April 15th, 2014
Jackie here. Do you click on pop-ups or sign up for free trial offers online? These two behaviors, along with many others, may increase your risk of ID theft and online fraud. In a report published by AARP called Caught in the Scammers Net, several activities were shown to increase your risk of being an identity theft victim. How do your browsing habits stack up? Check out this list of the top 10 things NOT to do online. Avoiding these potentially dangerous behaviors could help keep you and your family safer.
- Clicking on Pop Ups- You see an interesting pop up, what should you do? Don’t click on it! Clicking on pop ups is a risky online behavior. Instead, close the pop up immediately and access websites by visiting them directly. You can even install or enable a pop up blocker on your web browser to eliminate the temptation to click. Not all pop-ups are harmful, but it’s often better to be safe than sorry.
- Selling Products on eBay- While there are a lot of great opportunities for buying and selling products on auction sites like eBay, there is also some risk. The AARP study found that selling items on auction sites increased your risk of fraud. If you do choose to sell, be careful and be on the lookout for fraud—check your credit reports and bank statements carefully.
- Opening Emails from Unknown Senders- Do you open emails from people you don’t know? This can be a risky behavior, especially if you follow links or open attachments. When opening an unknown email can’t be avoided, use caution and never share personal information with the sender.
- Downloading Apps- I love a good app just as much as the next person, but each time I download a new one, I carefully review it. Choose apps only from a reputable marketplace and carefully analyze user reviews before downloading. If you want a great app that will actually help you protect your identity, check out the AllClear ID app.
- Being Impulsive- Do you click before you think? Take time to analyze before you do things online. Many scams can be avoided with a little caution.
- Signing Up for Free Trial Offers- We all love getting things for free, but is the freebie worth sacrificing your identity for? Be cautious of limited time free trial offers.
- Purchasing Through a Payment Transfer Website- When it comes to spending money, be very cautious online. Avoid sites that ask you to transfer money to a third party or to an unknown recipient.
While you can’t avoid every item on this list, reducing the number of risky behaviors you help you stay safe from online fraud. The study authors found that of 15 risky behaviors, nearly 1 in 5 American respondents had engaged in at least 7. More than half of the respondents (65%) had received at least 1 online scam offer during 2013.
April 14th, 2014
Jackie here. Have you filed your taxes yet? As tax season comes to a close we wanted to share one last post with some tax identity theft tips. We are all at risk for this ever growing problem; being aware and remaining educated is one of the best ways to protect ourselves from tax ID theft and fraud.
Finding Out You Have a Problem
How do you know if you’ve fallen victim to tax ID theft? Most people discover the problem when they go to file their taxes. You may be unable to file since a return has already been submitted with your name and SSN. Other people receive a notice that they underreported their income after they have filed (this often happens when someone is using your SSN to work illegally).
If you do discover a problem, don’t despair; there are things you can do. In January Jenna shared her story of tax ID theft which can give you a good starting point for resolving your own problem. Here are some other tips to try:
- File a police report- A police report is often the first step resolving ID theft. While your local police probably won’t be able to do much in fixing your problem, the police report is a valuable tool you can use to prove that you are a victim when talking to credit bureaus and other agencies.
- Review your credit- If someone uses your SSN to file taxes, they might use it for other things too. Check your credit reports carefully and look for signs of fraud. You may want to initiate a credit freeze and put fraud alerts on your credit reports as well.
While there is extra attention focused on tax identity theft during tax season, many of the things you should do to protect yourself are ongoing practices that happen all year long. Make sure you regularly check your credit report, and keep an eye on your bank statements for anything suspicious. Remember, even small amounts can idicate trouble. In addition, be cautious when clicking on links and don’t share information that isn’t absolutely necessary.
April 10th, 2014
Jackie here. Before you open that RTF attachment, stop and think! Microsoft recently issued a warning about RTF files, encouraging all users to avoid opening them. Apparently hackers have found a way to utilize this file type to gain control of your computer. Play it safe and avoid all RTF (Rich Text Format) files until the problem is resolved. This file extension is commonly used in Microsoft Word, but other formats like .doc or .docx are available and are still safe to use.
The Better Business Bureau shared the warning in a post on their blog. The compromised files are “booby trapped” which can mean big destruction should the file be opened. These files have the potential to gain control of your computer, leading to the potential for ID theft.
Until a security fix is available Microsoft recommends disabling the opening of all RTF files. This way you won’t forget and accidentally open a file, or compromise your computer when a user that doesn’t know about the problem opens a file. You can do so easily from Microsoft’s site using a special tool created just for the problem. Midway down the page you’ll see a button labeled “Enable this fix it”. Click and follow the on-screen instructions. You can disable the fix once the problem is resolved using the same process and the “Disable this fix it” link.
April 8th, 2014
Jackie here. If you’re on social media, odds are you’ve seen a shortened URL or two (or twenty… they are everywhere). These services take a long link and shave it down to just a few characters paired with the shortening URL. Are shortened URLs safe or should you think before you click?
How Shortened URLs Work
Shortened URLs act as a portal of sorts, capturing the location of a link and redirecting visitors to the intended site. Much of the time a long URL isn’t a problem, but on social media sites (especially ones like Twitter that limit characters), shorter makes it easier to share. Do you want to use three lines of text sharing a long URL?
