you’ve fallen for a student debt relief scam

If you’ve been scammed by a debt relief company, there are certain steps you need to take to prevent further financial damage. However, know that it is possible you may never get your money back.

Submit a complaint to the Consumer Financial Protection Bureau and the Federal Trade Commission. Reporting scams, can not only help others from losing their money, but if an investigation by the CFPB or FTC results in suit and judgment, then the debt relief company may be required to issue refunds, cease business, and ensure borrowers do not miss out on important repayment benefits.

Track your credit reports with all three credit bureaus to ensure your personal information is not used fraudulently. You can get one free credit report each year at annualcreditreport.com or use these free services to monitor your report for suspicious activity. If you fear a debt relief scammer has your Social Security number and other financial information, you might want to consider a credit freeze. That will stop anyone from being able to open a new line of credit without you knowing.

Contact your loan servicing companies and have any power of attorney authorizations removed. Some companies will ask borrowers to give them power of attorney so they can negotiate directly with their loan servicers. You don’t want to leave any company with this privilege because they will be able to make decisions about your loans without you knowing.

Contact your bank or credit cards to stop payment to the debt relief company and see if they can work with you to try and get your money back. It is common for debt relief services to charge monthly recurring fees for their services.

Change your Federal Student Aid password. Every federal student loan borrower has a unique login for the https://studentloans.gov site, where you can track all of your federal loans. If you gave a company your FSA information, consider that information compromised and change your FSA password immediately.

9 Legitimate Student Loan Forgiveness Programs

While there is no such program called “Obama Student Loan Forgiveness,” there are several legitimate student loan repayment programs that offer student loan forgiveness.

These programs have a wide range of requirements and payment terms, some as short as five years, others as long as 25 years, and can be available based on the types of federal student loans you have as well as your chosen career.

In addition to loan forgiveness programs, there are programs that offer loan repayment assistance or loan discharge. How much can be discharged and the amount of repayment assistance varies greatly depending on the program.

9 examples of legitimate loan forgiveness programs, loan repayment assistance programs, and loan discharge programs

What to do if you can’t afford your student loan payments

If you are struggling to afford your student loan payments, there are some actions you can take to ensure your loans remain in good standing and you avoid a default that could negatively impact your credit score.

Enroll in an income-driven repayment plan

If you are unable to afford your current payment, you can apply to change repayment plans. For example, if you are on a Standard Repayment Plan for your federal student loans, you could request to enroll in an income-driven repayment plan. If you are already on an IDR plan and your income has changed significantly, you can request to have your payment amount recalculated.

Ask for a deferment or forbearance

If you are going through a temporary financial hardship, you can ask your loan servicer to apply a deferment or forbearance, which would not require you to make payments during the deferment or forbearance. While both a deferment and forbearance offer you relief from making payments, with a forbearance you will be required to eventually pay back the interest that accrues during that time. Also, it’s important to note that while you are in deferment or forbearance, you aren’t making payments, which means you might be missing out on forgiveness programs like PSLF if you are working in public service or for a nonprofit.

Consider refinancing or consolidating your loans

Refinancing involves taking out a new loan from a private lender and using that loan to pay off your old loan. The pros of refinancing include a reduced interest rate and the ease of having just one payment. If you refinance a federal student loan, you will lose all of the benefits that federal student loans offer.

Alternatively, you could consolidate your federal loans. A Direct Consolidation Loan combines all your loans using the average weighted interest rate into one loan. So instead of dealing with multiple loan servicers and multiple loan payments each month, you only have one student loan payment to make each month. You can apply for a Direct Consolidation Loan at no cost through the government’s Federal Student Aid website.

Work with your loan servicer

If you have private loans, your lender may not offer as many repayment options as federal loans. Reach out and work with your lender anyway. They may offer a financial hardship program that would lower your payments. Your loan servicer would much rather work with you to ensure they get paid.

Consider bankruptcy if you can pass the “hardship test”

While it is highly unlikely you will be able to discharge your student loans in bankruptcy, it isn’t impossible. You must either show that your loans would impose an undue financial hardship that will not go away or that the loan was not a qualified student loan in that it did not fit the definition or was in an amount that exceeds the school’s cost of attendance. An example of where this argument has been successful would be a private bar loan, a loan taken out to cover the expenses of taking the bar exam.

