Is Your Gym Exposing More Than Your Abs?

The gym is a great place to burn off steam — and to get scammed.

When Apple announced a serious hardware flaw last week, and the critical security patch that addressed it, my first thought was perhaps arbitrary: “That exploit would work at the gym.” My next thought: what else would?

The discovery of a zero-day exploit affecting hardware—specifically a WiFi chip embedded in the main processors of Apple devices—was serious news. The vulnerability makes it possible for a hacker within range to “execute arbitrary code on the Wi-Fi chip.” A similar vulnerability was announced and patched on the Android platform earlier in the month.

The gym is often seen as a safe space to burn off steam, clear your head and boost your heart rate but it can also be dangerous. The gym stores a lot of personal information and is filled with strangers in close proximity to one another. Because of this, it’s important to think about more than building physical strength — building cyber strength is crucial to making yourself a harder target to hit.

The gym is often seen as a safe space to burn off steam, clear your head and boost your heart rate but it can also be dangerous. The gym stores a lot of personal information and is filled with strangers in close proximity to one another. Because of this, it’s important to think about more than building physical strength — building cyber strength is crucial to making yourself a harder target to hit.

Here are a few things to make your next trip to the gym as scam-proof as possible.

How Is Your Personal Information Stored?

Your gym can require and request a ton of personal information: your Social Security number, driver’s license number, credit and banking information, your home address, and in some cases your medical or health information. When in the hands of the wrong person, this information can lead to identity theft and major breach of privacy.

Your job is to reduce your attackable surface and watch out for scams.

The first question you should ask is how your information is stored, and who has access to it. Don’t accept a vague answer unless it is the correct answer. “I’m not sure,” might indicate an ill-informed point of contact at the front desk or, worse, a total lack of data security. Don’t be surprised if everyone who punches the clock at your gym has access to your information.

Because of this, it’s important to think about what kind of information your gym has and why they need it. Try to limit what information they get, even if it is “required.” While the gym needs to identify you, they don’t need much data to do that. It’s your job to give them the bare minimum they need.

Juice Jacking

Be wary of charging your devices at the gym. Simply plugging your phone into the wall can make you vulnerable to juice jacking, a cyberattack where a charging port does double duty as a data connection that either steals user data or downloads malware to steal it at a later time.

Though it seems unlikely, if your gym’s owner isn’t up to date with scams, the gym may unwittingly allow a hacker to install a data-stealing kiosk for members to use.

Always pay attention to phone pop-ups. Both Apple and Android now have stopgaps to avoid juice jacking exploits, but the warning screen can be distractedly tapped away and ignored, thus opening the door to an intruder.
If you want to reduce the risks while charging your devices at the gym, look into USB cords without data transporting cables. You can also make juice jacking impossible by using the AC adapter your device came with or a back-up battery device.

Public Wi-Fi

Here’s another way your devices can leave you vulnerable to attack. Signing on to your gym’s public Wi-Fi can be risky — such is the case whenever you log on to a public Wi-Fi network. Another thing to remember: Hackers may not always ask for the gym owner’s permission to set up the Wi-Fi network that’s labeled with the gym’s name.

In addition to the fake Wi-Fi set up, there’s the threat of a man-in-the-middle attack. This attack can secretly alter the communication between two parties and even lead to eavesdropping by an unknown third party.

If you are going to log on to the Wi-Fi at your gym, always look for HTTPS in the address and the green lock near the URL of the sites you visit and think long and hard before visiting destinations like banks, credit cards and the like that require or provide access to sensitive information.

Remember, if you ever have any suspicion your information has been compromised, always contact your credit card providers ASAP. It’s also helpful to check your credit for any sudden changes (You can get a free credit report snapshot at Credit.com) While knowing the latest threats out there, and utilizing security updates the moment they are issued is great and absolutely necessary, it’s important to bear in mind that there is no anti-fraud silver bullet. Gyms are neither better nor worse than anywhere else when it comes to data security practices, but they are definitely places where you can be harmed.

If you assume your information is vulnerable, at the gym or anywhere else, and you take the effort to limit your data exposure and minimize your attackable surface, you have the best shot at staying in good shape. If you do find a security problem at your gym, maybe it’s time to demand solutions. At the very least, if you see something, say something. And if you’re really worried, find a new gym that practices better cyber and data hygiene.

Image: BraunS

The post Is Your Gym Exposing More Than Your Abs? appeared first on Credit.com.

Can Your Adopted Pet Expose You to Fraud?

Unfortunately, pet ownership can also make you a target for phishers, scammers and identity thieves.

Pet ownership has definite upsides. You get companionship and exercise and the satisfaction of doing a good deed. Plus, people who own pets live longer. Unfortunately, pet ownership can also make you a target for phishers, scammers and identity thieves.

The Vector du Jour

With 65% of U.S. households including pets (and an estimated $60 billion in spending on them), pet owners represent persons of interest for scammers.

The focus here is on a nearly universal practice: microchipping.

When a pet is adopted, it almost always comes with a microchip implanted at the back of the neck between its shoulder blades (or on the left side of the neck among European rescues). The chip is the size of a grain of rice, and it includes a 10-digit number that has been registered to the adopter. With more than 94% of dogs coming by way of either rescue and/or adoption according to the Humane Society, this is a fertile field for fraud .