Many legitimate businesses, celebrities, and others use shortened URLs. But, you should be aware that scammers do too. They can camouflage malicious websites this way, tricking people into clicking on links they shouldn’t. Some will use this technique to direct you to sites that install malware, phish for information, and increase your ID theft risk. With a shortened URL you don’t know where you’re headed until it is too late.
What Can You Do?
While some people may choose to avoid shortened URLs altogether, this approach may keep you from a lot of great content. For example, we regularly share shortened URLs from the AllClear ID Twitter page; skip them and you might miss out on some great information about avoiding ID theft. Short URLs aren’t bad in and of themselves; you just need to use a little extra caution.
Here are some tips for keeping yourself safe when using shortened URLs:
- Source Matters- Before you click on a shortened URL, consider the source. Is it shared by a company or person you trust? Bear in mind that scammers may create fake websites or profiles (or hack legitimate ones) to share their malicious links. Before you click, ask yourself, “Do you trust the source?”
- Use a URL Expander- Shortened URLs leave you in the dark about the website you’re trying to visit; a URL expander turns on the lights. CheckShortURL.com and LongURL.org are two of several sites that show you the full URL for a shortened one. Some of these sites will even check the link for malware before you click. You may also be able to install a browser plug-in that checks short URLs without having to visit another site.
For more information and tips see this great article from the Better Business Bureau.
March 10th, 2014
Jackie here. What do you do if your credit card information is compromised in a hacking event or data breach? Here are some tips for from the Consumer Financial Protection Bureau for keeping yourself safe from ID theft and fraud after your information is compromised.
Check Your Accounts…. And Check Again
After you’ve been notified of a credit card breach, check your accounts for any unauthorized charges, daily if possible. If you don’t have internet or mobile access, carefully review your paper statements for any charges you didn’t make.
Report any discrepancies you find, even if they are small. Although a $1 or $2 charge might not seem like a big deal, thieves often start small and build up to larger charges if the smaller charges go through. It may take a while for fraudulent charges to start showing up; keep checking. In fact, you should carefully analyze your statements all of the time, not just when you’re worried about a recent data security incident.
Report Fraud Immediately
If you find a fraudulent charge, report it immediately. First, call customer service at your card provider and report the problem. Then, follow up with a written letter. Make sure you keep a copy of the letter you send; send it with delivery confirmation so you have proof it was received. Also keep a record of the dates and times you make phone calls, what you discussed and who you spoke with.
Don’t Give Out Information in Response to Phone Calls or Emails
Breaches give scammers a great opportunity to trick people into sharing personal account information. Don’t share your account numbers, SSN, birthdates, etc. with callers claiming to be from your bank or credit card company. If you need to talk with them, contact them yourself using a known phone number from their website or your bank statement.
What Should I Do If My Bank Isn’t Resolving the Problem?
If you have trouble with your credit card company or bank after reporting fraud, you have options. Banks should investigate any reports of debit fraud, generally within 10 business days (credit card transactions can take longer, but you don’t have to pay the amount in question while you wait). Once the investigation is complete, you have the right to obtain a copy of results. If you have a problem with how a fraud case is handled, file a complaint with the Consumer Financial Protection Bureau online or by calling (855) 411-2372.
More information about handling a breach is available here.
March 4th, 2014
Jackie here. Do you hate spam? I do, but it seems that no matter what I do, the spammy messages always seem to find a way to my email accounts. Giving out your email address is necessary, but it can also lead to those dreaded spam messages. What’s an email user to do?
Apple has come up with an interesting potential fix and is currently in the process of patenting their new idea. This spam fighting tool consists of disposable email addresses, all linked to one central account. You get your standard email address which you keep to yourself and instead share generated disposable addresses each time you sign up for a service or give out your email. Each of these is linked to your main account and all messages received will appear in your primary inbox. When an address is compromised, simply disable it, and the spam coming your way will disappear.
The neat thing about this idea is the ability to control you’re the amount of spam you receive while still retaining the functionality of a single account. Each disposable email address protects you from spam, but the unique method of linking accounts together makes the system just as convenient as a single, permanent email address.
What do you think of this idea? I think it sounds like a great solution. Hopefully it will find its way to my favorite email provider soon so I can finally eliminate all the spam from my inbox.
February 19th, 2014
Jackie here. Identity theft continues to grow and according to a recently released Javelin report, the numbers are staggering. Take a quick look at some of the identity theft statistics from 2013. What are you doing to protect yourself?
2014 Identity Fraud Report Findings
- 13.1 million people fell victim to identity theft in 2013. This is up 500,000 from 2012.
- There was a new identity theft victim every 2 seconds.
- Are you between the ages of 35-44? If so, you are at the greatest risk for identity fraud.
- Fraudsters love the internet—44% of all fraud transactions occurred online.
- 2013 was a record year for account takeovers, which comprised 16% of all identity fraud. Utility and mobile phone account takeovers tripled.
- Have you received a data breach notification lately? In 2013 1 in 3 people that received a breach letter went on to become a fraud victim (up from 1 in 4 in 2012).
- Non-card fraud is increasing rapidly, up 3x from 2012.