The post The Truth About ‘Obama Student Loan Forgiveness’ appeared first on MagnifyMoney.

Is Your Gym Exposing More Than Your Abs?

The gym is a great place to burn off steam — and to get scammed.

When Apple announced a serious hardware flaw last week, and the critical security patch that addressed it, my first thought was perhaps arbitrary: “That exploit would work at the gym.” My next thought: what else would?

The discovery of a zero-day exploit affecting hardware—specifically a WiFi chip embedded in the main processors of Apple devices—was serious news. The vulnerability makes it possible for a hacker within range to “execute arbitrary code on the Wi-Fi chip.” A similar vulnerability was announced and patched on the Android platform earlier in the month.

The gym is often seen as a safe space to burn off steam, clear your head and boost your heart rate but it can also be dangerous. The gym stores a lot of personal information and is filled with strangers in close proximity to one another. Because of this, it’s important to think about more than building physical strength — building cyber strength is crucial to making yourself a harder target to hit.

The gym is often seen as a safe space to burn off steam, clear your head and boost your heart rate but it can also be dangerous. The gym stores a lot of personal information and is filled with strangers in close proximity to one another. Because of this, it’s important to think about more than building physical strength — building cyber strength is crucial to making yourself a harder target to hit.

Here are a few things to make your next trip to the gym as scam-proof as possible.

How Is Your Personal Information Stored?

Your gym can require and request a ton of personal information: your Social Security number, driver’s license number, credit and banking information, your home address, and in some cases your medical or health information. When in the hands of the wrong person, this information can lead to identity theft and major breach of privacy.

Your job is to reduce your attackable surface and watch out for scams.

The first question you should ask is how your information is stored, and who has access to it. Don’t accept a vague answer unless it is the correct answer. “I’m not sure,” might indicate an ill-informed point of contact at the front desk or, worse, a total lack of data security. Don’t be surprised if everyone who punches the clock at your gym has access to your information.

Because of this, it’s important to think about what kind of information your gym has and why they need it. Try to limit what information they get, even if it is “required.” While the gym needs to identify you, they don’t need much data to do that. It’s your job to give them the bare minimum they need.

Juice Jacking

Be wary of charging your devices at the gym. Simply plugging your phone into the wall can make you vulnerable to juice jacking, a cyberattack where a charging port does double duty as a data connection that either steals user data or downloads malware to steal it at a later time.

Though it seems unlikely, if your gym’s owner isn’t up to date with scams, the gym may unwittingly allow a hacker to install a data-stealing kiosk for members to use.

Always pay attention to phone pop-ups. Both Apple and Android now have stopgaps to avoid juice jacking exploits, but the warning screen can be distractedly tapped away and ignored, thus opening the door to an intruder.
If you want to reduce the risks while charging your devices at the gym, look into USB cords without data transporting cables. You can also make juice jacking impossible by using the AC adapter your device came with or a back-up battery device.

Public Wi-Fi

Here’s another way your devices can leave you vulnerable to attack. Signing on to your gym’s public Wi-Fi can be risky — such is the case whenever you log on to a public Wi-Fi network. Another thing to remember: Hackers may not always ask for the gym owner’s permission to set up the Wi-Fi network that’s labeled with the gym’s name.

In addition to the fake Wi-Fi set up, there’s the threat of a man-in-the-middle attack. This attack can secretly alter the communication between two parties and even lead to eavesdropping by an unknown third party.

If you are going to log on to the Wi-Fi at your gym, always look for HTTPS in the address and the green lock near the URL of the sites you visit and think long and hard before visiting destinations like banks, credit cards and the like that require or provide access to sensitive information.

Remember, if you ever have any suspicion your information has been compromised, always contact your credit card providers ASAP. It’s also helpful to check your credit for any sudden changes (You can get a free credit report snapshot at Credit.com) While knowing the latest threats out there, and utilizing security updates the moment they are issued is great and absolutely necessary, it’s important to bear in mind that there is no anti-fraud silver bullet. Gyms are neither better nor worse than anywhere else when it comes to data security practices, but they are definitely places where you can be harmed.