These microchips can aid in the return of a lost animal, but are far from a perfect solution. In fact, a study published in 2012 by the American Society for the Prevention of Cruelty Toward Animals found that after searching the neighborhood and having the pet return on its own, microchips were the most common way pet owners were reunited with their owners. In a study published by the Journal of the AVMA, research revealed that only 22 percent of lost dogs entering shelters were returned to their families. That percentage rose to more than 52 percent when a dog was microchipped.

So there is an argument for microchipping. Because there is no unified database for these microchips, a found pet may be on any number of registries, which is good news from the standpoint of crime prevention, because scam artists can’t just pet-nap an animal, scan it, and contact the owner to collect a ransom. (That said, this scenario is theoretically possible. A universal microchip reader can be purchased by anyone.)

Public-Facing Data Is Risky

Many microchipping companies recommend that you provide your mobile phone number. It makes sense on the pet recovery side of things, but none at all on the protecting yourself from scams side—mobile numbers are fast becoming our new Social Security numbers.

The basic mechanism of the scam is simple, and you should be wary of it. You will either get an email (which you provided information to the registry) or a text (to the mobile number you provided), and it will include your pet’s name and some issue that needs your attention. Maybe your dog license is expired. It could be anything. The point is that with your personal information out there in a public-facing database, you’re ripe for the picking. It’s a scam waiting to happen, and you have provided the means of your own victimization by doing the right thing by your pet.

If you have replied to one of these messages, it’s a good idea to check your credit for any changes, because you may have been communicating with a scammer. (You can check two of your scores for free on Credit.com.)

Whenever you get an unexpected message, however you get it, you are in danger of getting got. A basic rule of thumb: distrust AND verify. Provide no information until you’re sure who’s asking for it.

What You Can Do

You can see if your information is public by searching for your phone number. You should also search your home and email addresses. Your goal for the best possible data hygiene would be that none of that information yields your name on a search engine.

If you find your information is out there (and not just in connection with a pet), call the company that provides the information online and ask for it to be hidden from the public. While this may slow the process of getting your pet back should it go missing, you will still be reunited, while not exposing your data to anyone who plugs random 10-digit numbers into a pet microchip registry.

Image: fcscafeine

The post Can Your Adopted Pet Expose You to Fraud? appeared first on Credit.com.

The Common Scams People Still Fall for All the Time

The scams are dumb, but the victims are not. Here's why we keep falling for these fraudulent tricks and how to stop doing so.

The top site for classified ads in the U.K. conducted a study recently that should send a wave or two to this side of the Atlantic. When it comes to scams, it’s all about the bait. Gumtree found that even with the forethought that a listing was a scam, more than a third of their users would still go ahead with a transaction. As my mother would say … Actually, she’d probably just shake her head.

It doesn’t matter where they happen. Scams are as international and ubiquitous as the human capacity to be tricked. And while some scams are super-nova dumb, that does not always mean that most people who fall for them are.

Scams rely on a simple fact of life: People are busy. Most of us aren’t Zen masters of meditation. It’s hard to fully occupy each and every moment because we lead distraction-filled lives. We’re not constantly up on the fire tower scanning the horizon for smoke, and that’s a good thing.

Unfortunately, there are some real slime balls out there who rely on this problem of ours.

Here are some recent scams that are making the rounds:

Amazon Phishing Scam

In this scam, you get an email from Amazon. It informs you that there’s been a problem of some sort. Don’t focus on what sort, because it’s these nuances that will get you got. If you get an email from Amazon telling you that there’s been a problem with an order, or that a recent order was canceled, it’s time to focus. It could be a scam.

How it works: There’s a link in the email that leads to a site that looks identical to Amazon, but you’re not anywhere near the site. The scammers are looking to get your personal information to use in the commission of identity theft, and your financial information to drain your credit card or bank account.

What to do: Visit your Amazon account by logging in directly. Do not use the link in the scam phishing email.

[Editor’s note: Keeping track of your credit scores can help you spot signs of fraud early on. A significant decrease in your scores could be a sign that someone has gotten hold of your information and using it without your permission. You can check your credit scores regularly using Credit.com’s absolutely free Credit Report Summary.]

Smishing Scams

Smishing isn’t terribly different from phishing, but if you’re not expecting at least the possibility of a smishing text, you might fall for it. The text arrives and appears to be from your bank. It could be from your internet provider. Generally, it’s from somewhere that can negatively impact your life, and that would also be in possession of your mobile digits.

How It Works: The smishing text informs you that someone has tried to access your account or it’s been frozen (again don’t get caught up on the details, the account or anything else), and your password or some other data needs to be updated. There’s a link to use where you can authenticate yourself by entering your personal information (for example, your Social Security number), and secure your account.

What to Do: If you regularly use your smartphone to access the internet, bear in mind that there are hidden dangers everywhere, and pause before you pounce on text warnings.

Sweepstakes Scam

You get a phone call from someone very cheerful, and maybe even a little breathless in the delivery of their blue-sky greetings. You’ve just won the Publishers Clearinghouse Sweepstakes. You’re a millionaire or a $500,000-aire. The prize patrol is 20 minutes away, so get dressed and be ready for your photo op with a beach towel-sized check.