This report gives us a good insight into how ID theft continues to change and evolve. With an increase in non-card fraud and account takeovers, we know to pay close attention other accounts and specifically our credit reports. Pay close attention to those data breach notices as well; if you receive one you have a 1 in 3 chance of being an ID theft victim, so make sure you take the appropriate steps.
How will use this information to protect yourself and your family from identity theft?
February 10th, 2014
Jackie here. “Ring, ring, ring.” I love hearing the phone ring. Those few seconds of wonder before you look at the caller ID are exciting. Who is calling? A best friend? Mom or dad? A favorite co-worker? All of that excitement, however, is instantly dashed when you answer and realize it’s another robocall. What can you do? Which robocalls are legal and which are not?
Legal or not? Here are a few instances when robocalls are legally permitted:
- Informative Only- Recorded messages that are only sharing information (like the recording from your child’s school or the reminder from your doctor’s office) are permitted.
- Donations Requested- Charities and political candidates may use robocalls to solicit donations and share information.
- Given Permission- If you’ve given a company written permission (electronic counts too) to contact you by phone or text, they can legally call you with recorded messages. If you change your mind about this permission, you can opt out by letting the company know.
These types of robocalls are generally illegal:
- Sales Pitch- Is a company trying to sell you a good or service via recorded phone message? This type of call is probably illegal. Do you really want to make a purchase from a company that is blatantly violating the law? These calls are also a common indicator of a scam.
- On the Do Not Call Registry- If your phone number appears on the Do Not Call Registry, you shouldn’t be getting recorded sales calls. If you haven’t signed up yet (and you should) you can do so by filling out a short form here.
When Robocalls Happen…
While many robocalls are now illegal, that doesn’t mean they’ve all gone away. What should you do if you receive one? Simply hang up the phone. Pressing buttons or asking to speak with an operator can actually make the problem worse, resulting in more of the annoying calls for you. If you like, report the call after you hang up to the FTC. Do Not Call Registry violations can be reported here.
February 4th, 2014
Jenna here. Here are our favorite articles for the week. We have a great read about connected cars and the associated privacy implications (a great follow-up to this post we wrote on the issue), an informative article about the new HP Security Research Cyber Risk Report, as well as a scam alert for the BBB that warns of an increase in utility scams due to the spike in cold weather.
Connected Cars are Here. The Good News is That Privacy is Being Taken Seriously, IAPP
Hewlett-Packard Depresses Us Some More on the State of Cybersecurity, Businessweek
Scam Alert — How cold temps are triggering utility company scams, The Better Business Bureau
February 4th, 2014
Jackie here. Is your car connected? It seems like everything can connect to the internet these days. As automakers begin to explore the possibilities of internet connected cars, consumers worry about the privacy implications this might pose. How do we find a balance between convenience and privacy? Will our cars become the next source of information for “Big Data”?
Automakers and the government both realize that connected cars are inevitable in the future, but there hasn’t been a large discussion around the privacy implications to date. Regulating privacy is hard since the conveniences consumers crave often require huge amounts of information in order to work well. Additionally, storing and using information allows further customization, a feature many consumers love despite the accompanying privacy concerns.
How do you feel about automotive privacy?
Wherever you stand on the issue of automotive privacy, there are some key points to think about. In general, customized features will lead to less privacy. If you want your car to be able to sync with your iPhone and your contacts and songs on it, that leaves more opportunities for data to be compromised. Furthermore, as geo-location tracking becomes more common, this technology may appear it connected cars going forward.
Let us know your thoughts—will you buy a connected car once they are on the market?
February 3rd, 2014
Jackie here. Last year we warned you about a tech support scam that was going around. Scammers were contacting people by phone pretending to be from major companies like Microsoft. They would then remotely access the victim’s computer, stealing information and charging for their “services”. While this scam was scary, I recently learned of a new variation on the tech support scam that is even trickier and that has the potential to claim many more victims. Be on the lookout for this scam and never share your financial information or computer login credentials with an unknown caller.
This scam is a follow up to the tech support scam we saw in 2012 and 2013. This time the callers will ask if you’ve recently received tech support. They claim that if you received services you could possibly receive a refund. There are several variations to this scam, including ones where they offer to refund those that were unsatisfied and ones where they claim the company is going out of business and refunding those that have already paid.
The scammer claims they need bank account or credit card information to process the claim. They may ask for remote access to your computer, possibly under the guise of helping you fill out paperwork. This scam has the potential to create double the trouble for those who fell victim to the last scam, as well as reaching new victims.
Avoiding this Scam
Don’t fall victim to this scam or ones like it. If you have paid for phony tech support services, file a complaint with FTC and dispute the charges with your credit card company. Legitimate companies will not call and offer to reverse the charges for you. Never provide your bank account or credit card information to an unsolicited caller.
January 31st, 2014
Jackie here. We’ve talked a lot about protecting your kids from identity theft. Have you ever considered the impact your kids might have on YOUR credit score? Children and teens use the internet a lot and if they aren’t careful they could potentially expose people in your house to identity theft. Teach your kids how to stay safe online. This important lesson won’t just protect them, but will protect your identity as well.