If you assume your information is vulnerable, at the gym or anywhere else, and you take the effort to limit your data exposure and minimize your attackable surface, you have the best shot at staying in good shape. If you do find a security problem at your gym, maybe it’s time to demand solutions. At the very least, if you see something, say something. And if you’re really worried, find a new gym that practices better cyber and data hygiene.

Image: BraunS

The post Is Your Gym Exposing More Than Your Abs? appeared first on Credit.com.

Can Your Adopted Pet Expose You to Fraud?

Unfortunately, pet ownership can also make you a target for phishers, scammers and identity thieves.

Pet ownership has definite upsides. You get companionship and exercise and the satisfaction of doing a good deed. Plus, people who own pets live longer. Unfortunately, pet ownership can also make you a target for phishers, scammers and identity thieves.

The Vector du Jour

With 65% of U.S. households including pets (and an estimated $60 billion in spending on them), pet owners represent persons of interest for scammers.

The focus here is on a nearly universal practice: microchipping.

When a pet is adopted, it almost always comes with a microchip implanted at the back of the neck between its shoulder blades (or on the left side of the neck among European rescues). The chip is the size of a grain of rice, and it includes a 10-digit number that has been registered to the adopter. With more than 94% of dogs coming by way of either rescue and/or adoption according to the Humane Society, this is a fertile field for fraud .

These microchips can aid in the return of a lost animal, but are far from a perfect solution. In fact, a study published in 2012 by the American Society for the Prevention of Cruelty Toward Animals found that after searching the neighborhood and having the pet return on its own, microchips were the most common way pet owners were reunited with their owners. In a study published by the Journal of the AVMA, research revealed that only 22 percent of lost dogs entering shelters were returned to their families. That percentage rose to more than 52 percent when a dog was microchipped.

So there is an argument for microchipping. Because there is no unified database for these microchips, a found pet may be on any number of registries, which is good news from the standpoint of crime prevention, because scam artists can’t just pet-nap an animal, scan it, and contact the owner to collect a ransom. (That said, this scenario is theoretically possible. A universal microchip reader can be purchased by anyone.)

Public-Facing Data Is Risky

Many microchipping companies recommend that you provide your mobile phone number. It makes sense on the pet recovery side of things, but none at all on the protecting yourself from scams side—mobile numbers are fast becoming our new Social Security numbers.

The basic mechanism of the scam is simple, and you should be wary of it. You will either get an email (which you provided information to the registry) or a text (to the mobile number you provided), and it will include your pet’s name and some issue that needs your attention. Maybe your dog license is expired. It could be anything. The point is that with your personal information out there in a public-facing database, you’re ripe for the picking. It’s a scam waiting to happen, and you have provided the means of your own victimization by doing the right thing by your pet.

If you have replied to one of these messages, it’s a good idea to check your credit for any changes, because you may have been communicating with a scammer. (You can check two of your scores for free on Credit.com.)

Whenever you get an unexpected message, however you get it, you are in danger of getting got. A basic rule of thumb: distrust AND verify. Provide no information until you’re sure who’s asking for it.

What You Can Do

You can see if your information is public by searching for your phone number. You should also search your home and email addresses. Your goal for the best possible data hygiene would be that none of that information yields your name on a search engine.

If you find your information is out there (and not just in connection with a pet), call the company that provides the information online and ask for it to be hidden from the public. While this may slow the process of getting your pet back should it go missing, you will still be reunited, while not exposing your data to anyone who plugs random 10-digit numbers into a pet microchip registry.

Image: fcscafeine

The post Can Your Adopted Pet Expose You to Fraud? appeared first on Credit.com.

The Common Scams People Still Fall for All the Time

The scams are dumb, but the victims are not. Here's why we keep falling for these fraudulent tricks and how to stop doing so.

The top site for classified ads in the U.K. conducted a study recently that should send a wave or two to this side of the Atlantic. When it comes to scams, it’s all about the bait. Gumtree found that even with the forethought that a listing was a scam, more than a third of their users would still go ahead with a transaction. As my mother would say … Actually, she’d probably just shake her head.