How It Works: This scam preys on the wonderful human trait that, no matter how our day or month or year is going, hope springs eternal. Part of your prep for the prize patrol, however, requires that you pay the processing fee upfront. There could be many explanations for it, but the bottom line is you’re going to have to spend money to collect the prize.

What to Do: Hang up, and don’t bother changing your clothes. If you really have money coming to you from the sweepstakes or lottery, they are legally obligated to get it to you.

IRS Phone Scam

You get a phone call from the IRS, which is not entirely far-fetched anymore because Congress directed the IRS to collect back taxes with help from collection agencies. So, you could get a legitimate call from one of these four collection agencies: CBE Group of Cedar Falls, Iowa; Conserve of Fairport, New York; Performant of Livermore, California; or Pioneer of Horseheads, New York.

How It Works: The caller says you owe taxes (never mind the particulars as this is the nuance stuff that fuels any good scam), and if you don’t pay you’re going to be arrested (or some other bad thing will happen). Payment can only be made through a prepaid debit card or gift card, because of the particular kind of hell you created with your fictional bad behavior. You are informed that the purchase of whatever card you are told to buy is linked to the Electronic Federal Tax Payment System.

What to Do: Hang up and wait for a letter from the IRS notifying you of the situation, or call the IRS directly to inquire about any taxes you may owe.

The Grandparent Scam

Here’s one that doesn’t prey on the attention deficit disorder called daily life, but rather, it plays on the heartstrings. This scam relies on the sharing of information on social media, and the universal inability among some people to recognize a relative’s voice.

How It Works: A targeted grandparent gets a call asking for emergency funds, either directly from the grandchild who is actually a scammer armed with family names gleaned from your social media account — or someone representing them (a lawyer, bail bondsman, police officer). The story is good. All scammers are good storytellers. The ask is doable. They need money wired now.

What to Do: Never wire money unless you are absolutely certain where and to whom it’s going. If possible, double check a request with another relative. If you’re told secrecy is necessary (because a parent or sibling will be mad), just say no. Bigger picture advice: Don’t overshare. Set your privacy as tight as it will go, and don’t let people tag you in photos. And while it’s hard to sift through these days, get rid of any friends on social media who aren’t actually friends. Perhaps you should use this as an opportunity to prune a few friends too. You know, the ones that are always asking you for money.

The One-Ring Scam

This one is simple. Your phone rings once. That’s it. The scam relies on a couple things, though. First, there’s a curiosity factor. Second, there’s the very real possibility that most people have not memorized every area code used in the United States. But forget that, because caller ID can be be gamed with a spoofed phone number. Here’s what you need to know: Your phone rang once.

How It Works: You call back the number, and you’re automatically charged for a service that you didn’t want, or money is otherwise sucked out of your phone account to appear at the end of the billing cycle.

What to Do: If your phone rings once, assume the conversation that didn’t happen wasn’t worth happening. Wait for whomever called to leave a message, and never (ever) return fire.

There are more scams happening all the time, and no way to chronicle every one of them. But the baseline behavior of pausing and thinking for a moment, “Could this be a scam?” is your best protection to keep fraudsters at bay.

Image: Kerkez

The post The Common Scams People Still Fall for All the Time appeared first on Credit.com.

How to Avoid the Latest Airbnb Scam

Airbnb should have shut down these scams the first time they happened to a customer using their site. But there's a reason they haven't.

A friend of mine showed up last night at a place we sometimes meet. He looked like Red Sox pitcher Chris Sale after lobbing a game-ending home run to Aaron Judge of the Yankees. He was supposed to have been on a plane to Italy. I asked him what happened.

“We were all set to head out,” he said. “First leg: Rome. But I just canceled our tickets, like, a second ago.”

I asked why.

“Airbnb scam,” he said.

It was supposed to be the perfect trip. He and his wife have a 2-year-old, so they were looking for a destination vacation that would let them hang out in one place. The patch of paradise they rented was not an easy journey: two flights, a long car ride, a ferry and another long car ride.

That said, it seemed worth it. The fairy tale villa was on an island off the coast with views of the Mediterranean, a swimming pool and more than enough room for three families. The fee was steep, but not terrible since it was being shared by three renters: 6,000 euros a week.

“We were bummed that we had to be a day late to the place, but it turned out to be a godsend, because when our friends got there yesterday, the owners were there,” my friend said. “They weren’t renting the place. It was the third time that month they’d had people show up who had rented their house on Airbnb.”

The only inaccuracy in his statement is this: They didn’t rent the house via Airbnb. They thought they did.

A similar thing happened to a woman who arrived in New York from Barbados to buy her wedding dress. Malissa Blackman rented two apartments in the heart of the city to accommodate her mom, two sisters and two bridesmaids. When they arrived at 400 Fifth Avenue, the doorman gave the bad news. They’d been suckered, and they weren’t the first victims to come looking for nonexistent rental apartments in the building. At least two other groups had succumbed to the same nefarious plot, paying as much as $400 a night for the fictional flats.

Out $2,000, Blackman was forced to pay for two hotel rooms at an additional cost of $2,600. The next day, she found her perfect dress made by her favorite designer, but after the swindle, the $2,500 price tag was just too much for her. She had to get a cheaper dress and was heartbroken.

What Makes These Scams Possible?