To keep your identity safe and teach your kids good online behavior, make sure they understand these essential internet safety rules:
Do your teens know how to create a password? A strong password should be a combination of letters (upper and lowercase), numbers and symbols. Teach your kids to avoid words found in the dictionary, names of pets and nicknames. Any ‘common knowledge’ information that can easily be discovered online by a savvy ID thief (think birthdays and maiden names) should also not be used as passwords. For more password tips, check out these articles on our blog; we talk about password safety often.
Never Download Without Approval
That free game might be a lot of fun, but it could be exposing your computer to spyware and capturing sensitive important entered on your computer. To help you kids to master the art of smart downloading, have them ask you for approval first. You can teach them which downloads are safe and which are identity theft traps—reading the data usage policies of the apps is a good place to look for information about if and how your personal info will be tracked.
Be Careful Who You Friend
Facebook and other social media sites are big draws for teen users. Make sure your children only accept friend requests from actual friends they know in-person. Accepting friend requests from unknown people can expose personal and family information to strangers. Take time to go through your children’s social media accounts with them, making sure that they are using good practices when selecting friends. You may also want to review privacy settings with your teen occasionally.
Don’t Share Personal Information Via Email
Does your child know how to identify a phishing email or a scam? Teach your child how to recognize email scams as children may be more likely to fall victim or to share personal family information that could lead to identity theft.
Teaching your teen good internet practices won’t just protect them; it could also keep you safe from identity theft.
January 30th, 2014
Jackie here. Are you a victim of identity theft? While ID theft is a growing problem, it isn’t one that you have to suffer alone. Whether you are having problems with financial identity theft, tax identity theft or have general questions, help is available. One great resource to turn to is the National Identity Theft Victim Assistance Networks Program (NITVAN), a new organization started by the federal Office for Victims of Crime. With trained professionals working in coalitions around the country, this organization is focused on getting identity theft victims the help they need.
What is NITVAN?
Every ID theft victim has a different story. Financial ID theft can devastate finances, making it difficult to obtain loans and pay bills. Criminal ID theft has resulted in false arrests and legal battles. Tax ID theft can create problems with the IRS that include lost refunds and false employment records. With many different types of identity theft, there is no one simple way to resolve the problem. NITVAN understands that identity theft is a complex and growing problem and seeks to help victims receive better support.
Coalitions across the country coordinate with the National Network to provide victims with the help they need. Their website has a rich assortment of tools for identity theft victims. Use their Resource Map to find local resources that may be available in your state.
Identity theft is a growing problem, a fact that isn’t likely to change anytime soon. Do your best to protect your information and catch the problem early and remember if you need help, NITVAN is a valuable resource to all identity theft victims.
January 29th, 2014
Jenna here. Our favorite articles for this week are here (finally). We have expert tips about how to boost the security of your payment cards in simple ways, as well as information about how the NSA might be using a favorite phone app to gather more information about you. Enjoy!
How to Boost Security of Your Payment Cards, USA Today
A Little (Angry) Bird Told the NSA What You’re Up To, ABC News
January 22nd, 2014
Jackie here. Here on the AllClear ID blog we talk a lot about ID theft including ways to protect your family, trends, scams and identity theft resources. On other sites, though, ID theft isn’t as big of a focus. While you might not be seeing identity theft news on CNN or Yahoo! every day, it’s important to remember the problem still exists. Each year, ID theft generates economic losses similar to those incurred with natural disasters (Hurricane Sandy caused $20 billion in damage; ID theft creates losses of about $20.8 billion annually). While laws are being enacted to better protect us and law enforcement is getting better at catching thieves, identity theft still wreaks havoc on lives every day. If you haven’t been a victim, you probably know someone who is.
We talk a lot about data breaches, a problem that seems to be getting worse. For the last nine years there has been an average of more than one breach each day. Due to this increase in the availability of stolen information, it is estimated that the price of an identity is just $25, less than the cost of a steak dinner.
ID Theft is Changing
While ID theft is still a big problem, it is changing. Once credit card fraud was the big worry, now tax identity theft is rising and medical records are becoming a hot target for thieves. Enforcing the law is getting more difficult too, as thieves use the internet to hide their activities and identities.
The changing landscape of ID theft makes this problem no less disastrous than it once was, but much more complex. Will we someday see the same protections on our medical records as we have on our credit reports?
While identity theft is changing, it is important to realize that it is still a problem. What can we do? Remain vigilant. Check your credit reports and bank statements. If you find an inaccuracy, report it and correct it. Don’t think your children are immune from the problem; they are at risk too. Now is not the time to stop fighting against ID theft—just because it’s not making headlines every day, doesn’t mean the risk is no longer there.
January 20th, 2014
Jenna here from the Marketing team. Our favorite articles are here. This week, we have a look at a new smartphone that promises to protect users from government and private surveillance, information about a Facebook backdoor that may expose more private information than you know, and a thought-provoking piece about what Google’s acquisition of Nest means for user privacy.