It doesn’t matter where they happen. Scams are as international and ubiquitous as the human capacity to be tricked. And while some scams are super-nova dumb, that does not always mean that most people who fall for them are.

Scams rely on a simple fact of life: People are busy. Most of us aren’t Zen masters of meditation. It’s hard to fully occupy each and every moment because we lead distraction-filled lives. We’re not constantly up on the fire tower scanning the horizon for smoke, and that’s a good thing.

Unfortunately, there are some real slime balls out there who rely on this problem of ours.

Here are some recent scams that are making the rounds:

Amazon Phishing Scam

In this scam, you get an email from Amazon. It informs you that there’s been a problem of some sort. Don’t focus on what sort, because it’s these nuances that will get you got. If you get an email from Amazon telling you that there’s been a problem with an order, or that a recent order was canceled, it’s time to focus. It could be a scam.

How it works: There’s a link in the email that leads to a site that looks identical to Amazon, but you’re not anywhere near the site. The scammers are looking to get your personal information to use in the commission of identity theft, and your financial information to drain your credit card or bank account.

What to do: Visit your Amazon account by logging in directly. Do not use the link in the scam phishing email.

[Editor’s note: Keeping track of your credit scores can help you spot signs of fraud early on. A significant decrease in your scores could be a sign that someone has gotten hold of your information and using it without your permission. You can check your credit scores regularly using Credit.com’s absolutely free Credit Report Summary.]

Smishing Scams

Smishing isn’t terribly different from phishing, but if you’re not expecting at least the possibility of a smishing text, you might fall for it. The text arrives and appears to be from your bank. It could be from your internet provider. Generally, it’s from somewhere that can negatively impact your life, and that would also be in possession of your mobile digits.

How It Works: The smishing text informs you that someone has tried to access your account or it’s been frozen (again don’t get caught up on the details, the account or anything else), and your password or some other data needs to be updated. There’s a link to use where you can authenticate yourself by entering your personal information (for example, your Social Security number), and secure your account.

What to Do: If you regularly use your smartphone to access the internet, bear in mind that there are hidden dangers everywhere, and pause before you pounce on text warnings.

Sweepstakes Scam

You get a phone call from someone very cheerful, and maybe even a little breathless in the delivery of their blue-sky greetings. You’ve just won the Publishers Clearinghouse Sweepstakes. You’re a millionaire or a $500,000-aire. The prize patrol is 20 minutes away, so get dressed and be ready for your photo op with a beach towel-sized check.

How It Works: This scam preys on the wonderful human trait that, no matter how our day or month or year is going, hope springs eternal. Part of your prep for the prize patrol, however, requires that you pay the processing fee upfront. There could be many explanations for it, but the bottom line is you’re going to have to spend money to collect the prize.

What to Do: Hang up, and don’t bother changing your clothes. If you really have money coming to you from the sweepstakes or lottery, they are legally obligated to get it to you.

IRS Phone Scam

You get a phone call from the IRS, which is not entirely far-fetched anymore because Congress directed the IRS to collect back taxes with help from collection agencies. So, you could get a legitimate call from one of these four collection agencies: CBE Group of Cedar Falls, Iowa; Conserve of Fairport, New York; Performant of Livermore, California; or Pioneer of Horseheads, New York.

How It Works: The caller says you owe taxes (never mind the particulars as this is the nuance stuff that fuels any good scam), and if you don’t pay you’re going to be arrested (or some other bad thing will happen). Payment can only be made through a prepaid debit card or gift card, because of the particular kind of hell you created with your fictional bad behavior. You are informed that the purchase of whatever card you are told to buy is linked to the Electronic Federal Tax Payment System.

What to Do: Hang up and wait for a letter from the IRS notifying you of the situation, or call the IRS directly to inquire about any taxes you may owe.

The Grandparent Scam

Here’s one that doesn’t prey on the attention deficit disorder called daily life, but rather, it plays on the heartstrings. This scam relies on the sharing of information on social media, and the universal inability among some people to recognize a relative’s voice.