You’re not alone in thinking that Airbnb should have shut down these scams the first time they happened to a customer using their site. But they haven’t because the scams didn’t occur on their site.

Blackman had responded to a property on “airbnb.com” and started to discuss terms with the “owner” of the listing on the site’s proprietary and secure app. She was offered another option during that chat and was asked if it would be possible to email the link. She allowed it, and that was how the scam went down.

Airbnb is clear about the danger of going off its site or app to conduct business. They send a warning email if a member of Airbnb asks to communicate via email. The problem here is that these warnings can be missed in the flurry of email that is triggered when you do business online. Compounding that problem, warnings are so common these days we may ignore them so long as we feel we’re in familiar territory — for instance, while looking at a what appears to be a legit listing on the site warning us.

In Blackman’s case, the scammer sent her a link that took her to a clone site, a perfect copy of Airbnb with one key difference: The URL was airbnb.com-listining-online31215.info. At first blush, this might seem like a hard thing to detect, and maybe you are right there with Blackman, feeling perplexed. There is a tell though, and one you won’t miss going forward if you want to play it safe on the internet. The URL in question goes to a dotinfo address, not a dotcom.

Airbnb phishing tales abound, but these ploys are avoidable if you know what to look for. (Here are three dumb things you can do with your email.) If you are asked to wire money or pay in a way that doesn’t use Airbnb, stop communicating with the renter. It’s a dead giveaway a scam is afoot. Whether you are lured off the site by an Airbnb user or you receive an email with a link to the site, always look at the URL carefully. The differences can be subtle. Better yet, take Airbnb’s advice and stay on its site or app.

If you believe you’ve been the victim of a scam, don’t shrug it off. You can check for signs of mischief by viewing two of your credit scores for free on Credit.com.

Image: noblige

The post How to Avoid the Latest Airbnb Scam appeared first on Credit.com.

Here’s How to Make Sure You Don’t Fall for the Latest Tax Scam

You know never to respond to a phone call from the IRS, because — say it with me — they never call. Well, this latest scam has been taking taxpayers for a ride.

True or False: The time for IRS-related swindles and scams is behind us — until next tax season. If you’re still reading this, you probably guessed “false.” And yep, it’s sad but true: Those pesky swindlers are still at it.

Normally, when summer arrives with its parade of warm days and fewer demands on our attention, there is a quiet month or so when very little happens in the way of IRS-related activities (quarterly payments being the only thing you might expect on a list of tax-related things to do). So, you should be safe from the current scam making the rounds — but you’re not. The IRS recently issued a warning about a scam that’s been luring summertime tax-fraud victims.

You know never to respond to a phone call from the IRS, because — say it with me — they never call. (The agency does have debt collectors representing them now, but you’ll receive several notices before they call you and you can expect to be contacted by one of four firms —CBE Group, ConServe, Performant and Pioneer Credit Recovery — not an IRS agent, more on this below.) Well, this latest scam put a saddle on that old nag and has been taking taxpayers for a ride.

Here’s how: You get a call from the IRS telling you about official correspondence sent via snail mail — certified mail, no less. The letters were returned to the IRS as undeliverable. They tried to mail you the notice you needed. They have to call you.

So, what do you do? Hang up.

The thing about these scams is that they always have the ring of truth to them. (Remember, con man is short for confidence man.) If you stay on the phone, you will be informed that there was an issue with your tax return and you owe money that is extremely late in getting where it’s supposed to be. You have to pay with a card that is connected with the Electronic Federal Tax Payment System (EFTPS). Sounds legitimate, because the EFTPS is one of the ways you can pay your taxes. That said, you can’t do it with a gift card or any other kind of prepaid card, which is what the scam requires to pay out the fraudster. (You can also pay taxes with credit cards, which you can learn about here.)

The IRS never calls to bird-dog money, although there is one new exception. Congress has mandated that the IRS hire collection agencies to chase certain extremely delinquent taxpayers. If you receive such a call, get off the phone and contact the IRS directly to verify the situation.

Also bear in mind that taxpayers who owe the IRS money generally know it. They have received multiple notices, did not dispute the assessments and/or did not make the payments. If you get a surprise call asking for money, be doubtful. (You can see how unpaid taxes are impacting your credit by viewing two of your credit scores for free on Credit.com.)

Can You Scam-Proof Yourself?

In this particular instance, you actually can avoid getting got 100% of the time. It’s pretty simple: Simply hang up. But there is no way to absolutely scam-proof yourself.

There are more ways to get burned by tax scams than you can shake a beach umbrella at — bogus tax preparers, scam artists who file a tax return using your identity and steal the refund, sleazeballs who promise huge tax refunds for an extra fee, which is nothing compared to the penalty you will pay after the IRS audits you.

My book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves provides countless stories about how cyber criminals lure victims, but the best way to stay safe is to do what you’re doing now: Stay aware.

Image: AleksandarGeorgiev

The post Here’s How to Make Sure You Don’t Fall for the Latest Tax Scam appeared first on Credit.com.

5 Signs Your Fad Fitness Program Is Really a Money-Waster

Here's how to tell if a fitness fad will have you losing dollars, not pounds.

There’s nothing wrong with paying for a fitness regime. If the program works, isn’t driving you into debt or causing any health problems, its costs could be negligible.

