As Scammers try harder, just be more clever!

We are assaulted by people trying to access our information for their benefit or trying to trick us into sending a payment fraudulently.  Now, with all the news on artificial intelligence, we will see even more ways we may be assaulted. 

How do you protect yourself?

The first step:  Think before panicking and reacting; careful observation could save you from a scam!

Here are some examples, starting with familiar ones:

  • Do you really think you won a lottery you never entered?  There is an old joke about not buying a ticket.
  • Do you actually think you are the one randomly chosen to receive an inheritance from someone in another country that supposedly has no heirs?  The estate mentioned is often from a country you may never have visited, and the estate is an enormous amount, so probability says it cannot be real.
  • If Amazon really thinks there is fraud, why does the person answering the call say “Thanks for calling Amazon” when the call came from them, and why do they know nothing about your account so that they have to ask for your information?  If there was a fraud, they would be telling you about the transaction instead of asking for all your account details.
  • No one stole your credit card, and you know you did not buy a MacBook or Airpods, so why is someone calling from the Netherlands to claim a purchase was made on your account?  Often you can tell that the callers are not from the companies they claim. 
  • It may look like a Microsoft message, but why do you suddenly need to update your account?  Check the source of the message – we have seen official-looking messages from many dubious senders, including some from Japan and Russia.  Be wary of e-mails from random accounts rather than the actual vendor.  

If you receive notice of an unauthorized payment or overdue bill, or even a payment authorization you didn’t expect, don’t click on the link, go to the vendor’s website to access via a browser you trust to check before responding.  The link in a text or e-mail may appear okay but close examination reveals some flaw.  

The same applies if you receive a DocuSign notice:  make sure the sender is legitimate.  Clicking on the link could allow them to install malware and gain access to your financial information. 

Here’s another example:  We recently had someone claim to have seen our website and want to hire us for tax work.  When we asked for more information about their situation, including the state in which they filed, the response was a message asking to click on links to their information.  The fact that they did not respond to questions about hiring a tax professional was a tip-off.  The IRS warns:

Thieves take time to craft personalized emails to entice tax professionals to open a link embedded in the email or open an attachment. Tax pros have been especially vulnerable to spear phishing scams from thieves posing as potential clients. Thieves might carry on an email conversation with their target for several days before sending the email containing a link or attachment. The link or attachment may secretly download software onto tax pros’ computers that will give the thieves remote access to the tax professionals’ systems.

You can avert risks by being very suspicious, as well as being cautious. 

More steps:  you will also want to monitor your credit, even freeze your credit accounts, make sure your computer and smartphone software is up to date, use two-factor verification, run your malware and antivirus scans frequently, and respond to any alerts.  For more ideas such as getting an PIN from the IRS, see our post on Phishy Phone calls.  Here is good reminder from the IRS:

  • The IRS will never contact a taxpayer using social media or text message. The first contact from the IRS usually comes in the mail. Taxpayers who are unsure whether they owe money to the IRS can view their tax account information on IRS.gov.

Let me know if you have any questions or comments and stay cautious!

Steven

Update on how to stay safe after the many data breaches

If someone manages to steal your social security number, they often try to file a tax return claiming refunds. To prevent this, you either have to file before them or obtain an identity PIN from the IRS on the IRS.gov website.

Here is the link for the ID PIN, and here is the IRS explanation:

An IP PIN is a six-digit number assigned to eligible taxpayers that helps prevent the misuse of their Social Security number on fraudulent federal income tax returns. Call the IRS at 800-908-4490 for specialized assistance,

Please see our prior post, How to stay safe after the Equifax data breach, to learn more about credit freezes and other protections. And let me know if we can help!

How to stay safe after the Equifax data breach

(as also appeared online at IRIS.xyz)

Equifax disclosed last week that the personal financial information of up to 143 million users had been exposed in a massive hack last July. This represents roughly two-thirds of all credit card holders, so you may be affected.

The delay in disclosing is troubling, and the hack raises questions about oversight of the credit bureaus and even about the impact on their management. We can see the impact on investors: the Equifax share price has dropped over 20%

While we can discuss these issues and more, the priority is shoring up your personal credit.

Impact

Was your data taken? There are links from Equifax, Norton and others where you can attempt to determine the impact on you personally. However, these sites seem to default to “you may be affected,” even if you put in bogus information.

The good news is that Equifax has responded to consumer pressure to make certain services free.

Act now

You will want to act as soon as possible to keep your financial information safe.

“There are so many entities who need to check your credit: when you’re renting an apartment, getting insurance, a new cell phone, utilities,” Liz Weston, a financial planner and columnist at NerdWallet, told BuzzFeed News. “But at this point the breach is so great” that taking measures to safeguard your identity is worth it. She recommends instituting credit freezes.

Equifax free service – sign up on line for the complimentary service being provided by Equifax, which provides the following:

  • three-bureau credit file monitoring with alerts,
  • credit report lock,
  • scanning of suspicious sites for use of your social security number,
  • Equifax credit reporting, and
  • $1 million identity theft insurance covering certain out-of-pocket expenses.

Monitor your cards – review your monthly credit card, bank and loan statements for suspicious activity. You have a right to free credit reports so obtain them and review for unauthorized activity.

Also, watch for unexpected calls or mail, such as debt collectors or people posing as IRS agents, because these may be signs that your information may be in the hands of thieves.

Credit freeze – request a freeze on your credit from all three agencies: Equifax, TransUnion, and Experian. Equifax will not charge you but the others will.

Requesting a credit freeze prevents thieves from using your identity to get loans or credit cards in your name, even if your personal information was compromised by the hack. You essentially pay to bar each of three credit reporting agencies — Equifax, TransUnion, and Experian — from providing a credit report without both your explicit permission and a personal identification number (PIN) that temporarily lifts the freeze. (Freezes do not affect financial institutions or companies you have an existing relationship with, only new ones.)

Make sure to place the freeze with all three bureaus and to keep your PINs for unlocking the freezes in a safe place.

“A credit freeze with only one bureau is incomplete protection,” Mike Litt, the consumer program advocate at the US Public Interest Research Group, a consumer group, said. Consumer experts recommended getting a freeze with all three agencies.

There are companies such as LifeLock that provide bundled services. If cost is not an object, that may be the best course of action. Here is the Lifelock response on Equifax.

Fraud alert – if you are certain that your information has been taken, place alert all three credit bureau websites. You can access the TransUnion site here. Some protection is free, but their premium package costs $9.95

If you are the subject of identity theft, there are many resources now that help you report and recover. The Federal Trade Commission website can help devise a recovery plan to implement.

PINs and passwords – the passwords and PINs you use could be the next issue. You may want to change what you use now and update annually, if not more often.

Updates – Equifax continues to provide updates on the status of the hack and their response.

And news sites continue to report on the hack – see this NY Times article.

Summary

There are many steps to take, and the information taken may not be used for some time. So, you will want to take some if not all the steps outlined above. If you have trouble doing so, or if you have questions, let us know.

And for more reading, the Better Business Bureau is one resource for tips on avoiding scams. And, the FTC is a good resource for identity theft.

Good luck and stay safe!