Blackphone Promises to Give Smartphone Users Their Privacy, ABC News
Facebook Backdoor Gives Clues to Private Email Addresses, Forbes
January 20th, 2014
Aaron here, AllClear ID Investigator. Becoming a victim of identity theft is not just something that happens to adults; children are heavily targeted as well. Recently, the Florida state legislature met about a new bill that they hope will prevent child ID theft, called the KIDS Act (S.B.242). Adam Putman, the Agriculture Commissioner of FL testified in favor of the S.B.246, bringing with him a former foster child who was a victim of identity theft, Ashtavia Maddox.
“I came here today to share my story with you because I want to help prevent other children from going through what I’m going through,” said Ashtavia.
“It is estimated that more than 50,000 children in Florida become victims of identity theft every year,” said Commissioner Putnam. “Identity theft can have a devastating impact on their futures. Bad credit as a result of identity theft will keep someone from gaining employment, obtaining a school loan and accessing credit. To think about the opportunities Ashtavia Maddox has missed out on because of what has happened to her is heartbreaking. The KIDS Act can prevent identity theft from destroying the lives of others.”
Ashtavia Maddox, now 22 years old, found out there was a problem with her identity when applying for her first apartment when she was 18. She filled out her application and found out she was denied. She also applied for other lines of credit onyl to be denied for those as well. She and her guardian found out this was because she was a victim of identity theft.
It is hoped that the KIDS Act, which will allow the parents or guardians of a child under the age of 18 to create a credit file, will help catch any cases of child ID theft before they get out of control. Once the file is set up, it can be frozen indefinitely, preventing thieves from gaining access to the stolen identity.
In Florida, it is estimated that more than 50,000 people fall victim of identity theft each year. It’s recorded that over a $100 million dollars is taken every year from children whose identities have been compromised.
While adults are able to protect themselves from identity theft by monitoring their credit or ordering a fraud alert or freeze on their credit, there are currently no proactive measures to protect minors from identity theft in many states. The KIDS Act could be a first step toward that sort of protection in Florida.
January 17th, 2014
Jackie here. As Tax Identity Theft Awareness week comes to a close, I wanted to share a few of the things I learned this week with you. The FTC and the Identity Theft Resource Center co-hosted a great Twitter chat this week; check out the hashtag #IDTheftChat for more great tips!
Don’t Carry Your Social Security Card
We’ve told you before not to carry your SSN in your wallet, but many people still do. I thought this was a great reminder to check my wallet for things that shouldn’t be in there. Other things you shouldn’t carry include bank PINs, account numbers and passwords. If you’re a business, safe guard your EIN just like you would a SSN.
Shred. Shred, Shred
The three items thieves need to commit tax ID theft are your SSN, your birth date, and your name. If you don’t shred your trash and personal information some of these will surely end up in the trash. Shredders are relatively inexpensive and are a priceless tool in fighting all types of ID theft. If you don’t have a shredder of your own, check with your local Better Business Bureau; they often host shred days with free shredding services.
Watch for Scams
All year round, but especially during tax season, thieves impersonate the IRS to get information. Watch for websites, emails, tweets and phone messages that claim to be from the IRS. If you don’t know whether something is legitimate, double check before you share personal information.
Keep Important Documents
When filing taxes you may need to hang on to some documents for several years. If you’re storing these digitally make sure they are encrypted. If you store hard copies, keep them in a secure place away from prying eyes. This neat chart was shared during the chat to help you know how long to keep each record.
Businesses Fall Victim Too
Consumers aren’t the only ones that are at risk for tax related ID theft. Businesses have risks too. The FTC shared a blog post they’ve created to help businesses understand tax ID theft. If you own a business or help manage one, this post is a must read.
Tax season is upon us so start gathering those records and file early. The sooner you file, the lower your risk for tax ID theft. When you do file use a secure connection if you file online, never public Wi-Fi. If you mail in your taxes, take them to the post office directly.
The FTC’s Twitter chat for Tax Identity Theft Awareness week was a great one. Check it out now!
January 13th, 2014
Jenna here. There were so many good articles to choose from this week, but we’ve managed to narrow it down to our top 3. This week, we have a look at the future of big data in 2014, a really interesting (and long—you may want to save it til after work) read about tax identity theft, and some tips for how to protect your personal information. Enjoy!
2014: The Year Big Data Adoption Goes Mainstream In The Enterprise, Forbes
Beware of Gangsters Filing Tax Returns, Bloomberg Businessweek
How To Keep Your Private Information Safe, USA Today
January 10th, 2014
Tamara here, AllClear ID Investigator. The Consumer Financial Protection Bureau announced November 6th, 2013 that it is now taking complaints against payday loan lenders. Payday loans are generally a few hundred dollars and are meant to be paid back in comparatively short amount of time, though usually with a high interest rate. Now, consumers are able to file complaints to the agency if they have a dispute with a payday lender.
The complaints may be filed under six different categories: unexpected charges, incorrect or unauthorized charges, payments not credited to accounts, problems contacting lenders, consumers being granted loans they did not apply for, and businesses failing to provide the funds for which consumers had applied.
After a complaint is filed, the CFPB will forward the complaint to the lending institution, which in turn responds within 15 business days. More involved cases may take longer.
In a recent investigation, the CFPB has ordered Cash America International, Inc. to refund consumers (up to $14 million) for the discovery of robo-signing court documents. It is also alleged that Cash America destroyed records prior to the CFPB’s investigation. That, and other findings, led to a $5 million fine.