How It Works: A targeted grandparent gets a call asking for emergency funds, either directly from the grandchild who is actually a scammer armed with family names gleaned from your social media account — or someone representing them (a lawyer, bail bondsman, police officer). The story is good. All scammers are good storytellers. The ask is doable. They need money wired now.

What to Do: Never wire money unless you are absolutely certain where and to whom it’s going. If possible, double check a request with another relative. If you’re told secrecy is necessary (because a parent or sibling will be mad), just say no. Bigger picture advice: Don’t overshare. Set your privacy as tight as it will go, and don’t let people tag you in photos. And while it’s hard to sift through these days, get rid of any friends on social media who aren’t actually friends. Perhaps you should use this as an opportunity to prune a few friends too. You know, the ones that are always asking you for money.

The One-Ring Scam

This one is simple. Your phone rings once. That’s it. The scam relies on a couple things, though. First, there’s a curiosity factor. Second, there’s the very real possibility that most people have not memorized every area code used in the United States. But forget that, because caller ID can be be gamed with a spoofed phone number. Here’s what you need to know: Your phone rang once.

How It Works: You call back the number, and you’re automatically charged for a service that you didn’t want, or money is otherwise sucked out of your phone account to appear at the end of the billing cycle.

What to Do: If your phone rings once, assume the conversation that didn’t happen wasn’t worth happening. Wait for whomever called to leave a message, and never (ever) return fire.

There are more scams happening all the time, and no way to chronicle every one of them. But the baseline behavior of pausing and thinking for a moment, “Could this be a scam?” is your best protection to keep fraudsters at bay.

Image: Kerkez

The post The Common Scams People Still Fall for All the Time appeared first on Credit.com.

How to Avoid the Latest Airbnb Scam

Airbnb should have shut down these scams the first time they happened to a customer using their site. But there's a reason they haven't.

A friend of mine showed up last night at a place we sometimes meet. He looked like Red Sox pitcher Chris Sale after lobbing a game-ending home run to Aaron Judge of the Yankees. He was supposed to have been on a plane to Italy. I asked him what happened.

“We were all set to head out,” he said. “First leg: Rome. But I just canceled our tickets, like, a second ago.”

I asked why.

“Airbnb scam,” he said.

It was supposed to be the perfect trip. He and his wife have a 2-year-old, so they were looking for a destination vacation that would let them hang out in one place. The patch of paradise they rented was not an easy journey: two flights, a long car ride, a ferry and another long car ride.

That said, it seemed worth it. The fairy tale villa was on an island off the coast with views of the Mediterranean, a swimming pool and more than enough room for three families. The fee was steep, but not terrible since it was being shared by three renters: 6,000 euros a week.

“We were bummed that we had to be a day late to the place, but it turned out to be a godsend, because when our friends got there yesterday, the owners were there,” my friend said. “They weren’t renting the place. It was the third time that month they’d had people show up who had rented their house on Airbnb.”

The only inaccuracy in his statement is this: They didn’t rent the house via Airbnb. They thought they did.

A similar thing happened to a woman who arrived in New York from Barbados to buy her wedding dress. Malissa Blackman rented two apartments in the heart of the city to accommodate her mom, two sisters and two bridesmaids. When they arrived at 400 Fifth Avenue, the doorman gave the bad news. They’d been suckered, and they weren’t the first victims to come looking for nonexistent rental apartments in the building. At least two other groups had succumbed to the same nefarious plot, paying as much as $400 a night for the fictional flats.

Out $2,000, Blackman was forced to pay for two hotel rooms at an additional cost of $2,600. The next day, she found her perfect dress made by her favorite designer, but after the swindle, the $2,500 price tag was just too much for her. She had to get a cheaper dress and was heartbroken.

What Makes These Scams Possible?

You’re not alone in thinking that Airbnb should have shut down these scams the first time they happened to a customer using their site. But they haven’t because the scams didn’t occur on their site.

Blackman had responded to a property on “airbnb.com” and started to discuss terms with the “owner” of the listing on the site’s proprietary and secure app. She was offered another option during that chat and was asked if it would be possible to email the link. She allowed it, and that was how the scam went down.