Unfortunately, fitness fads are a dime a dozen and many programs, plans or products don’t work as advertised. In fact, plenty are downright bogus. Do a quick search for “weight loss scams” on the Federal Trade Commission website, and you’ll see what I mean.

To help you avoid falling prey to a useless or predatory pitch, here are five signs a fitness fad will have you losing dollars, not pounds.

1. It Claims You’ll ‘Lose Weight … Effortlessly!’

Exercise, by definition, requires effort. To lose weight, you need to burn calories, which are units of energy, so expect a fitness regime to be accompanied by sweat, deep breaths and discomfort. If a workout involves little time, zero effort and minimal movement, it’s probably not worth the cost. Yes, doing a few minutes of crunches is better than nothing — but it’s still very close to nothing.

2. It Claims You’ll ‘Burn X Number of Calories!’

A popular — and effective — sales tactic in the fitness industry involves advertising the exact number of calories a client can burn over the length of a particular exercise program. But there’s more than one reason to disregard that promise.

For starters, the number of calories you burn during exercise can vary enormously. Second, it’s hard to tell what that number means in relation to actual weight loss. You’d have to be tracking your calorie consumption and keeping a regular log of your weight to have a frame of reference. Plus, even if you lost the exact number of calories promoted by a program, it might not matter. Remember, diet is a critical factor. What happens if you’re consuming twice as many calories as you need to burn to lose weight?

3. It Claims You’re ‘Guaranteed to Lose X Pounds in a Week!’

As in life, there are no guarantees in fitness. No one can know how you will respond to a given exercise. Educated health professionals and medical practitioners can’t make guarantees regarding your health, so be skeptical when some voice on the TV claims it can. Often the burden of success lies exclusively with the customer.

4. It Has an Asterisk Anywhere … or Everywhere

Qualifications abound in the fitness industry and a little star or cross can signify a number of things. “Only $29.99*!” Expect hidden fees. “Free Trial*!” Be prepared to enter credit card information that’ll get auto-charged if you don’t cancel the program before the promotional period ends. See “testimonials*”? Those claims may be unsubstantiated or only accurate under a narrow set of conditions.

Bottom line: If you come across an asterisk, read the fine print and ask plenty of questions before shelling out money. (Keeping track of your finances? You can view two of your credit scores for free on Credit.com.)

5. It Uses a ‘Secret Proprietary Blend’

There are plenty of fitness companies out there, particularly those hawking supplements, that do their best to make you believe they hold some super-secret, space-age, chemical formula developed by a team of sleep-deprived engineers in a lab 5 miles below the earth’s crust that’s totally essential to losing weight. But there are no secrets in fitness, just the truths you may refuse to accept, so there’s reason to be extra discerning when a company drops the “p” word.

Food and Drug Administration regulations don’t require manufacturers to include how much of each ingredient in a “proprietary blend” is actually in their product, just the weight of the mix itself. In other words, the term is often code for caffeine pills, plus some unpronounceable, inert filler chemicals that do nothing to advance your fitness goals.

While getting in shape can take hard work, the formula is basic: diet and exercise. Plus, you can get fit without breaking your budget. Here are a few ways to get started.

Image: BogdanBrasoveanu

The post 5 Signs Your Fad Fitness Program Is Really a Money-Waster appeared first on Credit.com.

6 Summer Scams & How to Avoid Them

Just as mosquitoes can ruin a summer picnic, a good scammer can turn a winning day into a master class on losing your mind.

As the weather gets warmer, mosquitos and ticks re-enter our lives, and along with them comes their larger cousin, the scam artist. There are ways to prepare for those seasonal meal stealers. The same goes for scams, as foreknowledge is the best repellent.

Ticks and mosquitos aren’t harmless — they are well-known vectors for serious illnesses. Scam artists are also vectors for a plague that affects millions of people each year: identity theft. But sometimes a scam is of the simpler smash-and-grab variety.

Either way, some scams never seem to get old, as evidenced by the huge number of people that continue to fall for them no matter how many warnings we issue. There are always new variations that snare even the wariest consumers.

With that, I give you this summer’s smorgasbord of scams.

1. The Summer Rental Scam

It’s not the easiest thing on earth to find a summer rental that has all the right elements: a reasonable distance from the beach, the right number of bedrooms and bathrooms, a pets welcome policy. So, when you do find the right one, the tendency for most people is to pounce. Don’t be most people. If you get scammed on a rental, you’re not going to know till you show up at the front door and a puzzled person peers back at you. Oh yeah, and good luck finding the rental office, because it’s an abandoned drive-in.

The best thing you can do is visit the property in question beforehand. If you are working with a real estate agent, ask for his or her license number and check it, request references if there are no reviews online and confirm that the address is real and the premises are truly available for rent. Some home-rental websites have their own vetting processes and offer guarantees that will protect you in case of fraud.

2. Summer Job as Credit Application

It is not completely bizarre to need a background check before getting hired, but chances are that the young person in your life looking for a summer job is not applying to be a bank clerk or armored car driver. When it comes to providing personally identifiable information to an employer, use your head.

It is sadly a common occurrence that when kids are offered a “job,” they provide their information for tax purposes, including their Social Security number, and then never hear back. The reason: The only “job” was a robbery. Their identity is stolen, and because kids will be kids, it often takes a long time for them to realize the jerk who flaked on a summer job offer gutted their creditworthiness. (Here are four ways identity theft can impact your credit.)