After many years of consumers not having a place to turn when experiencing issues with payday loans, it is beneficial to have the CFPB be a resource to employ. To file a complaint, one can go to their website or phone them at (855) 411-2372.
January 9th, 2014
Jenna here. We have exciting news! The FTC is hosting their first ever Tax Identity Theft Awareness Week January 13th-17th. That’s next week! To do our part to raise awareness about this growing issue, we will be posting helpful information and links on our blog, Facebook, Twitter, and Google+ pages every day, so be sure to check them out for great information. To make the most out of next week, here are some helpful resources you should take a look at to ensure you don’t miss out on the action:
FTC Press Release about the event:
FTC’s Tax Identity Theft Awareness Week website:
Regional Events for Tax Identity Theft Awareness Week:
Check back next week to learn all about tax identity theft just in time for tax season!
January 8th, 2014
Jackie here. As we roll into the New Year, our thoughts turn to getting things in order for taxes. As tax identity theft is a big problem, it’s important to always turn to trusted sources when looking for tax information. Did you know the IRS has several different resources for you to use? Whether you like Tumblr, YouTube, iTunes, or Twitter, there’s an official IRS resource to help you get through tax season successfully. Which of these resources will you check out? Let us know which is your favorite!
- Official Smartphone App- Interact with the IRS using your Android or IOS smartphone via the IRS2Go V3 app. With the app you can check refund status, get tax receipts, tax tips and advice and stay up to date with the latest IRS news.
- Tumblr- If you’re on Tumblr, be sure to check out the IRS’ official page. The page was new for 2013 and already has received more than 200,000 views. One identity-friendly feature is the scam alerts and warnings posted on the site.
- YouTube- Need help with your taxes? The more than 130 videos on the IRS YouTube channel might help. There’s even a video specifically created to help victims of ID theft.
- Twitter- With five official IRS Twitter accounts, there’s one for every situation. For IRS news and tax related announcements follow @IRSnews or @IRSenEspanol. Tax preparers might also be interested in @IRStaxpros and job seekers can find information at @RecruitmentIRS. The final Twitter page is devoted to the IRS Taxpayer Advocate Service and is found @YourVoiceAtIRS.
- iTunes- Love Podcasts? Check out the IRS collection of helpful audio files. We recommend “Protect Yourself from Identity Theft” and “Are You a Victim of Identity Theft?”
- Facebook- Although not commonly updated, the IRS official Facebook page is available for those that want to interact with the agency; you’ll likely get more information, however, by accessing some of their other informational channels.
As you get ready for tax season, check out these helpful IRS resources; be on the lookout for ID theft warnings and scam alerts from us as well!
January 7th, 2014
Jenna here. Our first favorite articles of 2014 are now here! This week, we have information about Facebook’s denial of claims that they are reading unpublished posts, details of a SnapChat security incident that ocurred last week, and a LinkedIn lawsuit aimed at discouraging hackers from using their site.
Facebook: We Are Not Collecting Unpublished Posts and Comments, ABC News
4.6M Snapchat User Names, Partial Numbers Leaked, ABC News
LinkedIn Sues Unknown Hackers Over Fake Profiles, Bloomberg
January 7th, 2014
George here, AllClear ID Investigator. In October 2012, the U.S. Secret Service detected a security breach at the South Carolina Department of Revenue. The attack exposed 3.6 million Social Security numbers and 387,000 credit and debit card numbers. The stolen data also included consumer tax return information and businesses’ Tax ID numbers. South Carolina hired a cyber-security firm to stop the attack and install new hardware and software at the Revenue Department to strengthen their security. The state also paid for one year of credit monitoring and identity theft protection for those affected.
Consumer Affairs documented 84 security breaches before the DOR breach in October 2013, affecting more than 1 million state consumers, and 36 more security breaches since, affecting 77,000 South Carolinians. Consumer Affairs officials said South Carolina ranks 17th in the nation for identity theft complaints, it was ranked 36th in 2005.
After the attack, legislation was proposed to revamp security procedures at state agencies to prevent it from happening again. Lawmakers authorized and funded a new identity theft division at the Department of Consumer Affairs; the unit was officially announced on October 1st 2013. The four person team will educate South Carolinians in preventing ID theft, enforcing state identity theft laws, and guiding consumers through credit restoration. The Consumer Affairs ID Theft unit will help anyone in South Carolina, not just those affected by the DOR breach. Unit director Marti Phillips says, “We’re going to provide education and outreach to consumers across South Carolina about what identity theft is, the steps that consumers can take to protect themselves, and then what they need to know if they’re the victim of identity theft.” More information can be found at http://www.consumer.sc.gov/. The website also provided a toll free number, 1-800-922-1594.
January 6th, 2014
Jackie here. Our world is increasingly connected. While our connected devices do bring us a virtually endless supply of conveniences, they also pose some privacy risks. I had the opportunity to tune in to a public workshop hosted by the FTC called the Internet of Things- Privacy and Security in a Connected World. The workshop was fascinating and addressed both the conveniences and the privacy concerns associated with today’s internet driven world. It’s fascinating to watch… consider taking a few minutes to watch part for yourself. I’ll share a few of the insights I obtained below.