Airbnb is clear about the danger of going off its site or app to conduct business. They send a warning email if a member of Airbnb asks to communicate via email. The problem here is that these warnings can be missed in the flurry of email that is triggered when you do business online. Compounding that problem, warnings are so common these days we may ignore them so long as we feel we’re in familiar territory — for instance, while looking at a what appears to be a legit listing on the site warning us.

In Blackman’s case, the scammer sent her a link that took her to a clone site, a perfect copy of Airbnb with one key difference: The URL was airbnb.com-listining-online31215.info. At first blush, this might seem like a hard thing to detect, and maybe you are right there with Blackman, feeling perplexed. There is a tell though, and one you won’t miss going forward if you want to play it safe on the internet. The URL in question goes to a dotinfo address, not a dotcom.

Airbnb phishing tales abound, but these ploys are avoidable if you know what to look for. (Here are three dumb things you can do with your email.) If you are asked to wire money or pay in a way that doesn’t use Airbnb, stop communicating with the renter. It’s a dead giveaway a scam is afoot. Whether you are lured off the site by an Airbnb user or you receive an email with a link to the site, always look at the URL carefully. The differences can be subtle. Better yet, take Airbnb’s advice and stay on its site or app.

If you believe you’ve been the victim of a scam, don’t shrug it off. You can check for signs of mischief by viewing two of your credit scores for free on Credit.com.

Image: noblige

The post How to Avoid the Latest Airbnb Scam appeared first on Credit.com.

Here’s How to Make Sure You Don’t Fall for the Latest Tax Scam

You know never to respond to a phone call from the IRS, because — say it with me — they never call. Well, this latest scam has been taking taxpayers for a ride.

True or False: The time for IRS-related swindles and scams is behind us — until next tax season. If you’re still reading this, you probably guessed “false.” And yep, it’s sad but true: Those pesky swindlers are still at it.

Normally, when summer arrives with its parade of warm days and fewer demands on our attention, there is a quiet month or so when very little happens in the way of IRS-related activities (quarterly payments being the only thing you might expect on a list of tax-related things to do). So, you should be safe from the current scam making the rounds — but you’re not. The IRS recently issued a warning about a scam that’s been luring summertime tax-fraud victims.

You know never to respond to a phone call from the IRS, because — say it with me — they never call. (The agency does have debt collectors representing them now, but you’ll receive several notices before they call you and you can expect to be contacted by one of four firms —CBE Group, ConServe, Performant and Pioneer Credit Recovery — not an IRS agent, more on this below.) Well, this latest scam put a saddle on that old nag and has been taking taxpayers for a ride.

Here’s how: You get a call from the IRS telling you about official correspondence sent via snail mail — certified mail, no less. The letters were returned to the IRS as undeliverable. They tried to mail you the notice you needed. They have to call you.

So, what do you do? Hang up.

The thing about these scams is that they always have the ring of truth to them. (Remember, con man is short for confidence man.) If you stay on the phone, you will be informed that there was an issue with your tax return and you owe money that is extremely late in getting where it’s supposed to be. You have to pay with a card that is connected with the Electronic Federal Tax Payment System (EFTPS). Sounds legitimate, because the EFTPS is one of the ways you can pay your taxes. That said, you can’t do it with a gift card or any other kind of prepaid card, which is what the scam requires to pay out the fraudster. (You can also pay taxes with credit cards, which you can learn about here.)

The IRS never calls to bird-dog money, although there is one new exception. Congress has mandated that the IRS hire collection agencies to chase certain extremely delinquent taxpayers. If you receive such a call, get off the phone and contact the IRS directly to verify the situation.

Also bear in mind that taxpayers who owe the IRS money generally know it. They have received multiple notices, did not dispute the assessments and/or did not make the payments. If you get a surprise call asking for money, be doubtful. (You can see how unpaid taxes are impacting your credit by viewing two of your credit scores for free on Credit.com.)

Can You Scam-Proof Yourself?

In this particular instance, you actually can avoid getting got 100% of the time. It’s pretty simple: Simply hang up. But there is no way to absolutely scam-proof yourself.