Never provide sensitive personal information to a job site or anyone claiming to offer a job at the start of the process. Before you show up for an interview, make sure the job is legit: You can figure this out by doing an online search or making a few phone calls.

3. Door-Knocker Scams

Summer is the time for door-knocking scams. It can be anything really. Sometimes the knocker wants you to help save an endangered species or an embattled population far away, sometimes they are selling a lawn service, home maintenance or sustainably produced electricity — all these causes, services and products may be legitimate, but the person offering them … not so much.

If a stranger comes to your door, your level of suspicion should be high from a personal and digital security perspective. If you like what a knocker has to say, tell them that you will go online to help their cause or buy a product, and send them on their way.

4. Wi-Fi Scams

This is a year-round thing, but people still get got all the time by phony Wi-Fi scams, and the problem is only getting worse now that more municipalities are offering free access to the internet. The problem is that free Wi-Fi doesn’t guarantee secure Wi-Fi.

Always check with the network provider or someone of authority before logging on to any new wireless connection. Use a VPN, or virtual private network, to conduct any transactions that involve sensitive information. (Here are 50 more ways to avoid falling victim to hackers.)

5. Front Desk & Fake Menu Scams

Hotel scams are many and various, and it’s best just to remember that you are a target whenever you are traveling, but there are two scams that are sufficiently common. The first is the front desk scam, which is pretty simple.

You check in late, you’re tired and your phone rings. The scammer doesn’t know when you checked in. He or she is calling random rooms. You are told there is a problem with your credit card. Can you please confirm the number? The second scam to look out for is the menu scam. Scammers produce fake ones, and then steal your credit card information when you call to place an order.

If you get a call from the front desk, hang up and call back or go in person to confirm your payment method. Use your smartphone to order food or call the front desk for suggestions.

6. Moving Scams

Summertime is moving time. Just make sure your relocation isn’t a moving experience of the hair-pulling kind. While there are many great services out there, there are also some fraudulent ones that could wind up costing you big time.

With new online services like Task Rabbit and Angie’s List to name but two, there are ways to choose a moving service, large or small, that suits your needs and provides reviews. Just make sure you check out their reputation online before they show up at your door.

You May Have Identity Theft Repellent

Just as mosquitoes can ruin a summer picnic, a good scammer can turn a winning day into a master class on losing your mind as bank accounts are drained, credit cards are maxed out and large purchases are made in your name. There’s a way out, and you may already be covered.

If you think you might have been a victim of identity theft, it’s important to monitor your credit for anything out of the ordinary — primarily accounts and delinquencies you don’t recognize. You can get a copy of each of your three major credit reports for free once a year at AnnualCreditReport.com and you can use a free tool like Credit.com’s credit report card to check for signs of identity theft every month.

It’s also a good idea to check with your insurance agent, bank, credit union or the HR department where you work. It is increasingly more common as a perk of your relationship with the institution to be offered free access to a program that provides education, proactive assistance and damage control if you become a victim of identity theft.

If it’s not free, you may be able to get it at a minimal cost. (Full disclosure: CyberScout, a company I founded in 2003, provides these services to institutional clients, and they in turn offer the service to their clients, customers, members or employees.)

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: Imgorthand

The post 6 Summer Scams & How to Avoid Them appeared first on Credit.com.

How Trump’s Immigration Policy Spurred a Deportation Scam

Here's how Donald Trump's policies could affect your money.

For those who thought President Trump’s stance on immigration was the gossamer of election year overpromising, it’s time to adjust that thinking. The administration last week unveiled plans to target all “removable” aliens. It is a staggering number of people: 11 million.

If I told you that Price Waterhouse blamed the envelope mix-up at the Oscars on a practical joke devised by Warren Beatty and provided a link to the story, would you click through? How about if I included a link to a picture of the actual card that made Oscar history?

Fake news is the scam artist’s stock in trade — whether we’re talking about the kind that our 45th president keeps talking about, or something that takes advantage of a trending story.

Scam artists work fast, often riffing off the daily news to build their improvised traps, but sometimes they rip their scams from the headlines and take them to the street. (You can monitor two of your free credit scores for signs of foul play every two weeks on Credit.com.)

That’s what happened last week in reaction to Trump’s immigration policy. Criminals were waiting in the wings to capitalize on it, which inspired thuggish stick-ups and made necessary a warning from the office of New York Attorney General Eric Schneiderman.

The alert was issued after raids were conducted nationwide by the U.S. Immigration and Customs Enforcement (ICE). According to reports, hundreds of undocumented immigrants were arrested. It was big news, giving rise to political indignation by opponents of the Trump doctrine and sparking fear among immigrant communities.

Almost immediately, the scams began. According to Schneiderman’s office, four men wearing ICE apparel stopped a man on a street off of Roosevelt Avenue in Queens. They demanded cash. When he refused, they told the man he would be arrested. In another incident that made the news, a man in the immigrant-filled Queens neighborhood was told to hand over $250 or be arrested.

It’s unclear whether the ICE apparel was legitimate or duplicated by the thieves.