We Need to Know What We Share- Transparency is something that is often lacking in our current connected world, but as more devices become connected to the internet, it is essential that as consumers we have access to what we share. We need to know what data is being collected and we need to understand what devices are collecting about us. This isn’t just a responsibility of our device manufacturers. As consumers we need to demand transparency. Be informed and know what you share.
We Need to Own Our Data- Our data belongs to us. As our devices collect this data to make things more convenient for us, it should remain under our control, at least partially. Hopefully, the future will return data to the consumers that own it. Companies shouldn’t be able to sell our information just because we choose to buy their devices. Opt-in features, and more transparency are steps in the right direction.
Security is Essential- Companies will be able to collect huge amounts of data as more devices become connected. Security is a big concern. How will companies secure our data? What requirements should be in place? Data and device security will likely become a hot-button issue in the coming years.
Finding the Privacy Line- Privacy is a big concern. It was one of the main themes of the workshop. Most of the presenters agreed that companies need to put privacy first. Privacy shouldn’t be an afterthought, but instead should be an integral part of the coding of each device. Consumers have a right to privacy, even when our homes are becoming increasingly connected.
If you have a few minutes to spare, I highly recommend the FTC workshop. While there are several hours of presentations, you can learn a ton from just a few minutes. It brings up interesting points about consumer privacy and connected devices from experts in the industry.
January 2nd, 2014
Jackie here. How many passwords do you have? I have too many to count (email accounts, online banking, various stores and online shopping sites, companies where I pay bills online, social media, etc.). Remembering all those passwords is difficult, if not impossible at times. I find myself having to reset passwords that I can’t seem to remember at least once a month.
The Password Problem
I’m not the only one with this problem. A 2012 study found that 38% of adults think that solving world peace would be easier than remembering all of their passwords. With more than half of adults having more than 5 passwords (and 8% having more than 21) the password problem is certainly one that needs addressing. What’s a person to do in a world where passwords abound?
We’ve talked about several potential password solutions here on our blog like biometric passwords and even using typing style to self-identify. Facial recognition is a new idea that some companies are exploring as a solution to the password problem.
An Innovative Solution
One company is using facial recognition as the key to unlocking their password storage app. Most password storage programs use yet another password to identify users; this one instead uses facial recognition. The user simply holds their smartphone in front of their face and allows the app to scan. Once identified, the user can access the passwords stored in their vault. To prevent unauthorized access using a photo, the app is able to identify blinking to ensure that the user is actually present and not merely a picture.
Maybe someday in the future, a facial scan will be used in place of a password on all of our favorite websites. Would you prefer facial recognition or do you like the traditional password? It will be interesting to see how passwords evolve as more accounts move online. A person can only remember so many passwords, and companies are coming up with increasingly innovative ways to get around this problem.
What’s your solution to too many passwords? Whatever method you choose for remembering a long list of characters, numbers and symbols, don’t make the mistake of choosing a highly guessable password. The word ‘password’, your name, 123456 and other similar choices aren’t a secure option when it comes to securing your information online. Check out this article about password safety for some more tips about creating a password that’s hard to crack.
January 1st, 2014
Jackie here. As we say goodbye to 2013 and welcome in the new year, it’s always interesting to look back on ID theft trends and make a few predictions for the coming year. Let’s take a quick look at our list of threats and predictions
for last year… did they pan out? Then I’ll give you a few predictions for the ID theft trends that may be coming in the future.
- “Child ID Theft Will Continue to Rise”- Although the numbers aren’t out yet showing the number of child ID theft victims in 2013, a 2012 report found that the problem was certainly prevalent. The study found that 2.5% of U.S. households with children had experienced child identity fraud at some point. Legislators have been passing child ID theft laws as well. This year, several states either passed or are working on laws to allow parents to freeze their children’s credit, requiring foster agencies to help clean up children’s credit reports and creating child ID theft prevention programs.
- “Monetization of Social Networks”- Social networks certainly expanded their money making efforts this last year. Twitter went public with their stock, generating a few IPO related scams along the way. Social media scams are still big business for scammers, so keep an eye open for offers of fake gift cards, airline miles, etc. in the coming year too.
- Tax ID Theft- Tax ID theft continues to be a problem. As the numbers roll in for 2013, we are seeing fairly large increases in the tax ID theft rates across states. In all of 2012 there were 1.2 million taxpayers with tax id theft problems. In just the first 6 months of 2013, there were 1.6 million victims.
Now that we’ve reviewed a few of last year’s predictions, let’s move on to what we see coming as we roll into 2014.
- More Companies Shift to the Cloud- Industry leaders predict that companies will continue to shift their data storage needs to the cloud. What does this mean for you? It means increased risk. When information is stored online it can be accessed from anywhere, both by the companies themselves and by hackers. Sure, it’s convenient, but it also means an increased risk of data breaches and security incidents related to data stored in the cloud.
- Mobile Malware- The days of not having to worry about viruses on your mobile phone are coming to an end. It’s likely that we will see increases in mobile malware, especially on Android phones. If you haven’t secured your phone yet, do so. Thieves always like an easy target. This fact sheet from the Privacy Rights Clearinghouse has some great tips for securing your smartphone.