There are more ways to get burned by tax scams than you can shake a beach umbrella at — bogus tax preparers, scam artists who file a tax return using your identity and steal the refund, sleazeballs who promise huge tax refunds for an extra fee, which is nothing compared to the penalty you will pay after the IRS audits you.

My book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves provides countless stories about how cyber criminals lure victims, but the best way to stay safe is to do what you’re doing now: Stay aware.

Image: AleksandarGeorgiev

The post Here’s How to Make Sure You Don’t Fall for the Latest Tax Scam appeared first on Credit.com.

5 Signs Your Fad Fitness Program Is Really a Money-Waster

Here's how to tell if a fitness fad will have you losing dollars, not pounds.

There’s nothing wrong with paying for a fitness regime. If the program works, isn’t driving you into debt or causing any health problems, its costs could be negligible.

Unfortunately, fitness fads are a dime a dozen and many programs, plans or products don’t work as advertised. In fact, plenty are downright bogus. Do a quick search for “weight loss scams” on the Federal Trade Commission website, and you’ll see what I mean.

To help you avoid falling prey to a useless or predatory pitch, here are five signs a fitness fad will have you losing dollars, not pounds.

1. It Claims You’ll ‘Lose Weight … Effortlessly!’

Exercise, by definition, requires effort. To lose weight, you need to burn calories, which are units of energy, so expect a fitness regime to be accompanied by sweat, deep breaths and discomfort. If a workout involves little time, zero effort and minimal movement, it’s probably not worth the cost. Yes, doing a few minutes of crunches is better than nothing — but it’s still very close to nothing.

2. It Claims You’ll ‘Burn X Number of Calories!’

A popular — and effective — sales tactic in the fitness industry involves advertising the exact number of calories a client can burn over the length of a particular exercise program. But there’s more than one reason to disregard that promise.

For starters, the number of calories you burn during exercise can vary enormously. Second, it’s hard to tell what that number means in relation to actual weight loss. You’d have to be tracking your calorie consumption and keeping a regular log of your weight to have a frame of reference. Plus, even if you lost the exact number of calories promoted by a program, it might not matter. Remember, diet is a critical factor. What happens if you’re consuming twice as many calories as you need to burn to lose weight?

3. It Claims You’re ‘Guaranteed to Lose X Pounds in a Week!’

As in life, there are no guarantees in fitness. No one can know how you will respond to a given exercise. Educated health professionals and medical practitioners can’t make guarantees regarding your health, so be skeptical when some voice on the TV claims it can. Often the burden of success lies exclusively with the customer.

4. It Has an Asterisk Anywhere … or Everywhere

Qualifications abound in the fitness industry and a little star or cross can signify a number of things. “Only $29.99*!” Expect hidden fees. “Free Trial*!” Be prepared to enter credit card information that’ll get auto-charged if you don’t cancel the program before the promotional period ends. See “testimonials*”? Those claims may be unsubstantiated or only accurate under a narrow set of conditions.

Bottom line: If you come across an asterisk, read the fine print and ask plenty of questions before shelling out money. (Keeping track of your finances? You can view two of your credit scores for free on Credit.com.)

5. It Uses a ‘Secret Proprietary Blend’

There are plenty of fitness companies out there, particularly those hawking supplements, that do their best to make you believe they hold some super-secret, space-age, chemical formula developed by a team of sleep-deprived engineers in a lab 5 miles below the earth’s crust that’s totally essential to losing weight. But there are no secrets in fitness, just the truths you may refuse to accept, so there’s reason to be extra discerning when a company drops the “p” word.

Food and Drug Administration regulations don’t require manufacturers to include how much of each ingredient in a “proprietary blend” is actually in their product, just the weight of the mix itself. In other words, the term is often code for caffeine pills, plus some unpronounceable, inert filler chemicals that do nothing to advance your fitness goals.

While getting in shape can take hard work, the formula is basic: diet and exercise. Plus, you can get fit without breaking your budget. Here are a few ways to get started.

Image: BogdanBrasoveanu

The post 5 Signs Your Fad Fitness Program Is Really a Money-Waster appeared first on Credit.com.