ICE gear can be purchased online, but Sallycopshop.com, one purveyor of such apparel, said it requires proof of employment by the law force. (Two other online sites offering ICE gear declined to comment for this article or failed to respond before publication.)

“The customer must ship their work address and have an ICE government email address for items with badges or lettering on it,” a Sallycopshop.com spokesperson said in an email. “We do go through each order individually to validate the customer is a federal agent or officer.”

Although many images of the recent ICE raids feature real officers wearing jackets and body armor clearly marked “ICE,” an agency spokesman told me that ICE officers and agents work in street clothes.

“I’m going to guess there are special requirements for clothing that indicate an official law enforcement capacity,” agency spokesperson Khaalid Walls said.

Regardless of the methods, there are several scams immigrants worried about the specter of ICE arrests need to be on the lookout for. Here are the big three, along with some tips culled from Schneiderman’s recent warning.

1. Fake ICE Agents

The attorney general states that ICE agents will never ask for money or threaten detainment and do not have the authority to enter your resident without a court-issued warrant. If a purported ICE agent knocks on your door, be polite, but firm. The law’s the law. Ask to see badges, and if you still smell a rat, call 911.

2. Beware Phone Calls

Some criminals stay out of sight, preferring to make phone calls that amount to the same sort of “pay or don’t stay” shakedown. Anyone who has read my columns warning of IRS phone scams will recognize this modus operandi — and this next tip. Remember: Just because your caller ID says the caller is from the government doesn’t make it so. Phone numbers can be spoofed. Bottom line: Immigration will not ask for anything important over the phone — not your personally identifying information and not money. If “they” do, hang up.

3. Notario Scams

As Schneiderman’s office points out, notario can be a much bigger and better job in Latin America — with a lot more power — than “notary” connotes in the U.S. In Latin America, a notario is anyone who can perform legal services — including lawyers. Beware people who try to make bank on this linguistic misunderstanding. Whether the claim is to speed up an application or otherwise help you get legal status, be careful. Check credentials and ask for references. If you are met with hostility, say goodbye and find a reputable service.

There are more tips and information regarding common traps and shady practices that immigrants face on the Attorney General’s website, which directs New York residents to report potential fraud or other issues regarding immigration services to its Immigration Services Fraud Unit Hotline at (866) 390-2992 or via email at Civil.Rights@ag.NY.gov. Those outside New York can get in touch with the Federal Trade Commission and file a complaint in their state.

Here is the great irony: Trump’s push to arrest and deport “removable” immigrants has given rise to fake cops, sewing doubt about the immigration enforcement authorities in a way that echoes Trump’s constant refrain of “fake news,” which has dangerously destabilized the public’s trust in our media.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: ginosphotos 

The post How Trump’s Immigration Policy Spurred a Deportation Scam appeared first on Credit.com.

Phone Scams Reach Record 10.2 Billion. Here’s How to Protect Yourself

Phone scammers hit record breaking numbers this year, which is another reason to be aware of how to protect yourself from phone scams.

Does it feel like you’ve had more than your fair share of robocalls this year? If so, you’re not alone. Phone scammers were extra busy in 2016, making a record 10.2 billion robocalls to Americans, offering them everything from fake cruises and gift cards to opportunities to support bogus charities, according to a new report from Hiya, a company providing caller ID and call-blocker apps.

The same holds true for holiday scams, which saw an increase of more than 113% over last year, according to Hiya’s data.

“By taking advantage of the holiday ‘giving’ season, scam calls aimed at defrauding consumers are on the rise,” Jan Volzke, vice president of reputation data at Hiya, said in a prepared statement. “Whether preying on the spirit of gifting or the desire to get away after a rocky 2016, scammers are continuing to inundate the phone lines with fraud. We hope our data can educate consumers about these malicious and annoying calls so they can get back to enjoying their holiday season.”

These are the top phone scams for 2016, according to Hiya.

1. Telemarketer

Scammers are using telemarketing techniques to lure victims into giving out Social Security and credit card numbers, as well as bank account information.

2. Other Robocalls

Robocallers have been dodging regulations against their illegal activity by frequently changing or “spoofing” their caller ID so they appear to be calling from a local number.

3. Extortion/Kidnapping Scam

These scammers call random phone numbers and demand payment for the return of a “kidnapped” loved one.

4. IRS Scam

The caller pretends to be with the IRS and demands money for unpaid taxes or will trick the recipient into sharing private information. Remember, the IRS will never, ever call you about any taxes you owe.

5. Debt Collector

These scammers offer “solutions” to help victims pay off credit card and loan debt. Victims will give personal and financial information, enabling scammers to steal their identity and money.

6. Surveys

Scammers call victims offering prizes if they take a survey. However, before redeeming the prize, credit card information must be provided to cover “shipping and handling.”

7. Vacation Scams

Victims are notified that they have won a free vacation, but discover they have to pay a number of fees, provide a credit card number and are pressured to sign up for travel clubs to “earn” more trips.

8. Lucky Winner Scam

Scammers alert victims that they are the lucky winner of a contest or lottery. To redeem the prize, victims must provide personal and/or financial information.

9. Tech Support

Scammers pretend they are calling from a reputable tech agency (i.e. Microsoft or Dell) and claim that they have been notified of a virus on the victim’s computer. Scammers demand payment for services and third-party access to the computer to obtain private information.