- Passwords That Aren’t Passwords- People are notorious for creating bad passwords (think “password” or “1234567”). As companies seek to create more secure devices and accounts, this means finding solutions to the password that aren’t as easy to compromise. Biometric technologies are one possible solution. Maybe in 2014 we will see a smartphone that uses a heartbeat for identification or an online bank account that uses fingerprints to log you in.
- Increased Medical ID Theft- As medical records continue to shift online, the odds of a medical record breach continue to increase. Medical professionals have been warned to expect increased data security risks for 2014.
- Increased Mobile Payment Fraud- It is expected that the mobile payment industry will grow by more than 30% a year for the next several years. As this payment method grows, thieves will likely get in on the action too, leading to an increase in mobile payment fraud.
May your 2014 be filled with health and happiness and, of course, be ID theft free.
December 31st, 2013
Jackie here. We’ve warned you numerous times not to click on links in unknown emails (here, here and here recently), but this scam proves that phishing doesn’t always involve email links. Emails can still be malicious even if there isn’t link in the text. Keep on the alert for link-free phishing and protect yourself from ID theft and fraud.
We’re all familiar with the traditional phishing scams. You receive an email that appears to be from a legitimate company or person that encourages you to follow a link contained in the email. Some phishing emails promise a great deal on a new TV, others alert you to a problem with an account, but they all lead to malicious content. Some lead you to look-alike websites that get you to enter usernames and passwords, while others lead to malware that will track and capture your personal information.
This twist on the traditional phishing scam doesn’t include links in the email body, but instead hides them in unexpected places. When checking your email, remain alert. Scams can be lurking in places other than the email body.
Beware of Attachments
One new tactic is to embed malware in email attachments. You click on the attachment and the file causes your browser to crash while installing malware. This approach is fairly common, and you may already be aware of it.
If the attachment opens successfully however, most people assume they’re safe. But, danger can be lurking inside of the attachment—some scammers use innocent looking attachments to hide malicious links. That link in the PDF file you just opened is just as risky as a link inside of an email.
Don’t click on links in emails, even if they come hiding inside of an attachment. As always, we will keep you updated with any new scams that pop up!
To learn more about this scam and to see some examples of the scam in action check out this article.
December 26th, 2013
Jackie here. What would you do if you received an e-receipt from a retailer where you hadn’t shopped lately? Would you contact your credit card company to report fraud? Would you call the retailer to dispute the purchase? E-receipts are convenient, but if you aren’t careful they have the potential to increase your ID theft risk. Make sure you keep your information protected and that you know what problems to look out for when choosing an emailed receipt over a paper one.
Ask Questions- Before signing up for an e-receipt program you should carefully review the company’s privacy information. How will they keep your information secure? A company should have a concrete plan in place for keeping your email address and credit card information secure. You may also want to find out if signing up will put you on their promotional email list. Sometimes you can opt out of promotional emails at sign up if you ask.
Watch for Spam- E-receipts can lead to more spam emails, so be on the lookout. You may want to create a separate email address just for receipts so you can easily monitor for spam without filling up your regular inbox. Be cautious when reading emails, clicking on links, etc.
Update Your Computer- Keep your anti-virus and other software up to date. This is important whether you receive e-receipts or not.
Contact Companies Using Known Numbers- If you receive an e-receipt for a purchase you didn’t make and you want to contact the company, call a known number for them, not the number listed in the email. A phony e-receipt could potentially be a phishing attempt searching for your personal information.
Learn more about the danger of e-receipts from the Better Business Bureau.
December 24th, 2013
Jackie here. What have you shared today? We talk a lot about privacy here on the blog and as you well know, our information may not be very private, especially when we’re online. I recently found a great video from the FTC. It’s called Sharing
Information: A Day in Your Life. It highlights how much information we are really putting out there each day (hint: you might be surprised). The video inspired me to showcase a few of the ways we share information. Be aware of what you share!
Where You Are: Most cell phones, tablets and mobile devices are equipped with location trackers. These trackers help to provide location sensitive information (for example GPS navigation services). While location tracking can be a useful tool for you, it can also be handy for marketers and others. Your location may be shared, even when you aren’t the one sharing it. Be aware that computers, cell phones and even some digital cameras may share geo-location data about you.
What You Buy: Do you use a loyalty card when you shop? If so, you might be sharing your purchase history in exchange for a discount. Loyalty programs are notorious for collecting and selling personal information. If you want the discount without having to sign-up for the program, you may be able to get a loyalty card (or a discount) without having to register. Purchase history may also be tracked on coupon sites, cash back sites, etc.
Online Browsing Habits: Which websites do you visit? Each time you click on a link or visit a website, your actions may be tracked, providing valuable personal information to third-party marketers. You may be surprised at how prevalent online tracking is. In May, Allison explored the problem using an online plugin and found over a hundred websites tracking her movements.
Your Health History: Did you know that your prescription history is often sold to outside parties? Health information is highly valuable to marketers and your prescription purchasing patterns, medical symptom searches and other information is commonly sold. Be aware that using symptom checkers and other medical search tools can reveal a great deal about your health to outside parties.
What do you share in a single day? Be aware of what you share to better protect your privacy.