10. Political Scams

During election season, scammers call victims requesting candidate donations, verifying voter registration, claiming they need to re-register to vote, or requesting that they take an election survey.

How to Help Avoid Being Scammed

To keep yourself safe from these and other scammers, the FBI recommends you exercise caution in how you respond to any call from someone you aren’t familiar with in order to help protect yourself from the damage of identity theft and fraud.

They urge you to:

Always be suspicious of unsolicited phone calls.

Never give money or personal information to someone with whom you don’t have ties and did not initiate contact.

Trust your instincts: If an unknown caller makes you uncomfortable or says things that don’t sound right, hang up.

If you think you or a loved one may have been a victim of a phone scam, it’s a good idea to check your financial accounts, credit reports and credit scores frequently for signs of fraud, like unauthorized transactions or unfamiliar entries. Be sure to immediately address these issues by notifying the authorities and even considering a credit freeze. Checking your bank activity for any problems is something you can do daily, but you can also get two free credit scores on Credit.com, updated every 14 days, to help you quickly spot some signs of identity theft, like that aforementioned sudden drop in scores. You can also get your free annual credit reports from AnnualCreditReport.com.

Image: ti-ja

The post Phone Scams Reach Record 10.2 Billion. Here’s How to Protect Yourself appeared first on Credit.com.

The Surefire Trick to Avoiding Holiday Phishing Scams

Holiday phishing scams are nothing new — Americans just keep forgetting to be on the lookout for them.

Every year I dedicate a column to the scams of the holiday season, and every year the roundup gets bounced around the internet — all too often among friends who’ve been scammed. (For a rundown of what’s out there, check out last year’s post.)

So what’s new this year? Unfortunately, not very much.

There’s the latest holiday phishing scam, I guess. But really? It’s about as surprising as the President-elect’s reaction to Alec Baldwin’s impersonation of him on Saturday Night Live.

An email arrives telling you that there’s been a shipping problem with a gift item that you ordered online. In this particular ploy, there’s a link embedded in the email message that takes you to a bogus site that looks exactly like a real one that many people use for their holiday shopping. It doesn’t particularly matter which site. What matters is that the link leads to a page that doesn’t just look like the site. It is a perfect replica.

Sounds like every other phishing scam, right? Well, that’s the point of this year’s holiday scams column, folks. So, why are we still falling for these things?

It’s simple. Most people still don’t consider phishing scams to be a part of everyday life because most people have busy lives. If you live in an area where mosquitos spread the Zika virus, you’re hyper-aware of when they’re around. We all live in a phishing hole, yet we’re not constantly on guard against the various kinds of bait scammers throw out there — even though the damage caused by ransomware and other kinds of malware can be very serious.

It doesn’t matter how many times I say this. Most people don’t think scams are as ubiquitous as they are, and as a result, they tend to forget about them while they are going about their daily business. If only they kept malware and the constantly evolving delivery systems that bring it into our homes and offices top of mind, scam artists would quickly have to come up with a new game.

So let’s go back to this latest holiday phishing scam. How can it be avoided? You just have to look at the web address. But not the way your kids look at you when you ask them to do something. I mean, REALLY look at it. The only thing that’s different on this new scam site is the URL address.

There is a reason people never remember this. Scammers are smart, creative and persistent.

Social Engineering

Social engineering has nothing to do with any sort of “brave new world” scenario. It describes the hacker’s skill in the area of psychological manipulation.

The hacker’s exploits all work on emotion. In some cases, they will have gone on social media and figured out who you’re friends with. The next step is to send an email — either using your friend’s hijacked account, or just their name. You’ve seen these emails before. Your friend is on holiday and lost their wallet, or asks if everything is all right between you and your partner because they saw a picture (click the link and tell me, that IS your husband, right?). Maybe someone from college found a hilarious picture of you. The gambits are clever, playing on various emotions — fear, jealousy, curiosity.

The URL of a bogus site is something you might not notice this time of year because you are completely freaked out that a package is not going to arrive on time and someone’s holiday will be ruined. While you are a still rattled, you are provided with a link and instructed to enter your name, address and credit card information. When you do that and hit send, the page redirects to the real site, and the scammer is given all the ammunition necessary to go on a shopping spree.

Reverse Engineering

The solution here is simple. Social engineering is only possible in a world where people don’t know they’re being targeted.

The first order of business is to remember you live in the phishing hole. You need to get into the mindset that you’re always one click away from getting got. As I write in my book, SWIPED: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves, there are some very good tactics for avoiding scams, like going directly to websites in lieu of clicking urls in emails, calling companies to verify they’re trying to contact you and refraining from over-sharing on social media.

If you believe you’ve been the victim of a scam, don’t brush it off. Monitor your credit report for signs of identity theft — mysterious addresses, unknown accounts opened up in your name. (You can do so by pulling your credit reports for free each year at AnnualCreditReport.com and viewing two of your free credit scores every 14 days on Credit.com.) Report any fraud to your local authorities and the Federal Trade Commission.

Also, help others avoid scams. Talk about the threats out there with your friends and family (even strangers on a bus) because public awareness is the only inoculation against the viruses and malware that are spread through phishing email.

Image: FatCamera

The post The Surefire Trick to Avoiding Holiday Phishing Scams appeared first on Credit.com.